The use of deprecated or obsolete functions may indicate neglected code. As programming languages evolve, functions occasionally become obsolete due to: ...

This vulnerability is caused by unsafe use of the reflection mechanisms in programming languages like Java or C#. An attacker may be able to create unexpected ...

There are several functions which - under certain circumstances, if used in a signal handler - may result in the corruption of memory, allowing for ...

Mobile code, such as a Java Applet, is code that is transmitted across a network and executed on a remote machine. Because mobile code developers have little ...

Improper use of the Java Native Interface (JNI) can render Java applications vulnerable to security flaws in other languages. Unsafe JNI errors occur when a ...

Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack ...

Relying on proper string termination may result in a buffer overflow. String termination errors occur when: Data enters a program via a function that ...

Session Variable Overloading (also known as Session Puzzling) is an application level vulnerability which can enable an attacker to perform a variety of ...

Executing commands from an untrusted source or in an untrusted environment can cause an application to execute malicious commands on behalf of an attacker. ...

Mishandling private information, such as customer passwords or social security numbers, can compromise user privacy, and is often illegal. Privacy violations ...

Loggers should be declared to be static and final. It is good programming practice to share a single logger object between all of the instances of a ...

Storing a password in plaintext may result in a system compromise. Password management issues occur when a password is stored in plaintext in an application's ...

Hardcoded passwords may compromise system security in a way that cannot be easily remedied. It is never a good idea to hardcode a password. Not only does ...

PHP Object Injection is an application level vulnerability that could allow an attacker to perform different kinds of malicious attacks, such as Code ...

Failure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input. Most successful attacks begin with a violation of ...

A web application must define a default error page for 404 errors, 500 errors, and to catch java.lang. Throwable exceptions prevent attackers from mining ...

A memory leak is an unintentional form of memory consumption whereby the developer fails to free an allocated block of memory when no longer needed. The ...

The WebLogic deployment descriptor should specify a session identifier length of at least 128 bits. A shorter session identifier leaves the application open to ...

The application configuration should ensure that SSL is used for all access controlled pages. If an application uses SSL to guarantee confidential ...

Applications require temporary files so frequently that many different mechanisms exist for creating them in the C Library and Windows® API. Most of these ...