CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,548 vulnerabilities with CWE-94
CVE-2010-4281
Pandora FMS < 3.1 - Remote Code Execution via UNC Share Pathname Bypass
CVE-2010-4368
AWStats < 7.0 - Remote Code Execution via configdir Parameter
CVE-2010-4367
AWStats < 7.0 - Remote Code Execution via Crafted Configuration File
CVE-2010-3909
vtiger CRM < 5.2.1 - Authenticated Remote Code Execution via .phtml File Upload
CVE-2010-3037
Cisco UVC System <5230 - Command Injection
CVE-2010-3819
Apple Safari < 5.0.3 - Remote Code Execution via CSS Box Processing
CVE-2010-3809
Safari < 5.0.3 - Remote Code Execution via WebKit Inline Styling Cast
CVE-2010-3808
Apple Safari < 5.0.3 - Remote Code Execution via WebKit Editing Command Processing
CVE-2010-3635
Adobe Flash Media Server 3.0.x < 3.0.7, 3.5.x < 3.5.5, 4.0.x < 4.0.1 - Remote Code Execution
CVE-2010-4005
GNOME Tomboy < 1.5.2 - Privilege Escalation via LD_LIBRARY_PATH Manipulation
CVE-2010-3913
TransWARE Active! mail < 6.40.010047750 - CRLF Injection and HTTP Response Splitting
CVE-2010-3172
Bugzilla < 3.2.9, 3.4.x < 3.4.9, 3.6.x < 3.6.3, 4.0.x < 4.0rc1 - HTTP Response Splitting via CRLF Injection
CVE-2010-4096
Monkeysphere 0.31-0.32 - Local Code Execution via keys-for-user Command
CVE-2010-3749
RealPlayer 11.0-11.1 and RealPlayer SP 1.0-1.1 - Remote Code Execution via RecordClip Method Parameter Injection
CVE-2010-3331
Microsoft Internet Explorer 6-8 - Code Injection
CVE-2010-3329
Microsoft Internet Explorer <8 - RCE
CVE-2010-3326
Microsoft Internet Explorer 6 - Code Injection
CVE-2010-3228
Microsoft .NET Framework 4.0 - Memory Corruption
CVE-2010-3221
Microsoft Word 2002/2003 SP3, Office 2004 for Mac, Word Viewer - RCE via Malformed Record
CVE-2010-3220
Microsoft Word <2002 SP3-Office 2004 - RCE
CVE-2010-3219
Microsoft Word 2002 SP3 - Remote Code Execution via Crafted Word Document
CVE-2010-3218
Microsoft Word 2002 SP3 - Buffer Overflow
CVE-2010-3216
Microsoft Word 2002 SP3 and Office 2004 for Mac - Remote Code Execution via Crafted Bookmarks
CVE-2010-3215
Microsoft Word <2004 - Code Injection
CVE-2010-2750
Microsoft Word 2002 SP3 and Office 2004 for Mac - Remote Code Execution via Crafted Word Document
Details
Vulnerabilities 6,548
Exploit Likelihood Medium