CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,541 vulnerabilities with CWE-94
CVE-2013-4330
Apache Camel < 2.9.7, 2.10.0-2.10.6, 2.11.0-2.11.1, 2.12.0 - Remote Code Execution via CamelFileName Header
CVE-2013-6009
Open-Xchange AppSuite < 7.2.2 - CRLF Injection via AJAX/Defer Servlet
CVE-2013-0689
Enea Ose < 1.20 - Code Injection
CVE-2013-5942
Graphite 0.9.5-0.9.10 - Remote Code Execution via Unsafe Pickle Deserialization
CVE-2013-5093
Graphite 0.9.5-0.9.10 - Remote Code Execution via Unsafe Pickle Deserialization
CVE-2013-5369
IBM SPSS Analytical Decision Management <7.0 - RCE
CVE-2013-5674
Moodle 2.5.x - PHP Object Injection via Badge Description Unserialization
CVE-2013-4813
HP Identity Driven Manager 4.0 - Remote Code Execution via Agent Servlet HEAD Request
CVE-2013-4810 CRITICAL KEV
HP ProCurve Manager and Application Lifecycle Management - Remote Code Execution via Marshalled Object
CVSS 9.8
CVE-2013-4338
WordPress < 3.6.1 - Remote Code Execution via PHP Unserialize
CVE-2013-0810 HIGH
Windows XP/Vista/Server 2003/2008 RCE via Crafted Screensaver in Theme File
CVSS 8.1
CVE-2013-2582
Open-Xchange AppSuite & Server <6.22.0-7.0.2 - Open Redirect
CVE-2013-1647
Open-Xchange Server - HTTP Response Splitting via CRLF Injection
CVE-2013-5647
sounder gem 1.0.1 - Command Injection
CVE-2013-2035
HawtJNI < 1.8 - Local Code Execution via Temporary JAR File Overwrite
CVE-2013-4172
Red Hat CloudForms Management Engine 5.1 - Remote Code Execution
CVE-2013-3373
Request Tracker <3.8.17, 4.0.13 - CRLF Injection
CVE-2013-1435
Cacti < 0.8.8b - Remote Code Execution via SNMP and RRD Scripts
CVE-2013-2802
Sixnet UDR < 1.9 and RTU Firmware < 4.7 - Remote Code Execution via Universal Protocol Function Opcode
CVE-2013-2161
OpenStack Swift Folsom, Grizzly, Havana - XML Injection via Account Name
CVE-2013-2121
Redhat Openstack < 1.2.0 - Code Injection
CVE-2013-3402
Cisco Unified Communications Manager 7.1-9.1(2) - Authenticated Remote Code Execution
CVE-2013-2135
Apache Struts 2.0.0-2.3.14.2 - Remote Code Execution via OGNL Double Evaluation
CVE-2013-2134
Apache Struts 2.0.0-2.3.14.2 - Remote Code Execution via OGNL Expression in Action Name
CVE-2013-1777
Apache Geronimo 3.x < 3.0.1 - Remote Code Execution via JMX Remoting
Details
Vulnerabilities 6,541
Exploit Likelihood Medium