Using 2FA phone numbers for targeted advertising. One of the dumbest ways ever for a company to abuse its users’ trust. Take a bow, Twitter. And have a $150 million fine too.
Twitter has been fined $150 million for using phone numbers submitted by users to boost their security... for targeted advertising. Read More
CWE-99 – Improper Control of Resource Identifiers (‘Resource Injection’)
Description The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an...
CWE-98 – Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
Description The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require,"...
CWE-97 – Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
Description The software generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI)...
CWE-96 – Improper Neutralization of Directives in Statically Saved Code (‘Static Code Injection’)
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an...
CWE-95 – Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’)
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a...
CWE-943 – Improper Neutralization of Special Elements in Data Query Logic
Description The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize...
CWE-942 – Permissive Cross-domain Policy with Untrusted Domains
Description The software uses a cross-domain policy file that includes domains that should not be trusted. Modes of Introduction: - Implementation Likelihood of Exploit: ...
CWE-941 – Incorrectly Specified Destination in a Communication Channel
Description The software creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for...
CWE-940 – Improper Verification of Source of a Communication Channel
Description The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify...