Paid content will be excluded from the download.
Matches : 909
The software does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.
Weaknesses in this category are related to improper handling of data within protection mechanisms that attempt to perform neutralization for untrusted data.
The software does not properly encode or decode the data, resulting in unexpected values.
The software does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent.
The software decodes the same input twice, which can limit the effectiveness of any protection mechanism that occurs in between the decoding operations.
The software does not properly handle when the same input uses several different (mixed) encodings.
The software does not properly handle when an input contains Unicode encoding.
The software does not properly handle when all or part of an input has been URL encoded.
The software does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.
The software validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs that only arise after the modification.