|Paid content will be excluded from the download.
| Matches : 909
|The application searches for critical resources using an
externally-supplied search path that can point to resources that are not under
the application's direct control.
The product uses a fixed or controlled search path to find
resources, but one or more locations in that path can be under the control of
The product does not use or incorrectly uses a protection
mechanism that provides sufficient defense against directed attacks against the
When malformed or abnormal HTTP requests are interpreted by one
or more entities in the data flow between the user and the web server, such as a
proxy or firewall, they can be interpreted inconsistently, allowing the attacker
to "smuggle" a request to one device without the other device being aware of
An application uses a "blacklist" of prohibited values, but the
blacklist is incomplete.
Weaknesses in this category are related to improper management
of system state.
The product uses untrusted input when calculating or using an
array index, but the product does not validate or incorrectly validates the
index to ensure the index references a valid position within the array.
The software uses external input to construct a pathname that
is intended to identify a file or directory that is located underneath a
restricted parent directory, but the software does not properly neutralize
special elements within the pathname that can cause the pathname to resolve to a
location that is outside of the restricted directory.
A NULL pointer dereference occurs when the application
dereferences a pointer that it expects to be valid, but is NULL, typically
causing a crash or exit.
Weaknesses in this category are typically found in
functionality that processes data.
Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90
© 2013 SecPod Technologies