CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,548 vulnerabilities with CWE-94
CVE-2010-0814
Microsoft Office Access <2007 SP2 - RCE
CVE-2010-0266
Microsoft Outlook 2002 SP3, 2003 SP3, 2007 SP1/SP2 - Remote Code Execution via SMB Attachment Handling
CVE-2010-2681
Joomla com_sef - Remote Code Execution via mosConfig.absolute.path Parameter
CVE-2010-2677
Open Web Analytics (OWA) 1.2.3 - RCE
CVE-2010-2626
Miyabi CGI Tools SEO Links 1.02 - Remote Command Execution via fn Parameter
CVE-2010-2618
Insanevisions Adapcms - Code Injection
CVE-2010-2208
Adobe Acrobat and Reader 9.x < 9.3.3 and 8.x < 8.2.3 - Remote Code Execution
CVE-2010-2205
Adobe Acrobat and Reader 9.x < 9.3.3 and 8.x < 8.2.3 - Remote Code Execution
CVE-2010-2358
Nakid CMS 0.5.2 - Remote Code Execution via core[system_path] Parameter
CVE-2010-1622
Oracle Fusion Middleware < 2.5.7 - Code Injection
CVE-2010-2341
ezpx_photoblog 1.2 beta - Remote Code Execution via tpl_base_dir Parameter
CVE-2010-2315
SmartISoft phpBazar 2.1.1 - Remote Code Execution via Picturelib.php Cat Parameter
CVE-2010-2314
NP_Twitter Plugin 0.8-0.9 - Remote Code Execution via DIR_PLUGINS Parameter
CVE-2010-2297
Google Chrome < 5.0.375.70 - Remote Code Execution via Large Colspan Attribute
CVE-2010-2186
Adobe Flash Player < 9.0.277.0 and 10.x < 10.1.53.64 - Remote Code Execution
CVE-2010-2163
Adobe Flash Player < 10.1.53.64 - Remote Code Execution
CVE-2010-2161
Adobe Flash Player < 10.1.53.64 - Remote Code Execution via Flash Code Array Index Error
CVE-2010-1770
Apple Safari < 5.0 - Remote Code Execution via Crafted HTML Document with BR Element
CVE-2010-1415
Apple Safari WebKit libxml - Crafted HTML Code Execution
CVE-2010-2261
Linksys WAP54Gv3 < 3.04.03 - Remote Code Execution via Debug Command Page Parameters
CVE-2010-1880
Microsoft DirectShow - Remote Code Execution via Crafted MJPEG Media File
CVE-2010-1879
Microsoft Directx - Code Injection
CVE-2010-1262
Microsoft Internet Explorer <8 - Memory Corruption
CVE-2010-1261
Microsoft Internet Explorer 8 - RCE
CVE-2010-1260 HIGH
Microsoft Internet Explorer 8 - RCE
CVSS 7.5
Details
Vulnerabilities 6,548
Exploit Likelihood Medium