[Forgot Password]
Login  Register Subscribe

24547

 
 

132763

 
 

123799

 
 

909

 
 

102620

 
 

150

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

Weaknesses in this category are related to improper handling of sensitive information.

The product does not sufficiently encapsulate critical data or functionality.

The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

Files or directories are accessible in the environment that should not be.

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.

The software does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed.

If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the software system.

The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters that could be interpreted as web-scripting elements when they are sent to an error page.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© SecPod Technologies