Search
Weaknesses
| CWE | Weakness | Actions |
|---|---|---|
| CWE-349 |
Acceptance of Extraneous Untrusted Data With Trusted Data
The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted. |
|
| CWE-36 |
Absolute Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory. |
|
| CWE-556 |
ASP.NET Misconfiguration: Use of Identity Impersonation
Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges. |
|
| CWE-13 |
ASP.NET Misconfiguration: Password in Configuration File
Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers. |
|
| CWE-554 |
ASP.NET Misconfiguration: Not Using Input Validation Framework
The ASP.NET application does not use an input validation framework. |
|
| CWE-12 |
ASP.NET Misconfiguration: Missing Custom Error Page
An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses. |
|
| CWE-1174 |
ASP.NET Misconfiguration: Improper Model Validation
The ASP.NET application does not use, or incorrectly uses, the model validation framework. |
|
| CWE-11 |
ASP.NET Misconfiguration: Creating Debug Binary
Debugging messages help attackers learn about the system and plan a form of attack. |
|
| CWE-520 |
.NET Misconfiguration: Use of Impersonation
Allowing a .NET application to run at potentially escalated levels of access to the underlying operating and file systems can be dangerous and result in various forms of attacks. |
|
| CWE-1142 |
No name
No description available. |
|
| CWE-872 |
No name
No description available. |
|
| CWE-736 |
No name
No description available. |
|
| CWE-1028 |
No name
No description available. |
|
| CWE-1184 |
No name
No description available. |
|
| CWE-1140 |
No name
No description available. |
|
| CWE-1015 |
No name
No description available. |
|
| CWE-729 |
No name
No description available. |
|
| CWE-1145 |
No name
No description available. |
|
| CWE-861 |
No name
No description available. |
|
| CWE-711 |
No name
No description available. |