CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,536 vulnerabilities with CWE-94
CVE-2017-11421
HIGH
gnome-exe-thumbnailer < 0.9.4 - VBScript Injection via MSI Filename
CVSS 7.8
CVE-2017-11167
CRITICAL
FineCMS 2.1.0 - Remote Code Execution via URL Manager Domain Name Injection
CVSS 9.8
CVE-2017-10968
CRITICAL
FineCMS through 2017-07-07 - Remote Code Execution via Template Controller
CVSS 9.8
CVE-2017-9841
CRITICAL
KEV
PHPUnit < 4.8.28 and 5.x < 5.6.3 - Remote Code Execution via HTTP POST Data
CVSS 9.8
CVE-2017-6325
MEDIUM
Symantec Messaging Gateway < 10.6.3 - Remote Code Execution via File Inclusion
CVSS 6.6
CVE-2017-9807
CRITICAL
openwebif < 1.2.4 - Unauthenticated Remote Code Execution via saveConfig API
CVSS 9.8
CVE-2017-9774
HIGH
Horde_Image < 2.5.0 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2017-9771
CRITICAL
WebsiteBaker 2.10.0 - Remote Code Execution via Database Configuration Parameters
CVSS 9.8
CVE-2017-9442
HIGH
BigTree CMS <4.2.18 - Authenticated RCE
CVSS 8.8
CVE-2017-8402
HIGH
PivotX 2.3.11 - Authenticated PHP Code Execution via .htaccess File Upload
CVSS 8.8
CVE-2017-7494
CRITICAL
KEV
Samba is_known_pipename() Arbitrary Module Load
CVSS 9.8
CVE-2017-8912
HIGH
CMS Made Simple 2.1.6 - Authenticated PHP Code Execution via Edit User Tag
CVSS 7.2
CVE-2017-7911
HIGH
CyberVision Kaa IoT Platform 0.7.4 - Remote Code Execution via Insufficient Encapsulation
CVSS 8.8
CVE-2017-8284
HIGH
QEMU < 2.8.1.1 - Local Privilege Escalation via TCG Mode Instruction Size Overflow
CVSS 7.0
CVE-2017-7694
HIGH
Symphony CMS <2.6.11 - Authenticated RCE
CVSS 8.8
CVE-2017-7691
CRITICAL
SAP TREX - Code Injection
CVSS 9.8
CVE-2017-7625
CRITICAL
Fiyo CMS 2.x-2.0.7 - Unauthenticated Remote Code Execution via Content Parameter
CVSS 9.8
CVE-2017-7570
HIGH
PivotX 2.3.11 - Authenticated Remote Code Execution via File Extension Manipulation
CVSS 8.8
CVE-2017-4964
HIGH
Cloud Foundry Foundation BOSH Azure CPI v22 - Code Injection
CVSS 8.8
CVE-2017-7402
CRITICAL
Pixie 1.0.4 - Authenticated Remote Code Execution via Double Extension File Upload
CVSS 9.8
CVE-2017-7324
CRITICAL
MODX Revolution < 2.5.4 - Remote Code Execution via core_path Parameter
CVSS 9.8
CVE-2017-7321
CRITICAL
MODX Revolution < 2.5.4 - Remote Code Execution via Setup Welcome Controller
CVSS 9.8
CVE-2017-6455
HIGH
NTP < 4.2.8p10 and 4.3.x < 4.3.94 - Local Privilege Escalation via PPSAPI DLL Injection
CVSS 7.0
CVE-2017-6186
MEDIUM
Bitdefender Antivirus Plus, Internet Security, Total Security < 12.0 - Local Code Injection
CVSS 6.7
CVE-2017-2968
CRITICAL
Adobe Campaign <= 16.4 Build 8724 - Code Injection
CVSS 9.1
Details
Vulnerabilities
6,536
Exploit Likelihood
Medium