Difference between revisions of "ASDR TOC Vulnerabilities"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
Back to [[ASDR_Table_of_Contents|TOC]]
 
Back to [[ASDR_Table_of_Contents|TOC]]
  
*# [[Access control enforced by presentation layer]]
+
# [[Access control enforced by presentation layer]]
*# [[Accidental leaking of sensitive information through data queries]]
+
# [[Accidental leaking of sensitive information through data queries]]
*# [[Accidental leaking of sensitive information through error messages]]
+
# [[Accidental leaking of sensitive information through error messages]]
* 4 [[Accidental leaking of sensitive information through sent data]]
+
# [[Accidental leaking of sensitive information through sent data]]
* 5 [[Addition of data-structure sentinel]]
+
# [[Addition of data-structure sentinel]]
* 6 [[Algorithmic Complexity]]
+
# [[Algorithmic Complexity]]
* 7 [[Allowing External Setting Manipulation]]
+
# [[Allowing External Setting Manipulation]]
* 8 [[Allowing password aging]]
+
# [[Allowing password aging]]
* 9 [[Alternate Channel Race Condition]]
+
# [[Alternate Channel Race Condition]]
* 10 [[Alternate Encoding]]
+
# [[Alternate Encoding]]
* 11 [[ASP.NET Misconfiguration: Creating Debug Binary]]
+
# [[ASP.NET Misconfiguration: Creating Debug Binary]]
* 12 [[ASP.NET Misconfiguration: Missing Custom Error Handling]]
+
# [[ASP.NET Misconfiguration: Missing Custom Error Handling]]
* 13 [[ASP.NET Misconfiguration: Password in Configuration File]]
+
# [[ASP.NET Misconfiguration: Password in Configuration File]]
* 14 [[Assigning instead of comparing]]
+
# [[Assigning instead of comparing]]
* 15 [[Authentication bypass by alternate name]]
+
# [[Authentication bypass by alternate name]]
* 16 [[Authentication Bypass by Alternate Path/Channel]]
+
# [[Authentication Bypass by Alternate Path/Channel]]
* 17 [[Authentication Bypass by Primary Weakness]]
+
# [[Authentication Bypass by Primary Weakness]]
* 18 [[Authentication bypass by spoofing]]
+
# [[Authentication bypass by spoofing]]
* 19 [[Authentication Bypass via Assumed-Immutable Data]]
+
# [[Authentication Bypass via Assumed-Immutable Data]]
* 20 [[Authentication Error]]
+
# [[Authentication Error]]
* 21 [[Authentication Logic Error]]
+
# [[Authentication Logic Error]]
* 22 [[Behavioral Change]]
+
# [[Behavioral Change]]
* 23 [[Behavioral Discrepancy Infoleak]]
+
# [[Behavioral Discrepancy Infoleak]]
* 24 [[Behavioral problems]]
+
# [[Behavioral problems]]
* 25 [[Buffer overflow]]
+
# [[Buffer Overflow]]
* 26 [[Buffer Overflow]]
+
# [[Buffer over-read]]
* 27 [[Buffer over-read]]
+
# [[Buffer under-read]]
* 28 [[Buffer under-read]]
+
# [[Buffer underwrite]]
* 29 [[Buffer underwrite]]
+
# [[Bundling Issues]]
* 30 [[Bundling Issues]]
+
# [[Byte/Object Code]]
* 31 [[Byte/Object Code]]
+
#[[Capture-replay]]
* 32 [[Capture-replay]]
+
# [[Case Sensitivity (lowercase, uppercase, mixed case)]]
* 33 [[Case Sensitivity (lowercase, uppercase, mixed case)]]
+
# [[Catch NullPointerException]]
* 34 [[Catch NullPointerException]]
+
# [[Channel and Path Errors]]
* 35 [[Channel and Path Errors]]
+
# [[Cleansing, Canonicalization, and Comparison Errors]]
* 36 [[Cleansing, Canonicalization, and Comparison Errors]]
+
# [[Code Correctness: Call to System.gc()]]
* 37 [[Code Correctness: Call to System.gc()]]
