CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,548 vulnerabilities with CWE-94
CVE-2010-1342
Direct News 4.10.2 - Remote Code Execution via PHP File Inclusion
CVE-2010-1337
Lussumo Vanilla < 1.1.10 - Remote Code Execution via PHP File Inclusion
CVE-2010-1335
Insky CMS 006-0111 - Remote Code Execution via ROOT Parameter File Inclusion
CVE-2010-1299
dynpg < 4.1.0 - Remote Code Execution via PHP File Inclusion
CVE-2010-1272
gnat-tgp < 1.2.20 - Remote Code Execution via DOCUMENT_ROOT Parameter
CVE-2010-1266
WebMaid CMS < 0.2-6 - Remote File Inclusion via Multiple Template Parameters
CVE-2010-0179
Firefox < 3.0.19 and 3.5.x < 3.5.8 - Remote Code Execution via XMLHttpRequestSpy and Chrome Privilege Escalation
CVE-2010-0178
Firefox < 3.0.19, 3.5.x < 3.5.9, 3.6.x < 3.6.2 - Remote Code Execution via Drag-and-Drop Action
CVE-2010-1239
Foxit Reader < 3.2.1.0401 - Remote Code Execution via PDF Launch Action
CVE-2010-0807
Microsoft Internet Explorer 7 - RCE
CVE-2010-0805
Microsoft Internet Explorer <6 - RCE
CVE-2010-0492
HIGH
Internet Explorer 8 - Use-After-Free via TIME2 Behavior and CTimeAction Object
CVSS 8.1
CVE-2010-0490
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 - Remote Code Execution via Uninitialized Memory Corruption
CVE-2010-0267
Microsoft Internet Explorer 6, 6 SP1, and 7 - Remote Code Execution via Uninitialized Memory Corruption
CVE-2010-1216
notsopureedit < 1.4.1 - Remote Code Execution via Template Content Parameter
CVE-2010-1180
Safari - Remote Code Execution via Long Exception String in Throw Statement
CVE-2010-1177
Safari - Remote Code Execution via Long Crafted Strings in document.write
CVE-2010-1176
Safari on Apple iPhone OS 3.1.3 for iPod touch - DoS
CVE-2010-0988
Pulse CMS < 1.2.3 - Unauthenticated Arbitrary File Write and Remote Code Execution via Login Failure Handling
CVE-2010-1121
Mozilla Firefox <3.6.3 - Use After Free
CVE-2010-1120
Safari 4 on Mac OS X 10.6 - Remote Code Execution
CVE-2010-1114
Web Server Creator - Web Portal 0.1 - RCE
CVE-2010-1106
AdvertisementManager 3.1.0 - Remote Code Execution via req Parameter
CVE-2010-1055
osDate 2.1.9 and 2.5.4 - Remote Code Execution via config[forum_installed] Parameter
CVE-2010-0983
rezervi < 3.0.2 - Remote Code Execution via mail.inc.php root Parameter
Details
Vulnerabilities
6,548
Exploit Likelihood
Medium