CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,548 vulnerabilities with CWE-94
CVE-2010-4939
MailForm 1.2 - Remote Code Execution via Theme Parameter
CVE-2010-4924
clearBudget 0.9.8 - Remote Code Execution via actionPath Parameter
CVE-2010-4918
ijoomla com_magazine 3.0.1 - Remote Code Execution via Config Parameter
CVE-2010-4914
PHP Classifieds 7.3 - Remote Code Execution via lang_path Parameter
CVE-2010-4884
Gaestebuch 1.2 - Remote Code Execution via script_pfad Parameter
CVE-2010-4879
dompdf 0.6.0 beta1 - Remote Code Execution via input_file Parameter
CVE-2010-4878
Kontakt Formular 1.1 - Remote Code Execution via script_pfad Parameter
CVE-2010-4810
AR Web Content Manager AWCM 2.1 - RCE
CVE-2010-2789
MediaWiki 1.16 beta - Remote Code Execution via PHP Remote File Inclusion
CVE-2010-4732
IntelliCom NetBiter - Authenticated Remote Code Execution via Logo Page GIF Replacement
CVE-2010-3719
Symantec IM Manager < 8.4.16 - Remote Code Execution via IMAdminSchedTask.asp ScheduleTask Method
CVE-2010-4572
Bugzilla < 3.2.10, 3.4.x < 3.4.10, 3.6.x < 3.6.4, 4.0.x < 4.0rc2 - HTTP Response Splitting via chart.cgi Query String
CVE-2010-4588
WMI Administrative Tools < 1.1 - Remote Code Execution via WBEMSingleView.ocx ReleaseContext Method
CVE-2010-3973
WMI Administrative Tools < 1.1 - Remote Code Execution via WBEMSingleView.ocx AddContextRef Method
CVE-2010-4558
phpMyFAQ 2.6.11-2.6.12 - Remote Code Execution via Trojan Horse in getTopTen Method
CVE-2010-3959
Microsoft Windows - Local Privilege Escalation via OpenType CMAP Table
CVE-2010-3956
Microsoft Windows - Local Privilege Escalation via Crafted OpenType Font
CVE-2010-3955
Microsoft Publisher 2002 SP3 - Remote Code Execution via Crafted Publisher File
CVE-2010-3340
Microsoft Internet Explorer <7 - RCE
CVE-2010-2569
Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 - Remote Code Execution via Crafted Publisher File
CVE-2010-2235
Cobbler < 2.0.7 - Authenticated Remote Code Execution via Cheetah Template Engine
CVE-2010-4294
VMware Movie Decoder < 6.5.5 - Remote Code Execution via Crafted Video File
CVE-2010-4410
CGI.pm < 3.50 - HTTP Response Splitting via Header Function
CVE-2010-2761
CGI.pm < 3.50 - HTTP Response Splitting via Hardcoded MIME Boundary
CVE-2010-4283
Pandora FMS < 3.1 - Remote Code Execution via argv[1] Parameter
Details
Vulnerabilities 6,548
Exploit Likelihood Medium