|Paid content will be excluded from the download.
| Matches : 909
|The software, when opening a file or directory, does not
sufficiently handle when the file is a Windows shortcut (.LNK) whose target is
outside of the intended control sphere. This could allow an attacker to cause
the software to operate on unauthorized files.
The software, when opening a file or directory, does not
sufficiently handle when the name is associated with a hard link to a target
that is outside of the intended control sphere. This could allow an attacker to
cause the software to operate on unauthorized files.
The product does not handle or incorrectly handles a file name
that identifies a "virtual" resource that is not directly specified within the
directory that is associated with the file name, causing the product to perform
file-based operations on a resource that is not a file.
The software constructs pathnames from user input, but it does
not handle or incorrectly handles a pathname containing a Windows device name
such as AUX or CON. This typically leads to denial of service or an information
exposure when the application attempts to process the pathname as a regular
The software does not properly prevent access to, or detect
usage of, alternate data streams (ADS).
Software operating in a MAC OS environment, where .DS_Store is
in effect, must carefully manage hard links, otherwise an attacker may be able
to leverage a hard link from .DS_Store to overwrite arbitrary files and gain
The software does not properly handle special paths that may
identify the data or resource fork of a file on the HFS+ file
The software allows user input to control or influence paths or
file names that are used in filesystem operations.
The software does not adequately filter user-controlled input
for special elements with control implications.
The software properly neutralizes certain special elements, but
it improperly neutralizes equivalent special elements.
Pages:      Start    6    7    8    9    10    11    12    13    14    15    16    17    18    19    ..   90
© 2013 SecPod Technologies