|Paid content will be excluded from the download.
| Matches : 909
|The software does not correctly convert an object, resource or
structure from one type to a different type.
The software constructs all or part of a command, data
structure, or record using externally-influenced input from an upstream
component, but it does not neutralize or incorrectly neutralizes special
elements that could modify how it is parsed or interpreted when it is sent to a
Weaknesses in this category are related to improper assignment
or handling of permissions.
The product uses a search path that contains an unquoted
element, in which the element contains whitespace or other separators. This can
cause the product to access resources in a parent path.
The software allows the attacker to upload or transfer files of
dangerous types that can be automatically processed within the product's
The software does not perform any authentication for
functionality that requires a provable user identity or consumes a significant
amount of resources.
The software does not check or improperly checks for unusual or
exceptional conditions that are not expected to occur frequently during day to
day operation of the software.
Weaknesses in this category are organized based on which phase
they are introduced during the software development and deployment
The software contains hard-coded credentials, such as a
password or cryptographic key, which it uses for its own inbound authentication,
outbound communication to external components, or encryption of internal
Any condition where the attacker has the ability to write an
arbitrary value to an arbitrary location, often as the result of a buffer
Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90
© 2013 SecPod Technologies