|Paid content will be excluded from the download.
| Matches : 909
|The software writes data past the end, or before the beginning,
of the intended buffer.
An application uses a "blacklist" of prohibited values, but the
blacklist is incomplete.
The software allows the attacker to upload or transfer files of
dangerous types that can be automatically processed within the product's
The software receives data from an upstream component, but does
not neutralize or incorrectly neutralizes CR and LF characters before the data
is included in outgoing HTTP headers.
The software does not perform or incorrectly performs an
authorization check when an actor attempts to access a resource or perform an
The software performs a calculation that can produce an integer
overflow or wraparound, when the logic assumes that the resulting value will
always be larger than the original value. This can introduce other weaknesses
when the calculation is used for resource management or execution
Software security is not security software. Here we're
concerned with topics like authentication, access control, confidentiality,
cryptography, and privilege management.
The software does not restrict or incorrectly restricts access
to a resource from an unauthorized actor.
The software uses CRLF (carriage return line feeds) as a
special element, e.g. to separate lines or records, but it does not neutralize
or incorrectly neutralizes CRLF sequences from inputs.
The application deserializes untrusted data without
sufficiently verifying that the resulting data will be
Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90
© 2013 SecPod Technologies