[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 909 Download | Alert*

The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

The program does not release or incorrectly releases a resource before it is made available for re-use.

The software does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

The software specifies a regular expression in a way that causes data to be improperly matched or compared.

The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files.

An application uses a "blacklist" of prohibited values, but the blacklist is incomplete.

Weaknesses in this category are typically found within source code.

The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG is not cryptographically strong.

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© SecPod Technologies