[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253928

 
 

909

 
 

198006

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.

The software receives data from an upstream component, but does not completely filter one or more instances of special elements before sending it to a downstream component.

The software receives data from an upstream component, but only filters a single instance of a special element before sending it to a downstream component.

The software receives data from an upstream component, but does not filter all instances of a special element before sending it to a downstream component.

The software receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that may exist before sending it to a downstream component.

The software receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. "at the beginning/end of a string; the second argument"), thereby missing remaining special elements that may exist before sending it to a downstream component.

The software receives data from an upstream component, but only accounts for special elements at an absolute position (e.g. "byte number 10"), thereby missing remaining special elements that may exist before sending it to a downstream component.

The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

The software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean's data. These methods could be leveraged to read sensitive information, or to change data in ways that violate the application's expectations, potentially leading to other vulnerabilities.


Pages:      Start    68    69    70    71    72    73    74    75    76    77    78    79    80    81    ..   90

© SecPod Technologies