[Forgot Password]
Login  Register Subscribe

25354

 
 

132811

 
 

146533

 
 

909

 
 

117189

 
 

156

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere, when the information should be encrypted or otherwise protected.

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

The software constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

An application uses a "blacklist" of prohibited values, but the blacklist is incomplete.

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© SecPod Technologies