├── .github
└── workflows
│ ├── codeql-analysis.yml
│ └── semgrep.yml
├── .gitignore
├── README.md
├── c#
└── code
│ ├── asp-net-request-validation-disabled.cs
│ ├── coSetProxyBlanket-CoInitializeSecurity.cs
│ ├── code-execution.cs
│ ├── conflicting-annotations.cs
│ ├── console-logging.cs
│ ├── deserialization-types-binary.cs
│ ├── deserialization-types-javascript.cs
│ ├── deserialization-types-losformatter.cs
│ ├── deserialization.cs
│ ├── insecure-temp-file.cs
│ ├── io-path-injection.cs
│ ├── ldap-injection.cs
│ ├── ldap-not-authenticated.cs
│ ├── logging-injection.cs
│ ├── open-redirect.cs
│ ├── os-command-injection.cs
│ ├── regex-dos.cs
│ ├── response-header-injection.cs
│ ├── serialization-constructors-unsecured.cs
│ ├── sqli.cs
│ ├── ssrf.cs
│ ├── weak-crypto
│ ├── aes-managed.cs
│ ├── aes-unsecured.cs
│ ├── aesfastengine.cs
│ ├── des.cs
│ ├── predictable-hash-salt.cs
│ ├── predictable-ivs.cs
│ ├── rsacryptoserviceprovider.cs
│ ├── sha1-message-disgest.cs
│ ├── system-security-cryptography.cs
│ ├── tls-not-verified.cs
│ ├── weak-keys.cs
│ ├── weak-ssl-protocol-httpclient.cs
│ └── weak-ssl-protocol.cs
│ ├── weak-db-password
│ ├── usesqlserver.cs
│ └── web.config
│ ├── weak-jwt.cs
│ ├── xpath-injection.cs
│ ├── xss.cs
│ └── xxe
│ ├── system-xml-xmldocument.cs
│ ├── system-xml-xmlreader.cs
│ ├── system-xml-xmltextreader.cs
│ └── system-xml-xpath-xpathdocument.cs
├── c++
└── code
│ ├── bof-posix-arguments.c
│ ├── bof-scanf.c
│ ├── file-access-toctou.c
│ ├── insecure-functions.c
│ ├── memset-used-to-delete-sensitive-data.c
│ ├── memset-used-to-delete-sensitive-data0.c
│ ├── pam-unverified.c
│ ├── pam-unverified2.c
│ ├── weak-crypto
│ ├── botan-unsecure.c
│ ├── botan.c
│ ├── crypto++-unsecure.c
│ ├── crypto++.c
│ ├── keys-botan.c
│ ├── keys-crypto++.c
│ ├── keys-openssl.c
│ ├── openssl-unsecure.c
│ ├── openssl.c
│ ├── ssl-protocols-botan.c
│ ├── ssl-protocols-libcurl.c
│ ├── ssl-protocols-libcurl2.c
│ ├── ssl-protocols-openssl.c
│ ├── ssl-unverified-cert-botan.c
│ ├── ssl-unverified-cert-libcurl.c
│ ├── ssl-unverified-cert-openssl.c
│ ├── ssl-unverified-cert-openssl2.c
│ ├── ssl-unverified-hostname-botan.c
│ ├── ssl-unverified-hostname-libcurl.c
│ └── ssl-unverified-hostname-openssl.c
│ ├── xxe-libxml2.c
│ ├── xxe-sax2xml.c
│ ├── xxe-saxparser.c
│ └── xxe-xercesdomparser.c
├── c
└── code
│ ├── bof-posix-arguments.c
│ ├── bof-scanf.c
│ ├── file-access-toctou.c
│ ├── insecure-functions.c
│ ├── memset-used-to-delete-sensitive-data.c
│ ├── pam-unverified.c
│ ├── pam-unverified2.c
│ ├── weak-crypto
│ ├── botan-unsecure.c
│ ├── botan.c
│ ├── crypto++-unsecure.c
│ ├── crypto++.c
│ ├── keys-botan.c
│ ├── keys-crypto++.c
│ ├── keys-openssl.c
│ ├── openssl-unsecure.c
│ ├── openssl.c
│ ├── ssl-protocols-botan.c
│ ├── ssl-protocols-libcurl.c
│ ├── ssl-protocols-libcurl2.c
│ ├── ssl-protocols-openssl.c
│ ├── ssl-unverified-cert-botan.c
│ ├── ssl-unverified-cert-libcurl.c
│ ├── ssl-unverified-cert-openssl.c
│ ├── ssl-unverified-cert-openssl2.c
│ ├── ssl-unverified-hostname-botan.c
│ ├── ssl-unverified-hostname-libcurl.c
│ └── ssl-unverified-hostname-openssl.c
│ ├── xxe-libxml2.c
│ ├── xxe-sax2xml.c
│ ├── xxe-saxparser.c
│ └── xxe-xercesdomparser.c
├── docker
└── Dockerfile
├── go
├── code
│ ├── hardcoded-credentials.go
│ ├── hardcoded-ip.go
│ └── os-command
│ │ ├── exec-cmd.go
│ │ ├── exec-command.go
│ │ ├── stdin-pipe.go
│ │ └── syscall-exec.go
└── libraries
│ ├── go.mod
│ └── go.sum
├── html
└── code
│ ├── comments.html
│ ├── disable-resource-integrity.html
│ └── links-with-target-blank.html
├── java
├── code
│ ├── auth-weak-decisions-permission-evaluator.java
│ ├── auth-weak-decisions.java
│ ├── basic-auth.java
│ ├── code-injection.java
│ ├── defined-filters.java
│ ├── deserialization-active-mq-connection-factory.java
│ ├── deserialization.java
│ ├── dos-regex.java
│ ├── dynamic-class-load.java
│ ├── ejb-interceptors.java
│ ├── get-requested-session-id.java
│ ├── httpsecurity-url-patterns-not-correctly-ordered.java
│ ├── insecure-file-creation.java
│ ├── io-path-injection.java
│ ├── jsp
│ │ └── xss
│ │ │ ├── page-variable-dangerous-location
│ │ │ ├── unquoted-variable-in-html-attribute.java
│ │ │ ├── variable-in-href-attribute.java
│ │ │ └── variable-in-script-block.java
│ │ │ ├── page-variable-not-escaped
│ │ │ ├── escapexml.java
│ │ │ └── variable-without-tag.java
│ │ │ └── server
│ │ │ ├── outputstream.java
│ │ │ └── printwritter.java
│ ├── ldap-injection.java
│ ├── ldap-unauthenticated.java
│ ├── logging-injection.java
│ ├── open-redirect.java
│ ├── opensqml2-auth-bypass.java
│ ├── opensqml2-auth-bypass2.java
│ ├── os-command-injection.java
│ ├── persistent-entities-arguments.java
│ ├── response-headers-injection.java
│ ├── servlet-exceptions.java
│ ├── session-reusing.java
│ ├── spring-members-injection.java
│ ├── sqli.java
│ ├── ssrf.java
│ ├── struts-validation.java
│ ├── weak-crypto
│ │ ├── cipher-algorithms.java
│ │ ├── ivs-predictable.java
│ │ ├── jwt-auth0.java
│ │ ├── jwt-jwtk.java
│ │ ├── keys.java
│ │ ├── plain-text-password-storage.java
│ │ ├── predictable-salts.java
│ │ ├── predictable-seeds.java
│ │ ├── secure-padding.java
│ │ ├── ssl-protocols-okhttp.java
│ │ ├── ssl-protocols.java
│ │ ├── ssl-unverified-cert.java
│ │ ├── ssl-unverified-hostnames-javamail.java
│ │ ├── ssl-unverified-hostnames-simpleemail.java
│ │ └── ssl-unverified-hostnames.java
│ ├── weak-database-password.java
│ ├── xpath-injection.java
│ ├── xss.java
│ ├── xxe-dom4j.java
│ ├── xxe-japx.java
│ ├── xxe-jdom2.java
│ └── zip-slip.java
└── libraries
│ └── maven
│ ├── pom.xml
│ └── target
│ ├── dependency-check-report.html
│ ├── maven-archiver
│ └── pom.properties
│ └── test-1.0.jar
├── javascript
├── code
│ ├── alert.js
│ ├── code-exectuion3.js
│ ├── code-execution-mongo.js
│ ├── code-execution.js
│ ├── code-execution2.js
│ ├── debuger-statements.js
│ ├── dom-open-redirect.js
│ ├── dom-xss.js
│ ├── dos-regex-safe-regex.js
│ ├── dos-regex.js
│ ├── io-path-injection.js
│ ├── local-storage.js
│ ├── no-sql-injection.js
│ ├── open-redirect.js
│ ├── os-command-injection.js
│ ├── os-command-injection2.js
│ ├── reflected-xss.js
│ ├── reflected-xss2.js
│ ├── session-reuse-passport.js
│ ├── sql-injection.js
│ ├── sql-injection2.js
│ ├── ssrf.js
│ ├── unrestricted-file-upload-formidable.js
│ ├── unrestricted-file-upload-multer.js
│ ├── unverified-origin-receiving.js
│ ├── unverified-origin-sending.js
│ ├── weak-crypto
│ │ ├── cipher-algorithms.js
│ │ ├── jwt.js
│ │ ├── keys.js
│ │ ├── secure-padding.js
│ │ ├── ssl-protocols-https.js
│ │ ├── ssl-protocols-request.js
│ │ ├── ssl-protocols-tls.js
│ │ ├── ssl-protocols.js
│ │ ├── ssl-unverified-cert-https.js
│ │ ├── ssl-unverified-cert-request.js
│ │ ├── ssl-unverified-cert-tls.js
│ │ ├── ssl-unverified-hostnames-https.js
│ │ ├── ssl-unverified-hostnames-request.js
│ │ └── ssl-unverified-hostnames-tls.js
│ ├── web-sql-database.js
│ ├── xxe-libxmljs.js
│ └── zip-slip.js
└── libraries
│ └── jquery.min.js
├── kubernetes
└── CapSysAdmin.yaml
├── nodejs
├── code
│ ├── host_header_injection.js
│ └── rce.js
└── libraries
│ ├── npm
│ ├── package-lock.json
│ └── package.json
│ └── yarn
│ ├── package.json
│ └── yarn.lock
├── php
├── code
│ ├── arbitrary-include.php
│ ├── code-execution.php
│ ├── deserialization.php
│ ├── dos-regex.php
│ ├── io-path-injection.php
│ ├── laravel
│ │ └── auth-weak-decision.php
│ ├── ldap-injection.php
│ ├── ldap-unauthenticated.php
│ ├── logging-injection.php
│ ├── open-redirect.php
│ ├── os-command-injection.php
│ ├── php-ini
│ │ ├── allow-url-fopen
│ │ │ └── php.ini
│ │ ├── cgi-force-redirect
│ │ │ └── php.ini
│ │ ├── enable-dl
│ │ │ └── php.ini
│ │ ├── file-uploads
│ │ │ └── php.ini
│ │ ├── open-basedir
│ │ │ └── php.ini
│ │ └── session-use-trans-sid
│ │ │ └── php.ini
│ ├── rce.php
│ ├── response-headers-injection.php
│ ├── session-reuse.php
│ ├── sleep.php
│ ├── sql-injection.php
│ ├── sql-injection2.php
│ ├── ssrf.php
│ ├── symfony
│ │ ├── auth-weak-decision-voter.php
│ │ └── auth-weak-decision-voterinterface.php
│ ├── weak-crypto
│ │ ├── cipher-alhorithms.php
│ │ ├── des.php
│ │ ├── hash-algorithms.php
│ │ ├── insecure-padding.php
│ │ ├── keys.php
│ │ ├── predictable-salt.php
│ │ ├── rsa-without-oaep.php
│ │ ├── ssl-protocols.php
│ │ ├── ssl-unverified-certs.php
│ │ └── ssl-unverified-hostnames.php
│ ├── weak-database-password.php
│ ├── xpath-injection.php
│ ├── xss.php
│ ├── xxe-domdocument.php
│ ├── xxe-simplexml.php
│ └── xxe-xmlreader.php
└── libraries
│ └── composer
│ ├── composer.json
│ └── composer.lock
├── python
├── code
│ ├── code-execution.py
│ ├── deserialization.py
│ ├── django
│ │ ├── open-redirect.py
│ │ ├── response-headers-injection.py
│ │ ├── sql-injection.py
│ │ ├── weak-database-password
│ │ │ └── settings.py
│ │ └── xss
│ │ │ ├── server
│ │ │ ├── html-safe.py
│ │ │ ├── html.py
│ │ │ ├── is-safe-true.py
│ │ │ ├── mark-safe.py
│ │ │ └── safe-string.py
│ │ │ ├── template-bypass
│ │ │ ├── autoescape-false.py
│ │ │ ├── globally-disabling-autoescape.py
│ │ │ └── http-response.py
│ │ │ ├── templates-unescaped-variables
│ │ │ ├── autoescape-off.py
│ │ │ ├── safe.py
│ │ │ └── safeseq.py
│ │ │ └── templates-variable-dangerous-location
│ │ │ ├── href.py
│ │ │ ├── html.py
│ │ │ └── script.py
│ ├── dos-regex.py
│ ├── flask
│ │ ├── open-redirect.py
│ │ ├── response-headers-injection.py
│ │ ├── sql-injection.py
│ │ ├── weak-database-password.py
│ │ └── xss
│ │ │ ├── server
│ │ │ ├── markup.py
│ │ │ ├── render-template-string.py
│ │ │ └── render-template.py
│ │ │ ├── template-bypass
│ │ │ ├── autoescape-false.py
│ │ │ ├── jinja2-directly.py
│ │ │ ├── returning-directly-from-rute.py
│ │ │ └── safe.py
│ │ │ └── templates-variable-dangerous-location
│ │ │ ├── href.py
│ │ │ ├── script.py
│ │ │ └── unquoted-html-attribute.py
│ ├── html-autoescape-disabled.py
│ ├── insecure-temp.py
│ ├── io-path-injection.py
│ ├── ldap-injection.py
│ ├── ldap-unauthenticated.py
│ ├── logging-injection.py
│ ├── mysql-connector
│ │ └── weak-database-password.py
│ ├── os-command-injection-os.py
│ ├── os-command-injection-subprocess.py
│ ├── rce.py
│ ├── sqli.py
│ ├── ssrf.py
│ ├── weak-crypto
│ │ ├── crypt
│ │ │ └── predictable-salt.py
│ │ ├── cryptography
│ │ │ └── ivs-predictable.py
│ │ ├── hashlib
│ │ │ └── predictable-salt.py
│ │ ├── jwt-unverified-jwt.py
│ │ ├── jwt-unverified-pyjwt.py
│ │ ├── keys.py
│ │ ├── pyca
│ │ │ ├── cipher-algorithms.py
│ │ │ └── insecure-padding.py
│ │ ├── pycrypto
│ │ │ ├── cipher-algorithms.py
│ │ │ └── insecure-padding.py
│ │ ├── pycryptodome
│ │ │ ├── cipher-algorithms.py
│ │ │ └── ivs-predictable.py
│ │ ├── pycryptodomex
│ │ │ ├── cipher-algorithms.py
│ │ │ └── insecure-padding.py
│ │ ├── pydes
│ │ │ ├── cipher-algorithms.py
│ │ │ └── insecure-padding.py
│ │ ├── ssl-protocols-openssl.py
│ │ ├── ssl-protocols-ssl.py
│ │ ├── ssl-unverified-cert-psf-requests.py
│ │ ├── ssl-unverified-cert-pyopenssl.py
│ │ ├── ssl-unverified-cert-ssl.py
│ │ └── ssl-unverified-hostname.py
│ ├── xpath-injection.py
│ ├── xss-template.py
│ ├── xxe-lxml-parsing.py
│ ├── xxe-lxml-transforming.py
│ └── xxe-xmlsax.py
└── libraries
│ └── pip
│ └── requirements.txt
├── ruby
└── code
│ └── rails
│ └── xss
│ ├── server
│ ├── content-tag.rb
│ ├── escape-html-entities-json.rb
│ ├── html-safe.rb
│ └── raw.rb
│ ├── template-bypass
│ ├── erb.rb
│ ├── render-inline.rb
│ └── render-text.rb
│ ├── templates-unescaped-variables
│ ├── content-tag.rb
│ ├── html-safe-alias.rb
│ ├── html-safe.rb
│ └── raw.rb
│ └── templates-variable-dangerous-location
│ ├── href.rb
│ ├── link-to.rb
│ ├── script.rb
│ └── unquoted.rb
├── secrets
├── false-positives
│ └── basicauth.txt
├── google.txt
└── rsa
├── swift
└── code
│ └── weak-crypto
│ ├── CommonCrypto
│ └── cipher-algorithms.swift
│ ├── CryptoSwift
│ └── cipher-algorithms.swift
│ ├── IDZSwiftCommonCrypto
│ └── cipher-algorithms.swift
│ ├── des.swift
│ └── hash-algorithms.swift
├── typescript
└── code
│ ├── code-execution-mongo.ts
│ ├── code-execution.ts
│ ├── code-execution2.ts
│ ├── code-execution3.ts
│ ├── debugger-statements.ts
│ ├── dom-open-redirect.ts
│ ├── dom-xss.ts
│ ├── dos-regex.ts
│ ├── execa
│ └── os-command-injection.ts
│ ├── formidable
│ └── unrestricted-file-upload.ts
│ ├── io-path-injection.ts
│ ├── jsonwebtoken
│ └── jwt-unverified.ts
│ ├── libxmljs
│ └── xxe.js
│ ├── multer
│ └── unrestricted-file-upload.ts
│ ├── no-sql-injection.ts
│ ├── open-redirect.ts
│ ├── os-command-injection.ts
│ ├── rce.ts
│ ├── request
│ └── ssrf.ts
│ ├── safe-regex
│ └── dos-regex.ts
│ ├── sql-injection.ts
│ ├── sql-injection2.ts
│ ├── unverified-origin-receiving.ts
│ ├── unverified-origin-sending.ts
│ ├── weak-crypto
│ ├── crypto
│ │ ├── cipher-algorithms.ts
│ │ ├── insecure-padding.ts
│ │ └── keys.ts
│ ├── https
│ │ ├── ssl-protocols.ts
│ │ ├── ssl-unverified-cert.ts
│ │ └── ssl-unverified-hostnames.ts
│ ├── passport.js
│ │ └── session-reuse.ts
│ ├── request
│ │ ├── ssl-protocols.ts
│ │ ├── ssl-unverified-cert.ts
│ │ └── ssl-unverified-hostnames.ts
│ ├── ssl-protocols.ts
│ └── tls
│ │ ├── ssl-protocols.ts
│ │ ├── ssl-unverified-cert.ts
│ │ └── ssl-unverified-hostnames.ts
│ ├── web-sql-databases.ts
│ ├── xss.ts
│ └── zip-slip.ts
├── web
├── backups
│ ├── .DS_Store
│ ├── index.php
│ └── index.php.saved
├── cors
│ └── wildcard.php
├── directory_listing
│ └── secret.txt
├── exposed_git
│ ├── .svn
│ │ └── entries
│ └── index.html
├── index.html
├── libraries
│ └── outdated
│ │ └── jquery.html
├── robots.txt
└── tabnabbing
│ └── index.html
└── xml
├── basic-auth.xml
├── unrestricted-access.xml
└── unrestricted-access2.xml
/.github/workflows/codeql-analysis.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/.github/workflows/codeql-analysis.yml
--------------------------------------------------------------------------------
/.github/workflows/semgrep.yml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/.github/workflows/semgrep.yml
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | .DS_Store
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/README.md
--------------------------------------------------------------------------------
/c#/code/asp-net-request-validation-disabled.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/asp-net-request-validation-disabled.cs
--------------------------------------------------------------------------------
/c#/code/coSetProxyBlanket-CoInitializeSecurity.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/coSetProxyBlanket-CoInitializeSecurity.cs
--------------------------------------------------------------------------------
/c#/code/code-execution.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/code-execution.cs
--------------------------------------------------------------------------------
/c#/code/conflicting-annotations.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/conflicting-annotations.cs
--------------------------------------------------------------------------------
/c#/code/console-logging.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/console-logging.cs
--------------------------------------------------------------------------------
/c#/code/deserialization-types-binary.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/deserialization-types-binary.cs
--------------------------------------------------------------------------------
/c#/code/deserialization-types-javascript.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/deserialization-types-javascript.cs
--------------------------------------------------------------------------------
/c#/code/deserialization-types-losformatter.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/deserialization-types-losformatter.cs
--------------------------------------------------------------------------------
/c#/code/deserialization.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/deserialization.cs
--------------------------------------------------------------------------------
/c#/code/insecure-temp-file.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/insecure-temp-file.cs
--------------------------------------------------------------------------------
/c#/code/io-path-injection.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/io-path-injection.cs
--------------------------------------------------------------------------------
/c#/code/ldap-injection.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/ldap-injection.cs
--------------------------------------------------------------------------------
/c#/code/ldap-not-authenticated.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/ldap-not-authenticated.cs
--------------------------------------------------------------------------------
/c#/code/logging-injection.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/logging-injection.cs
--------------------------------------------------------------------------------
/c#/code/open-redirect.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/open-redirect.cs
--------------------------------------------------------------------------------
/c#/code/os-command-injection.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/os-command-injection.cs
--------------------------------------------------------------------------------
/c#/code/regex-dos.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/regex-dos.cs
--------------------------------------------------------------------------------
/c#/code/response-header-injection.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/response-header-injection.cs
--------------------------------------------------------------------------------
/c#/code/serialization-constructors-unsecured.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/serialization-constructors-unsecured.cs
--------------------------------------------------------------------------------
/c#/code/sqli.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/sqli.cs
--------------------------------------------------------------------------------
/c#/code/ssrf.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/ssrf.cs
--------------------------------------------------------------------------------
/c#/code/weak-crypto/aes-managed.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/weak-crypto/aes-managed.cs
--------------------------------------------------------------------------------
/c#/code/weak-crypto/aes-unsecured.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/weak-crypto/aes-unsecured.cs
--------------------------------------------------------------------------------
/c#/code/weak-crypto/aesfastengine.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/weak-crypto/aesfastengine.cs
--------------------------------------------------------------------------------
/c#/code/weak-crypto/des.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/weak-crypto/des.cs
--------------------------------------------------------------------------------
/c#/code/weak-crypto/predictable-hash-salt.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/weak-crypto/predictable-hash-salt.cs
--------------------------------------------------------------------------------
/c#/code/weak-crypto/predictable-ivs.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/weak-crypto/predictable-ivs.cs
--------------------------------------------------------------------------------
/c#/code/weak-crypto/rsacryptoserviceprovider.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/weak-crypto/rsacryptoserviceprovider.cs
--------------------------------------------------------------------------------
/c#/code/weak-crypto/sha1-message-disgest.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/weak-crypto/sha1-message-disgest.cs
--------------------------------------------------------------------------------
/c#/code/weak-crypto/system-security-cryptography.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/weak-crypto/system-security-cryptography.cs
--------------------------------------------------------------------------------
/c#/code/weak-crypto/tls-not-verified.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/weak-crypto/tls-not-verified.cs
--------------------------------------------------------------------------------
/c#/code/weak-crypto/weak-keys.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/weak-crypto/weak-keys.cs
--------------------------------------------------------------------------------
/c#/code/weak-crypto/weak-ssl-protocol-httpclient.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/weak-crypto/weak-ssl-protocol-httpclient.cs
--------------------------------------------------------------------------------
/c#/code/weak-crypto/weak-ssl-protocol.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/weak-crypto/weak-ssl-protocol.cs
--------------------------------------------------------------------------------
/c#/code/weak-db-password/usesqlserver.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/weak-db-password/usesqlserver.cs
--------------------------------------------------------------------------------
/c#/code/weak-db-password/web.config:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/weak-db-password/web.config
--------------------------------------------------------------------------------
/c#/code/weak-jwt.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/weak-jwt.cs
--------------------------------------------------------------------------------
/c#/code/xpath-injection.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/xpath-injection.cs
--------------------------------------------------------------------------------
/c#/code/xss.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/xss.cs
--------------------------------------------------------------------------------
/c#/code/xxe/system-xml-xmldocument.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/xxe/system-xml-xmldocument.cs
--------------------------------------------------------------------------------
/c#/code/xxe/system-xml-xmlreader.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/xxe/system-xml-xmlreader.cs
--------------------------------------------------------------------------------
/c#/code/xxe/system-xml-xmltextreader.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/xxe/system-xml-xmltextreader.cs
