...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5de4b95f979a1011-b1119976-4f9948a8-b53d842b-e92f42ac5077681f3fade07e"><ac:plain-text-body><![CDATA[ | [CVE-2010-0886] | [Sun Java Web Start Plugin Command Line Argument Injection | http://www.securitytube.net/video/1465] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f4fdfc9c01a854c3-1b1461fb-4c804b6d-b046ac7b-a407469a874c6ed8cfddf94c"><ac:plain-text-body><![CDATA[ | [CVE-2010-1826] | [Command injection in updateSharingD's handling of Mach RPC messages | http://securitytracker.com/id/1024617] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="538181132d9d3453-b294ec74-4eb04fe7-b3ccab94-f7eec46e165ae3d361f6105e"><ac:plain-text-body><![CDATA[ | [T-472] | [Mac OS X Java Command Injection Flaw in updateSharingD Lets Local Users Gain Elevated Privileges | http://www.doecirc.energy.gov/bulletins/t-472.shtml] | ]]></ac:plain-text-body></ac:structured-macro> |
...
ENV04-C. Do not call system() if you do not need a command processor | |||||
ENV04-CPP. Do not call system() if you do not need a command processor | |||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2018c8a27e7f4dd3-ac43fd86-45a14aea-b7d1bd2f-aa1423e3f84e95302591c8b7"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 78 | http://cwe.mitre.org/data/definitions/78.html] "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" | ]]></ac:plain-text-body></ac:structured-macro> |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ae5062819253fe85-be781417-41554f4f-868296e6-d6e2f51848b0f20dfbc443cc"><ac:plain-text-body><![CDATA[ | [[Chess 2007 | AA. Bibliography#Chess 07]] | Chapter 5: Handling Input, "Command Injection"]]></ac:plain-text-body></ac:structured-macro> | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4466ce873545dfae-3e09ee9f-40e44c3b-a4ec9fa4-2b0ed474d97ebd806075ffeb"><ac:plain-text-body><![CDATA[ | [[OWASP 2005 | AA. Bibliography#OWASP 05]] | [Reviewing Code for OS Injection | http://www.owasp.org/index.php/Reviewing_Code_for_OS_Injection] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="90cff019b9473951-46e97858-43e640c0-9033a523-b1793bb9034633eb82871053"><ac:plain-text-body><![CDATA[ | [[Permissions 2008 | AA. Bibliography#Permissions 08]] | [Permissions in the Java™ SE 6 Development Kit (JDK) | http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html], Sun Microsystems, Inc. (2008) | ]]></ac:plain-text-body></ac:structured-macro> |
...
IDS06-J. Use a subset of ASCII for file and path names IDS08-J. Sanitize untrusted data passed to a regex