|Paid content will be excluded from the download.
| Matches : 909
|Information written to log files can be of a sensitive nature
and give valuable guidance to an attacker or expose sensitive user
The software constructs all or part of a code segment using
externally-influenced input from an upstream component, but it does not
neutralize or incorrectly neutralizes special elements that could modify the
syntax or behavior of the intended code segment.
The product subtracts one value from another, such that the
result is less than the minimum allowable integer value, which produces a value
that is not equal to the correct result.
The software receives data from an upstream component, but does
not neutralize or incorrectly neutralizes CR and LF characters before the data
is included in outgoing HTTP headers.
The software does not properly verify that the source of data
or communication is valid.
When malformed or abnormal HTTP requests are interpreted by one
or more entities in the data flow between the user and the web server, such as a
proxy or firewall, they can be interpreted inconsistently, allowing the attacker
to "smuggle" a request to one device without the other device being aware of
The software does not check or improperly checks for unusual or
exceptional conditions that are not expected to occur frequently during day to
day operation of the software.
The program accesses or uses a pointer that has not been
The software attempts to access a file based on the filename,
but it does not properly prevent that filename from identifying a link or
shortcut that resolves to an unintended resource.
The software does not sufficiently delimit the arguments being
passed to a component in another control sphere, allowing alternate arguments to
be provided, leading to potentially security-relevant
Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90
© 2013 SecPod Technologies