[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

115190

 
 

909

 
 

90025

 
 

140

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

Weaknesses in this category are typically found within source code.

Host-specific certificate data is not validated or is incorrectly validated, so while the certificate read is valid, it may not be for the site originally requested.

When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.

The software does not sufficiently delimit the arguments being passed to a component in another control sphere, allowing alternate arguments to be provided, leading to potentially security-relevant changes.

The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

Weaknesses in this category are organized based on which phase they are introduced during the software development and deployment process.

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

An application uses a "blacklist" of prohibited values, but the blacklist is incomplete.

Weaknesses in this category are related to improper management of system state.

Weaknesses in this category can be used to access files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence).


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© SecPod Technologies