logo

Database

Elixir fixes

002 Asymmetric Denial of Service003 Symmetric Denial of Service004 Remote Command Execution Vulnerability005 Privilege Escalation Vulnerability006 Authentication Mechanism Absence or Evasion Vulnerability007 Cross-Site Request Forgery008 Reflected Cross-Site Scripting (XSS)009 Sensitive Information in Source Code010 Stored Cross-Site Scripting (XSS)011 Use of Software with Known Vulnerabilities013 Insecure Object Reference014 Insecure Functionality015 Insecure Authentication Method - Basic016 Insecure Encryption Algorithm - SSL/TLS017 Sensitive Information Sent Insecurely019 Administrative Credentials Stored in Cache Memory020 Non-encrypted Confidential Information021 XPath Injection Vulnerability022 Use of an Insecure Channel023 Uncontrolled External Site Redirect - Host Header Injection026 User Enumeration Vulnerability027 Insecure File Upload028 Insecure Temporary Files029 Inadequate File Size Control030 Sensitive Information Sent Via URL Parameters033 Password change without identity check034 Insecure Generation of Random Numbers037 Technical Information Leak038 Business Information Leak039 Improper Authorization Control for Web Services041 Enabled Default Credentials042 Insecurely Generated Cookies043 Insecure or unset HTTP headers - Content-Security-Policy044 Insecure HTTP methods enabled050 Guessed Weak Credentials051 Cracked Weak Credentials052 Insecure Encryption Algorithm053 Lack of Protection Against Brute Force Attacks057 Asymmetric denial of service - Content length059 Sensitive Information Stored in Logs061 Remote File Inclusion062 Concurrent sessions063 Lack of data validation - Path Traversal064 Traceability Loss - Server's Clock066 Technical Information Leak - Console Functions067 Improper Resource Allocation068 Insecure session expiration time071 Insecure or unset HTTP headers - Referrer-Policy076 Insecure session management078 Insecurely Generated Token079 Non-upgradable Dependencies080 Business Information Leak - Customers or Providers083 XML injection (XXE)087 Account Lockout089 Lack of data validation - Trust boundary violation090 CSV injection091 Log Injection092 Insecure Encryption Algorithm - Anonymous Cipher Suites093 Hidden Fields Manipulation094 Insecure Encryption Algorithm - Cipher Block Chaining095 Data Uniqueness Not Properly Verified096 Insecure Deserialization098 External Control of File Name or Path100 Server-side Request Forgery (SSRF)102 Email Uniqueness Not Properly Verified106 NoSQL Injection107 LDAP Injection108 Improper Control of Interaction Frequency113 Improper Type Assignation115 Security Controls Bypass or Absence119 Metadata with Sensitive Information120 Improper Dependency Pinning121 HTTP Parameter Pollution122 Email Flooding123 Local File Inclusion124 Race Condition125 Directory Listing127 Lack of data validation - Type confusion128 Insecurely generated cookies - HttpOnly129 Insecurely generated cookies - SameSite130 Insecurely generated cookies - Secure131 Insecure or unset HTTP headers - Strict Transport Security132 Insecure or unset HTTP headers - X-Content-Type-Options134 Insecure or unset HTTP headers - CORS135 Insecure or unset HTTP headers - X-XSS Protection136 Insecure or unset HTTP headers - Cache Control137 Insecure or unset HTTP headers - X-Permitted-Cross-Domain-Policies141 Lack of Data Validation - URL142 Sensitive information in source code - API Key145 Inappropriate coding practices - Cyclomatic complexity146 SQL Injection148 Use of Insecure Channel - FTP in Applications149 Use of Insecure SMTP Channel152 Insecure or unset HTTP headers - X-Frame Options153 Insecure or unset HTTP headers - Accept154 Time-based SQL Injection155 SQL Injection via Headers156 Uncontrolled External Site Redirect159 Excessive Privileges in Applications160 Excessive Privileges in Temporary Files in Applications183 Debugging Enabled in Production184 Lack of Data Validation185 Lack of data validation - Header x-amzn-RequestId186 Lack of data validation - Web Service187 