Hulp
Deze pagina aan uw boek toevoegen
Boek weergeven (27 pagina's)
Pagina's suggererenSoftwareSecurity2013/Group 9/RATS Outcome
Uit Werkplaats
RATS Output
Entries in perl database: 33
Entries in ruby database: 46
Entries in python database: 62
Entries in c database: 334
Entries in php database: 55
Analyzing ../fluxbb-1.5.3/admin_bans.php
Analyzing ../fluxbb-1.5.3/admin_categories.php
Analyzing ../fluxbb-1.5.3/admin_censoring.php
Analyzing ../fluxbb-1.5.3/admin_forums.php
Analyzing ../fluxbb-1.5.3/admin_groups.php
Analyzing ../fluxbb-1.5.3/admin_index.php
Analyzing ../fluxbb-1.5.3/admin_loader.php
Analyzing ../fluxbb-1.5.3/admin_maintenance.php
Analyzing ../fluxbb-1.5.3/admin_options.php
Analyzing ../fluxbb-1.5.3/admin_permissions.php
Analyzing ../fluxbb-1.5.3/admin_reports.php
Analyzing ../fluxbb-1.5.3/admin_statistics.php
Analyzing ../fluxbb-1.5.3/admin_users.php
Analyzing ../fluxbb-1.5.3/db_update.php
Analyzing ../fluxbb-1.5.3/delete.php
Analyzing ../fluxbb-1.5.3/edit.php
Analyzing ../fluxbb-1.5.3/extern.php
Analyzing ../fluxbb-1.5.3/footer.php
Analyzing ../fluxbb-1.5.3/header.php
Analyzing ../fluxbb-1.5.3/help.php
Analyzing ../fluxbb-1.5.3/include/cache.php
Analyzing ../fluxbb-1.5.3/include/common.php
Analyzing ../fluxbb-1.5.3/include/common_admin.php
Analyzing ../fluxbb-1.5.3/include/dblayer/common_db.php
Analyzing ../fluxbb-1.5.3/include/dblayer/mysql.php
Analyzing ../fluxbb-1.5.3/include/dblayer/mysqli.php
Analyzing ../fluxbb-1.5.3/include/dblayer/mysqli_innodb.php
Analyzing ../fluxbb-1.5.3/include/dblayer/mysql_innodb.php
Analyzing ../fluxbb-1.5.3/include/dblayer/pgsql.php
Analyzing ../fluxbb-1.5.3/include/dblayer/sqlite.php
Analyzing ../fluxbb-1.5.3/include/email.php
Analyzing ../fluxbb-1.5.3/include/functions.php
Analyzing ../fluxbb-1.5.3/include/parser.php
Analyzing ../fluxbb-1.5.3/include/search_idx.php
Analyzing ../fluxbb-1.5.3/include/srand.php
Analyzing ../fluxbb-1.5.3/include/utf8/mbstring/core.php
Analyzing ../fluxbb-1.5.3/include/utf8/native/core.php
Analyzing ../fluxbb-1.5.3/include/utf8/ord.php
Analyzing ../fluxbb-1.5.3/include/utf8/strcasecmp.php
Analyzing ../fluxbb-1.5.3/include/utf8/strcspn.php
Analyzing ../fluxbb-1.5.3/include/utf8/stristr.php
Analyzing ../fluxbb-1.5.3/include/utf8/strrev.php
Analyzing ../fluxbb-1.5.3/include/utf8/strspn.php
Analyzing ../fluxbb-1.5.3/include/utf8/str_ireplace.php
Analyzing ../fluxbb-1.5.3/include/utf8/str_pad.php
Analyzing ../fluxbb-1.5.3/include/utf8/str_split.php
Analyzing ../fluxbb-1.5.3/include/utf8/substr_replace.php
Analyzing ../fluxbb-1.5.3/include/utf8/trim.php
Analyzing ../fluxbb-1.5.3/include/utf8/ucfirst.php
Analyzing ../fluxbb-1.5.3/include/utf8/ucwords.php
Analyzing ../fluxbb-1.5.3/include/utf8/utf8.php
Analyzing ../fluxbb-1.5.3/include/utf8/utils/ascii.php
Analyzing ../fluxbb-1.5.3/include/utf8/utils/bad.php
Analyzing ../fluxbb-1.5.3/include/utf8/utils/patterns.php
Analyzing ../fluxbb-1.5.3/include/utf8/utils/position.php
Analyzing ../fluxbb-1.5.3/include/utf8/utils/specials.php
Analyzing ../fluxbb-1.5.3/include/utf8/utils/unicode.php
