CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,544 vulnerabilities with CWE-94
CVE-2012-6141
App::Context 0.01-0.968 - Remote Code Execution via Storable::thaw Deserialization
CVE-2012-5649
Apache CouchDB <1.0.4, 1.1.x <1.1.2, 1.2.x <1.2.1 - RCE
CVE-2012-0262
op5config/welcome <2.0.3 - Command Injection
CVE-2012-0261
op5 Monitor/Appliance <1.6.2/<5.5.3 - Command Injection
CVE-2012-6535
DjVuLibre < 3.5.25.3 - Remote Code Execution via Crafted DjVu File
CVE-2012-4840
IBM Cognos BI <8.4.1-10.2 - XPath Injection
CVE-2012-4707
3S CODESYS Gateway-Server <2.3.9.27 - RCE
CVE-2012-0439
Novell GroupWise <8.0.3-2012.SP1 - RCE
CVE-2012-6329
TWiki MAKETEXT Remote Command Execution
CVE-2012-6465
Opera < 12.10 - Remote Code Execution via Malformed SVG Image
CVE-2012-5932
NetIQ Privileged User Manager < 2.3.1 HF2 - Remote Code Execution via ldapagnt_eval Function
CVE-2012-5690
RealNetworks RealPlayer <16.0.0.282-1.1.5 - RCE
CVE-2012-5142
Google Chrome <23.0.1271.97 - RCE/DoS
CVE-2012-4791
Microsoft Exchange Server <2010 - DoS
CVE-2012-4786
Microsoft Windows - Remote Code Execution via Crafted TrueType Font File
CVE-2012-4781
Microsoft Internet Explorer <11 - Use After Free
CVE-2012-4774
Microsoft Windows - Remote Code Execution via Crafted Filename or Subfolder Name
CVE-2012-2556
Microsoft Windows - Remote Code Execution via Crafted OpenType Font File
CVE-2012-5973
CA XCOM Data Transport r11.0 and r11.5 - Remote Code Execution via Crafted Request
CVE-2012-5537
Simplenews Scheduler module <6.x-2.4 - Authenticated Code Injection
CVE-2012-6046
PHP Enter - Remote Code Injection via admin/banners.php code Parameter
CVE-2012-5837
Firefox < 17.0 - Cross-Site Scripting via Web Developer Toolbar
CVE-2012-5836
Mozilla Firefox/Thunderbird <17.0, SeaMonkey <2.14 - RCE via CSS/SVG Text Manipulation
CVE-2012-5777
EmpireCMS 6.6 - Remote Code Execution via Template Parser Eval Injection
CVE-2012-4884
Request Tracker <4.0.8 - Command Injection
Details
Vulnerabilities
6,544
Exploit Likelihood
Medium