[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 909 Download | Alert*

The product stores sensitive information in files or directories that are accessible to actors outside of the intended control sphere.

The product does not properly control the amount of recursion that takes place, which consumes excessive resources, such as allocated memory or the program stack.

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

The software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

This category includes weaknesses that occur when an application does not properly handle errors that occur during processing.

Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90

© SecPod Technologies