CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,546 vulnerabilities with CWE-94
CVE-2011-4337
Support Incident Tracker 3.45-3.65 - Remote Code Execution via Lang Parameter in translate.php
CVE-2011-3832
Support Incident Tracker <3.65 - Code Injection
CVE-2011-5061
WHMCompleteSolution 4.0.x-5.0.x - Remote Code Execution via Ticket Subject Field
CVE-2011-4787
HP Easy Printer Care Software < 2.5 - Remote Code Execution via HPTicketMgr.dll ActiveX Control
CVE-2011-4786
HP Easy Printer Care Software < 2.5 - Remote Code Execution via HPTicketMgr.dll ActiveX Control
CVE-2011-5021
phpids < 0.7 - Regular Expression Denial of Service Bypass
CVE-2011-3378
RPM <4.9.1.2 - Memory Corruption/DoS
CVE-2011-1392
Blueberry BB FlashBack <7.6.1 - RCE
CVE-2011-1391
Blueberry BB FlashBack - Remote Code Execution via InsertMarker Method
CVE-2011-1388
Blueberry BB FlashBack - Remote Code Execution via TestCompatibilityRecordMode Method
CVE-2011-4453
PmWiki 2.x < 2.2.35 - Remote Code Execution via PageListSort Order Parameter
CVE-2011-4203
Moodle < 1.9.15 - CRLF Injection via Calendar URL Parameter
CVE-2011-4828
AutoSec Tools V-CMS 1.0 - Remote Code Execution via Unrestricted File Upload in Inline Image Upload
CVE-2011-4825
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
CVE-2011-3413
Microsoft PowerPoint <2008 - Memory Corruption
CVE-2011-3412
Microsoft Publisher <2007 - Code Injection
CVE-2011-3411
Microsoft Publisher <2003 SP3 - RCE
CVE-2011-3403
Microsoft Excel <2004 - Code Injection
CVE-2011-3401
Windows Media Player and Media Center - Remote Code Execution via Crafted DVR-MS File
CVE-2011-3400
Microsoft Windows XP <SP2-SP3 & Server 2003 <SP2 - RCE
CVE-2011-3397
Microsoft Windows XP and Server 2003 - Remote Code Execution via DATIME.DLL Binary Behavior
CVE-2011-1508
Microsoft Publisher <2007 SP3 - RCE
CVE-2011-4201
Restorepoint 3.2 - Remote Code Execution via remote_support.cgi PID Parameters
CVE-2011-4668
IBM Tivoli Netcool/Reporter < 2.2.0.8 - Remote Code Execution via Apache CGI Program
CVE-2011-4545
PrestaShop 1.4.4.1 - CRLF Injection via admin/displayImage.php name Parameter
Details
Vulnerabilities 6,546
Exploit Likelihood Medium