|
Serializable Class Containing Sensitive Data
|
0/100 |
low-risk
|
|
J2EE Misconfiguration: Data Transmission Without Encryption
|
0/100 |
low-risk
|
|
Trojan Horse
|
0/100 |
low-risk
|
|
Non-Replicating Malicious Code
|
0/100 |
low-risk
|
|
Replicating Malicious Code (Virus or Worm)
|
0/100 |
low-risk
|
|
Logic/Time Bomb
|
0/100 |
low-risk
|
|
.NET Misconfiguration: Use of Impersonation
|
0/100 |
low-risk
|
|
Weak Password Requirements
|
0/100 |
low-risk
|
|
Unprotected Transport of Credentials
|
0/100 |
low-risk
|
|
Use of Cache Containing Sensitive Information
|
0/100 |
low-risk
|
|
Use of Web Browser Cache Containing Sensitive Information
|
0/100 |
low-risk
|
|
Cleartext Storage of Sensitive Information in an Environment Variable
|
0/100 |
low-risk
|
|
Exposure of Version-Control Repository to an Unauthorized Control Sphere
|
0/100 |
low-risk
|
|
Exposure of Backup File to an Unauthorized Control Sphere
|
0/100 |
low-risk
|
|
Inclusion of Sensitive Information in Test Code
|
0/100 |
low-risk
|
|
DEPRECATED: Information Exposure Through Debug Log Files
|
0/100 |
low-risk
|
|
Exposure of Information Through Shell Error Message
|
0/100 |
low-risk
|
|
Use of Persistent Cookies Containing Sensitive Information
|
0/100 |
low-risk
|
|
Inclusion of Sensitive Information in Source Code
|
0/100 |
low-risk
|
|
Inclusion of Sensitive Information in an Include File
|
0/100 |
low-risk
|
|
Missing Standardized Error Handling Mechanism
|
0/100 |
low-risk
|
|
Use of Hard-coded, Security-relevant Constants
|
0/100 |
low-risk
|
|
Missing Password Field Masking
|
0/100 |
low-risk
|
|
Server-generated Error Message Containing Sensitive Information
|
0/100 |
low-risk
|
|
Command Shell in Externally Accessible Directory
|
0/100 |
low-risk
|
|
J2EE Misconfiguration: Plaintext Password in Configuration File
|
0/100 |
low-risk
|
|
Dead Code
|
0/100 |
low-risk
|
|
Assignment to Variable without Use
|
0/100 |
low-risk
|
|
SQL Injection: Hibernate
|
0/100 |
low-risk
|
|
Authorization Bypass Through User-Controlled SQL Primary Key
|
0/100 |
low-risk
|
|
Unsynchronized Access to Shared Data in a Multithreaded Context
|
0/100 |
low-risk
|
|
Path Equivalence: 'fakedir/../realdir/filename'
|
0/100 |
low-risk
|
|
Expression is Always False
|
0/100 |
low-risk
|
|
Expression is Always True
|
0/100 |
low-risk
|
|
Improper Following of Specification by Caller
|
0/100 |
low-risk
|
|
Assignment of a Fixed Address to a Pointer
|
0/100 |
low-risk
|
|
Attempt to Access Child of a Non-structure Pointer
|
0/100 |
low-risk
|
|
Free of Memory not on the Heap
|
0/100 |
low-risk
|
|
Use of Wrong Operator in String Comparison
|
0/100 |
low-risk
|
|
Use of GET Request Method With Sensitive Query Strings
|
0/100 |
low-risk
|
|
Missing Validation of OpenSSL Certificate
|
0/100 |
low-risk
|
|
J2EE Misconfiguration: Insufficient Session-ID Length
|
0/100 |
low-risk
|
|
Uncaught Exception in Servlet
|
0/100 |
low-risk
|
|
Client-Side Enforcement of Server-Side Security
|
0/100 |
low-risk
|
|
Multiple Binds to the Same Port
|
0/100 |
low-risk
|
|
Unchecked Input for Loop Condition
|
0/100 |
low-risk
|
|
Improper Authorization of Index Containing Sensitive Information
|
0/100 |
low-risk
|
|
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
|
0/100 |
low-risk
|
|
Inclusion of Sensitive Information in Source Code Comments
|
0/100 |
low-risk
|
|
Incomplete Identification of Uploaded File Variables (PHP)
