[Forgot Password]
Login  Register Subscribe

24547

 
 

132763

 
 

125989

 
 

909

 
 

104883

 
 

152

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

The software does not correctly convert an object, resource or structure from one type to a different type.

Weaknesses in this category are related to improper handling of communication channels and access paths.

The product does not sufficiently encapsulate critical data or functionality.

The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

Weaknesses in this category are related to improper management of system state.

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.

The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© SecPod Technologies