|Paid content will be excluded from the download.
| Matches : 909
|When setting a new password for a user, the product does not
require knowledge of the original password, or using another form of
The product uses external input to determine the names of
variables into which information is extracted, without verifying that the names
of the specified variables are valid. This could cause the program to overwrite
A product adds hooks to user-accessible API functions, but does
not properly validate the arguments. This could lead to resultant
An ActiveX control is intended for restricted use, but it has
been marked as safe-for-scripting.
The product uses a regular expression that either (1) contains
an executable component with user-controlled inputs, or (2) allows a user to
enable execution by inserting pattern modifiers.
The product uses a regular expression that does not
sufficiently restrict the set of allowed values.
The product does not properly handle null bytes or NUL
characters when passing data between different representations or
In a language where the user can influence the name of a
variable at runtime, if the variable names are not controlled, an attacker can
read or write to arbitrary variables, or access arbitrary
The product calls a function, procedure, or routine with
arguments that are not correctly specified, leading to always-incorrect behavior
and resultant weaknesses.
When the product encounters an error condition or failure, its
design requires it to fall back to a state that is less secure than other
options that are available, such as selecting the weakest encryption algorithm
or using the most permissive access control restrictions.
Pages:      Start    9    10    11    12    13    14    15    16    17    18    19    20    21    22    ..   90
© 2013 SecPod Technologies