[Forgot Password]
Login  Register Subscribe

24547

 
 

132805

 
 

131373

 
 

909

 
 

108481

 
 

152

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

An application uses a "blacklist" of prohibited values, but the blacklist is incomplete.

The software allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor.

The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Weaknesses in this category are related to improper calculation or conversion of numbers.

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

This tries to cover various problems in which improper data are included within a "container."


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© SecPod Technologies