[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

The software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.

CWE nodes in this view (slice) have been deprecated. There should be a reference pointing to the replacement in each deprecated weakness.

When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.

The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service because of excessive looping.

A public or protected static final field references a mutable object, which allows the object to be changed by malicious code, or accidentally from another package.

An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter.

The program uses double-checked locking to access a resource without the overhead of explicit synchronization, but the locking is insufficient.

The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.


Pages:      Start    47    48    49    50    51    52    53    54    55    56    57    58    59    60    ..   90

© SecPod Technologies