CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,536 vulnerabilities with CWE-94
CVE-2017-15806
HIGH
Zeta Components Mail < 1.8.2 - Remote Code Execution via Crafted Email Address in Return Path
CVSS 8.1
CVE-2017-16783
CRITICAL
CMS Made Simple 2.1.6 - Server-Side Template Injection via cntnt01detailtemplate Parameter
CVSS 9.8
CVE-2017-7411
HIGH
Tuleap < 9.6 - Remote Code Execution via User::getRecentElements() Unserialize
CVSS 8.8
CVE-2017-15935
HIGH
Artica Pandora FMS 7.0 - Authenticated Remote Code Execution via Manager Files Upload
CVSS 7.2
CVE-2017-15376
CRITICAL
Mobatek MobaXterm 10.4 - Unauthenticated Remote Code Execution via TELNET Service
CVSS 9.8
CVE-2017-14353
HIGH
HP UCMDB Foundation Software <10.33 - RCE
CVSS 8.8
CVE-2017-13676
HIGH
Norton Remove & Reinstall < 4.4.0.58 - DLL Preloading
CVSS 7.0
CVE-2017-14764
HIGH
GeniXCMS 1.1.4 - Authenticated PHP Code Execution via Module Upload
CVSS 8.8
CVE-2017-2809
HIGH
ansible-vault < 1.0.5 - Remote Code Execution via YAML Loading
CVSS 7.5
CVE-2017-8759
HIGH
KEV
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 - Remote Code Execution
CVSS 7.8
CVE-2017-14146
HIGH
HelpDEZk 1.1.1 - Authenticated Remote Code Execution via PHP File Upload
CVSS 8.8
CVE-2017-3897
CRITICAL
McAfee Live Safe <16.0.3, MSS+ <3.11.599.3 - Code Injection
CVSS 9.8
CVE-2017-0899
CRITICAL
RubyGems < 2.6.13 - Terminal Escape Sequence Injection via Gem Specification
CVSS 9.8
CVE-2017-1440
HIGH
IBM Emptoris Services Procurement 10.0.0.5 - Remote Code Execution via Arbitrary File Inclusion
CVSS 8.8
CVE-2017-10844
HIGH
baserCMS < 3.0.14 and <= 4.0.5 - Remote Code Execution
CVSS 8.8
CVE-2017-10835
HIGH
Dokodemo eye Smart HD SCR02HD Firmware <= 1.0.3.1000 - Authenticated Code Injection
CVSS 8.8
CVE-2017-6782
MEDIUM
Cisco Prime Infrastructure 3.2(0.0) - Authenticated Stored XSS via Admin Web Interface
CVSS 5.4
CVE-2017-1469
HIGH
IBM InfoSphere Information Server 9.1 11.3 11.5 - Privilege Escalation via Arbitrary File Placement
CVSS 7.8
CVE-2017-3753
MEDIUM
Lenovo UEFI Firmware - Authenticated Code Injection via AMI BIOS
CVSS 6.8
CVE-2017-11760
HIGH
ProjeQtOr < 6.3.1 - Authenticated PHP Code Execution via Image Upload
CVSS 8.8
CVE-2017-11715
CRITICAL
MetInfo < 5.3.17 - Authenticated Remote Code Execution via .phtml File Upload
CVSS 9.8
CVE-2017-11675
HIGH
ZenCart 1.5.5e - Authenticated Remote Code Execution via Admin Name Array Parameter
CVSS 8.8
CVE-2017-11459
CRITICAL
SAP TREX 7.10 - Remote Code Execution via fdir Command
CVSS 9.8
CVE-2017-11585
CRITICAL
FineCMS 5.0.9 - Remote Code Execution via Template Cache Param Eval Injection
CVSS 9.8
CVE-2017-9822
HIGH
KEV
DotNetNuke < 9.1.1 - Remote Code Execution via Cookie Deserialization
CVSS 8.8
Details
Vulnerabilities
6,536
Exploit Likelihood
Medium