Lack of data validation - Source Code189 Lack of data validation - Content Spoofing190 Lack of data validation - Session Cookie191 Lack of data validation - Responses192 Lack of Data Validation - Reflected Parameters193 Lack of Data Validation - Host Header Injection194 Lack of Data Validation - Input Length195 Lack of Data Validation - Headers196 Lack of Data Validation - Dates197 Lack of Data Validation - Numbers198 Lack of Data Validation - Out of Range199 Lack of Data Validation - Emails200 Traceability Loss201 Unauthorized access to files204 Insufficient data authenticity validation211 Asymmetric Denial of Service - ReDoS213 Business Information Leak - JWT214 Business Information Leak - Credentials217 Business Information Leak - Credit Cards220 Business Information Leak - Token221 Business Information Leak - Users222 Business Information Leak - DB226 Business Information Leak - Personal Information228 Business Information Leak - Analytics231 Message Flooding235 Technical Information Leak - Headers238 Technical Information Leak - API239 Technical Information Leak - Errors240 Authentication Mechanism Absence or Evasion - OTP245 Non-encrypted Confidential Information - Credit Cards246 Non-encrypted Confidential Information - Database248 Non-encrypted Confidential Information - LDAP249 Non-encrypted Confidential Information - Credentials254 Automatic Information Enumeration - Credit Cards261 Insecure Encryption Algorithm - DSA262 Insecure Encryption Algorithm - SHA1263 Insecure Encryption Algorithm - MD5264 Insecure Encryption Algorithm - TripleDES265 Insecure Encryption Algorithm - AES270 Unauthorized File Creation271 Insecure functionality - Password management272 Insecure functionality - Masking273 Insecure functionality - Fingerprint274 Restricted Fields Manipulation276 Sensitive Information Sent Via URL Parameters - Session280 Session Fixation282 Insecure encryption algorithm - ECB283 Automatic information enumeration - Personal Information284 Non-encrypted confidential information - Base 64286 Insecure object reference - Personal information287 Insecure object reference - Corporate information288 Insecure Object Reference in Credit Card Inquiry290 Technical information leak - IPs291 Business information leak - Financial Information295 Insecure Session Management After Password Change296 Weak credential policy - Password Change Limit297 SQL Injection - Code298 Authentication Mechanism Absence or Evasion - Redirect301 Concurrent Sessions Control Bypass302 Insecure Functionality - Session Management305 Security Controls Bypass or Absence - Data Creation306 Insecure Object Reference - Files307 Insecure Object Reference - Data309 Insecurely Generated Token - JWT317 Improper Resource Allocation - Memory Leak318 Insecurely Generated Token - Validation321 Lack of data validation - HTML code322 Insecurely Generated Token - Lifespan324 Insecure Functionality - User Management328 Insecure Object Reference - Session Management329 Insecure or Unset HTTP Headers - Content-Type330 Lack of protection against brute force attacks - Credentials332 Use of insecure channel - Source code337 Insecure Session Management - CSRF Fixation340 Lack of data validation - Special Characters341 Lack of data validation - OTP345 Security Controls Bypass or Absence - Session Invalidation353 Lack of data validation - Token354 Insecure file upload - Files Limit355 Insufficient data authenticity validation - Checksum verification362 Technical information leak - Content response363 Weak credential policy - Password strength364 Weak credential policy - Temporary passwords369 Insecure object reference - User deletion372 Use of an insecure channel - HTTP378 Non-encrypted confidential information - Hexadecimal383 Insecurely generated token - OTP395 Insecure generation of random numbers - Static IV397 Insecure authentication method - LDAP404 OS Command Injection417 Account Takeover420 Password Reset Poisoning421 Insecure encryption algorithm - Insecure Elliptic Curve