CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,536 vulnerabilities with CWE-94
CVE-2014-0472
Django <1.4.11, <1.5.6, <1.6.3, <1.7 beta 2 - RCE
CVE-2014-2921
pimcore 1.4.9-2.0.0 - Remote Code Execution via Newsletter Import URL Parameter
CVE-2014-0111
Apache Syncope 1.0.0-1.0.8 and 1.1.0-1.1.6 - Authenticated Remote Code Execution via JEXL Expression Injection
CVE-2014-2866
CommonSpot Content Server < 7.0.1 and 8.x < 8.0.3 - Remote Code Execution via Client-Side Access Control Bypass
CVE-2014-1716
Google Chrome < 34.0.1847.116 - Universal Cross-Site Scripting via Runtime_SetPrototype
CVE-2014-1691
Horde Application Framework < 5.1.1 - Remote Code Execution via Serialized Object in _formvars
CVE-2014-1979
NTT DOCOMO sp mode mail <6300 - RCE
CVE-2014-0057
Red Hat CloudForms 3.0 Management Engine 5.2 - Remote Code Execution via ServiceController x_button Method
CVE-2014-1939
Android < 4.3.1 - Remote Code Execution via SearchBoxImpl JavaScript Interface
CVE-2014-2089
ILIAS 4.4.1 - Remote Code Execution
CVE-2014-0818
Autodesk AutoCAD < 2013 - Untrusted Search Path and Arbitrary VBScript Execution via FAS File
CVE-2014-0294
Microsoft Forefront Protection 2010 - RCE
CVE-2014-1670
Microsoft Bing <4.2.1 - Open Redirect
CVE-2014-1202
SoapUI < 4.6.4 - Remote Code Execution via WSDL Import
CVE-2014-0661
Cisco TelePresence System Software < 1.10.2(42) and < 6.0.4(11) - Remote Code Execution via XML-RPC Message
CVE-2014-0792
Sonatype Nexus 1.x-2.x - Remote Code Execution via Unintended Object Unmarshalling
CVE-2013-10057 HIGH
Synactis PDF In-The-Box ActiveX - Buffer Overflow
CVE-2013-10035 HIGH
ProcessMaker Open Source 2.x - Code Injection
CVE-2013-4211 CRITICAL
OpenX Ad Server 2.8.10 - Remote Code Execution via Backdoor in flowplayer-3.1.1.min.js
CVSS 9.8
CVE-2013-4225 HIGH
RESTful Web Services 7.x-1.x < 7.x-1.4 and 7.x-2.x < 7.x-2.1 - Authenticated PHP Code Injection via Text Field
CVSS 8.8
CVE-2013-2267 HIGH
FUDforum 3.0.4 - Remote Code Execution via PHP Code Injection
CVSS 7.2
CVE-2013-1666 CRITICAL
Foswiki < 1.1.8 - Code Injection via MAKETEXT Macro
CVSS 9.8
CVE-2013-7468 HIGH
Simple Machines Forum 2.0.4 - Code Injection
CVSS 8.1
CVE-2013-6399
QEMU < 1.7.2 - Remote Code Execution via Crafted SaveVM Image
CVE-2013-4537
QEMU < 1.7.2 - Remote Code Execution via Crafted arglen in savevm Image
Details
Vulnerabilities 6,536
Exploit Likelihood Medium