Paid content will be excluded from the download.
Matches : 909
The software specifies a regular expression in a way that causes data to be improperly matched or compared.
A Pseudo-Random Number Generator (PRNG) uses seeds incorrectly.
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
The software requires the use of XML documents and allows their structure to be defined with a Document Type Definition (DTD). The software allows the DTD to recursively define entities which can lead to explosive growth of data when parsed.
The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG is not cryptographically strong.
The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.