CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,546 vulnerabilities with CWE-94
CVE-2012-0993
zenphoto 1.4.2 - Remote Code Execution via viewer_size_image_saved Cookie
CVE-2012-1200
Nova CMS - Remote File Inclusion via Multiple Parameter Injection
CVE-2012-1199
Basic Analysis and Security Engine 1.4.5 - Remote Code Execution via PHP File Inclusion
CVE-2012-0155
Microsoft Internet Explorer 9 - Remote Code Execution via VML Object Handling
CVE-2012-0138
Microsoft Visio Viewer 2010 Gold and SP1 - Remote Code Execution via Crafted VSD File Attributes
CVE-2012-0137
Microsoft Visio Viewer 2010 Gold and SP1 - Remote Code Execution via Crafted VSD File Attributes
CVE-2012-0136
Microsoft Visio Viewer 2010 Gold and SP1 - Remote Code Execution via Crafted VSD File Attributes
CVE-2012-0020
Microsoft Visio Viewer 2010 Gold and SP1 - Remote Code Execution via Crafted VSD File Attributes
CVE-2012-0019
Microsoft Visio Viewer 2010 Gold and SP1 - Remote Code Execution via Crafted VSD File Attributes
CVE-2012-0015
Microsoft .NET Framework 2.0 SP2 and 3.5.1 - Remote Code Execution via Crafted XAML Browser Application
CVE-2012-0014 HIGH
Microsoft .NET Framework and Silverlight - Remote Code Execution via Unmanaged Object Access
CVSS 7.8
CVE-2012-0011
Microsoft Internet Explorer 7-9 - Remote Code Execution via Deleted Object Access
CVE-2012-0928
RealNetworks RealPlayer <14.0.7 - RCE
CVE-2012-0927
RealNetworks RealPlayer <15.02.71 - RCE
CVE-2012-0926
RealNetworks RealPlayer <15.02.71 - RCE
CVE-2012-0925
RealNetworks RealPlayer <15.02.71 - RCE
CVE-2012-0924
RealNetworks RealPlayer <15.02.71 - RCE
CVE-2012-0923
RealNetworks RealPlayer <15.02.71 - RCE
CVE-2012-0922
RealNetworks RealPlayer <15.02.71 - RCE
CVE-2012-0934
Theme Tuner Plugin < 0.7 - Remote Code Execution via tt-abspath Parameter
CVE-2012-0329
Cisco Digital Media Manager <5.2.3 - Authenticated RCE
CVE-2012-0693
WHMCompleteSolution 5.03 - Remote Code Injection via submitticket.php Subject Field
CVE-2012-0310
Cogent DataHub <7.1.2 - CRLF Injection
CVE-2012-0394
Apache Struts 2.0.0-2.3.16 - Remote Code Execution via DebuggingInterceptor
CVE-2012-0391 CRITICAL KEV
Apache Struts < 2.2.3.1 - Remote Code Execution via ExceptionDelegator OGNL Expression Injection
CVSS 9.8
Details
Vulnerabilities 6,546
Exploit Likelihood Medium