|Paid content will be excluded from the download.
| Matches : 909
|Weaknesses in this category are related to errors in the
management of cryptographic keys.
The software writes data past the end, or before the beginning,
of the intended buffer.
An application uses a "blacklist" of prohibited values, but the
blacklist is incomplete.
The software allows the attacker to upload or transfer files of
dangerous types that can be automatically processed within the product's
The software receives data from an upstream component, but does
not neutralize or incorrectly neutralizes CR and LF characters before the data
is included in outgoing HTTP headers.
The software does not perform or incorrectly performs an
authorization check when an actor attempts to access a resource or perform an
The software uses CRLF (carriage return line feeds) as a
special element, e.g. to separate lines or records, but it does not neutralize
or incorrectly neutralizes CRLF sequences from inputs.
The application deserializes untrusted data without
sufficiently verifying that the resulting data will be
The use of a broken or risky cryptographic algorithm is an
unnecessary risk that may result in the exposure of sensitive
The software does not sufficiently verify the origin or
authenticity of data, in a way that causes it to accept invalid
Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90
© 2013 SecPod Technologies