The credentials for connecting to the database are hard-wired into the sourcecode.

Two file operations are performed on a filename, allowing a filename race condition to occur.

Tainted input allows arbitrary files to be read and written. (fixed version)

Tainted input allows arbitrary files to be read and written.

Omitting a break statement so that one may fall through is often indistinguishable from an error, and therefore should not be used. (from TCCLASP-5_6_15_10)

Not using a a random initialization vector with Cipher Block Chaining (CBC) Mode causes algorithms to be susceptible to dictionary attacks. (from TCCLASP-5_5_22_10-J)