[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 909 Download | Alert*

The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Host-specific certificate data is not validated or is incorrectly validated, so while the certificate read is valid, it may not be for the site originally requested.

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

The software does not verify, or incorrectly verifies, the cryptographic signature for data.

The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© SecPod Technologies