|
0/100 |
low-risk
|
|
Exposed Unsafe ActiveX Method
|
0/100 |
low-risk
|
|
UNIX Hard Link
|
0/100 |
low-risk
|
|
Variable Extraction Error
|
0/100 |
low-risk
|
|
Improper Validation of Function Hook Arguments
|
0/100 |
low-risk
|
|
Unsafe ActiveX Control Marked Safe For Scripting
|
0/100 |
low-risk
|
|
Executable Regular Expression Error
|
0/100 |
low-risk
|
|
Permissive Regular Expression
|
0/100 |
low-risk
|
|
Null Byte Interaction Error (Poison Null Byte)
|
0/100 |
low-risk
|
|
Dynamic Variable Evaluation
|
0/100 |
low-risk
|
|
Windows Shortcut Following (.LNK)
|
0/100 |
low-risk
|
|
Improper Restriction of Names for Files and Other Resources
|
0/100 |
low-risk
|
|
External Control of Critical State Data
|
0/100 |
low-risk
|
|
Improper Neutralization of Data within XPath Expressions ('XPath Injection')
|
0/100 |
low-risk
|
|
Improper Neutralization of HTTP Headers for Scripting Syntax
|
0/100 |
low-risk
|
|
Overly Restrictive Account Lockout Mechanism
|
0/100 |
low-risk
|
|
Reliance on File Name or Extension of Externally-Supplied File
|
0/100 |
low-risk
|
|
Incorrect Use of Privileged APIs
|
0/100 |
low-risk
|
|
Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
|
0/100 |
low-risk
|
|
Windows Hard Link
|
0/100 |
low-risk
|
|
Trusting HTTP Permission Methods on the Server Side
|
0/100 |
low-risk
|
|
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
|
0/100 |
low-risk
|
|
Reliance on a Single Factor in a Security Decision
|
0/100 |
low-risk
|
|
Reliance on Security Through Obscurity
|
0/100 |
low-risk
|
|
Violation of Secure Design Principles
|
0/100 |
low-risk
|
|
Improper Handling of File Names that Identify Virtual Resources
|
0/100 |
low-risk
|
|
Use of a Non-reentrant Function in a Concurrent Context
|
0/100 |
low-risk
|
|
Improper Handling of Windows Device Names
|
0/100 |
low-risk
|
|
Always-Incorrect Control Flow Implementation
|
0/100 |
low-risk
|
|
Lack of Administrator Control over Security
|
0/100 |
low-risk
|
|
External Influence of Sphere Definition
|
0/100 |
low-risk
|
|
Use of Potentially Dangerous Function
|
0/100 |
low-risk
|
|
Function Call With Incorrect Order of Arguments
|
0/100 |
low-risk
|
|
Incorrect Provision of Specified Functionality
|
0/100 |
low-risk
|
|
Function Call With Incorrect Argument Type
|
0/100 |
low-risk
|
|
Function Call With Incorrect Variable or Reference as Argument
|
0/100 |
low-risk
|
|
Permission Race Condition During Resource Copy
|
0/100 |
low-risk
|
|
Improper Handling of Windows ::DATA Alternate Data Stream
|
0/100 |
low-risk
|
|
Unchecked Return Value to NULL Pointer Dereference
|
0/100 |
low-risk
|
|
Insufficient Control Flow Management
|
0/100 |
low-risk
|
|
Incomplete Denylist to Cross-Site Scripting
|
0/100 |
low-risk
|
|
Use of Multiple Resources with Duplicate Identifier
|
0/100 |
low-risk
|
|
Incorrect Behavior Order
|
0/100 |
low-risk
|
|
Incorrect Control Flow Scoping
|
0/100 |
low-risk
|
|
Incorrect Ownership Assignment
|
0/100 |
low-risk
|
|
Improper Adherence to Coding Standards
|
0/100 |
low-risk
|
|
Compiler Optimization Removal or Modification of Security-critical Code
|
0/100 |
low-risk
|
|
Missing Custom Error Page
|
0/100 |
low-risk
|
|
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
|
0/100 |
low-risk
|
|
Use of a One-Way Hash without a Salt
|
0/100 |
low-risk
|
|
Free of Pointer not at Start of Buffer
|
0/100 |
low-risk
|