CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,536 vulnerabilities with CWE-94
CVE-2015-9227
HIGH
AlegroCart 1.2.8 - Authenticated Remote Code Execution via File Path Parameter
CVSS 7.2
CVE-2015-8351
CRITICAL
Gwolle Guestbook < 1.5.3 - Authenticated Remote File Inclusion via abspath Parameter
CVSS 9.0
CVE-2015-3640
HIGH
phpMyBackupPro <2.5 - Command Injection
CVSS 7.5
CVE-2015-3638
HIGH
phpMyBackupPro < 2.5 - Authenticated PHP Code Injection via Scheduled Backup Parameters
CVSS 8.8
CVE-2015-0249
HIGH
Apache Roller 5.1-5.1.1 - Authenticated Remote Code Execution via Velocity Template Injection
CVSS 7.2
CVE-2015-2252
HIGH
Huawei OceanStor UDS Firmware < V100R002C01SPC102 - Remote Code Execution via Crafted UDS Patch
CVSS 8.8
CVE-2015-6531
HIGH
Palo Alto Networks PAN-OS < 6.0 - Remote Code Execution via Firmware Image File
CVSS 7.8
CVE-2015-0855
CRITICAL
pitivi < 0.94 - Remote Code Execution via Shell Metacharacters in File Path
CVSS 9.8
CVE-2015-8771
CRITICAL
GOsa generate_smb_nt_hash - Remote Code Execution via Crafted Password
CVSS 9.8
CVE-2015-5721
CRITICAL
Malware Information Sharing Platform < 2.3.89 - PHP Object Injection via Serialized Data
CVSS 9.8
CVE-2015-5970
MEDIUM
Novell ZENworks <11.4 - XPath Injection
CVSS 5.3
CVE-2015-8761
CRITICAL
Values module 7.x-1.x < 7.x-1.2 - Authenticated PHP Code Execution via ctools Import
CVSS 9.0
CVE-2015-5242
Red Hat Gluster Storage - Authenticated Remote Code Execution via Pickle Deserialization in Swift-on-File Metadata
CVE-2015-7905
Unitronics VisiLogic OPLC IDE <9.8.02 - RCE
CVE-2015-6555
Symantec Endpoint Protection Manager < 12.1-RU6-MP3 - Remote Code Execution via Console Java Port
CVE-2015-7729
SAP HANA Developer Edition DB <1.00.091.00.1418659308 - Code Injection
CVE-2015-5647
Cybozu Garoon <4.0.3 - Authenticated RCE
CVE-2015-5646
Cybozu Garoon <4.0.3 - Authenticated RCE
CVE-2015-5644
ICZ MATCHA SNS < 1.3.6 - Remote Code Execution via Database Misconfiguration
CVE-2015-5643
ICZ MATCHA INVOICE < 2.5.7 - Remote Code Execution via Database Misconfiguration
CVE-2015-5687
Anchor CMS 0.9.x - Remote Code Execution via Cookie Deserialization
CVE-2015-7381
refbase < 0.9.6 - Remote Code Execution via pathToMYSQL or databaseStructureFile Parameter
CVE-2015-5603
HipChat for JIRA <6.30.0 - Code Injection
CVE-2015-5693
Symantec Web Gateway <5.2.2 - Command Injection
CVE-2015-2308
Symfony 2.x < 2.3.27, 2.4.x-2.5.x < 2.5.11, 2.6.x < 2.6.6 - Remote Code Execution via HttpCache ESI Language Attribute
Details
Vulnerabilities
6,536
Exploit Likelihood
Medium