| Paid content will be excluded from the download. |
|
Filter
|
|
Matches : 909 |
Download
| Alert*
|
If elevated access rights are assigned to EJB methods, then an
attacker can take advantage of the permissions to exploit the software
system.
The software, when opening a file or directory, does not
sufficiently account for when the file is a symbolic link that resolves to a
target outside of the intended control sphere. This could allow an attacker to
cause the software to operate on unauthorized files.
The software receives input from an upstream component, but it
does not neutralize or incorrectly neutralizes special characters that could be
interpreted as web-scripting elements when they are sent to an error
page.
The web application does not neutralize or incorrectly
neutralizes scripting elements within attributes of HTML IMG tags, such as the
src attribute.
The software does not neutralize or incorrectly neutralizes
"javascript:" or other URIs from dangerous attributes within tags, such as
onmouseover, onload, onerror, or style.
The web application improperly neutralizes user-controlled
input for executable script disguised with URI encodings.
The web application does not filter user-controlled input for
executable script disguised using doubling of the involved
characters.
The software does not neutralize or incorrectly neutralizes
invalid characters or byte sequences in the middle of tag names, URI schemes,
and other identifiers.
The software does not neutralize or incorrectly neutralizes
user-controlled input for alternate script syntax.
This entry has been deprecated. It originally came from PLOVER,
which sometimes defined "other" and "miscellaneous" categories in order to
satisfy exhaustiveness requirements for taxonomies. Within the context of CWE,
the use of a more abstract entry is preferred in mapping situations. CWE-75 is a
more appropriate mapping.
Pages: Start 1 2 3 4 5 6 7 8 9 10 11 12 13 14 .. 90
© 2013 SecPod Technologies
