CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,544 vulnerabilities with CWE-94
CVE-2013-0912
Google Chrome < 25.0.1364.160 - Remote Code Execution via Type Confusion
CVE-2013-1762
stunnel 4.21-4.54 - Remote Code Execution via CONNECT Protocol Negotiation
CVE-2013-1491
Oracle JDK and JRE - Remote Code Execution via 2D Component
CVE-2013-1488
Oracle JDK and JRE - Remote Code Execution via Reflection and JDBC Driver Manager
CVE-2013-0401
Oracle JDK and JRE - Remote Code Execution via AWT
CVE-2013-0108
Honeywell EBI R310/R400.2/R410.1/R410.2 & SymmetrE R310/R410.1/R410.2 RCE via HscRemoteDeploy.dll
CVE-2013-0077
Windows XP/Vista/Server 2003/2008 - Remote Code Execution via Crafted Media Content
CVE-2013-1638
Opera < 12.13 - Remote Code Execution via SVG clipPaths
CVE-2013-1637
Opera < 12.13 - Remote Code Execution via DOM Event Vectors
CVE-2013-0758
Mozilla Firefox < 18.0 - Remote Code Execution via SVG and Plugin Interaction
CVE-2013-0745
Firefox < 18.0 - Remote Code Execution via AutoWrapperChanger Garbage Collection
CVE-2013-0618
Adobe Reader/Acrobat <9.5.3,10.1.5,11.0.1 - RCE
CVE-2013-0614
Adobe Reader/Acrobat <9.5.3, 10.x <10.1.5, 11.x <11.0.1 - RCE
CVE-2013-0608
Adobe Reader/Acrobat <9.5.3,10.1.5,11.0.1 - RCE
CVE-2013-0607
Adobe Reader/Acrobat <9.5.3,10.1.5,11.0.1 - RCE
CVE-2013-0007
Microsoft XML Core Services 4.0, 5.0, 6.0 - Remote Code Execution via Crafted Web Page
CVE-2012-10032 HIGH
Maxthon3 < 3.2.2 build 1000 - Cross-Context Scripting via about:history Page
CVE-2012-2301
Ubercart 6.x-2.x < 6.x-2.8 - Authenticated PHP Code Execution
CVE-2012-5580
libproxy 0.3.1 - Format String Vulnerability via Proxy Name
CVE-2012-5495
Plone < 4.2.3 - Remote Code Execution via Crafted URL
CVE-2012-5493
Plone <4.2.3, <4.3 - Beta 1 - Auth Bypass
CVE-2012-5488
Plone < 4.2.3 - Remote Code Execution via createObject
CVE-2012-5485
Plone < 4.2.3 - Remote Code Execution via Admin Interface
CVE-2012-6143
Spoon 0.24 - Remote Code Execution via Storable Deserialization
CVE-2012-6142
HTML::EP 0.2011 - Remote Code Execution via Storable Deserialization
Details
Vulnerabilities 6,544
Exploit Likelihood Medium