[Forgot Password]
Login  Register Subscribe

25354

 
 

132805

 
 

139176

 
 

909

 
 

113006

 
 

156

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors.

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

The software does not properly "clean up" and remove temporary or supporting resources after they have been used.

Weaknesses in this category are related to improper handling of data within protection mechanisms that attempt to perform neutralization for untrusted data.

The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

The product does not sufficiently encapsulate critical data or functionality.

Weaknesses in this category are organized based on which phase they are introduced during the software development and deployment process.

The software does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed.


Pages:      Start    6    7    8    9    10    11    12    13    14    15    16    17    18    19    ..   90

© SecPod Technologies