...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b8dc9b6019f12816-23b0c681-4e2745c0-b5b89e9d-e958a1fd3ccecddd88459309"><ac:plain-text-body><![CDATA[ | [CVE-2010-0886] | [Sun Java Web Start Plugin Command Line Argument Injection | http://www.securitytube.net/video/1465] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1b351a775ce9fce1-18827351-4dfd4e35-9fdb950b-9dc51bae50aa670fc87ccbbf"><ac:plain-text-body><![CDATA[ | [CVE-2010-1826] | [Command injection in updateSharingD's handling of Mach RPC messages | http://securitytracker.com/id/1024617] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9d8ba658e4f84424-1985a7d3-4a404b24-bff59582-093c8d62113861232de6f0c7"><ac:plain-text-body><![CDATA[ | [T-472] | [Mac OS X Java Command Injection Flaw in updateSharingD Lets Local Users Gain Elevated Privileges | http://www.doecirc.energy.gov/bulletins/t-472.shtml] | ]]></ac:plain-text-body></ac:structured-macro> |
...
ENV03-C. Sanitize the environment when invoking external programs | ||||
| ENV04-C. Do not call system() if you do not need a command processor | |||
ENV03-CPP. Sanitize the environment when invoking external programs | ||||
| ENV04-CPP. Do not call system() if you do not need a command processor | |||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="cfd2c9fad4d3d079-9006520d-4e784ee2-bb948288-0544d8ae0d5c359369f636e1"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | "Injection [RST]" | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-78, "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e648e2992fa24e68-2672ddb6-41e647c1-8f2480ee-ff47d57ea244154546d45b90"><ac:plain-text-body><![CDATA[ | [[Chess 2007 | AA. Bibliography#Chess 07]] | Chapter 5: Handling Input, "Command Injection"]]></ac:plain-text-body></ac:structured-macro> | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="676712bf89f79b03-63dc4412-4a164965-8b36a7fd-21df2fa03433078b87d97e8c"><ac:plain-text-body><![CDATA[ | [[OWASP 2005 | AA. Bibliography#OWASP 05]] | [Reviewing Code for OS Injection | http://www.owasp.org/index.php/Reviewing_Code_for_OS_Injection] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a65adb800b35fcd6-619c9c42-4eeb4138-943295cc-5329f04f21f2c3df7ed63166"><ac:plain-text-body><![CDATA[ | [[Permissions 2008 | AA. Bibliography#Permissions 08]] | [Permissions in the Java™ SE 6 Development Kit (JDK) | http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html], Sun Microsystems, Inc. (2008) | ]]></ac:plain-text-body></ac:structured-macro> |
...
IDS05IDS06-J. Use a subset of ASCII for file and path namesExclude user input from format strings IDS08-J. Sanitize untrusted data passed to a regex