[Forgot Password]
Login  Register Subscribe

24547

 
 

132804

 
 

129887

 
 

909

 
 

106711

 
 

152

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

A product can be used as an intermediary or proxy between an attacker and the ultimate target, so that the attacker can either bypass access controls or hide activities.

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG is not cryptographically strong.

The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Weaknesses in this category are related to improper assignment or handling of permissions.

The program does not release or incorrectly releases a resource before it is made available for re-use.

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© SecPod Technologies