CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,536 vulnerabilities with CWE-94
CVE-2014-4152
AlienVault OSSIM < 4.8.0 - Remote Code Execution via Crafted remote_task Request
CVE-2014-4151
AlienVault OSSIM < 4.8.0 - Remote Code Execution via av-centerd SOAP set_file Request
CVE-2014-3805
AlienVault OSSIM < 4.7.0 - Remote Code Execution via av-centerd SOAP Service
CVE-2014-3804
AlienVault OSSIM < 4.7.0 - Remote Code Execution via av-centerd SOAP Service
CVE-2014-3915
Rocket Servergraph - Remote Code Execution via userRequest Servlet Commands
CVE-2014-3911
Samsung iPOLiS Device Manager <1.8.7 - RCE
CVE-2014-2777
Microsoft Internet Explorer 8-11 - Remote Code Execution
CVE-2014-1774
Microsoft Internet Explorer 9 - Memory Corruption
CVE-2014-1769
Microsoft Internet Explorer 11 - Memory Corruption
CVE-2014-2051
ownCloud Server <5.0.15 & <6.0.2 - Code Injection
CVE-2014-3942
TYPO3 4.5.0-4.5.33, 4.7.0-4.7.18, 6.0.0-6.0.13, 6.1.0-6.1.8 - Remote Code Execution via Color Picker Wizard
CVE-2014-2720
IZArc 4.1.8 - Unintended Code Execution via ZIP Archive File Extension Spoofing
CVE-2014-2196
Cisco Wide Area Application Services 5.1.1 - Remote Code Execution via Malformed SharePoint Response
CVE-2014-3789
Cogent DataHub < 7.3.5 - Remote Code Execution via GetPermissions.asp
CVE-2014-3444
RealNetworks RealPlayer <= 16.0.3.51 - Remote Code Execution via Malformed .3gp File
CVE-2014-3453
Flag module < 7.x-3.5 - Authenticated PHP Code Injection via Import Code Text Area
CVE-2014-1613
Dotclear < 2.6.2 - Remote Code Execution via Serialized Object in dc_passwd Cookie
CVE-2014-1813
Microsoft Web Applications <2010 SP2 - RCE
CVE-2014-1806
Microsoft .NET Framework <4.5.2 - RCE
CVE-2014-0251
Microsoft Windows SharePoint Services < - Authenticated RCE
CVE-2014-2936
Caldera 9.20 - Remote Code Execution via Directory Manager Parameter Injection
CVE-2014-2558
WordPress File Gallery <1.7.9.2 - RCE
CVE-2014-2170
Cisco TelePresence TC Software <5.1.7-6.0 - Command Injection
CVE-2014-2996
XCloner < 3.5 - Authenticated Command Injection via dbbackup_comp Parameter
CVE-2014-2909
SIMATIC S7-1200 CPU Firmware 2.x-3.x - HTTP Header Injection via CRLF
Details
Vulnerabilities 6,536
Exploit Likelihood Medium