This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Pages that link to "Category:Vulnerability"
The following pages link to Category:Vulnerability:
View (previous 50 | next 50) (20 | 50 | 100 | 250 | 500)- Unchecked Return Value: Missing Check against Null (← links)
- Category:Security Focus Area (← links)
- Outsourced software developer (← links)
- Weak credentials (← links)
- Vulnerabilities (redirect page) (← links)
- Forced browsing (← links)
- Cross-site Scripting (XSS) (← links)
- Injection problem (← links)
- SQL Injection (← links)
- Time of check, time of use race condition (← links)
- Race condition in switch (← links)
- Race condition in signal handler (← links)
- Race condition in checking for certificate revocation (← links)
- Race condition within a thread (← links)
- Use of hard-coded password (← links)
- Using a broken or risky cryptographic algorithm (← links)
- Using the wrong operator (redirect page) (← links)
- Fail securely (← links)
- Least privilege (← links)
- Positive security model (← links)
- Defense in depth (← links)
- Keep security simple (← links)
- Detect intrusions (← links)
- Don’t trust services (← links)
- Establish secure defaults (← links)
- Buffer Overflow (← links)
- Category:Threat Modeling (← links)
- Unprotected Alternate Channel (← links)
- Business logic vulnerability (← links)
- CRLF Injection (← links)
- Catch NullPointerException (← links)
- Channel and Path Errors (← links)
- Cleansing, Canonicalization, and Comparison Errors (← links)
- Collapse of Data into Unsafe Value (← links)
- Comment Injection Attack (← links)
- Context Switching Race Condition (← links)
- Common Special Element Manipulations (← links)
- Cross-Boundary Cleansing Infoleak (← links)
- Custom Special Character Injection (← links)
- Dangerous handler not cleared/disabled during sensitive operations (← links)
- Data Amplification (← links)
- Data Leaking Between Users (← links)
- Data Structure Issues (← links)
- Delimiter Problems (← links)
- Delimiter between Expressions or Commands (← links)
- Direct Dynamic Code Evaluation ('Eval Injection') (← links)
- Code Injection (← links)
- Directory Restriction Error (← links)
- Discrepancy Information Leaks (← links)
- Double Encoding (← links)
- Doubled character XSS manipulations (← links)
- Early Amplification (← links)
- Empty String Password (← links)
- Use encapsulation (← links)
- Error Conditions, Return Values, Status Codes (← links)
- Error Message Infoleaks (← links)
- Escape, Meta, or Control Character / Sequence (← links)
- Expected behavior violation (← links)
- Improper Null Termination (← links)
- Improper resource shutdown or release (← links)
- Improperly Implemented Security Check for Standard (← links)
- Improperly Trusted Reverse DNS (← links)
- Improperly Verified Signature (← links)
- Incomplete Cleanup (← links)
- Incomplete Element (← links)
- Incomplete Internal State Distinction (← links)
- Inconsistent Elements (← links)
- Inconsistent Implementations (← links)
- Inconsistent Special Elements (← links)
- Incorrect Privilege Assignment (← links)
- Incorrect initialization (← links)
- Infoleak Using Debug Information (← links)
- Information Leak (information disclosure) (← links)
- Information loss or omission (← links)
- Initialization and Cleanup Errors (← links)
- Input Terminator (← links)
- Insecure Compiler Optimization (← links)
- Insecure Default Permissions (← links)
- Insecure Temporary File (← links)
- Insecure default variable initialization (← links)
- Insecure execution-assigned permissions (← links)
- Insecure inherited permissions (← links)
- Insecure preserved inherited permissions (← links)
- Installation Issues (← links)
- Insufficient Entropy (← links)
- Insufficient Resource Locking (← links)
- Insufficient Resource Pool (← links)
- Insufficient privileges (← links)
- J2EE Bad Practices: Sockets (← links)
- J2EE Bad Practices: System.exit() (← links)
- J2EE Bad Practices: Threads (← links)
- J2EE Bad Practices: getConnection() (← links)
- Insecure Transport (← links)
- Insufficient Session-ID Length (← links)
- Missing Error Handling (← links)
- J2EE Misconfiguration: Weak Access Permissions (← links)
- J2EE Time and State Issues (← links)
- Least Privilege Violation (← links)
- Leftover Debug Code (← links)
- Brute force attack (← links)
- Logic/time bomb (← links)
- Mac virtual file problems (← links)
- Man-in-the-middle attack (← links)
- Memory leak (← links)
- Misinterpretation error (← links)
- Missing access control (← links)
- Missing critical step in authentication (← links)
- Missing element error (← links)
- Missing error status code (← links)
- Missing handler (← links)
- Missing initialization (← links)
- Missing lock check (← links)
- Missing required cryptographic step (← links)
- Missing special element (← links)
- Missing value error (← links)
- Mixed encoding (← links)
- Mobile code: invoking untrusted mobile code (← links)
- Mobile code: non-final public field (← links)
- Mobile code: object hijack (← links)
- Modification of assumed-immutable data (← links)
- Multiple failed authentication attempts not prevented (← links)
- Multiple internal special element (← links)
- Multiple interpretation error (MIE) (← links)
- Multiple interpretations of UI input (← links)
- Multiple Leading Special Elements (← links)
- Multiple Trailing Special Elements (← links)
- Mutable objects passed by reference (← links)
- No authentication for critical function (← links)
- Null Dereference (← links)
- Obscured Security-relevant Information by Alternate Name (← links)
- Obsolete feature in UI (← links)
- Off-by-one Error (← links)
- Often Misused: Path Manipulation (← links)
- Omission of Security-relevant Information (← links)
- Origin Validation Error (← links)
- Other length calculation error (← links)
- Out-of-bounds Read (← links)
- Overly Restrictive Regular Expression (← links)
- Ownership errors (← links)
- PHP External Variable Modification (← links)
- PHP File Inclusion (← links)
- PRNG Seed Error (← links)
- Parameter Delimiter (← links)
- Parameter Problems (← links)
- Partial Comparison (← links)
- Minimize attack surface area (← links)
- Separation of duties (← links)
- Fix security issues correctly (← links)
- Patch Issues (← links)
- Path Equivalence (← links)
- Path Issue - Windows 8.3 Filename (← links)
- Path Issue - Windows UNC share - '/UNC/share/name/' (← links)
- Path Issue - asterisk wildcard - filedir* (← links)
- Path Issue - backslash absolute path - /absolute/pathname/here (← links)
- Path Issue - directory doubled dot dot backslash (← links)
- Path Issue - directory doubled dot dot slash (← links)
- Path Issue - dirname/fakechild/ (← links)
- Path Issue - dot dot backslash (← links)
- Path Issue - doubled dot dot slash (← links)
- Path Issue - doubled triple dot slash (← links)
- Path Issue - drive letter or Windows volume - 'C:dirname' (← links)
- Path Issue - internal dot - 'file.ordir' (← links)
- Path Issue - internal space - file(SPACE)name (← links)
- Path Issue - leading directory dot dot backslash (← links)
- Path Issue - leading directory dot dot slash (← links)
- Path Issue - leading dot dot backslash (← links)
- Path Issue - leading dot dot slash (← links)
- Path Issue - leading space (← links)
- Path Issue - multiple dot (← links)
- Path Issue - multiple internal backslash (← links)
- Path Issue - multiple leading slash (← links)
- Path Issue - multiple trailing dot (← links)
- Path Issue - multiple trailing slash (← links)
- Path Issue - single dot directory (← links)
- Path Issue - slash absolute path (← links)
- Path Issue - trailing backslash (← links)
- Path Issue - trailing dot (← links)
- Path Issue - trailing slash (← links)
- Path Issue - trailing space (← links)
- Path Issue - triple dot (← links)
- Path Traversal (← links)
- Pathname Traversal and Equivalence Errors (← links)
- Permission errors (← links)
- Permission preservation failure (← links)
- Permissions, Privileges, and ACLs (← links)
- Permissive Whitelist (← links)
- Password Plaintext Storage (← links)
- Plaintext Storage in Cookie (← links)
- Plaintext Storage in Executable (← links)
- Plaintext Storage in File or on Disk (← links)
- Plaintext Storage in GUI (← links)
- Plaintext Storage in Memory (← links)
- Plaintext Storage of Sensitive Information (← links)
- Pointer Issues (← links)
- Porting Issues (← links)
- Predictability problems (← links)
- Predictable Exact Value from Previous Values (← links)
- Predictable Seed in PRNG (← links)
- Predictable Value Range from Previous Values (← links)
- Predictable from Observable State (← links)
- Private Array-Typed Field Returned From A Public Method (← links)
- Privilege / sandbox errors (← links)
- Privilege Chaining (← links)
- Privilege Context Switching Error (← links)
- Privilege Dropping / Lowering Errors (← links)
- Privilege Management Error (← links)
- Process Control (← links)
- Process information infoleak to other processes (← links)
- Product UI does not warn user of unsafe actions (← links)
- Product-External Error Message Infoleak (← links)
- Product-Generated Error Message Infoleak (← links)
- Proxied Trusted Channel (← links)
