[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

The product has a method that is declared public, but returns a reference to a private array, which could then be modified in unexpected ways.

Assigning public data to a private array is equivalent to giving public access to the array.

Exposing system data or debugging information helps an adversary learn about the system and form an attack plan.

The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.

The code contains a class with sensitive data, but the class does not explicitly deny serialization. The data can be accessed by serializing the class through another class.

Information sent over a network can be compromised while in transit. An attacker may be able to read/modify the contents if the data are sent in plaintext or are weakly encrypted.

A software system that accepts path input in the form of multiple leading slash ('//multiple/leading/slash') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.

The product mixes trusted and untrusted data in the same data structure or structured message.


Pages:      Start    35    36    37    38    39    40    41    42    43    44    45    46    47    48    ..   90

© SecPod Technologies