CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,536 vulnerabilities with CWE-94
CVE-2014-8949
iMember360 plugin <3.9.001 - Command Injection
CVE-2014-0233
Red Hat OpenShift <2.2 - Command Injection
CVE-2014-8770
MAGMI < 0.7.17a - Authenticated Remote Code Execution via ZIP File Upload
CVE-2014-0586
Adobe Flash Player < 13.0.0.252 and 14.x-15.x < 15.0.0.223 - Remote Code Execution via Type Confusion
CVE-2014-0585
Adobe Flash Player < 13.0.0.252 and 14.x-15.x < 15.0.0.223 - Remote Code Execution via Type Confusion
CVE-2014-0584
Adobe Flash Player < 13.0.0.252 and 14.x-15.x < 15.0.0.223 - Remote Code Execution via Type Confusion
CVE-2014-0577
Adobe Flash Player < 13.0.0.252 and 14.x-15.x < 15.0.0.223 - Remote Code Execution via Type Confusion
CVE-2014-0574
Adobe Flash Player 13.0-13.0.0.251 and 14.x-15.x < 15.0.0.223 - Remote Code Execution via Double Free
CVE-2014-6335
Microsoft Office Compatibility Pack - Remote Code Execution via Crafted Office Document
CVE-2014-6334
Microsoft Office Compatibility Pack - Remote Code Execution via Crafted Office Document
CVE-2014-6333
Microsoft Office Compatibility Pack - Remote Code Execution via Crafted Office Document
CVE-2014-6321
Microsoft Windows Schannel WinShock - Crafted Packet Remote Code Execution
CVE-2014-4118
Microsoft Windows and Windows Server - Remote Code Execution via Crafted XML Content
CVE-2014-2177
Cisco RV Router Firmware - Authenticated Remote Code Execution via Network-Diagnostics Interface
CVE-2014-8669
SAP Customer Relationship Management - Remote Code Execution in Promotion Guidelines Module
CVE-2014-8661
SAP Customer Relationship Management Internet Sales - Remote Code Execution
CVE-2014-8660
SAP Document Management Services - Command Injection
CVE-2014-8350
Smarty < 3.1.21 - Remote Code Execution via Secure Mode Bypass
CVE-2014-8081
TestLink < 1.9.12 - Remote Code Execution via PHP Object Injection in execSetResults.php
CVE-2014-2988
EGroupware < 1.6.001 and < 1.8006 - Authenticated Remote Code Execution via Crafted Callback Values
CVE-2014-8346
Samsung Find My Mobile - Denial of Service via Unvalidated Lock-Code Data
CVE-2014-3829
Centreon 2.5.1 and Centreon Enterprise Server 2.2 - Remote Code Execution via session_id or template_id Parameter
CVE-2014-8313
SAP HANA - Remote Code Execution via XSJS Eval Injection
CVE-2014-3666
Redhat Openshift < 3.1 - Code Injection
CVE-2014-3593
luci 0.26.0 - Authenticated Remote Code Execution via Cluster Configuration
Details
Vulnerabilities
6,536
Exploit Likelihood
Medium