SQL injection is a type of vulnerabilities in database access code that allows attackers to execute unauthorized queries on the database. SQL Injection vulnerabilities are caused by concatenating data...
XQuery injection vulnerabilities occur when untrusted data is concatenated into XQuery queries, which allows the attacker to execute arbitrary queries. XQuery injection vulnerabilities are similar to...
XPath injection is a type of vulnerability that allows attackers to execute arbitrary queries on XML databases. XPath injection vulnerabilities are similar to SQL injection vulnerabilities, but they a...
Information Exposure Through an Error Message
Information exposure through an error message occurs when an error message discloses sensitive information that might help an attacker. Typical examples include disclosing whether a username is valid...
Using Components with Known Vulnerabilities
“Using components with known vulnerabilities” refers to an application that uses third-party code that contains known vulnerabilities. The result is that the vulnerabilities in the third-party code be...
Fingerprinting is a broad term that describes searching for telltale signs that a specific application or system component is running on a given system. These telltale signs are called fingerprints. T...
Weak Cryptographic Hash
A weak cryptographic hash vulnerability occurs when the application uses a hashing algorithm that is considered to be less resistant to attack than the currently recommended algorithms, and/or the cho...