Paid content will be excluded from the download.
Matches : 909
An application uses a "blacklist" of prohibited values, but the blacklist is incomplete.
Weaknesses in this category are related to improper management of system state.
The product does not sufficiently encapsulate critical data or functionality.
The application does not sufficiently restrict access to a log file that is used for debugging.
The software does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.
Weaknesses in this category can be used to access files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence).
The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
Weaknesses in this category are typically found within source code.
The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
The software may use insufficiently random numbers or values in a security context that depends on unpredictable numbers.