CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,536 vulnerabilities with CWE-94
CVE-2016-7966
HIGH
KMail < 4.4.0 - HTML Injection via Malicious URL with Quote Character
CVSS 7.3
CVE-2016-7787
MEDIUM
kde-cli-tools - Command Injection via kdesu Command Line Obfuscation
CVSS 4.9
CVE-2016-7954
CRITICAL
Bundler 1.x - Remote Code Execution via Gem Name Collision
CVSS 9.8
CVE-2016-9949
HIGH
Apport < 2.20.4 - Remote Code Execution via CrashDB Field Evaluation
CVSS 7.8
CVE-2016-9862
HIGH
phpMyAdmin 4.6.x < 4.6.5 - BBCode Injection in Login Page
CVSS 7.5
CVE-2016-5424
HIGH
Debian Linux < 9.1.22 - Code Injection
CVSS 7.1
CVE-2016-1000003
CRITICAL
mirror_manager < 0.7.2 - Remote Code Execution in Checkin Code
CVSS 9.8
CVE-2016-5149
HIGH
Google Chrome < 53.0.2785.89 - Extension Bindings Injection via IFRAME Source URL
CVSS 8.8
CVE-2016-7110
CRITICAL
Huawei UMA < v200r001c00spc100 - Remote Code Execution via Special Character Injection
CVSS 9.8
CVE-2016-7109
CRITICAL
Huawei UMA < V200R001C00SPC200 - Remote Code Execution via Special Characters
CVSS 9.8
CVE-2016-2119
HIGH
Samba 4.0.0-4.2.13 - Man-in-the-Middle Spoofing via SMB2 Session Flags
CVSS 7.5
CVE-2016-5734
CRITICAL
phpMyAdmin <4.0.10.16, <4.4.15.7, <4.6.3 - RCE
CVSS 9.8
CVE-2016-1413
MEDIUM
Cisco Firepower Management Center <6.0.0.1 - Code Injection
CVSS 6.5
CVE-2016-3154
CRITICAL
SPIP 2.x < 2.1.19, 3.0.x < 3.0.22, 3.1.x < 3.1.1 - Remote Code Execution via Serialized Object Injection
CVSS 9.8
CVE-2016-3153
CRITICAL
Debian Linux - Code Injection
CVSS 9.8
CVE-2016-1986
CRITICAL
HP Continuous Delivery Automation 1.30 - Remote Code Execution via Apache Commons Collections Deserialization
CVSS 9.8
CVE-2016-0033
HIGH
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1 - Denial of Service via Recursive XSLT Compilation
CVSS 7.5
CVE-2016-1985
CRITICAL
HPE Operations Manager 8.x and 9.0 - Remote Code Execution via Apache Commons Collections Deserialization
CVSS 10.0
CVE-2015-2079
CRITICAL
Usermin 0.980-1.x < 1.660 - Remote Code Execution via uconfig_save.cgi Perl Open
CVSS 9.9
CVE-2015-10009
MEDIUM
nterchange < 4.1.1 - Code Injection via getContent q Parameter
CVSS 5.5
CVE-2015-3173
HIGH
custom-content-type-manager < 0.9.8.6 - Authenticated Remote Code Execution
CVSS 7.2
CVE-2015-9298
CRITICAL
Events Manager < 5.6 - Code Injection
CVSS 9.8
CVE-2015-9272
CRITICAL
videowhisper-video-presentation 3.31.17 - Remote Code Execution via File Extension Bypass
CVSS 9.8
CVE-2015-5243
CRITICAL
phpwhois < 4.2.2 - Remote Code Execution via Crafted Whois Record
CVSS 9.8
CVE-2015-6576
HIGH
Atlassian Bamboo < 5.8.5 - Code Injection
CVSS 8.8
Details
Vulnerabilities
6,536
Exploit Likelihood
Medium