|Paid content will be excluded from the download.
| Matches : 909
|The product does not sufficiently encapsulate critical data or
When malformed or abnormal HTTP requests are interpreted by one
or more entities in the data flow between the user and the web server, such as a
proxy or firewall, they can be interpreted inconsistently, allowing the attacker
to "smuggle" a request to one device without the other device being aware of
The software does not sufficiently delimit the arguments being
passed to a component in another control sphere, allowing alternate arguments to
be provided, leading to potentially security-relevant
The software does not initialize or incorrectly initializes a
resource, which might leave the resource in an unexpected state when it is
accessed or used.
The software prepares a structured message for communication
with another component, but encoding or escaping of the data is either missing
or done incorrectly. As a result, the intended structure of the message is not
A product can be used as an intermediary or proxy between an
attacker and the ultimate target, so that the attacker can either bypass access
controls or hide activities.
The product does not properly transfer a resource/behavior to
another sphere, or improperly imports a resource/behavior from another sphere,
in a manner that provides unintended control over that
The software receives input from an upstream component, but it
does not restrict or incorrectly restricts the input before it is used as an
identifier for a resource that may be outside the intended sphere of
The software does not release a file descriptor or handle after
its effective lifetime has ended, i.e., after the file descriptor/handle is no
Weaknesses in this category can be used to access files outside
of a restricted directory (path traversal) or to perform operations on files
that would otherwise be restricted (path equivalence).
Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   90
© 2013 SecPod Technologies