CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,544 vulnerabilities with CWE-94
CVE-2012-1523
Microsoft Internet Explorer 6-8 - Remote Code Execution via Center Element Use-After-Free
CVE-2012-0173
Microsoft Windows RDP - Remote Code Execution via Crafted RDP Packets
CVE-2012-2596
Siemens WinCC 7.0 SP3 - XML Injection
CVE-2012-0295
Symantec Endpoint Protection <12.1 RU1-MP1 - RCE
CVE-2012-2924
Hypermethod eLearning Server 4G - RCE
CVE-2012-0671
Apple QuickTime < 7.7.2 - Remote Code Execution via Crafted .pict File
CVE-2012-1328
Cisco Unified IP Phone 9900 Series - Privilege Escalation via Configuration Download
CVE-2012-2273
Comodo Internet Security < 5.10.228257.2253 - Denial of Service via Crafted PE File
CVE-2012-2224
Xunlei Thunder - Remote Code Execution via DLL Injection
CVE-2012-1594
Wireshark 1.6.x < 1.6.6 - Denial of Service via IEEE 802.11 Dissector
CVE-2012-0172
Microsoft Internet Explorer 6-8 - Remote Code Execution via VML Style Object Handling
CVE-2012-0171
Microsoft Internet Explorer 6-9 - Remote Code Execution via Deleted Object Access
CVE-2012-0170
Microsoft Internet Explorer 6 and 7 - Remote Code Execution via Deleted Object Access
CVE-2012-0169
Microsoft Internet Explorer 9 - Remote Code Execution via Deleted Object Access
CVE-2012-0168
Microsoft Internet Explorer 6-9 - Remote Code Execution via Print Table of Links Operation
CVE-2012-0158 HIGH KEV
Microsoft Office and Components - Remote Code Execution via Crafted File
CVSS 8.8
CVE-2012-1924
Opera < 11.62 - Unauthenticated Arbitrary File Download via Deceptive Dialog
CVE-2012-1919
AtMail Open-Source < 1.04 - Directory Traversal and Arbitrary File Read via CRLF Injection
CVE-2012-0451
Mozilla Firefox 4.x-10.0 and Firefox ESR 10.x - CRLF Injection via HTTP Headers
CVE-2012-0002
Windows RDP - Remote Code Execution via Crafted RDP Packets
CVE-2012-0319
Movable Type <4.38, <5.07, <5.13 - Authenticated Code Injection
CVE-2012-0363
Cisco Small Business SRP520 and SRP540 Series Firmware - Authenticated Command Injection
CVE-2012-1205
Relocate Upload < 0.20 - Remote Code Execution via abspath Parameter
CVE-2012-0993
zenphoto 1.4.2 - Remote Code Execution via viewer_size_image_saved Cookie
CVE-2012-1200
Nova CMS - Remote File Inclusion via Multiple Parameter Injection
Details
Vulnerabilities 6,544
Exploit Likelihood Medium