[Forgot Password]
Login  Register Subscribe

25354

 
 

132805

 
 

139176

 
 

909

 
 

113006

 
 

156

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Weaknesses in this category are related to errors in the management of cryptographic keys.

The program accesses or uses a pointer that has not been initialized.

The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.

Weaknesses in this category are typically introduced during the configuration of the software.

The software uses externally-controlled format strings in printf-style functions, which can lead to buffer overflows or data representation problems.

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

The software does not handle or incorrectly handles an exceptional condition.

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© SecPod Technologies