Paid content will be excluded from the download.
Matches : 909
The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
Weaknesses in this category are related to improper handling of data within protection mechanisms that attempt to perform neutralization for untrusted data.
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.
The program accesses or uses a pointer that has not been initialized.
The application does not sufficiently restrict access to a log file that is used for debugging.
The software does not check or improperly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.