[Forgot Password]
Login  Register Subscribe

24437

 
 

131950

 
 

117582

 
 

909

 
 

91563

 
 

143

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

Software operating in a MAC OS environment, where .DS_Store is in effect, must carefully manage hard links, otherwise an attacker may be able to leverage a hard link from .DS_Store to overwrite arbitrary files and gain privileges.

The software does not properly handle special paths that may identify the data or resource fork of a file on the HFS+ file system.

The software allows user input to control or influence paths or file names that are used in filesystem operations.

The software does not adequately filter user-controlled input for special elements with control implications.

The software properly neutralizes certain special elements, but it improperly neutralizes equivalent special elements.

The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

The product uses the wrong operator when comparing a string, such as using "==" when the equals() method should be used instead.

The web application uses the GET method to process requests that contain sensitive information, which can expose that information through the browser's history, Referers, web logs, and other sources.

The software uses an OpenSSL Certificate without validating the certificate data.

The Servlet does not catch all exceptions, which may reveal sensitive debugging information.


Pages:      Start    7    8    9    10    11    12    13    14    15    16    17    18    19    20    ..   90

© SecPod Technologies