CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,548 vulnerabilities with CWE-94
CVE-2010-3204
Pecio CMS 2.0.5 - Remote Code Execution via Template Parameter File Inclusion
CVE-2010-3189
Trend Micro Internet Security Pro 2010 - RCE
CVE-2010-2996
RealNetworks RealPlayer <11.1 - RCE
CVE-2010-2628
strongSwan 4.3.x < 4.3.7 and 4.4.x < 4.4.1 - Remote Code Execution via Crafted Certificate or Identity Data
CVE-2010-2809
Uzbl <2010.08.05 - Command Injection
CVE-2010-2576
Opera < 10.61 - Remote Code Execution via Clickjacking on Download Dialog
CVE-2010-2991
Citrix Online Plug-in - Memory Corruption
CVE-2010-2564
Microsoft Windows Movie Maker 2.1, 2.6, and 6.0 - Remote Code Execution via Crafted Project File
CVE-2010-2562
Microsoft Excel 2002/2003 SP3, Office 2004/2008 for Mac - RCE via Crafted Excel File
CVE-2010-2561
Microsoft XML Core Services 3.0 - Remote Code Execution via Crafted HTTP Response
CVE-2010-2553
Windows XP SP2/SP3, Vista SP1/SP2, and Windows 7 - Remote Code Execution via Crafted Media File
CVE-2010-2217
Adobe Flash Media Server < 3.0.6 and 3.5.x < 3.5.4 - Remote Code Execution via JS Method
CVE-2010-2216
Adobe AIR and Flash Player - Remote Code Execution
CVE-2010-2214
Adobe AIR < 2.0.3 and Flash Player < 9.0.280 and 10.x < 10.1.82.76 - Remote Code Execution
CVE-2010-2213
Adobe AIR < 2.0.3 and Flash Player < 9.0.280 and 10.x < 10.1.82.76 - Remote Code Execution
CVE-2010-1903
Microsoft Word 2002 SP3 and 2003 SP3 and Office Word Viewer - Remote Code Execution via Malformed Record in Word File
CVE-2010-1901
Microsoft Word - Remote Code Execution via RTF Parsing Engine
CVE-2010-1900
Microsoft Works 9 - Remote Code Execution via Malformed Word File Record
CVE-2010-1898
Microsoft .NET Framework 2.0 SP1-2.0 SP2, 3.5-3.5.1 and Silverlight < 3.0.40818.0 - RCE via CLR Virtual Method Delegate
CVE-2010-0209
Adobe AIR < 2.0.3 - Remote Code Execution
CVE-2010-0019
Microsoft Silverlight < 3.0.50611.0 (Windows) and < 3.0.41130.0 (Mac OS X) - Remote Code Execution via Memory Corruption
CVE-2010-2918
Visites (com_joomla-visites) 1.1 RC2 - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2010-1215
Mozilla Firefox <3.6.7 & Thunderbird <3.1.1 - RCE
CVE-2010-2771
IBM solidDB < 6.5.0.1 - Remote Code Execution via Long Username Field
CVE-2010-1881
Microsoft Access 2003 SP3 - Remote Code Execution via ACCWIZ.dll FieldList ActiveX Control
Details
Vulnerabilities 6,548
Exploit Likelihood Medium