--------------------------------------------------------------------------------
/c#/code/xxe/system-xml-xpath-xpathdocument.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c#/code/xxe/system-xml-xpath-xpathdocument.cs
--------------------------------------------------------------------------------
/c++/code/bof-posix-arguments.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/bof-posix-arguments.c
--------------------------------------------------------------------------------
/c++/code/bof-scanf.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/bof-scanf.c
--------------------------------------------------------------------------------
/c++/code/file-access-toctou.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/file-access-toctou.c
--------------------------------------------------------------------------------
/c++/code/insecure-functions.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/insecure-functions.c
--------------------------------------------------------------------------------
/c++/code/memset-used-to-delete-sensitive-data.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/memset-used-to-delete-sensitive-data.c
--------------------------------------------------------------------------------
/c++/code/memset-used-to-delete-sensitive-data0.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/memset-used-to-delete-sensitive-data0.c
--------------------------------------------------------------------------------
/c++/code/pam-unverified.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/pam-unverified.c
--------------------------------------------------------------------------------
/c++/code/pam-unverified2.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/pam-unverified2.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/botan-unsecure.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/botan-unsecure.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/botan.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/botan.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/crypto++-unsecure.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/crypto++-unsecure.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/crypto++.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/crypto++.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/keys-botan.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/keys-botan.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/keys-crypto++.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/keys-crypto++.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/keys-openssl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/keys-openssl.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/openssl-unsecure.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/openssl-unsecure.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/openssl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/openssl.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/ssl-protocols-botan.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/ssl-protocols-botan.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/ssl-protocols-libcurl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/ssl-protocols-libcurl.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/ssl-protocols-libcurl2.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/ssl-protocols-libcurl2.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/ssl-protocols-openssl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/ssl-protocols-openssl.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/ssl-unverified-cert-botan.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/ssl-unverified-cert-botan.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/ssl-unverified-cert-libcurl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/ssl-unverified-cert-libcurl.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/ssl-unverified-cert-openssl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/ssl-unverified-cert-openssl.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/ssl-unverified-cert-openssl2.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/ssl-unverified-cert-openssl2.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/ssl-unverified-hostname-botan.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/ssl-unverified-hostname-botan.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/ssl-unverified-hostname-libcurl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/ssl-unverified-hostname-libcurl.c
--------------------------------------------------------------------------------
/c++/code/weak-crypto/ssl-unverified-hostname-openssl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/weak-crypto/ssl-unverified-hostname-openssl.c
--------------------------------------------------------------------------------
/c++/code/xxe-libxml2.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/xxe-libxml2.c
--------------------------------------------------------------------------------
/c++/code/xxe-sax2xml.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/xxe-sax2xml.c
--------------------------------------------------------------------------------
/c++/code/xxe-saxparser.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/xxe-saxparser.c
--------------------------------------------------------------------------------
/c++/code/xxe-xercesdomparser.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c++/code/xxe-xercesdomparser.c
--------------------------------------------------------------------------------
/c/code/bof-posix-arguments.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/bof-posix-arguments.c
--------------------------------------------------------------------------------
/c/code/bof-scanf.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/bof-scanf.c
--------------------------------------------------------------------------------
/c/code/file-access-toctou.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/file-access-toctou.c
--------------------------------------------------------------------------------
/c/code/insecure-functions.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/insecure-functions.c
--------------------------------------------------------------------------------
/c/code/memset-used-to-delete-sensitive-data.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/memset-used-to-delete-sensitive-data.c
--------------------------------------------------------------------------------
/c/code/pam-unverified.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/pam-unverified.c
--------------------------------------------------------------------------------
/c/code/pam-unverified2.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/pam-unverified2.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/botan-unsecure.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/botan-unsecure.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/botan.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/botan.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/crypto++-unsecure.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/crypto++-unsecure.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/crypto++.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/crypto++.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/keys-botan.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/keys-botan.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/keys-crypto++.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/keys-crypto++.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/keys-openssl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/keys-openssl.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/openssl-unsecure.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/openssl-unsecure.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/openssl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/openssl.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/ssl-protocols-botan.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/ssl-protocols-botan.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/ssl-protocols-libcurl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/ssl-protocols-libcurl.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/ssl-protocols-libcurl2.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/ssl-protocols-libcurl2.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/ssl-protocols-openssl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/ssl-protocols-openssl.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/ssl-unverified-cert-botan.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/ssl-unverified-cert-botan.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/ssl-unverified-cert-libcurl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/ssl-unverified-cert-libcurl.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/ssl-unverified-cert-openssl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/ssl-unverified-cert-openssl.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/ssl-unverified-cert-openssl2.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/ssl-unverified-cert-openssl2.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/ssl-unverified-hostname-botan.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/ssl-unverified-hostname-botan.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/ssl-unverified-hostname-libcurl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/ssl-unverified-hostname-libcurl.c
--------------------------------------------------------------------------------
/c/code/weak-crypto/ssl-unverified-hostname-openssl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/weak-crypto/ssl-unverified-hostname-openssl.c
--------------------------------------------------------------------------------
/c/code/xxe-libxml2.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/xxe-libxml2.c
--------------------------------------------------------------------------------
/c/code/xxe-sax2xml.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/xxe-sax2xml.c
--------------------------------------------------------------------------------
/c/code/xxe-saxparser.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/xxe-saxparser.c
--------------------------------------------------------------------------------
/c/code/xxe-xercesdomparser.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/c/code/xxe-xercesdomparser.c
--------------------------------------------------------------------------------
/docker/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM php:5.6.14-cli
2 |
--------------------------------------------------------------------------------
/go/code/hardcoded-credentials.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/go/code/hardcoded-credentials.go
--------------------------------------------------------------------------------
/go/code/hardcoded-ip.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/go/code/hardcoded-ip.go
--------------------------------------------------------------------------------
/go/code/os-command/exec-cmd.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/go/code/os-command/exec-cmd.go
--------------------------------------------------------------------------------
/go/code/os-command/exec-command.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/go/code/os-command/exec-command.go
--------------------------------------------------------------------------------
/go/code/os-command/stdin-pipe.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/go/code/os-command/stdin-pipe.go
--------------------------------------------------------------------------------
/go/code/os-command/syscall-exec.go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/go/code/os-command/syscall-exec.go
--------------------------------------------------------------------------------
/go/libraries/go.mod:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/go/libraries/go.mod
--------------------------------------------------------------------------------
/go/libraries/go.sum:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/go/libraries/go.sum
--------------------------------------------------------------------------------
/html/code/comments.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/html/code/comments.html
--------------------------------------------------------------------------------
/html/code/disable-resource-integrity.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/html/code/disable-resource-integrity.html
--------------------------------------------------------------------------------
/html/code/links-with-target-blank.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/html/code/links-with-target-blank.html
--------------------------------------------------------------------------------
/java/code/auth-weak-decisions-permission-evaluator.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/auth-weak-decisions-permission-evaluator.java
--------------------------------------------------------------------------------
/java/code/auth-weak-decisions.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/auth-weak-decisions.java
--------------------------------------------------------------------------------
/java/code/basic-auth.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/basic-auth.java
--------------------------------------------------------------------------------
/java/code/code-injection.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/code-injection.java
--------------------------------------------------------------------------------
/java/code/defined-filters.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/defined-filters.java
--------------------------------------------------------------------------------
/java/code/deserialization-active-mq-connection-factory.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/deserialization-active-mq-connection-factory.java
--------------------------------------------------------------------------------
/java/code/deserialization.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/deserialization.java
--------------------------------------------------------------------------------
/java/code/dos-regex.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/dos-regex.java
--------------------------------------------------------------------------------
/java/code/dynamic-class-load.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/dynamic-class-load.java
--------------------------------------------------------------------------------
/java/code/ejb-interceptors.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/ejb-interceptors.java
--------------------------------------------------------------------------------
/java/code/get-requested-session-id.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/get-requested-session-id.java
--------------------------------------------------------------------------------
/java/code/httpsecurity-url-patterns-not-correctly-ordered.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/httpsecurity-url-patterns-not-correctly-ordered.java
--------------------------------------------------------------------------------
/java/code/insecure-file-creation.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/insecure-file-creation.java
--------------------------------------------------------------------------------
/java/code/io-path-injection.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/io-path-injection.java
--------------------------------------------------------------------------------
/java/code/jsp/xss/page-variable-dangerous-location/unquoted-variable-in-html-attribute.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/jsp/xss/page-variable-dangerous-location/unquoted-variable-in-html-attribute.java
--------------------------------------------------------------------------------
/java/code/jsp/xss/page-variable-dangerous-location/variable-in-href-attribute.java:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/java/code/jsp/xss/page-variable-dangerous-location/variable-in-script-block.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/jsp/xss/page-variable-dangerous-location/variable-in-script-block.java
--------------------------------------------------------------------------------
/java/code/jsp/xss/page-variable-not-escaped/escapexml.java:
--------------------------------------------------------------------------------
1 | ${userObj.name}
2 |
--------------------------------------------------------------------------------
/java/code/jsp/xss/page-variable-not-escaped/variable-without-tag.java:
--------------------------------------------------------------------------------
1 | ${userObj.name}
2 |
--------------------------------------------------------------------------------
/java/code/jsp/xss/server/outputstream.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/jsp/xss/server/outputstream.java
--------------------------------------------------------------------------------
/java/code/jsp/xss/server/printwritter.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/jsp/xss/server/printwritter.java
--------------------------------------------------------------------------------
/java/code/ldap-injection.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/ldap-injection.java
--------------------------------------------------------------------------------
/java/code/ldap-unauthenticated.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/ldap-unauthenticated.java
--------------------------------------------------------------------------------
/java/code/logging-injection.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/logging-injection.java
--------------------------------------------------------------------------------
/java/code/open-redirect.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/open-redirect.java
--------------------------------------------------------------------------------
/java/code/opensqml2-auth-bypass.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/opensqml2-auth-bypass.java
--------------------------------------------------------------------------------
/java/code/opensqml2-auth-bypass2.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/opensqml2-auth-bypass2.java
--------------------------------------------------------------------------------
/java/code/os-command-injection.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/os-command-injection.java
--------------------------------------------------------------------------------
/java/code/persistent-entities-arguments.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/persistent-entities-arguments.java
--------------------------------------------------------------------------------
/java/code/response-headers-injection.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/response-headers-injection.java
--------------------------------------------------------------------------------
/java/code/servlet-exceptions.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/servlet-exceptions.java
--------------------------------------------------------------------------------
/java/code/session-reusing.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/session-reusing.java
--------------------------------------------------------------------------------
/java/code/spring-members-injection.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/spring-members-injection.java
--------------------------------------------------------------------------------
/java/code/sqli.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/sqli.java
--------------------------------------------------------------------------------
/java/code/ssrf.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/ssrf.java
--------------------------------------------------------------------------------
/java/code/struts-validation.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/struts-validation.java
--------------------------------------------------------------------------------
/java/code/weak-crypto/cipher-algorithms.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/weak-crypto/cipher-algorithms.java
--------------------------------------------------------------------------------
/java/code/weak-crypto/ivs-predictable.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/weak-crypto/ivs-predictable.java
--------------------------------------------------------------------------------
/java/code/weak-crypto/jwt-auth0.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/weak-crypto/jwt-auth0.java
--------------------------------------------------------------------------------
/java/code/weak-crypto/jwt-jwtk.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/weak-crypto/jwt-jwtk.java
--------------------------------------------------------------------------------
/java/code/weak-crypto/keys.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/weak-crypto/keys.java
--------------------------------------------------------------------------------
/java/code/weak-crypto/plain-text-password-storage.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/weak-crypto/plain-text-password-storage.java
--------------------------------------------------------------------------------
/java/code/weak-crypto/predictable-salts.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/weak-crypto/predictable-salts.java
--------------------------------------------------------------------------------
/java/code/weak-crypto/predictable-seeds.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/weak-crypto/predictable-seeds.java
--------------------------------------------------------------------------------
/java/code/weak-crypto/secure-padding.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/weak-crypto/secure-padding.java
--------------------------------------------------------------------------------
/java/code/weak-crypto/ssl-protocols-okhttp.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/weak-crypto/ssl-protocols-okhttp.java
--------------------------------------------------------------------------------
/java/code/weak-crypto/ssl-protocols.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/weak-crypto/ssl-protocols.java
--------------------------------------------------------------------------------
/java/code/weak-crypto/ssl-unverified-cert.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/weak-crypto/ssl-unverified-cert.java
--------------------------------------------------------------------------------
/java/code/weak-crypto/ssl-unverified-hostnames-javamail.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/weak-crypto/ssl-unverified-hostnames-javamail.java
--------------------------------------------------------------------------------
/java/code/weak-crypto/ssl-unverified-hostnames-simpleemail.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/weak-crypto/ssl-unverified-hostnames-simpleemail.java
--------------------------------------------------------------------------------
/java/code/weak-crypto/ssl-unverified-hostnames.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/weak-crypto/ssl-unverified-hostnames.java
--------------------------------------------------------------------------------
/java/code/weak-database-password.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/weak-database-password.java
--------------------------------------------------------------------------------
/java/code/xpath-injection.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/xpath-injection.java
--------------------------------------------------------------------------------
/java/code/xss.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/xss.java
--------------------------------------------------------------------------------
/java/code/xxe-dom4j.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/xxe-dom4j.java
--------------------------------------------------------------------------------
/java/code/xxe-japx.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/xxe-japx.java
--------------------------------------------------------------------------------
/java/code/xxe-jdom2.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/xxe-jdom2.java
--------------------------------------------------------------------------------
/java/code/zip-slip.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/code/zip-slip.java
--------------------------------------------------------------------------------
/java/libraries/maven/pom.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/libraries/maven/pom.xml
--------------------------------------------------------------------------------
/java/libraries/maven/target/dependency-check-report.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/libraries/maven/target/dependency-check-report.html
--------------------------------------------------------------------------------
/java/libraries/maven/target/maven-archiver/pom.properties:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/libraries/maven/target/maven-archiver/pom.properties
--------------------------------------------------------------------------------
/java/libraries/maven/target/test-1.0.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/java/libraries/maven/target/test-1.0.jar
--------------------------------------------------------------------------------
/javascript/code/alert.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/alert.js
--------------------------------------------------------------------------------
/javascript/code/code-exectuion3.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/code-exectuion3.js
--------------------------------------------------------------------------------
/javascript/code/code-execution-mongo.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/code-execution-mongo.js
--------------------------------------------------------------------------------
/javascript/code/code-execution.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/code-execution.js
--------------------------------------------------------------------------------
/javascript/code/code-execution2.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/code-execution2.js
--------------------------------------------------------------------------------
/javascript/code/debuger-statements.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/debuger-statements.js
--------------------------------------------------------------------------------
/javascript/code/dom-open-redirect.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/dom-open-redirect.js
--------------------------------------------------------------------------------
/javascript/code/dom-xss.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/dom-xss.js
--------------------------------------------------------------------------------
/javascript/code/dos-regex-safe-regex.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/dos-regex-safe-regex.js
--------------------------------------------------------------------------------
/javascript/code/dos-regex.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/dos-regex.js
--------------------------------------------------------------------------------
/javascript/code/io-path-injection.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/io-path-injection.js
--------------------------------------------------------------------------------
/javascript/code/local-storage.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/local-storage.js
--------------------------------------------------------------------------------
/javascript/code/no-sql-injection.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/no-sql-injection.js
--------------------------------------------------------------------------------
/javascript/code/open-redirect.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/open-redirect.js
--------------------------------------------------------------------------------
/javascript/code/os-command-injection.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/os-command-injection.js
--------------------------------------------------------------------------------
/javascript/code/os-command-injection2.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/os-command-injection2.js
--------------------------------------------------------------------------------
/javascript/code/reflected-xss.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/reflected-xss.js
--------------------------------------------------------------------------------
/javascript/code/reflected-xss2.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/reflected-xss2.js
--------------------------------------------------------------------------------
/javascript/code/session-reuse-passport.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/session-reuse-passport.js
--------------------------------------------------------------------------------
/javascript/code/sql-injection.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/sql-injection.js
--------------------------------------------------------------------------------
/javascript/code/sql-injection2.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/sql-injection2.js
--------------------------------------------------------------------------------
/javascript/code/ssrf.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/ssrf.js
--------------------------------------------------------------------------------
/javascript/code/unrestricted-file-upload-formidable.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/unrestricted-file-upload-formidable.js
--------------------------------------------------------------------------------
/javascript/code/unrestricted-file-upload-multer.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/unrestricted-file-upload-multer.js
--------------------------------------------------------------------------------
/javascript/code/unverified-origin-receiving.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/unverified-origin-receiving.js
--------------------------------------------------------------------------------
/javascript/code/unverified-origin-sending.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/unverified-origin-sending.js
--------------------------------------------------------------------------------
/javascript/code/weak-crypto/cipher-algorithms.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/weak-crypto/cipher-algorithms.js
--------------------------------------------------------------------------------
/javascript/code/weak-crypto/jwt.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/weak-crypto/jwt.js
--------------------------------------------------------------------------------
/javascript/code/weak-crypto/keys.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/weak-crypto/keys.js
--------------------------------------------------------------------------------
/javascript/code/weak-crypto/secure-padding.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/weak-crypto/secure-padding.js
--------------------------------------------------------------------------------
/javascript/code/weak-crypto/ssl-protocols-https.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/weak-crypto/ssl-protocols-https.js
--------------------------------------------------------------------------------
/javascript/code/weak-crypto/ssl-protocols-request.js:
--------------------------------------------------------------------------------
1 | let socket = request.get(options);
2 |
--------------------------------------------------------------------------------
/javascript/code/weak-crypto/ssl-protocols-tls.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/weak-crypto/ssl-protocols-tls.js
--------------------------------------------------------------------------------
/javascript/code/weak-crypto/ssl-protocols.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/weak-crypto/ssl-protocols.js
--------------------------------------------------------------------------------
/javascript/code/weak-crypto/ssl-unverified-cert-https.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/weak-crypto/ssl-unverified-cert-https.js
--------------------------------------------------------------------------------
/javascript/code/weak-crypto/ssl-unverified-cert-request.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/weak-crypto/ssl-unverified-cert-request.js
--------------------------------------------------------------------------------
/javascript/code/weak-crypto/ssl-unverified-cert-tls.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/weak-crypto/ssl-unverified-cert-tls.js
--------------------------------------------------------------------------------
/javascript/code/weak-crypto/ssl-unverified-hostnames-https.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/weak-crypto/ssl-unverified-hostnames-https.js
--------------------------------------------------------------------------------
/javascript/code/weak-crypto/ssl-unverified-hostnames-request.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/weak-crypto/ssl-unverified-hostnames-request.js
--------------------------------------------------------------------------------
/javascript/code/weak-crypto/ssl-unverified-hostnames-tls.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/weak-crypto/ssl-unverified-hostnames-tls.js
--------------------------------------------------------------------------------
/javascript/code/web-sql-database.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/web-sql-database.js
--------------------------------------------------------------------------------
/javascript/code/xxe-libxmljs.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/xxe-libxmljs.js
--------------------------------------------------------------------------------
/javascript/code/zip-slip.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/code/zip-slip.js
--------------------------------------------------------------------------------
/javascript/libraries/jquery.min.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/javascript/libraries/jquery.min.js
--------------------------------------------------------------------------------
/kubernetes/CapSysAdmin.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/kubernetes/CapSysAdmin.yaml
--------------------------------------------------------------------------------
/nodejs/code/host_header_injection.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/nodejs/code/host_header_injection.js
--------------------------------------------------------------------------------
/nodejs/code/rce.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/nodejs/code/rce.js
--------------------------------------------------------------------------------
/nodejs/libraries/npm/package-lock.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/nodejs/libraries/npm/package-lock.json
--------------------------------------------------------------------------------
/nodejs/libraries/npm/package.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/nodejs/libraries/npm/package.json
--------------------------------------------------------------------------------
/nodejs/libraries/yarn/package.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/nodejs/libraries/yarn/package.json
--------------------------------------------------------------------------------
/nodejs/libraries/yarn/yarn.lock:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/nodejs/libraries/yarn/yarn.lock
--------------------------------------------------------------------------------
/php/code/arbitrary-include.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/php/code/arbitrary-include.php
--------------------------------------------------------------------------------
/php/code/code-execution.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/php/code/code-execution.php
--------------------------------------------------------------------------------
/php/code/deserialization.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/php/code/deserialization.php
--------------------------------------------------------------------------------
/php/code/dos-regex.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/php/code/dos-regex.php
--------------------------------------------------------------------------------
/php/code/io-path-injection.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/php/code/io-path-injection.php
--------------------------------------------------------------------------------
/php/code/laravel/auth-weak-decision.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/php/code/laravel/auth-weak-decision.php
--------------------------------------------------------------------------------
/php/code/ldap-injection.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/php/code/ldap-injection.php
--------------------------------------------------------------------------------
/php/code/ldap-unauthenticated.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/php/code/ldap-unauthenticated.php
--------------------------------------------------------------------------------
/php/code/logging-injection.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/php/code/logging-injection.php
--------------------------------------------------------------------------------
/php/code/open-redirect.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/php/code/open-redirect.php
--------------------------------------------------------------------------------
/php/code/os-command-injection.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/php/code/os-command-injection.php
--------------------------------------------------------------------------------
/php/code/php-ini/allow-url-fopen/php.ini:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/php/code/php-ini/allow-url-fopen/php.ini
--------------------------------------------------------------------------------
/php/code/php-ini/cgi-force-redirect/php.ini:
--------------------------------------------------------------------------------
1 | ; php.ini
2 | cgi.force_redirect=0 ; Noncompliant
--------------------------------------------------------------------------------
/php/code/php-ini/enable-dl/php.ini:
--------------------------------------------------------------------------------
1 | ; php.ini
2 | enable_dl=1 ; Noncompliant
--------------------------------------------------------------------------------
/php/code/php-ini/file-uploads/php.ini:
--------------------------------------------------------------------------------
1 | ; php.ini
2 | file_uploads=1 ; Noncompliant
--------------------------------------------------------------------------------
/php/code/php-ini/open-basedir/php.ini:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/php/code/php-ini/open-basedir/php.ini
--------------------------------------------------------------------------------
/php/code/php-ini/session-use-trans-sid/php.ini:
--------------------------------------------------------------------------------
1 | ; php.ini
2 | session.use_trans_sid=1 ; Noncompliant
--------------------------------------------------------------------------------
/php/code/rce.php:
--------------------------------------------------------------------------------
1 | {request.POST.get('name')}")
--------------------------------------------------------------------------------
/python/code/django/xss/template-bypass/autoescape-false.py:
--------------------------------------------------------------------------------
1 | response = render(request, "index.html", {"autoescape": False})
2 |
--------------------------------------------------------------------------------
/python/code/django/xss/template-bypass/globally-disabling-autoescape.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/django/xss/template-bypass/globally-disabling-autoescape.py
--------------------------------------------------------------------------------
/python/code/django/xss/template-bypass/http-response.py:
--------------------------------------------------------------------------------
1 | return HttpResponse("Hello, " + name)
2 |
--------------------------------------------------------------------------------
/python/code/django/xss/templates-unescaped-variables/autoescape-off.py:
--------------------------------------------------------------------------------
1 | {% autoescape off %}
2 |
--------------------------------------------------------------------------------
/python/code/django/xss/templates-unescaped-variables/safe.py:
--------------------------------------------------------------------------------
1 | {{ name | safe }}
2 |
--------------------------------------------------------------------------------
/python/code/django/xss/templates-unescaped-variables/safeseq.py:
--------------------------------------------------------------------------------
1 | {{ names | safeseq | join:", " }}
2 |
--------------------------------------------------------------------------------
/python/code/django/xss/templates-variable-dangerous-location/href.py:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/python/code/django/xss/templates-variable-dangerous-location/html.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/django/xss/templates-variable-dangerous-location/html.py
--------------------------------------------------------------------------------
/python/code/django/xss/templates-variable-dangerous-location/script.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/django/xss/templates-variable-dangerous-location/script.py
--------------------------------------------------------------------------------
/python/code/dos-regex.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/dos-regex.py
--------------------------------------------------------------------------------
/python/code/flask/open-redirect.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/flask/open-redirect.py
--------------------------------------------------------------------------------
/python/code/flask/response-headers-injection.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/flask/response-headers-injection.py
--------------------------------------------------------------------------------
/python/code/flask/sql-injection.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/flask/sql-injection.py
--------------------------------------------------------------------------------
/python/code/flask/weak-database-password.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/flask/weak-database-password.py
--------------------------------------------------------------------------------
/python/code/flask/xss/server/markup.py:
--------------------------------------------------------------------------------
1 | flask.Markup(html_content)
2 |
--------------------------------------------------------------------------------
/python/code/flask/xss/server/render-template-string.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/flask/xss/server/render-template-string.py
--------------------------------------------------------------------------------
/python/code/flask/xss/server/render-template.py:
--------------------------------------------------------------------------------
1 | render_template("unsafe.jinja2")
2 |
--------------------------------------------------------------------------------
/python/code/flask/xss/template-bypass/autoescape-false.py:
--------------------------------------------------------------------------------
1 | {% autoescape false %}
--------------------------------------------------------------------------------
/python/code/flask/xss/template-bypass/jinja2-directly.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/flask/xss/template-bypass/jinja2-directly.py
--------------------------------------------------------------------------------
/python/code/flask/xss/template-bypass/returning-directly-from-rute.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/flask/xss/template-bypass/returning-directly-from-rute.py
--------------------------------------------------------------------------------
/python/code/flask/xss/template-bypass/safe.py:
--------------------------------------------------------------------------------
1 | {{ name | safe }}
--------------------------------------------------------------------------------
/python/code/flask/xss/templates-variable-dangerous-location/href.py:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/python/code/flask/xss/templates-variable-dangerous-location/script.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/flask/xss/templates-variable-dangerous-location/script.py
--------------------------------------------------------------------------------
/python/code/flask/xss/templates-variable-dangerous-location/unquoted-html-attribute.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/flask/xss/templates-variable-dangerous-location/unquoted-html-attribute.py
--------------------------------------------------------------------------------
/python/code/html-autoescape-disabled.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/html-autoescape-disabled.py
--------------------------------------------------------------------------------
/python/code/insecure-temp.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/insecure-temp.py
--------------------------------------------------------------------------------
/python/code/io-path-injection.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/io-path-injection.py
--------------------------------------------------------------------------------
/python/code/ldap-injection.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/ldap-injection.py
--------------------------------------------------------------------------------
/python/code/ldap-unauthenticated.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/ldap-unauthenticated.py
--------------------------------------------------------------------------------
/python/code/logging-injection.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/logging-injection.py
--------------------------------------------------------------------------------
/python/code/mysql-connector/weak-database-password.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/mysql-connector/weak-database-password.py
--------------------------------------------------------------------------------
/python/code/os-command-injection-os.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/os-command-injection-os.py
--------------------------------------------------------------------------------
/python/code/os-command-injection-subprocess.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/os-command-injection-subprocess.py
--------------------------------------------------------------------------------
/python/code/rce.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/rce.py
--------------------------------------------------------------------------------
/python/code/sqli.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/sqli.py
--------------------------------------------------------------------------------
/python/code/ssrf.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/ssrf.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/crypt/predictable-salt.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/crypt/predictable-salt.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/cryptography/ivs-predictable.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/cryptography/ivs-predictable.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/hashlib/predictable-salt.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/hashlib/predictable-salt.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/jwt-unverified-jwt.py:
--------------------------------------------------------------------------------
1 | jwt.process_jwt(token) # Noncompliant
2 |
--------------------------------------------------------------------------------
/python/code/weak-crypto/jwt-unverified-pyjwt.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/jwt-unverified-pyjwt.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/keys.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/keys.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/pyca/cipher-algorithms.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/pyca/cipher-algorithms.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/pyca/insecure-padding.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/pyca/insecure-padding.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/pycrypto/cipher-algorithms.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/pycrypto/cipher-algorithms.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/pycrypto/insecure-padding.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/pycrypto/insecure-padding.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/pycryptodome/cipher-algorithms.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/pycryptodome/cipher-algorithms.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/pycryptodome/ivs-predictable.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/pycryptodome/ivs-predictable.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/pycryptodomex/cipher-algorithms.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/pycryptodomex/cipher-algorithms.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/pycryptodomex/insecure-padding.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/pycryptodomex/insecure-padding.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/pydes/cipher-algorithms.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/pydes/cipher-algorithms.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/pydes/insecure-padding.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/pydes/insecure-padding.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/ssl-protocols-openssl.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/ssl-protocols-openssl.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/ssl-protocols-ssl.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/ssl-protocols-ssl.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/ssl-unverified-cert-psf-requests.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/ssl-unverified-cert-psf-requests.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/ssl-unverified-cert-pyopenssl.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/ssl-unverified-cert-pyopenssl.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/ssl-unverified-cert-ssl.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/ssl-unverified-cert-ssl.py
--------------------------------------------------------------------------------
/python/code/weak-crypto/ssl-unverified-hostname.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/weak-crypto/ssl-unverified-hostname.py
--------------------------------------------------------------------------------
/python/code/xpath-injection.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/xpath-injection.py
--------------------------------------------------------------------------------
/python/code/xss-template.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/xss-template.py
--------------------------------------------------------------------------------
/python/code/xxe-lxml-parsing.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/xxe-lxml-parsing.py
--------------------------------------------------------------------------------
/python/code/xxe-lxml-transforming.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/xxe-lxml-transforming.py
--------------------------------------------------------------------------------
/python/code/xxe-xmlsax.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/python/code/xxe-xmlsax.py
--------------------------------------------------------------------------------
/python/libraries/pip/requirements.txt:
--------------------------------------------------------------------------------
1 | tendenci=12.0.10
--------------------------------------------------------------------------------
/ruby/code/rails/xss/server/content-tag.rb:
--------------------------------------------------------------------------------
1 | content_tag :p, "Hello, #{name}"
2 |
--------------------------------------------------------------------------------
/ruby/code/rails/xss/server/escape-html-entities-json.rb:
--------------------------------------------------------------------------------
1 | config.active_support.escape_html_entities_in_json = false
2 |
--------------------------------------------------------------------------------
/ruby/code/rails/xss/server/html-safe.rb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/ruby/code/rails/xss/server/html-safe.rb
--------------------------------------------------------------------------------
/ruby/code/rails/xss/server/raw.rb:
--------------------------------------------------------------------------------
1 | raw @user.name
2 |
--------------------------------------------------------------------------------
/ruby/code/rails/xss/template-bypass/erb.rb:
--------------------------------------------------------------------------------
1 | ERB.new("#{@user.name}
").result
2 |
--------------------------------------------------------------------------------
/ruby/code/rails/xss/template-bypass/render-inline.rb:
--------------------------------------------------------------------------------
1 | render inline: "#{@user.name}
"
2 |
--------------------------------------------------------------------------------
/ruby/code/rails/xss/template-bypass/render-text.rb:
--------------------------------------------------------------------------------
1 | render text: "#{@user.name}
"
2 |
--------------------------------------------------------------------------------
/ruby/code/rails/xss/templates-unescaped-variables/content-tag.rb:
--------------------------------------------------------------------------------
1 | <%= content_tag :p, "Hello, #{name}" %>
2 |
--------------------------------------------------------------------------------
/ruby/code/rails/xss/templates-unescaped-variables/html-safe-alias.rb:
--------------------------------------------------------------------------------
1 | <%== @user.name %>
2 |
--------------------------------------------------------------------------------
/ruby/code/rails/xss/templates-unescaped-variables/html-safe.rb:
--------------------------------------------------------------------------------
1 | <%= name.html_safe %>
2 |
--------------------------------------------------------------------------------
/ruby/code/rails/xss/templates-unescaped-variables/raw.rb:
--------------------------------------------------------------------------------
1 | <%= raw @user.name =>
2 |
--------------------------------------------------------------------------------
/ruby/code/rails/xss/templates-variable-dangerous-location/href.rb:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/ruby/code/rails/xss/templates-variable-dangerous-location/link-to.rb:
--------------------------------------------------------------------------------
1 | <%= link_to "Here", @link %>
--------------------------------------------------------------------------------
/ruby/code/rails/xss/templates-variable-dangerous-location/script.rb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/ruby/code/rails/xss/templates-variable-dangerous-location/script.rb
--------------------------------------------------------------------------------
/ruby/code/rails/xss/templates-variable-dangerous-location/unquoted.rb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/ruby/code/rails/xss/templates-variable-dangerous-location/unquoted.rb
--------------------------------------------------------------------------------
/secrets/false-positives/basicauth.txt:
--------------------------------------------------------------------------------
1 | user:pass@example.com
--------------------------------------------------------------------------------
/secrets/google.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/secrets/google.txt
--------------------------------------------------------------------------------
/secrets/rsa:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/secrets/rsa
--------------------------------------------------------------------------------
/swift/code/weak-crypto/CommonCrypto/cipher-algorithms.swift:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/swift/code/weak-crypto/CommonCrypto/cipher-algorithms.swift
--------------------------------------------------------------------------------
/swift/code/weak-crypto/CryptoSwift/cipher-algorithms.swift:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/swift/code/weak-crypto/CryptoSwift/cipher-algorithms.swift
--------------------------------------------------------------------------------
/swift/code/weak-crypto/IDZSwiftCommonCrypto/cipher-algorithms.swift:
--------------------------------------------------------------------------------
1 | import IDZSwiftCommonCrypto
2 |
3 | let algorithm = .des // Noncompliant: 64 bits block size
--------------------------------------------------------------------------------
/swift/code/weak-crypto/des.swift:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/swift/code/weak-crypto/des.swift
--------------------------------------------------------------------------------
/swift/code/weak-crypto/hash-algorithms.swift:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/swift/code/weak-crypto/hash-algorithms.swift
--------------------------------------------------------------------------------
/typescript/code/code-execution-mongo.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/code-execution-mongo.ts
--------------------------------------------------------------------------------
/typescript/code/code-execution.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/code-execution.ts
--------------------------------------------------------------------------------
/typescript/code/code-execution2.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/code-execution2.ts
--------------------------------------------------------------------------------
/typescript/code/code-execution3.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/code-execution3.ts
--------------------------------------------------------------------------------
/typescript/code/debugger-statements.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/debugger-statements.ts
--------------------------------------------------------------------------------
/typescript/code/dom-open-redirect.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/dom-open-redirect.ts
--------------------------------------------------------------------------------
/typescript/code/dom-xss.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/dom-xss.ts
--------------------------------------------------------------------------------
/typescript/code/dos-regex.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/dos-regex.ts
--------------------------------------------------------------------------------
/typescript/code/execa/os-command-injection.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/execa/os-command-injection.ts
--------------------------------------------------------------------------------
/typescript/code/formidable/unrestricted-file-upload.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/formidable/unrestricted-file-upload.ts
--------------------------------------------------------------------------------
/typescript/code/io-path-injection.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/io-path-injection.ts
--------------------------------------------------------------------------------
/typescript/code/jsonwebtoken/jwt-unverified.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/jsonwebtoken/jwt-unverified.ts
--------------------------------------------------------------------------------
/typescript/code/libxmljs/xxe.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/libxmljs/xxe.js
--------------------------------------------------------------------------------
/typescript/code/multer/unrestricted-file-upload.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/multer/unrestricted-file-upload.ts
--------------------------------------------------------------------------------
/typescript/code/no-sql-injection.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/no-sql-injection.ts
--------------------------------------------------------------------------------
/typescript/code/open-redirect.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/open-redirect.ts
--------------------------------------------------------------------------------
/typescript/code/os-command-injection.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/os-command-injection.ts
--------------------------------------------------------------------------------
/typescript/code/rce.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/rce.ts
--------------------------------------------------------------------------------
/typescript/code/request/ssrf.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/request/ssrf.ts
--------------------------------------------------------------------------------
/typescript/code/safe-regex/dos-regex.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/safe-regex/dos-regex.ts
--------------------------------------------------------------------------------
/typescript/code/sql-injection.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/sql-injection.ts
--------------------------------------------------------------------------------
/typescript/code/sql-injection2.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/sql-injection2.ts
--------------------------------------------------------------------------------
/typescript/code/unverified-origin-receiving.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/unverified-origin-receiving.ts
--------------------------------------------------------------------------------
/typescript/code/unverified-origin-sending.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/unverified-origin-sending.ts
--------------------------------------------------------------------------------
/typescript/code/weak-crypto/crypto/cipher-algorithms.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/weak-crypto/crypto/cipher-algorithms.ts
--------------------------------------------------------------------------------
/typescript/code/weak-crypto/crypto/insecure-padding.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/weak-crypto/crypto/insecure-padding.ts
--------------------------------------------------------------------------------
/typescript/code/weak-crypto/crypto/keys.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/weak-crypto/crypto/keys.ts
--------------------------------------------------------------------------------
/typescript/code/weak-crypto/https/ssl-protocols.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/weak-crypto/https/ssl-protocols.ts
--------------------------------------------------------------------------------
/typescript/code/weak-crypto/https/ssl-unverified-cert.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/weak-crypto/https/ssl-unverified-cert.ts
--------------------------------------------------------------------------------
/typescript/code/weak-crypto/https/ssl-unverified-hostnames.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/weak-crypto/https/ssl-unverified-hostnames.ts
--------------------------------------------------------------------------------
/typescript/code/weak-crypto/passport.js/session-reuse.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/weak-crypto/passport.js/session-reuse.ts
--------------------------------------------------------------------------------
/typescript/code/weak-crypto/request/ssl-protocols.ts:
--------------------------------------------------------------------------------
1 | let socket = request.get(options);
2 |
--------------------------------------------------------------------------------
/typescript/code/weak-crypto/request/ssl-unverified-cert.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/weak-crypto/request/ssl-unverified-cert.ts
--------------------------------------------------------------------------------
/typescript/code/weak-crypto/request/ssl-unverified-hostnames.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/weak-crypto/request/ssl-unverified-hostnames.ts
--------------------------------------------------------------------------------
/typescript/code/weak-crypto/ssl-protocols.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/weak-crypto/ssl-protocols.ts
--------------------------------------------------------------------------------
/typescript/code/weak-crypto/tls/ssl-protocols.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/weak-crypto/tls/ssl-protocols.ts
--------------------------------------------------------------------------------
/typescript/code/weak-crypto/tls/ssl-unverified-cert.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/weak-crypto/tls/ssl-unverified-cert.ts
--------------------------------------------------------------------------------
/typescript/code/weak-crypto/tls/ssl-unverified-hostnames.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/weak-crypto/tls/ssl-unverified-hostnames.ts
--------------------------------------------------------------------------------
/typescript/code/web-sql-databases.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/web-sql-databases.ts
--------------------------------------------------------------------------------
/typescript/code/xss.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/xss.ts
--------------------------------------------------------------------------------
/typescript/code/zip-slip.ts:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arall/vulnerabilities/HEAD/typescript/code/zip-slip.ts
--------------------------------------------------------------------------------
/web/backups/.DS_Store:
--------------------------------------------------------------------------------
1 | Dummy DS_Store file
--------------------------------------------------------------------------------
/web/backups/index.php:
--------------------------------------------------------------------------------
1 |