[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 909 Download | Alert*

The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.

An application uses a "blacklist" of prohibited values, but the blacklist is incomplete.

Weaknesses in this category are related to improper management of system state.

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Weaknesses in this category are typically found in functionality that processes data.

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© 2013 SecPod Technologies