CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,546 vulnerabilities with CWE-94
CVE-2011-10019 CRITICAL
Spreecommerce < 0.60.2 - Unauthenticated Remote Code Execution via Search Parameter
CVSS 9.8
CVE-2011-10018 CRITICAL
myBB 1.6.4 - Unauthenticated Remote Code Execution via Collapsed Cookie Backdoor
CVSS 9.8
CVE-2011-10013 CRITICAL
Traq Project Issue Tracking System 2.0-2.3 - Unauthenticated Remote Code Execution via Admin Plugin Injection
CVE-2011-10011 CRITICAL
WeBid < 1.0.2 - Unauthenticated Remote Code Execution via Converter.php to Parameter
CVE-2011-1830 MEDIUM
ekiga < 3.3.0 - Remote Code Execution via Unsafe Module Loading from /tmp
CVSS 5.7
CVE-2011-2767 CRITICAL
mod_perl 2.0-2.0.10 - Unauthenticated Remote Code Execution via .htaccess File
CVSS 9.8
CVE-2011-3178 HIGH
openSUSE Open Build Service < 2.3.0 - Authenticated OS Command Injection via Project Rebuildtimes Statistics
CVSS 8.1
CVE-2011-0469 CRITICAL
openSUSE open build service 2.1 - Code Injection
CVSS 9.8
CVE-2011-2702
glibc < 2.13 and eglibc < 2.13 - Remote Code Execution via SSSE3 Optimization
CVE-2011-2732
SpringSource Spring Security < 2.0.7 - CRLF Injection via Logout Redirect Parameter
CVE-2011-4342
BackWPup < 1.7.1 - Remote Code Execution via wpabs Parameter
CVE-2011-4639
SpamTitan WebTitan < 3.50 - Authenticated Command Injection via Traceroute and Ping Arguments
CVE-2011-4932
ImpressPages CMS < 1.0.13 - Remote Code Execution via cm_group Parameter
CVE-2011-5147
FreeWebshop < 2.2.9 - Remote Code Execution via Ajax File Manager
CVE-2011-5130
Family Connections CMS 2.5.0-2.7.1 - Remote Code Execution via dev/less.php argv[1] Parameter
CVE-2011-4458
Bestpractical RT - Code Injection
CVE-2011-4237
Cisco CiscoWorks <4.0 - CRLF Injection
CVE-2011-3285
Cisco Adaptive Security Appliance Software 8.0-8.4 - HTTP Response Splitting via CRLF Injection
CVE-2011-2478
Google SketchUp < 8 - Remote Code Execution via Crafted SKP File
CVE-2011-4882
atvise webMI2ADS < 2.0.2 - Denial of Service via HTTP Request
CVE-2011-4189
Novell GroupWise 8.0x-8.02HP3 - Remote Code Execution via Long Email Address in Address Book File
CVE-2011-4614
TYPO3 4.5.x-4.5.9 4.6.x-4.6.2 4.7 - Remote Code Execution via BACK_PATH Parameter
CVE-2011-4041
Advantech/BroadWin WebAccess - Remote Code Execution via Long String in RPC Request
CVE-2011-4512
Siemens WinCC flexible - CRLF Injection via HMI Web Server
CVE-2011-4791
HP Data Protector Media Operations < 6.11 - Remote Code Execution via Length Field Overflow
Details
Vulnerabilities 6,546
Exploit Likelihood Medium