Paid content will be excluded from the download.
Matches : 909
The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG is not cryptographically strong.
Host-specific certificate data is not validated or is incorrectly validated, so while the certificate read is valid, it may not be for the site originally requested.
The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
Weaknesses in this category are typically introduced during code development, including specification, design, and implementation.
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
The software specifies a regular expression in a way that causes data to be improperly matched or compared.
The software does not sufficiently delimit the arguments being passed to a component in another control sphere, allowing alternate arguments to be provided, leading to potentially security-relevant changes.