CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,536 vulnerabilities with CWE-94
CVE-2016-7966 HIGH
KMail < 4.4.0 - HTML Injection via Malicious URL with Quote Character
CVSS 7.3
CVE-2016-7787 MEDIUM
kde-cli-tools - Command Injection via kdesu Command Line Obfuscation
CVSS 4.9
CVE-2016-7954 CRITICAL
Bundler 1.x - Remote Code Execution via Gem Name Collision
CVSS 9.8
CVE-2016-9949 HIGH
Apport < 2.20.4 - Remote Code Execution via CrashDB Field Evaluation
CVSS 7.8
CVE-2016-9862 HIGH
phpMyAdmin 4.6.x < 4.6.5 - BBCode Injection in Login Page
CVSS 7.5
CVE-2016-5424 HIGH
Debian Linux < 9.1.22 - Code Injection
CVSS 7.1
CVE-2016-1000003 CRITICAL
mirror_manager < 0.7.2 - Remote Code Execution in Checkin Code
CVSS 9.8
CVE-2016-5149 HIGH
Google Chrome < 53.0.2785.89 - Extension Bindings Injection via IFRAME Source URL
CVSS 8.8
CVE-2016-7110 CRITICAL
Huawei UMA < v200r001c00spc100 - Remote Code Execution via Special Character Injection
CVSS 9.8
CVE-2016-7109 CRITICAL
Huawei UMA < V200R001C00SPC200 - Remote Code Execution via Special Characters
CVSS 9.8
CVE-2016-2119 HIGH
Samba 4.0.0-4.2.13 - Man-in-the-Middle Spoofing via SMB2 Session Flags
CVSS 7.5
CVE-2016-5734 CRITICAL
phpMyAdmin <4.0.10.16, <4.4.15.7, <4.6.3 - RCE
CVSS 9.8
CVE-2016-1413 MEDIUM
Cisco Firepower Management Center <6.0.0.1 - Code Injection
CVSS 6.5
CVE-2016-3154 CRITICAL
SPIP 2.x < 2.1.19, 3.0.x < 3.0.22, 3.1.x < 3.1.1 - Remote Code Execution via Serialized Object Injection
CVSS 9.8
CVE-2016-3153 CRITICAL
Debian Linux - Code Injection
CVSS 9.8
CVE-2016-1986 CRITICAL
HP Continuous Delivery Automation 1.30 - Remote Code Execution via Apache Commons Collections Deserialization
CVSS 9.8
CVE-2016-0033 HIGH
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1 - Denial of Service via Recursive XSLT Compilation
CVSS 7.5
CVE-2016-1985 CRITICAL
HPE Operations Manager 8.x and 9.0 - Remote Code Execution via Apache Commons Collections Deserialization
CVSS 10.0
CVE-2015-2079 CRITICAL
Usermin 0.980-1.x < 1.660 - Remote Code Execution via uconfig_save.cgi Perl Open
CVSS 9.9
CVE-2015-10009 MEDIUM
nterchange < 4.1.1 - Code Injection via getContent q Parameter
CVSS 5.5
CVE-2015-3173 HIGH
custom-content-type-manager < 0.9.8.6 - Authenticated Remote Code Execution
CVSS 7.2
CVE-2015-9298 CRITICAL
Events Manager < 5.6 - Code Injection
CVSS 9.8
CVE-2015-9272 CRITICAL
videowhisper-video-presentation 3.31.17 - Remote Code Execution via File Extension Bypass
CVSS 9.8
CVE-2015-5243 CRITICAL
phpwhois < 4.2.2 - Remote Code Execution via Crafted Whois Record
CVSS 9.8
CVE-2015-6576 HIGH
Atlassian Bamboo < 5.8.5 - Code Injection
CVSS 8.8
Details
Vulnerabilities 6,536
Exploit Likelihood Medium