[Forgot Password]
Login  Register Subscribe

24003

 
 

131401

 
 

103942

 
 

909

 
 

84051

 
 

133

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The software does not correctly convert an object, resource or structure from one type to a different type.

The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Weaknesses in this category are related to improper assignment or handling of permissions.

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

The software does not check or improperly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

Weaknesses in this category are organized based on which phase they are introduced during the software development and deployment process.

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© 2013 SecPod Technologies