CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,544 vulnerabilities with CWE-94
CVE-2012-4249
Amazon Kindle Touch - OS Command Injection via LIPC Property Manipulation
CVE-2012-2649
Sleipnir Mobile < 2.2.0 - Remote Code Execution via Crafted Website
CVE-2012-4143
Opera < 12.01 - User-Assisted Arbitrary File Download and Execution via Small Download Dialog
CVE-2012-4049
Wireshark 1.4.x < 1.4.14, 1.6.x < 1.6.9, 1.8.x < 1.8.1 - Denial of Service in NFS Dissector
CVE-2012-4048
Wireshark 1.4.x < 1.4.14, 1.6.x < 1.6.9, 1.8.x < 1.8.1 - Denial of Service via PPP Dissector
CVE-2012-3355
Rhythmbox < 0.13.3 - Local Arbitrary Code Execution via Symlink Attack on Temporary HTML Template
CVE-2012-0796
PHPMailer <2.2.1 - Command Injection
CVE-2012-1661
ESRI ArcMap < 10.0.2.3200 - Arbitrary VBA Code Execution via Crafted Map File
CVE-2012-1037
GLPI 0.78-0.80.61 - Authenticated Remote Code Execution via sub_type Parameter
CVE-2012-2486
Cisco TelePresence Multipoint Switch < 1.9.0 - Remote Code Execution via Malformed CDP Packet
CVE-2012-1524
Microsoft Internet Explorer 9 - Remote Code Execution via Deleted Object Access
CVE-2012-1522
Internet Explorer 9 - Remote Code Execution via Cached Object Use-After-Free
CVE-2012-0175
HIGH
Microsoft Windows Shell - Remote Code Execution via Crafted File or Directory Name
CVSS 8.8
CVE-2012-2174
IBM Lotus Notes 8.x - Remote Code Execution via Crafted notes:// URL
CVE-2012-3289
VMware Workstation <8.0.4-Player <4.0.4-ESXi 3.5-5.0-ESX 3.5-4.1 - DoS
CVE-2012-2041
Adobe ColdFusion 8.0-9.0.1 - HTTP Response Splitting via Component Browser
CVE-2012-1881
Internet Explorer 8 and 9 - Remote Code Execution via OnRowsInserted Event
CVE-2012-1880
Microsoft Internet Explorer 6-9 - Remote Code Execution via Deleted Object Access
CVE-2012-1879
HIGH
Internet Explorer 6-9 - Remote Code Execution via insertAdjacentText Memory Corruption
CVSS 8.1
CVE-2012-1878
Microsoft Internet Explorer 6-9 - Remote Code Execution via OnBeforeDeactivate Event Handler
CVE-2012-1877
Microsoft Internet Explorer 6-9 - Remote Code Execution via Title Element Change
CVE-2012-1876
Microsoft Internet Explorer 6-9 and 10 Consumer Preview - Remote Code Execution via Col Element Handling
CVE-2012-1875
Microsoft Internet Explorer 8 - Remote Code Execution via Deleted Object Access
CVE-2012-1874
Microsoft Internet Explorer 8 and 9 - Use-After-Free in Developer Toolbar
CVE-2012-1855
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5 - Remote Code Execution via Crafted XAML Browser Application
Details
Vulnerabilities
6,544
Exploit Likelihood
Medium