Analyzing ../fluxbb-1.5.3/include/utf8/utils/validation.php
Analyzing ../fluxbb-1.5.3/index.php
Analyzing ../fluxbb-1.5.3/install.php
Analyzing ../fluxbb-1.5.3/lang/English/admin_bans.php
Analyzing ../fluxbb-1.5.3/lang/English/admin_categories.php
Analyzing ../fluxbb-1.5.3/lang/English/admin_censoring.php
Analyzing ../fluxbb-1.5.3/lang/English/admin_common.php
Analyzing ../fluxbb-1.5.3/lang/English/admin_forums.php
Analyzing ../fluxbb-1.5.3/lang/English/admin_groups.php
Analyzing ../fluxbb-1.5.3/lang/English/admin_index.php
Analyzing ../fluxbb-1.5.3/lang/English/admin_maintenance.php
Analyzing ../fluxbb-1.5.3/lang/English/admin_options.php
Analyzing ../fluxbb-1.5.3/lang/English/admin_permissions.php
Analyzing ../fluxbb-1.5.3/lang/English/admin_reports.php
Analyzing ../fluxbb-1.5.3/lang/English/admin_users.php
Analyzing ../fluxbb-1.5.3/lang/English/common.php
Analyzing ../fluxbb-1.5.3/lang/English/delete.php
Analyzing ../fluxbb-1.5.3/lang/English/forum.php
Analyzing ../fluxbb-1.5.3/lang/English/help.php
Analyzing ../fluxbb-1.5.3/lang/English/index.php
Analyzing ../fluxbb-1.5.3/lang/English/install.php
Analyzing ../fluxbb-1.5.3/lang/English/login.php
Analyzing ../fluxbb-1.5.3/lang/English/misc.php
Analyzing ../fluxbb-1.5.3/lang/English/post.php
Analyzing ../fluxbb-1.5.3/lang/English/profile.php
Analyzing ../fluxbb-1.5.3/lang/English/prof_reg.php
Analyzing ../fluxbb-1.5.3/lang/English/register.php
Analyzing ../fluxbb-1.5.3/lang/English/search.php
Analyzing ../fluxbb-1.5.3/lang/English/topic.php
Analyzing ../fluxbb-1.5.3/lang/English/update.php
Analyzing ../fluxbb-1.5.3/lang/English/userlist.php
Analyzing ../fluxbb-1.5.3/login.php
Analyzing ../fluxbb-1.5.3/misc.php
Analyzing ../fluxbb-1.5.3/moderate.php
Analyzing ../fluxbb-1.5.3/post.php
Analyzing ../fluxbb-1.5.3/profile.php
Analyzing ../fluxbb-1.5.3/register.php
Analyzing ../fluxbb-1.5.3/search.php
Analyzing ../fluxbb-1.5.3/userlist.php
Analyzing ../fluxbb-1.5.3/viewforum.php
Analyzing ../fluxbb-1.5.3/viewtopic.php
../fluxbb-1.5.3/db_update.php:648: High: fopen
../fluxbb-1.5.3/extern.php:441: High: fopen
../fluxbb-1.5.3/include/cache.php:29: High: fopen
../fluxbb-1.5.3/include/cache.php:57: High: fopen
../fluxbb-1.5.3/include/cache.php:102: High: fopen
../fluxbb-1.5.3/include/cache.php:164: High: fopen
../fluxbb-1.5.3/include/cache.php:200: High: fopen
../fluxbb-1.5.3/include/cache.php:229: High: fopen
../fluxbb-1.5.3/include/functions.php:1991: High: fopen
../fluxbb-1.5.3/include/srand.php:96: High: fopen
../fluxbb-1.5.3/install.php:1700: High: fopen
Argument 1 to this function call should be checked to ensure that it does not
come from an untrusted source without first verifying that it contains nothing
dangerous.
../fluxbb-1.5.3/include/email.php:256: High: mail
Arguments 1, 2, 4 and 5 of this function may be passed to an external
program. (Usually sendmail). Under Windows, they will be passed to a
remote email server. If these values are derived from user input, make
sure they are properly formatted and contain no unexpected characters or
extra data.
