|Paid content will be excluded from the download.
| Matches : 909
|The software performs operations on a memory buffer, but it can
read from or write to a memory location that is outside of the intended boundary
of the buffer.
The program contains a code sequence that can run concurrently
with other code, and the code sequence requires temporary, exclusive access to a
shared resource, but a timing window exists in which the shared resource can be
modified by another code sequence that is operating
The software constructs all or part of a code segment using
externally-influenced input from an upstream component, but it does not
neutralize or incorrectly neutralizes special elements that could modify the
syntax or behavior of the intended code segment.
The software does not properly restrict the size or amount of
resources that are requested or influenced by an actor, which can be used to
consume more resources than intended.
The application deserializes untrusted data without
sufficiently verifying that the resulting data will be
The software uses external input to construct a pathname that
is intended to identify a file or directory that is located underneath a
restricted parent directory, but the software does not properly neutralize
special elements within the pathname that can cause the pathname to resolve to a
location that is outside of the restricted directory.
The software does not neutralize or incorrectly neutralizes
user-controllable input before it is placed in output that is used as a web page
that is served to other users.
Weaknesses in this category are typically introduced during the
configuration of the software.
Certificates should be carefully managed and checked to assure
that data are encrypted with the intended owner's public
The lack of entropy available for, or used by, a Pseudo-Random
Number Generator (PRNG) can be a stability and security
Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90
© 2013 SecPod Technologies