+
# [[Code Correctness: Call to Thread.run()]]
* 38 [[Code Correctness: Call to Thread.run()]]
+
# [[Code Correctness: Class Does Not Implement Cloneable]]
* 39 [[Code Correctness: Class Does Not Implement Cloneable]]
+
# [[Code Correctness: Double-Checked Locking]]
* 40 [[Code Correctness: Double-Checked Locking]]
+
# [[Code Correctness: Erroneous finalize() Method]]
* 41 [[Code Correctness: Erroneous finalize() Method]]
+
# [[Code Correctness: Erroneous String Compare]]
* 42 [[Code Correctness: Erroneous String Compare]]
+
# [[Code Correctness: Misspelled Method Name]]
* 43 [[Code Correctness: Misspelled Method Name]]
+
# [[Code Correctness: null Argument to equals()]]
* 44 [[Code Correctness: null Argument to equals()]]
+
# [[Collapse of Data into Unsafe Value]]
* 45 [[Collapse of Data into Unsafe Value]]
+
# [[Common Special Element Manipulations]]
* 46 [[Common Special Element Manipulations]]
+
# [[Comparing classes by name]]
* 47 [[Comparing classes by name]]
+
# [[Comparing instead of assigning]]
* 48 [[Comparing instead of assigning]]
+
# [[Comprehensive list of Threats to Authentication Procedures and Data]]
* 49 [[Comprehensive list of Threats to Authentication Procedures and Data]]
+
# [[Context Switching Race Condition]]
* 50 [[Context Switching Race Condition]]
+
# [[Covert timing channel]]
* 51 [[Covert timing channel]]
+
# [[CRLF Injection]]
* 52 [[CRLF Injection]]
+
# [[Cross Site Scripting]]
* 53 [[Cross Site Scripting]]
+
# [[Cross-Boundary Cleansing Infoleak]]
* 54 [[Cross-Boundary Cleansing Infoleak]]
+
# [[Dangerous Function]]
* 55 [[Dangerous Function]]
+
# [[Dangerous handler not cleared/disabled during sensitive operations]]
* 56 [[Dangerous handler not cleared/disabled during sensitive operations]]
+
# [[Data Amplification]]
* 57 [[Data Amplification]]
+
# [[Data Leaking Between Users]]
* 58 [[Data Leaking Between Users]]
+
# [[Data Structure Issues]]
* 59 [[Data Structure Issues]]
+
# [[Dead Code: Broken Override]]
* 60 [[Dead Code: Broken Override]]
+
# [[Dead Code: Expression is Always False]]
* 61 [[Dead Code: Expression is Always False]]
+
# [[Dead Code: Expression is Always True]]
* 62 [[Dead Code: Expression is Always True]]
+
# [[Dead Code: Unused Field]]
* 63 [[Dead Code: Unused Field]]
+
# [[Dead Code: Unused Method]]
* 64 [[Dead Code: Unused Method]]
+
# [[Deletion of data-structure sentinel]]
* 65 [[Deletion of data-structure sentinel]]
+
# [[Delimiter between Expressions or Commands]]
* 66 [[Delimiter between Expressions or Commands]]
+
# [[Delimiter Problems]]
* 67 [[Delimiter Problems]]
+
# [[Deserialization of untrusted data]]
* 68 [[Deserialization of untrusted data]]
+
# [[Directory Restriction Error]]
* 69 [[Directory Restriction Error]]
+
# [[Discrepancy Information Leaks]]
* 70 [[Discrepancy Information Leaks]]
+
# [[Double Free]]
* 71 [[Double Free]]
+
# [[Doubled character XSS manipulations]]
* 72 [[Doubled character XSS manipulations]]
+
# [[Doubly freeing memory]]
* 73 [[Doubly freeing memory]]
+
# [[Duplicate key in associative list (alist)]]
* 74 [[Duplicate key in associative list (alist)]]
+
# [[Early Amplification]]
* 75 [[Early Amplification]]
+
# [[EJB Bad Practices: Use of AWT/Swing]]
* 76 [[EJB Bad Practices: Use of AWT/Swing]]
+
 
