[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77986

 
 

109

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The software writes data past the end, or before the beginning, of the intended buffer.

An application uses a "blacklist" of prohibited values, but the blacklist is incomplete.

The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.

The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© 2013 SecPod Technologies