Paid content will be excluded from the download.
Matches : 909
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Weaknesses in this category are related to improper calculation or conversion of numbers.
The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Weaknesses in this category are typically found in functionality that processes data.
The product processes an XML document that can contain XML entities with URLs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Weaknesses in this category are related to improper handling of communication channels and access paths.
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.