CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,541 vulnerabilities with CWE-94
CVE-2013-3127
Windows Media Format Runtime <11 - RCE
CVE-2013-3651
LOCKON EC-CUBE 2.11.2-2.12.4 - Remote PHP Code Injection via Crafted String
CVE-2013-3384
Cisco IronPort AsyncOS < 7.1.3 - Authenticated Remote Code Execution via URL Command-Line Input
CVE-2013-3383
IronPort AsyncOS - Command Injection
CVE-2013-1688
Firefox < 21.0 - Remote Code Execution via Profiler UI Rendering
CVE-2013-3520
VMware vCenter Chargeback Manager < 2.5.1 - Remote Code Execution via Unsafe Upload Handling
CVE-2013-0143
QNAP VioStor NVR 4.0.3 and Surveillance Station Pro - Authenticated Remote Code Execution via pingping.cgi Query String
CVE-2013-2950
IBM WebSphere Portal <6.1.0.3-8.0.0.1 - CRLF Injection
CVE-2013-1335
Microsoft Word 2003 SP3 & Word Viewer - RCE
CVE-2013-1323
Microsoft Publisher <2003 SP3 - RCE
CVE-2013-3508
GroundWork Monitor Enterprise 6.7.0 - Authenticated Remote Code Execution via System File Overview File Editing
CVE-2013-3079
VMware vCSA <5.1 - Privilege Escalation
CVE-2013-3239
phpMyAdmin <3.5.8 and <4.0.0-rc3 - Authenticated RCE
CVE-2013-0132
Parallels Plesk Panel 11.0.9 - Remote Code Execution via suexec CGI Wrapper
CVE-2013-1296
Microsoft Remote Desktop Connection Client 6.1-7.0 - RCE
CVE-2013-1898
Thumbshooter 0.1.5 - Remote Code Execution via URL Shell Metacharacters
CVE-2013-1899
PostgreSQL Database Name Command Line Flag Injection
CVE-2013-2617
Ruby Gem Curl - Remote Code Execution via Shell Metacharacters in URL
CVE-2013-2616
MiniMagick Gem 1.3.1 - Command Injection
CVE-2013-2615
fastreader 1.0.8 - Remote Code Execution via URL Shell Metacharacters
CVE-2013-1875
command_wrap - Remote Code Execution via Shell Metacharacters in URL or Filename
CVE-2013-2549
Adobe Acrobat Reader 11.0.02 - Remote Code Execution via Sandbox Escape
CVE-2013-0912
Google Chrome < 25.0.1364.160 - Remote Code Execution via Type Confusion
CVE-2013-1762
stunnel 4.21-4.54 - Remote Code Execution via CONNECT Protocol Negotiation
CVE-2013-1491
Oracle JDK and JRE - Remote Code Execution via 2D Component
Details
Vulnerabilities 6,541
Exploit Likelihood Medium