../fluxbb-1.5.3/admin_bans.php:12: Medium: non-function call reference: dirname
../fluxbb-1.5.3/admin_categories.php:12: Medium: non-function call reference: dirname
../fluxbb-1.5.3/admin_censoring.php:12: Medium: non-function call reference: dirname
../fluxbb-1.5.3/admin_forums.php:12: Medium: non-function call reference: dirname
../fluxbb-1.5.3/admin_groups.php:12: Medium: non-function call reference: dirname
../fluxbb-1.5.3/admin_index.php:12: Medium: non-function call reference: dirname
../fluxbb-1.5.3/admin_loader.php:12: Medium: non-function call reference: dirname
../fluxbb-1.5.3/admin_maintenance.php:14: Medium: non-function call reference: dirname
../fluxbb-1.5.3/admin_options.php:12: Medium: non-function call reference: dirname
../fluxbb-1.5.3/admin_permissions.php:12: Medium: non-function call reference: dirname
../fluxbb-1.5.3/admin_reports.php:12: Medium: non-function call reference: dirname
../fluxbb-1.5.3/admin_statistics.php:12: Medium: non-function call reference: dirname
../fluxbb-1.5.3/admin_users.php:12: Medium: non-function call reference: dirname
../fluxbb-1.5.3/db_update.php:37: Medium: non-function call reference: dirname
../fluxbb-1.5.3/db_update.php:791: Medium: non-function call reference: dirname
../fluxbb-1.5.3/delete.php:9: Medium: non-function call reference: dirname
../fluxbb-1.5.3/edit.php:9: Medium: non-function call reference: dirname
../fluxbb-1.5.3/extern.php:60: Medium: non-function call reference: dirname
../fluxbb-1.5.3/help.php:12: Medium: non-function call reference: dirname
../fluxbb-1.5.3/include/utf8/utf8.php:33: Medium: non-function call reference: dirname
../fluxbb-1.5.3/index.php:9: Medium: non-function call reference: dirname
../fluxbb-1.5.3/install.php:23: Medium: non-function call reference: dirname
../fluxbb-1.5.3/install.php:135: Medium: non-function call reference: dirname
../fluxbb-1.5.3/login.php:12: Medium: non-function call reference: dirname
../fluxbb-1.5.3/misc.php:12: Medium: non-function call reference: dirname
../fluxbb-1.5.3/moderate.php:9: Medium: non-function call reference: dirname
../fluxbb-1.5.3/post.php:9: Medium: non-function call reference: dirname
../fluxbb-1.5.3/profile.php:9: Medium: non-function call reference: dirname
../fluxbb-1.5.3/register.php:9: Medium: non-function call reference: dirname
../fluxbb-1.5.3/search.php:12: Medium: non-function call reference: dirname
../fluxbb-1.5.3/userlist.php:9: Medium: non-function call reference: dirname
../fluxbb-1.5.3/viewforum.php:9: Medium: non-function call reference: dirname
../fluxbb-1.5.3/viewtopic.php:9: Medium: non-function call reference: dirname
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
../fluxbb-1.5.3/admin_statistics.php:39: Medium: non-function call reference: is_readable
../fluxbb-1.5.3/include/dblayer/sqlite.php:49: Medium: non-function call reference: is_readable
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
../fluxbb-1.5.3/admin_statistics.php:42: Medium: non-function call reference: fopen
../fluxbb-1.5.3/admin_statistics.php:46: Medium: non-function call reference: fopen
../fluxbb-1.5.3/db_update.php:648: Medium: non-function call reference: fopen
../fluxbb-1.5.3/extern.php:441: Medium: non-function call reference: fopen
../fluxbb-1.5.3/include/cache.php:29: Medium: non-function call reference: fopen
../fluxbb-1.5.3/include/cache.php:57: Medium: non-function call reference: fopen
../fluxbb-1.5.3/include/cache.php:102: Medium: non-function call reference: fopen
../fluxbb-1.5.3/include/cache.php:164: Medium: non-function call reference: fopen
../fluxbb-1.5.3/include/cache.php:200: Medium: non-function call reference: fopen
../fluxbb-1.5.3/include/cache.php:229: Medium: non-function call reference: fopen
../fluxbb-1.5.3/include/functions.php:1991: Medium: non-function call reference: fopen
../fluxbb-1.5.3/include/srand.php:85: Medium: non-function call reference: fopen
../fluxbb-1.5.3/include/srand.php:96: Medium: non-function call reference: fopen
../fluxbb-1.5.3/install.php:1700: Medium: non-function call reference: fopen
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
../fluxbb-1.5.3/admin_statistics.php:57: Medium: non-function call reference: exec
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
../fluxbb-1.5.3/admin_statistics.php:39: Medium: is_readable: exec
A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is
the first line where a check has occured.
