CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,546 vulnerabilities with CWE-94
CVE-2011-1969
Microsoft Forefront Unified Access Gateway 2010 - Remote Code Execution via Signed Java Applet
CVE-2011-1895
Microsoft Forefront UAG 2010 - CRLF Injection
CVE-2011-3981
Allwebmenus WordPress Plugin 1.1.3 - Remote Code Execution via abspath Parameter
CVE-2011-0554
Symantec IM Manager < 8.4.18 - Remote Code Execution
CVE-2011-3504
FFmpeg < 0.8.3 - Remote Code Execution via Matroska Format Decoder
CVE-2011-3232
Firefox < 7.0 - Remote Code Execution via YARR JavaScript Engine
CVE-2011-3000
Firefox < 3.6.23 and 4.x-6 - HTTP Response Splitting via Multiple Header Injection
CVE-2011-3186
Ruby on Rails 2.3.x < 2.3.13 - HTTP Response Splitting via Content-Type Header
CVE-2011-2984
Firefox < 3.6.20 - Remote Code Execution via Tab Drop Event
CVE-2011-2378
Firefox < 3.6.20 - Remote Code Execution via Dangling Pointer Dereference
CVE-2011-0084
Mozilla Firefox <3.6.20, Thunderbird <3.1.12, SeaMonkey <2.3 - RCE
CVE-2011-2404
HP Easy Printer Care Software < 2.5 - Remote Code Execution via HPTicketMgr.dll ActiveX Control
CVE-2011-3007
McAfee SaaS Endpoint Protection <= 5.2.1 - Arbitrary File Write via myCIOScn ActiveX Control
CVE-2011-2381
Bugzilla CRLF Injection via Attachment Description
CVE-2011-2964
Foomatic 4.0.6 - Remote Code Execution via Crafted FoomaticRIPCommandLine Field
CVE-2011-2747
Google Picasa < 3.6 Build 105.67 - Remote Code Execution via Crafted JPEG Image
CVE-2011-2752
SquirrelMail < 1.4.21 - CRLF Injection via Newline Character
CVE-2011-2507
phpMyAdmin 3.x < 3.3.10.2 / 3.4.x < 3.4.3.1 - Remote Code Execution via PREG_REPLACE_EVAL
CVE-2011-2506
phpMyAdmin 3.x < 3.3.10.2 and 3.4.x < 3.4.3.1 - Remote Code Injection via SESSION Superglobal
CVE-2011-2505
phpMyAdmin 3.x < 3.3.10.2 and 3.4.x < 3.4.3.1 - Remote Variable Manipulation via Swekey Authentication Query String
CVE-2011-1265
HIGH
Microsoft Windows Bluetooth Stack - Remote Code Execution via Crafted Bluetooth Packets
CVSS 8.8
CVE-2011-2605
Firefox < 3.6.18 and 4.x through 4.0.1 - CRLF Injection via Cookie String Handling
CVE-2011-2101
Adobe Reader/Acrobat <8.3-9.4.5-10.1 - RCE
CVE-2011-1863
HP Service Manager <9.21 - Command Injection
CVE-2011-1760
OProfile < 0.9.6 - Local Privilege Escalation via Eval Injection in opcontrol
Details
Vulnerabilities
6,546
Exploit Likelihood
Medium