|Paid content will be excluded from the download.
| Matches : 909
|The application does not sufficiently restrict access to a log
file that is used for debugging.
The software does not properly neutralize special elements that
are used in XML, allowing attackers to modify the syntax, content, or commands
of the XML before it is processed by an end system.
Weaknesses in this category can be used to access files outside
of a restricted directory (path traversal) or to perform operations on files
that would otherwise be restricted (path equivalence).
The software prepares a structured message for communication
with another component, but encoding or escaping of the data is either missing
or done incorrectly. As a result, the intended structure of the message is not
Weaknesses in this category are typically found within source
The software performs a calculation that generates incorrect or
unintended results that are later used in security-critical decisions or
The software may use insufficiently random numbers or values in
a security context that depends on unpredictable numbers.
Host-specific certificate data is not validated or is
incorrectly validated, so while the certificate read is valid, it may not be for
the site originally requested.
An algorithm in a product has an inefficient worst-case
computational complexity that may be detrimental to system performance and can
be triggered by an attacker, typically using crafted manipulations that ensure
that the worst case is being reached.
Any condition where the attacker has the ability to write an
arbitrary value to an arbitrary location, often as the result of a buffer
Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90
© 2013 SecPod Technologies