The following line(s) contain uses that may match up with this check:
42 (fopen), 46 (fopen), 57 (exec)
../fluxbb-1.5.3/include/dblayer/sqlite.php:49: Medium: is_readable: exec
A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is
the first line where a check has occured.
The following line(s) contain uses that may match up with this check:
44 (chmod)
../fluxbb-1.5.3/db_update.php:1860: Medium: non-function call reference: unlink
../fluxbb-1.5.3/include/cache.php:251: Medium: non-function call reference: unlink
../fluxbb-1.5.3/include/functions.php:680: Medium: non-function call reference: unlink
../fluxbb-1.5.3/include/functions.php:760: Medium: non-function call reference: unlink
../fluxbb-1.5.3/include/functions.php:1999: Medium: non-function call reference: unlink
../fluxbb-1.5.3/profile.php:385: Medium: non-function call reference: unlink
../fluxbb-1.5.3/profile.php:392: Medium: non-function call reference: unlink
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
../fluxbb-1.5.3/header.php:53: Medium: non-function call reference: basename
../fluxbb-1.5.3/header.php:56: Medium: non-function call reference: basename
../fluxbb-1.5.3/header.php:64: Medium: non-function call reference: basename
../fluxbb-1.5.3/header.php:169: Medium: non-function call reference: basename
../fluxbb-1.5.3/include/email.php:140: Medium: non-function call reference: basename
../fluxbb-1.5.3/include/functions.php:1210: Medium: non-function call reference: basename
../fluxbb-1.5.3/include/functions.php:1332: Medium: non-function call reference: basename
../fluxbb-1.5.3/include/parser.php:712: Medium: non-function call reference: basename
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
../fluxbb-1.5.3/include/cache.php:185: Medium: non-function call reference: read
../fluxbb-1.5.3/include/cache.php:248: Medium: non-function call reference: read
../fluxbb-1.5.3/include/functions.php:757: Medium: non-function call reference: read
../fluxbb-1.5.3/include/functions.php:1637: Medium: non-function call reference: read
../fluxbb-1.5.3/include/functions.php:1661: Medium: non-function call reference: read
../fluxbb-1.5.3/include/functions.php:1706: Medium: non-function call reference: read
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
../fluxbb-1.5.3/include/cache.php:190: Medium: non-function call reference: is_dir
../fluxbb-1.5.3/include/functions.php:1666: Medium: non-function call reference: is_dir
../fluxbb-1.5.3/include/functions.php:1983: Medium: non-function call reference: is_dir
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
../fluxbb-1.5.3/include/cache.php:191: Medium: non-function call reference: file
../fluxbb-1.5.3/include/functions.php:1414: Medium: non-function call reference: file
../fluxbb-1.5.3/include/functions.php:1475: Medium: non-function call reference: file
../fluxbb-1.5.3/include/functions.php:1477: Medium: non-function call reference: file
../fluxbb-1.5.3/include/functions.php:1688: Medium: non-function call reference: file
../fluxbb-1.5.3/include/functions.php:1690: Medium: non-function call reference: file
../fluxbb-1.5.3/include/functions.php:1691: Medium: non-function call reference: file
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
../fluxbb-1.5.3/include/dblayer/sqlite.php:44: Medium: non-function call reference: chmod
../fluxbb-1.5.3/profile.php:399: Medium: non-function call reference: chmod
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
../fluxbb-1.5.3/include/email.php:256: Medium: non-function call reference: mail
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
../fluxbb-1.5.3/include/email.php:270: Medium: non-function call reference: fgets
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
../fluxbb-1.5.3/include/email.php:305: Medium: fsockopen: fgets
Argument 1 to this function call should be checked to ensure that it does not
come from an untrusted source without first verifying that it contains nothing
dangerous.
