[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

115228

 
 

909

 
 

90122

 
 

140

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

The software does not correctly convert an object, resource or structure from one type to a different type.

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG is not cryptographically strong.

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Weaknesses in this category are related to improper handling of communication channels and access paths.

The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© SecPod Technologies