CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,536 vulnerabilities with CWE-94
CVE-2014-4148 HIGH KEV
Windows win32k.sys - Remote Code Execution via Crafted TrueType Font
CVSS 8.8
CVE-2014-0558
Adobe Flash Player < 13.0.0.250 and 14.x-15.x < 15.0.0.189 - Remote Code Execution
CVE-2014-7226
Rejetto HTTP File Server <2.3c - RCE
CVE-2014-5297
X2Engine 2.8-4.1.7 - PHP Object Injection and Server-Side Request Forgery via Report Parameter
CVE-2014-7296
SpagoBI 5.0.0 - Authenticated Remote Code Execution via XSL Document
CVE-2014-7205
hapi Server Framework - Code Injection
CVE-2014-3188
Google Chrome < 38.0.2125.101 and Chrome OS < 38.0.2125.101 - Remote Code Execution via JSON Parsing
CVE-2014-7235
ARI Framework module/Asterisk Recording Interface (ARI) <2.9.0.9, <...
CVE-2014-6433
GoPro HERO 3+ - Remote Code Execution via gpExec a1 or a2 Parameter
CVE-2014-6287 CRITICAL KEV
Rejetto HTTP File Server <2.3c - RCE
CVSS 9.8
CVE-2014-3399
Cisco ASA <9.2(2.4) Authenticated Arbitrary File Write & Lua Code Injection via SSL VPN
CVE-2014-6389
PHPCompta/NOALYSS <6.7.2 - Command Injection
CVE-2014-4043
glibc < 2.20 - Use-After-Free via posix_spawn_file_actions_addopen Path Argument
CVE-2014-2044
ownCloud < 5.0 - Authenticated Remote Code Execution via Alternate Data Stream Filename Bypass
CVE-2014-6298
mm_forum < 1.9.3 - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVE-2014-3947
Powermail <1.6.11 & 2.x <2.0.14 - RCE
CVE-2014-2639
HP MPIO Device Specific Module Manager <4.02.00 - Privilege Escalation
CVE-2014-6446
Infusionsoft Gravity Forms 1.5.3-1.5.10 - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVE-2014-5324
N-Media File Uploader < 3.4 - Authenticated PHP Code Execution via File Upload
CVE-2014-5519
PhpWiki 1.5.0 - Remote Code Execution via Ploticus Module Device Option
CVE-2014-2223
Plogger < 1.0 - Authenticated Arbitrary File Upload and Remote Code Execution via ZIP Archive
CVE-2014-3910
Emurasoft EmFTP - Privilege Escalation
CVE-2014-2378
Sensys Networks VSN240-F/VSN240-T <2.10.1/2.10.3 - RCE
CVE-2014-5340
Check_MK < 1.2.4p4 and 1.2.5 < 1.2.5i4 - Remote Code Execution via Pickle Deserialization
CVE-2014-0485
S3QL <1.18.1 - Code Injection
Details
Vulnerabilities 6,536
Exploit Likelihood Medium