IARPA STONESOUP Phase 3 - Test Cases Test suite #102
DownloadDescription
A collection of C and Java test cases based on 16 widely-used open-source software in which vulnerabilities have been seeded. It comes bundled in a virtual machine for ease of use. This product contains or makes use of Intelligence Advanced Research Projects Activity (IARPA) data from the STONESOUP program. Any product, report, publication, presentation, or other document including or referencing the IARPA data herein should include this statement. All documents related to the STONESOUP program can be found at the documents page. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guaranties, expressed or implied, about its quality, reliability, or any other characteristic.
Displaying test cases 7076 - 7100 of 7770 in total
-
This test creates a connection to the PGSQL database, and creates a query string based on data in an environment variable. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Metadata...
-
This test takes in data from an argument, that is intended to contain parameters for an 'find' command. The test does not perform checks on the parameters, however, and it is possible to include other, unexpected commands as part of the find parameter set. Metadata -Base program: Apache Jena - S...
-
This test takes in data from an argument, that is intended to contain parameters for an 'ls' command. The test does not perform checks for special characters, however, and it is possible to include other, unexpected commands as part of the ls parameter set. Metadata -Base program: Apache Lucene...
-
This test creates a connection to the MySQL database, and creates a query string based on data in an array passed by arguments. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Met...
-
Using Hibernate to execute a dynamic SQL statement with built-in user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. Metadata - Base program: Apache Lucene - Source Taint: ENVIRONMENT_VARIABLE - Data Type: VOID_POINTER - Data F...
-
This test takes in data from an argument, that is intended to contain parameters for an 'ls' command. The test does not perform checks for special characters, however, and it is possible to include other, unexpected commands as part of the ls parameter set. Metadata - Base program: Apache Len...
-
This test takes in data from an argument, that is intended to contain parameters for an 'find' command. The test does not perform checks on the parameters, however, and it is possible to include other, unexpected commands as part of the find parameter set. Metadata - Base program: Coffee MUD ...
-
This test creates a connection to the MySQL database, and creates a query string based on data in an array passed by arguments. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Met...
-
This test creates a connection to the PGSQL database, and creates a query string based on data in an environment variable. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Metadata...
-
This test creates a connection to the MySQL database, and creates a query string based on data in an array passed by arguments. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Met...
-
This test takes in data from an argument, that is intended to contain parameters for an 'ls' command. The test does not perform checks for special characters, however, and it is possible to include other, unexpected commands as part of the ls parameter set. Metadata -Base program: Apache Lucene...
-
This test creates a connection to the PGSQL database, and creates a query string based on data in an environment variable. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Metadata...
-
This test creates a connection to the MySQL database, and creates a query string based on data in an array passed by arguments. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Met...
-
This test creates a connection to the PGSQL database, and creates a query string based on data in an environment variable. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Metadata...
-
This test creates a connection to the MySQL database, and creates a query string based on data in an array passed by arguments. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Met...
-
This test creates a connection to the MySQL database, and creates a query string based on data in an array passed by arguments. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Met...
-
This test creates a connection to the MySQL database, and creates a query string based on data in an array passed by arguments. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Met...
-
This test creates a connection to the PGSQL database, and creates a query string based on data in an environment variable. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Metadata...
-
Using Hibernate to execute a dynamic SQL statement with built-in user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. Metadata - Base program: Apache POI - Source Taint: FILE_CONTENTS - Data Type: VOID_POINTER - Data Flow: INDEX...
-
This test takes in data from an argument, that is intended to contain parameters for an 'find' command. The test does not perform checks on the parameters, however, and it is possible to include other, unexpected commands as part of the find parameter set. Metadata -Base program: Apache POI - So...
-
This test creates a connection to the PGSQL database, and creates a query string based on data in an environment variable. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Metadata...
-
This test takes in data from an argument, that is intended to contain parameters for an 'find' command. The test does not perform checks on the parameters, however, and it is possible to include other, unexpected commands as part of the find parameter set. Metadata - Base program: JTree - So...
-
Using Hibernate to execute a dynamic SQL statement with built-in user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands. Metadata -Base program: Coffee MUD - Source Taint: FILE_CONTENTS - Data Type: simple - Data Flow: var_arg_list - Co...
-
This test creates a connection to the PGSQL database, and creates a query string based on data in an environment variable. This data is not checked for special elements, however, and it is possible to construct a query string that performs unexpected data retrievals or modifications. Metadata...
-
This test takes in data from an argument, that is intended to contain parameters for an 'ls' command. The test does not perform checks for special characters, however, and it is possible to include other, unexpected commands as part of the ls parameter set. Metadata -Base program: Apache POI - ...