CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,546 vulnerabilities with CWE-94
CVE-2011-4646
WP-PostRatings < 1.62 - Authenticated SQL Injection via Ratings Shortcode
CVE-2011-3828
DVR Remote ActiveX Control - Remote Code Execution via Crafted DVRobot.dll File
CVE-2011-4260
RealNetworks RealPlayer <15.0.0 - RCE
CVE-2011-4258
RealNetworks RealPlayer <15.0.0 - RCE
CVE-2011-4257
RealNetworks RealPlayer <15.0.0 - RCE
CVE-2011-4256
RealPlayer <15.0.0-12.0.0.1703 - RCE
CVE-2011-4254
RealNetworks RealPlayer <15.0.0 - RCE
CVE-2011-4252
RealPlayer <15.0.0-12.0.0.1703 - RCE
CVE-2011-4251
RealNetworks RealPlayer <15.0.0 - RCE
CVE-2011-4248
RealNetworks RealPlayer <15.0.0 - RCE
CVE-2011-4247
RealNetworks RealPlayer <15.0.0 - RCE
CVE-2011-4047
Dell KACE K2000 Systems Deployment Appliance - Remote Code Execution via Database Write Access
CVE-2011-3655
Mozilla Firefox <8 - Privilege Escalation
CVE-2011-3379
PHP 5.3.7-5.3.8 - Remote Code Execution via is_a Function Autoload Trigger
CVE-2011-4075
phpLDAPadmin < 1.2.2 - Remote Code Execution via Orderby Parameter
CVE-2011-3310
CiscoWorks Common Services < 4.1 - Authenticated Remote Code Execution via Home Page URL
CVE-2011-2585
Cisco Show and Share < 5.2(2.1) - Authenticated Remote Code Execution via Video Upload
CVE-2011-3261
iPhone OS - Remote Code Execution via Crafted Excel Spreadsheet
CVE-2011-3260
iPhone OS - Remote Code Execution via Crafted Microsoft Word Document
CVE-2011-3256
iPhone OS - Remote Code Execution via Crafted Font
CVE-2011-3231
Safari < 5.1.1 - Remote Code Execution via Crafted X.509 Certificate
CVE-2011-3229
Apple Safari - Remote JavaScript Execution via Crafted safari-extension: URL
CVE-2011-3228
macOS < 10.7.2 - Remote Code Execution via Crafted Movie File
CVE-2011-3221
macOS < 10.7.2 - Remote Code Execution via Crafted QuickTime Movie File
CVE-2011-0224
macOS < 10.6.8 - Remote Code Execution via Crafted QuickTime Movie File
Details
Vulnerabilities 6,546
Exploit Likelihood Medium