|Paid content will be excluded from the download.
| Matches : 909
|The software uses or specifies an encoding when generating
output to a downstream component, but the specified encoding is not the same as
the encoding that is expected by the downstream component.
The program checks a value to ensure that it does not exceed a
maximum, but it does not verify that the value exceeds the
The software supports a session in which more than one behavior
must be performed by an actor, but it does not properly ensure that the actor
performs the behaviors in the required sequence.
The software or the administrator places a user into an
The program allocates or initializes a resource such as a
pointer, object, or variable using one type, but it later accesses that resource
using a type that is incompatible with the original type.
The software does not perform an authorization check when an
actor attempts to access a resource or perform an action.
The software performs an authorization check when an actor
attempts to access a resource or perform an action, but it does not correctly
perform the check. This allows attackers to bypass intended access
The J2EE application is configured to use an insufficient
session ID length.
The default error page of a web application should not display
sensitive information about the software system.
When an application exposes a remote interface for an entity
bean, it might also expose methods that get or set the bean's data. These
methods could be leveraged to read sensitive information, or to change data in
ways that violate the application's expectations, potentially leading to other
Pages:      Start    5    6    7    8    9    10    11    12    13    14    15    16    17    18    ..   90
© 2013 SecPod Technologies