|Paid content will be excluded from the download.
| Matches : 909
|An ActionForm class contains a field that has not been declared
private, which can be accessed without using a setter or
The program uses double-checked locking to access a resource
without the overhead of explicit synchronization, but the locking is
The product uses an externally controlled name or reference
that resolves to a resource that is outside of the intended control
The product performs an indexing routine against private
documents, but does not sufficiently verify that the actors who can access the
index also have the privileges to access the private
The Secure attribute for sensitive cookies in HTTPS sessions is
not set, which could cause the user agent to send those cookies in plaintext
over an HTTP session.
While adding general comments is very useful, some programmers
tend to leave important data, such as: filenames related to the web application,
old links or links which were not meant to be browsed by users, old code
The PHP application uses an old method for processing uploaded
files by referencing the four global variables that are set for each file (e.g.
$varname, $varname_size, $varname_name, $varname_type). These variables could be
overwritten by attackers, causing the application to process unauthorized
The product contains an assert() or similar statement that can
be triggered by an attacker, which leads to an application exit or other
behavior that is more severe than necessary.
An ActiveX control is intended for use in a web browser, but it
exposes dangerous methods that perform actions that are outside of the browser's
security model (e.g. the zone or domain).
If a database cursor is not closed properly, then it could
become accessible to other users while retaining the same privileges that were
originally assigned, leaving the cursor "dangling."
Pages:      Start    8    9    10    11    12    13    14    15    16    17    18    19    20    21    ..   90
© 2013 SecPod Technologies