|Paid content will be excluded from the download.
| Matches : 909
|The software defines policy namespaces and makes authorization
decisions based on the assumption that a URL is canonical. This can allow a
non-canonical URL to bypass the authorization.
The application does not conform to the API requirements for a
function call that requires extra privileges. This could allow attackers to gain
privileges by causing the function to be called
The software uses obfuscation or encryption of inputs that
should not be mutable by an external actor, but the software does not use
integrity checks to detect if those inputs have been
The server contains a protection mechanism that assumes that
any URI that is accessed using HTTP GET will not cause a state change to the
associated resource. This might allow attackers to bypass intended access
restrictions and conduct resource modification and deletion attacks, since some
applications allow GET to modify state.
The Web services architecture may require exposing a WSDL file
that contains information on the publicly accessible services and how callers of
these services should interact with them (e.g. what parameters they expect and
what types they return).
The software uses external input to dynamically construct an
XQuery expression used to retrieve data from an XML database, but it does not
neutralize or incorrectly neutralizes that input. This allows an attacker to
control the structure of the query.
The product does not sufficiently compartmentalize
functionality or processes that require different privilege levels, rights, or
A protection mechanism relies exclusively, or to a large
extent, on the evaluation of a single condition or the integrity of a single
object or entity in order to make a decision about granting access to restricted
resources or functionality.
The software has a protection mechanism that is too difficult
or inconvenient to use, encouraging non-malicious users to disable or bypass the
mechanism, whether by accident or on purpose.
The software uses a protection mechanism whose strength depends
heavily on its obscurity, such that knowledge of its algorithms or key data is
sufficient to defeat the mechanism.
Pages:      Start    11    12    13    14    15    16    17    18    19    20    21    22    23    24    ..   90
© 2013 SecPod Technologies