CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,544 vulnerabilities with CWE-94
CVE-2012-2971
CA ARCserve Backup r12.5-r16 - Remote Code Execution via Crafted RPC Request
CVE-2012-2290
EMC NetWorker Module for Microsoft Applications < 2.2.1, 2.3 < build 122, 2.4 < build 375 - Remote Code Execution
CVE-2012-0182
Microsoft Word 2007 SP2 and SP3 - Remote Code Execution via Crafted Document Parsing
CVE-2012-5304
YVS Image Gallery - Remote Code Execution via Installation Script
CVE-2012-5293
SAPID CMS 1.2.3 - Remote Code Execution via GLOBALS[root_path] or root_path Parameter
CVE-2012-5231
miniCMS 1.0 and 2.0 - Remote Code Execution via Pagename or Area Variable
CVE-2012-5224
vBadvanced CMPS < 3.2.2 - Remote Code Execution via pages[template] Parameter
CVE-2012-5223
vBSEO < 3.6.0 - Remote Code Execution via char_repl Parameter
CVE-2012-4427
gnome-shell - Remote Code Execution via Extension Installation
CVE-2012-4017
jigbrowser+ < 1.5.0 - Information Disclosure via WebView Implementation
CVE-2012-5159
phpMyAdmin 3.5.2.2 - Remote Code Execution via Trojaned server_sync.php
CVE-2012-0209
Horde Groupware 1.2.10 and Horde 3.3.12 - Remote Code Execution via Trojanized JavaScript Template
CVE-2012-1625
Fill PDF module for Drupal - Authenticated PHP Code Execution via fillpdf_form_export_decode
CVE-2012-4869
FreePBX < 2.10 - Remote Code Execution via callmenum Parameter
CVE-2012-4864
Oreans WinLicense 2.1.8.0 - Memory Corruption, DoS
CVE-2012-4009
Cybozu Live < 1.0.4 - Remote Code Execution via WebView Local File URL
CVE-2012-4008
Cybozu Live < 1.0.4 - Remote Code Execution via Crafted Website
CVE-2012-3980
Firefox < 15.0 - Remote Code Execution via Web Console Eval Injection
CVE-2012-2085
Gajim < 0.15 - Remote Code Execution via Href Attribute Shell Metacharacters
CVE-2012-1933
Newscoop 3.5.x < 3.5.5 and 4 < RC4 - Remote Code Execution via GLOBALS[g_campsiteDir] Parameter
CVE-2012-2990
MarkAny ContentSAFER <1.4.2012.508 - RCE
CVE-2012-1535
HIGH
KEV
Adobe Flash Player < 11.3.300.271 - Remote Code Execution via Crafted SWF Content
CVSS 7.8
CVE-2012-2526
Windows XP SP3 - Remote Code Execution via Crafted RDP Packets
CVE-2012-2522
Microsoft Internet Explorer <10 - RCE
CVE-2012-2521
Microsoft Internet Explorer <10 - RCE
Details
Vulnerabilities
6,544
Exploit Likelihood
Medium