[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

246852

 
 

909

 
 

194149

 
 

282

 
 
Paid content will be excluded from the download.

Filter
Matches : 909 Download | Alert*

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/dir/../filename" sequences that can resolve to a location that is outside of that directory.

The software stores a password in a configuration file that might be accessible to actors who do not know the password.

Obscuring a password with a trivial encoding does not protect the password.

If no mechanism is in place for managing password aging, users will have no incentive to update passwords in a timely manner.

Allowing password aging to occur unchecked can result in the possibility of diminished password integrity.

Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Weaknesses in this category occur with improper enforcement of sandbox environments, or the improper handling, assignment, or management of privileges.

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.

Two distinct privileges, roles, capabilities, or rights can be combined in a way that allows an entity to perform unsafe actions that would not be allowed without that combination.


Pages:      Start    9    10    11    12    13    14    15    16    17    18    19    20    21    22    ..   90

© SecPod Technologies