IntelDataset:test

De HackBBS
Révision datée du 10 septembre 2024 à 00:28 par Korigan (discussion | contributions) (Contenu remplacé par « ./modules/generators/mod_cgid.c:659:  [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead.<nowiki><br /></nowiki> ./modules/md/mod_md_os.c:43:  [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead.<nowiki><br /></nowiki> ./os/unix/unixd.c:265:  [5] (race) chown: This accep... »)
Aller à la navigation Aller à la recherche

./modules/generators/mod_cgid.c:659:  [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead.<br />

./modules/md/mod_md_os.c:43:  [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead.<br />

./os/unix/unixd.c:265:  [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead.<br />

./srclib/apr/file_io/netware/filestat.c:136:  [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead.<br />

./srclib/apr/file_io/unix/filestat.c:179:  [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead.<br />

./srclib/apr/threadproc/win32/proc.c:297:  [5] (misc) SetSecurityDescriptorDacl: Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).<br />

./test/test_find.c:67:  [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.<br />

./test/test_find.c:71:  [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.<br />

./test/test_parser.c:67:  [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.<br />

./include/http_log.h:375:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<br />

./include/http_log.h:417:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<br />

./include/http_log.h:459:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<br />

./include/http_log.h:503:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<br />

./include/http_log.h:552:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<br />

./include/http_protocol.h:527:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<br />

./include/util_filter.h:336:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<br />

./include/util_filter.h:603:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<br />

./modules/aaa/mod_authn_socache.c:276:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<br />

./modules/arch/netware/mod_nw_ssl.c:555:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<br />

./modules/arch/netware/mod_nw_ssl.c:605:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<br />