25-03 Vulnerability
# What is a vulnerability?
a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application
# Vulnerability Examples
| Allowing Domains or Accounts to Expire | Insecure Temporary File | Privacy Violation |
| Buffer Overflow | Insecure Third Party Domain Access | Process Control |
| Business logic vulnerability | Insecure Transport | Return Inside Finally Block |
| CRLF Injection | Insufficient Entropy | Session Variable Overloading |
| CSV Injection | Insufficient Session-ID Length | String Termination Error |
| Catch NullPointerException | Least Privilege Violation | Unchecked Error Condition |
| Covert storage channel | Memory leak | Unchecked Return Value Missing Check against Null |
| Deserialization of untrusted data | Missing Error Handling | Undefined Behavior |
| Directory Restriction Error | Missing XML Validation | Unreleased Resource |
| Doubly freeing memory | Multiple admin levels | Unrestricted File Upload |
| Empty String Password | Null Dereference | Unsafe JNI |
| Expression Language Injection | OWASP .NET Vulnerability Research | Unsafe Mobile Code |
| Full Trust CLR Verification issue | Overly Permissive Regular Expression | Unsafe function call from a signal handler |
| Heartbleed Bug | PHP File Inclusion | Unsafe use of Reflection |
| Improper Data Validation | PHP Object Injection | Use of Obsolete Methods |
| Improper pointer subtraction | PRNG Seed Error | Use of hard-coded password |
| Information exposure through query strings | Password Management Hardcoded Password | Using a broken or risky cryptographic algorithm |
| Injection problem | Password Plaintext Storage | Using freed memory |
| Insecure Compiler Optimization | Poor Logging Practice | Vulnerability template |
| Insecure Randomness | Portability Flaw | XML External Entity (XXE) Processing |