CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,541 vulnerabilities with CWE-94
CVE-2013-7362
SAP CCMS Agent - Remote Code Execution
CVE-2013-6468
Red Hat JBoss BPM Suite and BRMS < 6.0.1 - Authenticated Remote Code Execution via MVFLEX or Drools Expression
CVE-2013-3998
IBM InfoSphere BigInsights 1.1 and 2.x < 2.1 FP2 - Authenticated CRLF Injection
CVE-2013-1850
owncloud_server < 4.0.13 and 4.5.x < 4.5.8 - Authenticated PHP Code Execution via .htaccess Upload
CVE-2013-6943
Citrix NetScaler ADC < 9.3-64.4, < 10.0-77.5, < 10.1-118.7 LDAP Injection
CVE-2013-2817
Mitsubishi Electric Automation MC-WorX Suite 8.02 - RCE
CVE-2013-6948
Belkin WeMo Home Automation Firmware - XML External Entity Injection via peerAddresses API
CVE-2013-2827
WellinTech KingSCADA < 3.1.2 Remote Code Execution via ActiveX ProjectURL Property
CVE-2013-6795
Rackspace Openstack Windows Guest Agent < 1.2.5.0 - Remote Code Execution via Serialized .NET Object
CVE-2013-7086
Webbynode <1.0.5.3 - Command Injection
CVE-2013-6824
Zabbix < 1.8.19rc1, 2.0 < 2.0.10rc1, 2.2 < 2.2.1rc1 - Remote Code Execution via Newline in Flexible User Parameter
CVE-2013-7069
ack 2.00-2.11_02 - Remote Code Execution via .ackrc File Options
CVE-2013-7050
devscripts < 2.13.8 - Remote Code Execution via USCAN_EXCLUSION Directory Name
CVE-2013-6421
sprout 0.7.246 - OS Command Injection via Archive Filename or Path
CVE-2013-2751
NETGEAR ReadyNAS <4.1.12 & <4.2.24 - Code Injection
CVE-2013-6810
EMC Connectrix Manager - Remote Code Execution via Servlet File Upload
CVE-2013-6671 CRITICAL
Firefox < 26.0 - Remote Code Execution via JavaScript Ordered List Manipulation
CVSS 9.8
CVE-2013-5332
Adobe Flash Player <11.7.700.257-11.2.202.332 - Memory Corruption
CVE-2013-5331
Adobe Flash Player <11.7.700.257, 11.8.x, 11.9.x - RCE
CVE-2013-5059
Microsoft SharePoint Server <2013 - RCE
CVE-2013-6427
HP Linux Imaging and Printing Project 3.x-3.13.11 - Remote Code Execution via Insecure HTTP Program Download
CVE-2013-4376
x2go_server < 4.0.0.2 - Remote Code Execution via SQLite Wrapper Path
CVE-2013-1349
openSIS 4.5-5.2 - Remote Code Execution via ajax.php modname Parameter
CVE-2013-6385
Drupal 6.x < 6.29 and 7.x < 7.24 - Remote Code Execution via Form API
CVE-2013-4479
Sup < 0.13.2.1 and 0.14.x < 0.14.1.1 - Remote Code Execution via Email Attachment Content-Type
Details
Vulnerabilities 6,541
Exploit Likelihood Medium