* 77 [[EJB Bad Practices: Use of Class Loader]]
 
* 77 [[EJB Bad Practices: Use of Class Loader]]
 
* 78 [[EJB Bad Practices: Use of java.io]]
 
* 78 [[EJB Bad Practices: Use of java.io]]

Revision as of 07:22, 5 September 2008

Back to TOC

  1. Access control enforced by presentation layer
  2. Accidental leaking of sensitive information through data queries
  3. Accidental leaking of sensitive information through error messages
  4. Accidental leaking of sensitive information through sent data
  5. Addition of data-structure sentinel
  6. Algorithmic Complexity
  7. Allowing External Setting Manipulation
  8. Allowing password aging
  9. Alternate Channel Race Condition
  10. Alternate Encoding
  11. ASP.NET Misconfiguration: Creating Debug Binary
  12. ASP.NET Misconfiguration: Missing Custom Error Handling
  13. ASP.NET Misconfiguration: Password in Configuration File
  14. Assigning instead of comparing
  15. Authentication bypass by alternate name
  16. Authentication Bypass by Alternate Path/Channel
  17. Authentication Bypass by Primary Weakness
  18. Authentication bypass by spoofing
  19. Authentication Bypass via Assumed-Immutable Data
  20. Authentication Error
  21. Authentication Logic Error
  22. Behavioral Change
  23. Behavioral Discrepancy Infoleak
  24. Behavioral problems
  25. Buffer Overflow
  26. Buffer over-read
  27. Buffer under-read
  28. Buffer underwrite
  29. Bundling Issues
  30. Byte/Object Code
  31. Capture-replay
  32. Case Sensitivity (lowercase, uppercase, mixed case)
  33. Catch NullPointerException
  34. Channel and Path Errors
  35. Cleansing, Canonicalization, and Comparison Errors
  36. Code Correctness: Call to System.gc()
  37. Code Correctness: Call to Thread.run()
  38. Code Correctness: Class Does Not Implement Cloneable
  39. Code Correctness: Double-Checked Locking
  40. Code Correctness: Erroneous finalize() Method
  41. Code Correctness: Erroneous String Compare
  42. Code Correctness: Misspelled Method Name
  43. Code Correctness: null Argument to equals()
  44. Collapse of Data into Unsafe Value
  45. Common Special Element Manipulations
  46. Comparing classes by name
  47. Comparing instead of assigning
  48. Comprehensive list of Threats to Authentication Procedures and Data
  49. Context Switching Race Condition
  50. Covert timing channel
  51. CRLF Injection
  52. Cross Site Scripting
  53. Cross-Boundary Cleansing Infoleak
  54. Dangerous Function
  55. Dangerous handler not cleared/disabled during sensitive operations
  56. Data Amplification
  57. Data Leaking Between Users
  58. Data Structure Issues
  59. Dead Code: Broken Override
  60. Dead Code: Expression is Always False
  61. Dead Code: Expression is Always True
  62. Dead Code: Unused Field
  63. Dead Code: Unused Method
  64. Deletion of data-structure sentinel
  65. Delimiter between Expressions or Commands
  66. Delimiter Problems
  67. Deserialization of untrusted data
  68. Directory Restriction Error
  69. Discrepancy Information Leaks
  70. Double Free
  71. Doubled character XSS manipulations
  72. Doubly freeing memory
  73. Duplicate key in associative list (alist)
  74. Early Amplification
  75. EJB Bad Practices: Use of AWT/Swing

Back to TOC