[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The software uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.

The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes.

The software contains a finalize() method that does not call super.finalize().

Weaknesses in this category are related to incorrectly written expressions within code.

The software contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../realdir/filename' that are not handled by those mechanisms. This allows attackers to perform unauthorized actions against the targeted file.

The software contains an expression that will always evaluate to false.

The software contains an expression that will always evaluate to true.

The program calls a thread's run() method instead of calling start(), which causes the code to run in the thread of the caller instead of the callee.

The software does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.

The program violates the Enterprise JavaBeans (EJB) specification by using thread synchronization primitives.


Pages:      Start    43    44    45    46    47    48    49    50    51    52    53    54    55    56    ..   90

© SecPod Technologies