...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7fbbfb0cd41387e9-6cb7586a-47ab4ec4-ac1589e2-f580f4ddc096ab1d71f3aea2"><ac:plain-text-body><![CDATA[ | [CVE-2010-0886] | [Sun Java Web Start Plugin Command Line Argument Injection | http://www.securitytube.net/video/1465] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6f87bc9b20885329-01bc42d3-4ef94277-92e88121-db981ca5334a2868ad41d323"><ac:plain-text-body><![CDATA[ | [CVE-2010-1826] | [Command injection in updateSharingD's handling of Mach RPC messages | http://securitytracker.com/id/1024617] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="59a78bdd394fb781-3e8c8817-40e0489b-bd5bbbf4-871479a7ee76d82ca9391605"><ac:plain-text-body><![CDATA[ | [T-472] | [Mac OS X Java Command Injection Flaw in updateSharingD Lets Local Users Gain Elevated Privileges | http://www.doecirc.energy.gov/bulletins/t-472.shtml] | ]]></ac:plain-text-body></ac:structured-macro> |
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
ENV04-C. Do not call system() if you do not need a command processor | |||||
ENV04-CPP. Do not call system() if you do not need a command processor | |||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c6c1fb8aaa4c2b8c-04c2b973-48c24c45-89db912c-12b10485df44cf48ae0ba273"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 78 | http://cwe.mitre.org/data/definitions/78.html] "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" | ]]></ac:plain-text-body></ac:structured-macro> |
...
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ffb3662fa4145f5a-8fb6d32d-460444bf-b11dae27-3cf333e983b1ffe1a6a24e78"><ac:plain-text-body><![CDATA[ | [[Chess 2007 | AA. Bibliography#Chess 07]] | Chapter 5: Handling Input, "Command Injection"]]></ac:plain-text-body></ac:structured-macro> | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="18d4c55da5219324-688f7b44-42ed4a27-9ca18f89-5b27fc1bb7ba2ac68a94ccf7"><ac:plain-text-body><![CDATA[ | [[OWASP 2005 | AA. Bibliography#OWASP 05]] | [Reviewing Code for OS Injection | http://www.owasp.org/index.php/Reviewing_Code_for_OS_Injection] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2d0fd7d0b0cfec20-03aa1b34-472044e2-be2f96f9-c9c6bc192bd30076209a0556"><ac:plain-text-body><![CDATA[ | [[Permissions 2008 | AA. Bibliography#Permissions 08]] | [Permissions in the Java™ SE 6 Development Kit (JDK) | http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html], Sun Microsystems, Inc. (2008) | ]]></ac:plain-text-body></ac:structured-macro> |
...