IntelDatasetRejected:test

De HackBBS
Révision datée du 10 septembre 2024 à 20:08 par HackBBS (discussion | contributions)
(diff) ← Version précédente | Voir la version actuelle (diff) | Version suivante → (diff)
Aller à la navigation Aller à la recherche

[

   {

       "description": "./pcap_sniffer.c:55:  [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings.",

       "comment": "ko"

   },

   {

       "description": "./pcap_sniffer.c:59:  [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings.",

       "comment": "koko"

   },

   {

       "description": "./pcap_sniffer.c:47:  [1] (buffer) strncpy: Easily used incorrectly; doesn't always \\0-terminate or check for invalid pointers [MS-banned] (CWE-120).",

       "comment": "non"

   },

   {

       "description": null,

       "comment": "nok"

   },

   {

       "description": "./pcap_sniffer.c:71:  [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings.",

       "comment": "nok"

   },

   {

       "description": "./modules/md/mod_md_os.c:43:\u00a0 [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead.",

       "author": "korigan",

       "comment": "rejected test"

   },

   {

       "description": "./modules/generators/mod_cgid.c:659:\u00a0 [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead.",

       "author": "korigan",

       "comment": "test"

   },

   {

       "description": "./srclib/apr/file_io/netware/filestat.c:136:\u00a0 [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead.",

       "author": "korigan",

       "comment": "dd"

   },

   {

       "description": "./os/unix/unixd.c:265:\u00a0 [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead.",

       "author": "korigan",

       "comment": "ss"

   },

   {

       "description": "./srclib/apr/threadproc/win32/proc.c:297:\u00a0 [5] (misc) SetSecurityDescriptorDacl: Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access), which would even forbid administrator access (CWE-732).",

       "author": "korigan",

       "comment": "ss"

   },

   {

       "description": "./srclib/apr/file_io/unix/filestat.c:179:\u00a0 [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead.",

       "author": "korigan",

       "comment": "ss"

   },

   {

       "description": "./include/http_log.h:459:\u00a0 [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.",

       "author": "korigan",

       "comment": "ss"

   }

]

Récupérée de « https://wiki.hackbbs.org/index.php?title=IntelDatasetRejected:test&oldid=94122 »