[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 909 Download | Alert*

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

Weaknesses in this category are related to improper assignment or handling of permissions.

The software writes data past the end, or before the beginning, of the intended buffer.

The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© SecPod Technologies