|Paid content will be excluded from the download.
| Matches : 909
|The software receives input from an upstream component, but it
does not neutralize or incorrectly neutralizes special characters such as
"<", ">", and "&" that could be interpreted as web-scripting elements
when they are sent to a downstream component that processes web
The product uses the wrong operator when comparing a string,
such as using "==" when the equals() method should be used
The web application uses the GET method to process requests
that contain sensitive information, which can expose that information through
the browser's history, Referers, web logs, and other
The software uses an OpenSSL Certificate without validating the
The Servlet does not catch all exceptions, which may reveal
sensitive debugging information.
The software is composed of a server that relies on the client
to implement a mechanism that is intended to protect the
A client/server product performs authentication within client
code but not in server code, allowing server-side authentication to be bypassed
via a modified client that omits the authentication check.
When multiple sockets are allowed to bind to the same port,
other services on that port may be stolen or spoofed.
The product does not properly check inputs that are used for
loop conditions, potentially leading to a denial of service because of excessive
A public or protected static final field references a mutable
object, which allows the object to be changed by malicious code, or accidentally
from another package.
Pages:      Start    7    8    9    10    11    12    13    14    15    16    17    18    19    20    ..   90
© 2013 SecPod Technologies