- Public Data Assigned to Private Array-Typed Field (← links)
- Race condition enabling link following (← links)
- Randomness and Predictability (← links)
- Record Delimiter (← links)
- Regular Expression Error (← links)
- Relative Path Traversal (← links)
- Representation Errors (← links)
- Requirements Issues (← links)
- Resource Injection (← links)
- Resource Locking problems (← links)
- Resource Management Errors (← links)
- Resource leaks (← links)
- Response discrepancy infoleak (← links)
- Reversible One-Way Hash (← links)
- Sensitive Data Under Web Root (← links)
- Sensitive Information Uncleared Before Use (← links)
- Server-Side Includes (SSI) Injection (← links)
- Setting Manipulation (← links)
- Signal Errors (← links)
- Small Seed Space in PRNG (← links)
- Small Space of Random Values (← links)
- Special Element Injection (← links)
- Spyware (← links)
- Static Value in Unpredictable Context (← links)
- Improper Data Validation (← links)
- Struts: Erroneous validate() Method (← links)
- Struts: Form Bean Does Not Extend Validation Class (← links)
- Struts: Form Field Without Validator (← links)
- Struts: Plug-in Framework Not In Use (← links)
- Struts: Unused Validation Form (← links)
- Struts: Unvalidated Action Form (← links)
- Struts: Validator Turned Off (← links)
- Struts: Validator Without Form Field (← links)
- Substitution Character (← links)
- Session hijacking attack (← links)
- System Configuration Issues (← links)
- System Operations Issues (← links)
- Technology-Specific Input Validation Problems (← links)
- Technology-Specific Special Elements (← links)
- Technology-Specific Time and State Issues (← links)
- Technology-specific Environment Issues (← links)
- Temporary File Issues (← links)
- Testing Issues (← links)
- The UI performs the wrong action (← links)
- Time and State (← links)
- Time of Introduction (← links)
- Time-of-check Time-of-use race condition (← links)
- Timing discrepancy infoleak (← links)
- Trailing Special Element (← links)
- Trapdoor (← links)
- Trojan Horse (← links)
- Truncation of Security-relevant Information (← links)
- UI Misrepresentation of Critical Information (← links)
- UNIX Path Link problems (← links)
- UNIX file descriptor leak (← links)
- UNIX hard link (← links)
- UNIX symbolic link (symlink) following (← links)
- URL Encoding (Hex Encoding) (← links)
- Uncontrolled Search Path Element (← links)
- Undefined Behavior (← links)
- Undefined Parameter Error (← links)
- Undefined Value Error (← links)
- Unexpected Status Code or Return Value (← links)
- Unicode Encoding (← links)
- Unimplemented or unsupported feature in UI (← links)
- Unintended proxy/intermediary (← links)
- Unparsed Raw Web Content Delivery (← links)
- Unprotected Primary Channel (← links)
- Unquoted Search Path or Element (← links)
- Unrestricted Critical Resource Lock (← links)
- Unrestricted File Upload (← links)
- Unsafe JNI (← links)
- Unsafe Privilege (← links)
- Unsafe use of Reflection (← links)
- Untrusted Data Appended with Trusted Data (← links)
- Unverified Ownership (← links)
- Use of Less Trusted Source (← links)
- User Interface Quality Errors (← links)
- User Interface Security Errors (← links)
- User interface inconsistency (← links)
- User management errors (← links)
- Validate-Before-Canonicalize (← links)
- Validate-Before-Filter (← links)
- Value Delimiter (← links)
- Value Problems (← links)
- Variable Name Delimiter (← links)
- Virtual Files (← links)
- Weak Encryption (← links)
- Web Parameter Tampering (← links)
- Wrong Data Type (← links)
- Wrong Status Code (← links)
- XPATH Injection (← links)
- Cryptanalysis (← links)
- Buffer overflow attack (← links)
- Session fixation (← links)
- Traffic flood (← links)
- Format string attack (← links)
- Repudiation Attack (← links)
- Blind XPath Injection (← links)
- Code Correctness: Call to Thread.run() (← links)
- Code Correctness: Call to System.gc() (← links)
- Code Correctness: Erroneous finalize() Method (← links)
- EJB Bad Practices: Use of AWT/Swing (← links)
- EJB Bad Practices: Use of Class Loader (← links)
- EJB Bad Practices: Use of java.io (← links)
- EJB Bad Practices: Use of Sockets (← links)
- EJB Bad Practices: Use of Synchronization Primitives (← links)
- Poor Style: Explicit call to finalize() (← links)
- Password Management: Hardcoded Password (← links)
- Code Correctness: Double-Checked Locking (← links)
- Return Inside Finally Block (← links)
- Code Correctness: Class Does Not Implement Cloneable (← links)
- Code Correctness: Erroneous String Compare (← links)
