CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,536 vulnerabilities with CWE-94
CVE-2014-6261
Zenoss Core < 5.0.0 - Remote Code Execution via Check For Updates Feature
CVE-2014-7260
ULTRAPOP.JP i-HTTPD - Remote Code Execution via SSI Directives in File Upload BBS
CVE-2014-7192
syntax-error <1.1.1 - Code Injection
CVE-2014-6361
Microsoft Excel 2007 SP3, 2010 SP2, 2013 Gold/SP1, 2013 RT Gold/SP1 - Remote Code Execution via Crafted Office Document
CVE-2014-6360
Microsoft Excel 2007 SP3/2010 SP2 RCE via Crafted Office Document
CVE-2014-6356
Microsoft Office Compatibility Pack - Remote Code Execution via Crafted Office Document
CVE-2014-9164
Adobe Flash Player <14.x - Memory Corruption
CVE-2014-9158
Adobe Reader/Acrobat <10.1.13 & 11.0.10 - Memory Corruption
CVE-2014-8461
Adobe Acrobat Reader 10.x < 10.1.13 and 11.x < 11.0.10 - Remote Code Execution
CVE-2014-8459
Adobe Acrobat and Reader 10.x < 10.1.13 and 11.x < 11.0.10 - Remote Code Execution
CVE-2014-8458
Adobe Reader and Acrobat 10.x < 10.1.13 and 11.x < 11.0.10 - Remote Code Execution
CVE-2014-8456
Adobe Acrobat Reader 10.x < 10.1.13 and 11.x < 11.0.10 - Remote Code Execution
CVE-2014-8447
Adobe Acrobat and Reader 10.x < 10.1.13 and 11.x < 11.0.10 - Remote Code Execution
CVE-2014-8445
Adobe Acrobat and Reader 10.x < 10.1.13 and 11.x < 11.0.10 - Remote Code Execution
CVE-2014-0587
Adobe Flash Player < 13.0.0.259 and 14.x-16.x < 16.0.0.235 - Remote Code Execution
CVE-2014-8485
Fedora < 2.24 - Code Injection
CVE-2014-9280
MantisBT < 1.2.17 - Remote Code Execution via Filter Parameter
CVE-2014-9266
Samsung SmartViewer - Remote Code Execution via STWConfig ActiveX Control
CVE-2014-8877
CreativeMinds CM Downloads Manager <2.0.4 - RCE
CVE-2014-8791
Tuleap < 7.7 - Authenticated PHP Object Injection via Project Registration Data Parameter
CVE-2014-3065
IBM Java Runtime Environment Local Code Execution via Shared Classes Cache
CVE-2014-8551
SIMATIC WinCC 7.0-7.3, PCS 7 7.1-8.1, TIA Portal 13 - Remote Code Execution via Crafted Packets
CVE-2014-9001
Incredible PBX 11 2.0.6.5.0 - Command Injection
CVE-2014-8998
X7 Chat <2.0.5.1 - Authenticated RCE
CVE-2014-8997
DigitalVidhya Digi Online Examination System 2.0 - RCE
Details
Vulnerabilities
6,536
Exploit Likelihood
Medium