../fluxbb-1.5.3/include/email.php:305: Medium: non-function call reference: fsockopen
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
../fluxbb-1.5.3/include/functions.php:838: Medium: non-function call reference: link
../fluxbb-1.5.3/include/functions.php:858: Medium: non-function call reference: link
../fluxbb-1.5.3/include/functions.php:862: Medium: non-function call reference: link
../fluxbb-1.5.3/include/functions.php:874: Medium: non-function call reference: link
../fluxbb-1.5.3/include/functions.php:884: Medium: non-function call reference: link
../fluxbb-1.5.3/include/functions.php:889: Medium: non-function call reference: link
../fluxbb-1.5.3/include/parser.php:662: Medium: non-function call reference: link
../fluxbb-1.5.3/include/parser.php:683: Medium: non-function call reference: link
../fluxbb-1.5.3/include/parser.php:684: Medium: non-function call reference: link
../fluxbb-1.5.3/include/parser.php:686: Medium: non-function call reference: link
../fluxbb-1.5.3/include/parser.php:690: Medium: non-function call reference: link
../fluxbb-1.5.3/include/parser.php:690: Medium: non-function call reference: link
../fluxbb-1.5.3/include/parser.php:693: Medium: non-function call reference: link
../fluxbb-1.5.3/include/parser.php:694: Medium: non-function call reference: link
../fluxbb-1.5.3/include/parser.php:694: Medium: non-function call reference: link
../fluxbb-1.5.3/include/parser.php:697: Medium: non-function call reference: link
../fluxbb-1.5.3/include/parser.php:697: Medium: non-function call reference: link
../fluxbb-1.5.3/include/parser.php:699: Medium: non-function call reference: link
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
../fluxbb-1.5.3/include/functions.php:1983: Medium: is_dir: link
A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is
the first line where a check has occured.
The following line(s) contain uses that may match up with this check:
1991 (fopen), 1999 (unlink)
../fluxbb-1.5.3/profile.php:398: Medium: non-function call reference: rename
A function call is not being made here, but a reference is being made to a name
that is normally a vulnerable function. It could be being assigned as a
pointer to function.
../fluxbb-1.5.3/admin_bans.php:12: Low: dirname: rename
../fluxbb-1.5.3/admin_categories.php:12: Low: dirname: rename
../fluxbb-1.5.3/admin_censoring.php:12: Low: dirname: rename
../fluxbb-1.5.3/admin_forums.php:12: Low: dirname: rename
../fluxbb-1.5.3/admin_groups.php:12: Low: dirname: rename
../fluxbb-1.5.3/admin_index.php:12: Low: dirname: rename
../fluxbb-1.5.3/admin_loader.php:12: Low: dirname: rename
../fluxbb-1.5.3/admin_maintenance.php:14: Low: dirname: rename
../fluxbb-1.5.3/admin_options.php:12: Low: dirname: rename
../fluxbb-1.5.3/admin_permissions.php:12: Low: dirname: rename
../fluxbb-1.5.3/admin_reports.php:12: Low: dirname: rename
../fluxbb-1.5.3/admin_statistics.php:12: Low: dirname: rename
../fluxbb-1.5.3/admin_users.php:12: Low: dirname: rename
../fluxbb-1.5.3/db_update.php:37: Low: dirname: rename
../fluxbb-1.5.3/db_update.php:791: Low: dirname: rename
../fluxbb-1.5.3/delete.php:9: Low: dirname: rename
../fluxbb-1.5.3/edit.php:9: Low: dirname: rename
../fluxbb-1.5.3/extern.php:60: Low: dirname: rename
../fluxbb-1.5.3/help.php:12: Low: dirname: rename
../fluxbb-1.5.3/include/utf8/utf8.php:33: Low: dirname: rename
../fluxbb-1.5.3/index.php:9: Low: dirname: rename
../fluxbb-1.5.3/install.php:23: Low: dirname: rename
../fluxbb-1.5.3/install.php:135: Low: dirname: rename
../fluxbb-1.5.3/login.php:12: Low: dirname: rename
../fluxbb-1.5.3/misc.php:12: Low: dirname: rename
../fluxbb-1.5.3/moderate.php:9: Low: dirname: rename
../fluxbb-1.5.3/post.php:9: Low: dirname: rename
../fluxbb-1.5.3/profile.php:9: Low: dirname: rename
../fluxbb-1.5.3/register.php:9: Low: dirname: rename
../fluxbb-1.5.3/search.php:12: Low: dirname: rename
../fluxbb-1.5.3/userlist.php:9: Low: dirname: rename
../fluxbb-1.5.3/viewforum.php:9: Low: dirname: rename
../fluxbb-1.5.3/viewtopic.php:9: Low: dirname: rename
A potential race condition vulnerability exists here. Normally a call to this
function is vulnerable only when a match check precedes it. No check was
detected, however one could still exist that could not be detected.
