|Paid content will be excluded from the download.
| Matches : 909
|The software uses a more complex mechanism than necessary,
which could lead to resultant weaknesses when the mechanism is not correctly
understood, modeled, configured, implemented, or used.
The software does not perform access checks on a resource every
time the resource is accessed by an entity, which can create resultant
weaknesses if that entity's rights or privileges change over
The system's authorization functionality does not prevent one
user from gaining access to another user's data or record by modifying the key
value identifying the data.
The application constructs the name of a file or other resource
using input from an upstream component, but does not restrict or incorrectly
restricts the resulting name.
The software stores security-critical state information about
its users, or the software itself, in a location that is accessible to
The software uses external input to dynamically construct an
XPath expression used to retrieve data from an XML database, but it does not
neutralize or incorrectly neutralizes that input. This allows an attacker to
control the structure of the query.
The application does not neutralize or incorrectly neutralizes
web scripting syntax in HTTP headers that can be used by web browser components
that can process raw headers, such as Flash.
The software contains an account lockout protection mechanism,
but the mechanism is too restrictive and can be triggered too easily. This
allows attackers to deny service to legitimate users by causing their accounts
to be locked out.
The software allows a file to be uploaded, but it relies on the
file name or extension of the file to determine the appropriate behaviors. This
could be used by attackers to cause the file to be misclassified and processed
in a dangerous fashion.
The software defines policy namespaces and makes authorization
decisions based on the assumption that a URL is canonical. This can allow a
non-canonical URL to bypass the authorization.
Pages:      Start    10    11    12    13    14    15    16    17    18    19    20    21    22    23    ..   90
© 2013 SecPod Technologies