Page History

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0b045aeb1d11814f-8d93165f-48384049-bfaabc36-6b81e1469e83037cb98f4ae8"><ac:plain-text-body><![CDATA[

[CVE-2010-0886]

[Sun Java Web Start Plugin Command Line Argument Injection

http://www.securitytube.net/video/1465]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="52ee4867f9841bcb-38504572-45be493e-bf5cb649-f83fde4ab38bb5b097575df8"><ac:plain-text-body><![CDATA[

[CVE-2010-1826]

[Command injection in updateSharingD's handling of Mach RPC messages

http://securitytracker.com/id/1024617]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5e5b7470ef9590ad-58a89ef9-41474209-b963baa1-e805ff5657984605bc4fae34"><ac:plain-text-body><![CDATA[

[T-472]

[Mac OS X Java Command Injection Flaw in updateSharingD lets local users gain elevated privileges

http://www.doecirc.energy.gov/bulletins/t-472.shtml]

]]></ac:plain-text-body></ac:structured-macro>

The CERT C Secure Coding Standard

ENV03-C. Sanitize the environment when invoking external programs

ENV04-C. Do not call system() if you do not need a command processor

The CERT C++ Secure Coding Standard

ENV03-CPP. Sanitize the environment when invoking external programs

ENV04-CPP. Do not call system() if you do not need a command processor

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a4a3c2cd3719658a-ed914207-420741fd-a32d8826-b92aca5ba5cd4dc86a532a3f"><ac:plain-text-body><![CDATA[

[ISO/IEC TR 24772:2010

http://www.aitcnet.org/isai/]

Injection [RST]

]]></ac:plain-text-body></ac:structured-macro>

MITRE CWE

CWE-78. Improper neutralization of special elements used in an OS command ("OS command injection")

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="21ad4d138b313036-25ecae23-43584ee0-8eb6bcf3-ab8454606665a83c2de74ff9"><ac:plain-text-body><![CDATA[

[[Chess 2007

AA. Bibliography#Chess References#Chess 07]]

Chapter 5, Handling Input, "Command Injection"]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5ffd91d257c233f5-f3a5efd8-4cb14a73-aff8b108-a74184b21617b7f44f06ce18"><ac:plain-text-body><![CDATA[

[[OWASP 2005

AA. Bibliography#OWASP References#OWASP 05]]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ab07a2fb2ab666fb-d1fd07b7-485c44f9-aacfabf4-eb8507fb9729f88b0e68df80"><ac:plain-text-body><![CDATA[

[[Permissions 2008

AA. Bibliography#Permissions References#Permissions 08]]

]]></ac:plain-text-body></ac:structured-macro>