../fluxbb-1.5.3/db_update.php:648: Low: fopen: rename
../fluxbb-1.5.3/extern.php:441: Low: fopen: rename
../fluxbb-1.5.3/include/cache.php:29: Low: fopen: rename
../fluxbb-1.5.3/include/cache.php:57: Low: fopen: rename
../fluxbb-1.5.3/include/cache.php:102: Low: fopen: rename
../fluxbb-1.5.3/include/cache.php:164: Low: fopen: rename
../fluxbb-1.5.3/include/cache.php:200: Low: fopen: rename
../fluxbb-1.5.3/include/cache.php:229: Low: fopen: rename
../fluxbb-1.5.3/include/srand.php:85: Low: fopen: rename
../fluxbb-1.5.3/include/srand.php:96: Low: fopen: rename
../fluxbb-1.5.3/install.php:1700: Low: fopen: rename
A potential race condition vulnerability exists here. Normally a call to this
function is vulnerable only when a match check precedes it. No check was
detected, however one could still exist that could not be detected.
../fluxbb-1.5.3/db_update.php:1860: Low: unlink: rename
../fluxbb-1.5.3/include/cache.php:251: Low: unlink: rename
../fluxbb-1.5.3/include/functions.php:680: Low: unlink: rename
../fluxbb-1.5.3/include/functions.php:760: Low: unlink: rename
../fluxbb-1.5.3/profile.php:385: Low: unlink: rename
../fluxbb-1.5.3/profile.php:392: Low: unlink: rename
A potential race condition vulnerability exists here. Normally a call to this
function is vulnerable only when a match check precedes it. No check was
detected, however one could still exist that could not be detected.
../fluxbb-1.5.3/header.php:53: Low: basename: rename
../fluxbb-1.5.3/header.php:56: Low: basename: rename
../fluxbb-1.5.3/header.php:64: Low: basename: rename
../fluxbb-1.5.3/header.php:169: Low: basename: rename
../fluxbb-1.5.3/include/email.php:140: Low: basename: rename
../fluxbb-1.5.3/include/functions.php:1210: Low: basename: rename
../fluxbb-1.5.3/include/functions.php:1332: Low: basename: rename
../fluxbb-1.5.3/include/parser.php:712: Low: basename: rename
A potential race condition vulnerability exists here. Normally a call to this
function is vulnerable only when a match check precedes it. No check was
detected, however one could still exist that could not be detected.
../fluxbb-1.5.3/include/cache.php:190: Low: is_dir: rename
A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is
the first line where a check has occured. No matching uses were detected.
../fluxbb-1.5.3/include/functions.php:1666: Low: is_dir: rename
A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is
the first line where a check has occured. No matching uses were detected.
../fluxbb-1.5.3/include/cache.php:191: Low: file: rename
A potential race condition vulnerability exists here. Normally a call to this
function is vulnerable only when a match check precedes it. No check was
detected, however one could still exist that could not be detected.
../fluxbb-1.5.3/profile.php:398: Low: rename: rename
A potential race condition vulnerability exists here. Normally a call to this
function is vulnerable only when a match check precedes it. No check was
detected, however one could still exist that could not be detected.
../fluxbb-1.5.3/profile.php:399: Low: chmod: rename
A potential race condition vulnerability exists here. Normally a call to this
function is vulnerable only when a match check precedes it. No check was
detected, however one could still exist that could not be detected.
../fluxbb-1.5.3/include/cache.php: 185: read
../fluxbb-1.5.3/include/cache.php: 191: file
../fluxbb-1.5.3/include/cache.php: 248: read
../fluxbb-1.5.3/include/email.php: 270: fgets
../fluxbb-1.5.3/include/functions.php: 757: read
../fluxbb-1.5.3/include/functions.php: 1637: read
../fluxbb-1.5.3/include/functions.php: 1661: read
../fluxbb-1.5.3/include/functions.php: 1706: read
Double check to be sure that all input accepted from an external data source
does not exceed the limits of the variable being used to hold it. Also make
sure that the input cannot be used in such a manner as to alter your program's
behaviour in an undesirable way.
Total lines analyzed: 28942
Total time 0.078000 seconds
371051 lines per second
