| Paid content will be excluded from the download. |
|
Filter
|
|
Matches : 909 |
Download
| Alert*
|
The software does not perform any authentication for
functionality that requires a provable user identity or consumes a significant
amount of resources.
The software uses an algorithm or scheme that produces
insufficient entropy, leaving patterns or clusters of values that are more
likely to occur than others.
The product processes an XML document that can contain XML
entities with URLs that resolve to documents outside of the intended sphere of
control, causing the product to embed incorrect documents into its
output.
The software stores or transmits sensitive data using an
encryption scheme that is theoretically sound, but is not strong enough for the
level of protection required.
The product uses a Pseudo-Random Number Generator (PRNG) in a
security context, but the PRNG is not cryptographically
strong.
Authenticating a user, or otherwise establishing a new user
session, without invalidating any existing session identifier gives an attacker
the opportunity to steal authenticated sessions.
The application searches for critical resources using an
externally-supplied search path that can point to resources that are not under
the application's direct control.
The software does not check or improperly checks for unusual or
exceptional conditions that are not expected to occur frequently during day to
day operation of the software.
The software does not verify, or incorrectly verifies, the
cryptographic signature for data.
The software constructs all or part of a command, data
structure, or record using externally-influenced input from an upstream
component, but it does not neutralize or incorrectly neutralizes special
elements that could modify how it is parsed or interpreted when it is sent to a
downstream component.
Pages: Start 1 2 3 4 5 6 7 8 9 10 11 12 13 14 .. 90
© 2013 SecPod Technologies
