Page History

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d980518142572ff0-835a8438-4c044bee-af8b93a4-467049c033ea5aff0d8b92d9"><ac:plain-text-body><![CDATA[

[CVE-2010-0886]

[Sun Java Web Start Plugin Command Line Argument Injection

http://www.securitytube.net/video/1465]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1075652e741432f2-1ce18bdf-4c5f40c5-ae2aa8b7-83304b7eae2559f634ce08e3"><ac:plain-text-body><![CDATA[

[CVE-2010-1826]

[Command injection in updateSharingD's handling of Mach RPC messages

http://securitytracker.com/id/1024617]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="43004f3647a16916-a79ac311-4b4746fd-8021a982-4cec54991cd9f211ba824cbc"><ac:plain-text-body><![CDATA[

[T-472]

[Mac OS X Java Command Injection Flaw in updateSharingD Lets Local Users Gain Elevated Privileges

http://www.doecirc.energy.gov/bulletins/t-472.shtml]

]]></ac:plain-text-body></ac:structured-macro>

The CERT C Secure Coding Standard

ENV04-C. Do not call system() if you do not need a command processor

The CERT C++ Secure Coding Standard

ENV04-CPP. Do not call system() if you do not need a command processor

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a58e052a-0714-4c67-97de-5523acc05829"><ac:plain-text-body><![CDATA[

[ISO/IEC TR 24772:2010

http://www.aitcnet.org/isai/]

"Injection [RST]"

]]></ac:plain-text-body></ac:structured-macro>

MITRE CWE

CWE ID 78, "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="90f936f49362df2d-e43f8247-41914986-a59697d0-0c3addef47acf0be4ef70b3b"><ac:plain-text-body><![CDATA[

[[Chess 2007

AA. Bibliography#Chess 07]]

Chapter 5: Handling Input, "Command Injection"]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="43babfe2dc645ee6-cc6271e6-407944ef-bebda634-5e3d17f058b13bb6ac6a743b"><ac:plain-text-body><![CDATA[

[[OWASP 2005

AA. Bibliography#OWASP 05]]

[Reviewing Code for OS Injection

http://www.owasp.org/index.php/Reviewing_Code_for_OS_Injection]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4f7ce33873d2782d-f86eb8d0-4e294451-81f7aca0-e9952e0387750c446a329515"><ac:plain-text-body><![CDATA[

[[Permissions 2008

AA. Bibliography#Permissions 08]]

[Permissions in the Java™ SE 6 Development Kit (JDK)

http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html], Sun Microsystems, Inc. (2008)

]]></ac:plain-text-body></ac:structured-macro>