[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

251139

 
 

909

 
 

196159

 
 

282

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The product's actions indicate important differences based on (1) the internal state of the product or (2) differences from other products in the same class.

Two separate operations in a product cause the product to behave differently in a way that is observable to an attacker and reveals security-relevant information about the internal state of the product, such as whether a particular operation was successful or not.

The product behaves differently than other products like it, in a way that is observable to an attacker and exposes security-relevant information about which product is being used.

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

The software generates an error message that includes sensitive information about its environment, users, or associated data.

Weaknesses in this category can be used to access files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence).

The software identifies an error condition and creates its own diagnostic or error messages that contain sensitive information.

The software performs an operation that triggers an external diagnostic or error message that is not directly generated by the software, such as an error generated by the programming language interpreter that the software uses. The error can contain sensitive system information.

The software uses a resource that contains sensitive data, but it does not properly remove that data before it stores, transfers, or shares the resource with actors in another control sphere.

A product's design or configuration explicitly requires the publication of information that could be regarded as sensitive by an administrator.


Pages:      Start    3    4    5    6    7    8    9    10    11    12    13    14    15    16    ..   90

© SecPod Technologies