[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

The product uses the wrong operator when comparing a string, such as using "==" when the equals() method should be used instead.

The web application uses the GET method to process requests that contain sensitive information, which can expose that information through the browser's history, Referers, web logs, and other sources.

The software uses an OpenSSL Certificate without validating the certificate data.

The Servlet does not catch all exceptions, which may reveal sensitive debugging information.

The software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.

When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.

The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping.

A public or protected static final field references a mutable object, which allows the object to be changed by malicious code, or accidentally from another package.


Pages:      Start    7    8    9    10    11    12    13    14    15    16    17    18    19    20    ..   90

© 2013 SecPod Technologies