Paid content will be excluded from the download.
Matches : 909
A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.
When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping.
A public or protected static final field references a mutable object, which allows the object to be changed by malicious code, or accidentally from another package.
An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter.
The program uses double-checked locking to access a resource without the overhead of explicit synchronization, but the locking is insufficient.
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
The product performs an indexing routine against private documents, but does not sufficiently verify that the actors who can access the index also have the privileges to access the private documents.
The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.
While adding general comments is very useful, some programmers tend to leave important data, such as: filenames related to the web application, old links or links which were not meant to be browsed by users, old code fragments, etc.