CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,548 vulnerabilities with CWE-94
CVE-2011-1863
HP Service Manager <9.21 - Command Injection
CVE-2011-1760
OProfile < 0.9.6 - Local Privilege Escalation via Eval Injection in opcontrol
CVE-2011-2386
VisiWave Site Survey < 2.1.9 - Remote Code Execution via Invalid Type Property in VWS/VWR Files
CVE-2011-1646
Cisco RVS4000/WRVS4400N <2.0.2.1 - Command Injection
CVE-2011-0028
Microsoft WordPad < XP SP2/SP3 & Server 2003 SP2 - RCE
CVE-2011-0386
Cisco TelePresence Recording Server 1.6.x and 1.7.x < 1.7.1 - Remote Code Execution via Malformed XML-RPC Request
CVE-2011-0364
Cisco Security Agent 5.1-6.0 - Remote Code Execution via Crafted st_upload Request
CVE-2011-0093
Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 - Remote Code Execution via Malformed File Structure
CVE-2011-0092
Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 - Remote Code Execution via Malformed VisioDocument Stream
CVE-2011-0036
Microsoft Internet Explorer 6-8 - RCE
CVE-2011-0035
Microsoft Internet Explorer 6-8 - RCE
CVE-2011-0635
Simploo CMS < 1.7.1 - Authenticated PHP Code Injection via FTP-Server Parameter
CVE-2011-0487
ICQ 7 - Remote Code Execution via Unverified Automatic Update
CVE-2010-20120
HIGH
Maplesoft Maple <= 13 - Remote Code Execution via Malicious Maplet File
CVE-2010-4820
Ghostscript 8.62 - Local Code Execution via Trojan PostScript Library in Encoding Directory
CVE-2010-5091
SilverStripe <2.3.8, <2.4.1 - Authenticated RCE
CVE-2010-5164
MEDIUM
KingSoft Personal Firewall 9 Plus 2009.05.07.70 - Local Race Condition via User-Space Memory Changes
CVSS 5.3
CVE-2010-5153
MEDIUM
Avira Premium Security Suite <10.0.0.536 - Privilege Escalation
CVSS 5.3
CVE-2010-5040
NP_Gallery plugin 0.94 - Remote Code Execution via DIR_NUCLEUS Parameter
CVE-2010-5038
Groone's Simple Contact Form - Remote File Inclusion via abspath Parameter
CVE-2010-4998
ardeaCore PHP Framework 2.2 - Remote File Inclusion via pathForArdeaCore Parameter
CVE-2010-4988
Family Connections Who is Chatting <2.2.3 - RCE
CVE-2010-4964
D-Link DCS-2121 <1.04 - Command Injection
CVE-2010-4948
PHP Free Photo Gallery <libs/adodb/adodb.inc.php - RCE
CVE-2010-4943
Saurus CMS 4.7.0 - Remote Code Execution via Class Path Parameter
Details
Vulnerabilities
6,548
Exploit Likelihood
Medium