These occur when a developer does not properly validate user input to ensure it’s size actually has space. This can lead to overflows, which can affect other data stored on the computers memory.
Example: Webform that ties its input to a backend variable that allows 8 characters and the form does not validate the input is smaller or size 8. Now the data that “overflows” could overwrite other data and could allow an attacker to execute commands.
This is a timing vulnerability that occurs right after the programmer checks if a program has access too early. In the time between the authorization and the execution of the authorized commands an attacker could try to sneak in additional commands.
Is a hidden access in the code, which allows an attacker to access the system. It can be an undocumented command sequence or could have been created by software developers to speed up work flows.
Stuxnet had a backdoor that enabled attacker access to the facility.
Is an attack that occurs when a hacker tries to gain administrative powers, by for example using a Rootkit. Rootkits exploit known vulnerabilities in various operating systems to provide hackers with authorization for root or administrator level commands.
Such an attack occurs when a web application performs reflection on its code.
Found in: