bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/php/util.php:112: High: fopen bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php:82: High: fopen bvssite-5.2.14-php5/htdocs/php/class.phpmailer.php:1085: High: fopen bvssite-5.2.14-php5/htdocs/php/xmlRoot_functions.php:164: High: fopen bvssite-5.2.14-php5/htdocs/php/xmlRoot_functions.php:247: High: fopen bvssite-5.2.14-php5/htdocs/php/common.php:8: High: fopen bvssite-5.2.14-php5/htdocs/metaiah/common.inc.php:62: High: fopen bvssite-5.2.14-php5/htdocs/metaiah/xml2tree.inc.php:412: High: fopen bvssite-5.2.14-php5/htdocs/metaiah/xml2tree.inc.php:483: High: fopen bvssite-5.2.14-php5/htdocs/admin/add_component.php:63: High: fopen bvssite-5.2.14-php5/htdocs/admin/fnow/xslt.php:117: High: fopen Argument 1 to this function call should be checked to ensure that it does not come from an untrusted source without first verifying that it contains nothing dangerous. bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/upload_fck.pl:132: High: eval bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/upload_fck.pl:133: High: eval bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/commands.pl:120: High: eval Using user supplied strings anywhere inside of an eval is extremely dangerous. Unvalidated user input fed into an eval call may allow the user to execute arbitrary perl code. Avoid ever passing user supplied strings into eval. bvssite-5.2.14-php5/htdocs/php/class.phpmailer.php:397: High: popen Argument 1 to this function call should be checked to ensure that it does not come from an untrusted source without first verifying that it contains nothing dangerous. bvssite-5.2.14-php5/htdocs/php/class.phpmailer.php:434: High: mail bvssite-5.2.14-php5/htdocs/php/class.phpmailer.php:438: High: mail bvssite-5.2.14-php5/htdocs/php/mailto.php:19: High: mail Arguments 1, 2, 4 and 5 of this function may be passed to an external program. (Usually sendmail). Under Windows, they will be passed to a remote email server. If these values are derived from user input, make sure they are properly formatted and contain no unexpected characters or extra data. bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/php/commands.php:211: Medium: is_file A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 236 (chmod), 249 (unlink), 254 (unlink) bvssite-5.2.14-php5/htdocs/php/class.phpmailer.php:998: Medium: is_file A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 1004 (basename), 1085 (fopen), 1283 (basename) bvssite-5.2.14-php5/htdocs/admin/add_component.php:60: Medium: is_file A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 63 (fopen), 64 (chmod) bvssite-5.2.14-php5/htdocs/admin/editor/filemanager/browser/connectors/php/commands.php:185: Medium: is_file A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 198 (chmod) bvssite-5.2.14-php5/htdocs/admin/editor/filemanager/upload/php/upload.php:93: Medium: is_file A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 106 (chmod) bvssite-5.2.14-php5/htdocs/admin/fnow/include_functions.php:117: Medium: fileperms A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 181 (rmdir), 189 (unlink) bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/php/util.php:183: Medium: is_readable A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 112 (fopen) bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/upload_fck.pl:138: Medium: mkdir bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/upload_fck.pl:143: Medium: mkdir bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/upload_fck.pl:146: Medium: mkdir bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/io.pl:91: Medium: mkdir bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/io.pl:96: Medium: mkdir bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/io.pl:99: Medium: mkdir When using this function, it is important to be sure that the string being passed in does not contain relative path elements (../ for example), or a null, which may cause underlying C calls to behave in ways you do not expect. This is especially important if the string is in any way constructed from a user supplied value. bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/upload_fck.pl:141: Medium: umask bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/commands.pl:147: Medium: umask bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/commands.pl:152: Medium: umask bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/io.pl:94: Medium: umask Using a user supplied expression as an argument to this function should be avoided. Explicitly set the umask to a value you know is safe. bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/upload_fck.pl:222: Medium: open The filename argument of open should be carefully checked if it is being created with any user-supplied string as a compontent of it. Strings should be checked for occurences of path backtracking/relative path components (../ as an example), or nulls, which may cause the underlying C call to interpret the filename to open differently than expected. It is also important to make sure that the final filename does not end in a "|", as this will cause the path to be executed. bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/upload_fck.pl:680: Medium: unlink bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/commands.pl:155: Medium: unlink When using this function, it is important to be sure that the string being passed in does not contain relative path elements (../ for example), or a null, which may cause underlying C calls to behave in ways you do not expect. This is especially important if the string is in any way constructed from a user supplied value. bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/commands.pl:148: Medium: chmod bvssite-5.2.14-php5/htdocs/bvs-mod/FCKeditor/editor/filemanager/connectors/perl/commands.pl:153: Medium: chmod When using this function, it is important to be sure that the string being passed in does not contain relative path elements (../ for example), or a null, which may cause underlying C calls to behave in ways you do not expect. This is especially important if the string is in any way constructed from a user supplied value. bvssite-5.2.14-php5/htdocs/php/class.smtp.php:101: Medium: fsockopen bvssite-5.2.14-php5/htdocs/php/common.php:76: Medium: fsockopen bvssite-5.2.14-php5/htdocs/metaiah/common.inc.php:114: Medium: fsockopen Argument 1 to this function call should be checked to ensure that it does not come from an untrusted source without first verifying that it contains nothing dangerous. bvssite-5.2.14-php5/htdocs/admin/editor/filemanager/browser/connectors/php/commands.php:116: Medium: is_writable A potential TOCTOU (Time Of Check, Time Of Use) vulnerability exists. This is the first line where a check has occured. The following line(s) contain uses that may match up with this check: 29 (opendir)