- Code Correctness: Misspelled Method Name (← links)
- Code Correctness: null Argument to equals() (← links)
- Dead Code: Broken Override (← links)
- Dead Code: Expression is Always False (← links)
- Dead Code: Expression is Always True (← links)
- Dead Code: Unused Field (← links)
- Dead Code: Unused Method (← links)
- Poor Style: Confusing Naming (← links)
- Poor Style: Empty Synchronized Block (← links)
- Poor Style: Identifier Contains Dollar Symbol ($) (← links)
- Portability Flaw (← links)
- Poor Logging Practice (← links)
- Poor Logging Practice: Multiple Loggers (← links)
- Poor Logging Practice: Use of a System Output Stream (← links)
- System Information Leak: Missing Catch Block (← links)
- Unsafe Mobile Code (← links)
- Unsafe Mobile Code: Inner Class (← links)
- Unsafe Mobile Code: Public finalize() Method (← links)
- Unsafe Mobile Code: Dangerous Array Declaration (← links)
- Unsafe Mobile Code: Dangerous Public Field (← links)
- Cross-User Defacement (← links)
- Cache Poisoning (← links)
- Missing XML Validation (← links)
- Path Manipulation (← links)
- String Termination Error (← links)
- Struts: Form Does Not Extend Validation Class (← links)
- Unchecked Return Value: Missing Check against Null (← links)
- Blind SQL Injection (← links)
- Weak credentials (← links)
- J2EE Bad Practices: JSP Expressions (← links)
- Cross Site Tracing (← links)
- Man-in-the-browser attack (← links)
- Denial of Service (← links)
- Full Path Disclosure (← links)
- Vulnerability template (← links)
- Threat agent template (← links)
- Countermeasure template (← links)
- Principle template (← links)
- Technical Impact template (← links)
- Control template (← links)
- Carelessness (← links)
- Competitors (← links)
- Computer Viruses (← links)
- Don't trust user input (← links)
- Reduce Surface Area (← links)
- The Insecure-Bootstrapping Principle (← links)
- Contractors (← links)
- Phishing attack (← links)
- Bounds Checking (← links)
- Executable space protection (← links)
- Intrusion Prevention (← links)
- Memory Management (← links)
- Quotas (← links)
- Randomization (← links)
- Resource Locking (← links)
- Safe Libraries (← links)
- Stack-smashing Protection (SSP) (← links)
- Tokenizing (← links)
- Loss of confidentiality (← links)
- Loss of integrity (← links)
- Loss of availability (← links)
- Loss of accountability (← links)
- Insecure Third Party Domain Access (← links)
- Regular expression Denial of Service - ReDoS (← links)
- Cross Site History Manipulation (XSHM) (← links)
- Binary planting (← links)
- Cash Overflow (← links)
- XML External Entity (XXE) Processing (← links)
- Content Spoofing (← links)
- Expression Language Injection (← links)
- Anti CSRF Tokens ASP.NET (← links)
- Windows Identity Foundation (← links)
- DPAPI (← links)
- .NET Callbacks - Vulnerabilities and Remediation (← links)
- Dependency Injection (← links)
- IoC containers (← links)
- ASP.NET Identity (← links)
- .NET Memory Management (← links)
- Preventing SQL Injection in ADO.NET (← links)
- Authenticated Symmetric Encryption in .NET (← links)
- Inyección SQL Ciega (← links)
- Inyección de Código (← links)
- Inyección XPath Ciega (← links)
- Inyección XPath (← links)
- Using freed memory (← links)
- Function Injection (← links)
- Information exposure through query strings in url (← links)
- Xss in subtitle (← links)
- Vulnerability (redirect page) (← links)
- OWASP Spring Of Code 2007 Project Ideas (← links)
- Archived Application Security News (← links)
- Vulnerability template (← links)
- OWASP Summer of Code 2008 Applications (← links)
- OWASP Summer of Code 2008 Applications - for majority vote (← links)
- Reduce Surface Area (← links)
- Category:OWASP .NET Project/es (← links)
- Category:OWASP Java Project/es (← links)
- Category:OWASP CLASP Project/es (← links)
- Category:OWASP Honeycomb Project/es (← links)
- Insecure Third Party Domain Access (← links)
- Best Practice: Projektierung der Sicherheitsprüfung von Webanwendungen (← links)
- Multiple admin levels (← links)
- Allowing Domains or Accounts to Expire (← links)
- OWASP Alchemist Project (← links)
- /Mulai (← links)
- Session Variable Overloading (← links)
- PHP Object Injection (← links)
- XML External Entity (XXE) Processing (← links)
- OWASP Focus (← links)
- OWASP EJSF Project (← links)
- Expression Language Injection (← links)
- OWASP Java Project Archive (8.2010) (← links)
- OWASP PHP Project Archive (03.2015) (← links)
- Doubly freeing memory (← links)
- Unsafe function call from a signal handler (← links)
- Information exposure through query strings in url (← links)