CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,536 vulnerabilities with CWE-94
CVE-2014-3177
Google Chrome < 37.0.2062.94 - Remote Code Execution via Extension IPC and Sync API Interaction
CVE-2014-3176
Google Chrome < 37.0.2062.94 - Remote Code Execution via Extension IPC and V8 Interaction
CVE-2014-5261
Cacti < 0.8.8b - Remote Code Execution via Font Size Parameter
CVE-2014-4767
IBM WebSphere Application Server (WAS) Liberty Profile <8.5.5.3 - RCE
CVE-2014-5210
AlienVault OSSIM < 4.7.0 - Remote Code Execution via SOAP remote_task or get_license Request
CVE-2014-5158
AlienVault OSSIM < 4.6.0 - Remote Code Execution via av-centerd SOAP Service and Backup Command
CVE-2014-5194
Sphider 1.3.6 - Authenticated PHP Code Injection via _word_upper_bound Parameter
CVE-2014-3429
Opensuse < 1.2.0 - Code Injection
CVE-2014-0479
reportbug <6.4.4+deb7u1, <6.5.0+nmu1 - RCE
CVE-2014-5090
status2k - Authenticated Command Injection via Admin Panel Log Location Field
CVE-2014-3560
Canonical Ubuntu Linux - Code Injection
CVE-2014-3545
Moodle < 2.3.11, 2.4.x < 2.4.11, 2.5.x < 2.5.7, 2.6.x < 2.6.4, 2.7.x < 2.7.1 - RCE via Quiz Calculated Question
CVE-2014-3541
Moodle < 2.3.11, 2.4.x < 2.4.11, 2.5.x < 2.5.7, 2.6.x < 2.6.4, 2.7.x < 2.7.1 - RCE via Serialized Data
CVE-2014-5112
Fonality trixbox - Remote Code Execution via lang Parameter
CVE-2014-1557
Oracle Solaris < 30.0 - Code Injection
CVE-2014-1556
Mozilla Firefox < 31.0 and Firefox ESR < 24.7 - Remote Code Execution via WebGL Content
CVE-2014-3518
Red Hat JBoss Enterprise Application Platform 5.2.0 - Remote Code Execution via JMX Remoting
CVE-2014-1999
FuelPHP 1.1-1.7.1 - Remote Code Execution via Request_Curl Auto-Format Feature
CVE-2014-4663
TimThumb 2.8.13-WordThumb 1.07 - RCE
CVE-2014-1824
Windows Journal - Remote Code Execution via Crafted .JNT File
CVE-2014-0248
Red Hat JBoss Web Framework Kit/JBEAP/JBEWP <5.2.0 - RCE
CVE-2014-0602
NetIQ Security Manager < 6.5.4 - Directory Traversal and Remote Code Execution via DumpToFile Method
CVE-2014-4672
Yii PHP Framework 1.1.14 - Remote Code Execution
CVE-2014-3011
IBM OpenPages GRC Platform 6.1.0.1 - Link Injection
CVE-2014-3496
OpenShift Origin and Enterprise 1.2.8-2.1.1 - Remote Code Execution via Cartridge Manifest Source-Url
Details
Vulnerabilities 6,536
Exploit Likelihood Medium