[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 909 Download | Alert*

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences that can resolve to a location that is outside of that directory.

The software stores a password in a configuration file that might be accessible to actors who do not know the password.

Obscuring a password with a trivial encoding does not protect the password.

If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.

Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.

Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Weaknesses in this category occur with improper enforcement of sandbox environments, or the improper handling, assignment, or management of privileges.

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.

Pages:      Start    9    10    11    12    13    14    15    16    17    18    19    20    21    22    ..   90

© SecPod Technologies