CWE-623 – Unsafe ActiveX Control Marked Safe For Scripting
Description An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting. This might allow attackers to use dangerous functionality via...
CWE-622 – Improper Validation of Function Hook Arguments
Description The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities. Such hooks...
CWE-621 – Variable Extraction Error
Description The product uses external input to determine the names of variables into which information is extracted, without verifying that the names of the specified...
CWE-620 – Unverified Password Change
Description When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication....
CWE-62 – UNIX Hard Link
Description The software, when opening a file or directory, does not sufficiently account for when the name is associated with a hard link to a...
CWE-619 – Dangling Database Cursor (‘Cursor Injection’)
Description If a database cursor is not closed properly, then it could become accessible to other users while retaining the same privileges that were originally...
CWE-618 – Exposed Unsafe ActiveX Method
Description An ActiveX control is intended for use in a web browser, but it exposes dangerous methods that perform actions that are outside of the...
CWE-617 – Reachable Assertion
Description The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior...
CWE-616 – Incomplete Identification of Uploaded File Variables (PHP)
Description The PHP application uses an old method for processing uploaded files by referencing the four global variables that are set for each file (e.g....
CWE-615 – Inclusion of Sensitive Information in Source Code Comments
Description While adding general comments is very useful, some programmers tend to leave important data, such as: filenames related to the web application, old links...
