CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,548 vulnerabilities with CWE-94
CVE-2009-4264
AROUNDMe 1.1 - Remote Code Execution via Language Path Parameter
CVE-2009-3677
Microsoft Windows - Authentication Bypass in IAS MS-CHAP v2 PEAP Request Verification
CVE-2009-3673
Internet Explorer 7 and 8 - Remote Code Execution via Uninitialized Memory Corruption
CVE-2009-4223
KR-Web < 1.1 - Remote Code Execution via DOCUMENT_ROOT Parameter
CVE-2009-4220
PointComma < 3.8b2 - Remote Code Execution via pcConfig[smartyPath] Parameter
CVE-2009-4148
DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 - Remote Code Execution via JavaScript in .ds, .dsa, .dse, or .dsb Files
CVE-2009-4127
wikipedia_toolbar < 0.5.9.2 - Remote Code Execution via Chrome Privilege Escalation
CVE-2009-4156
Ciamos CMS < 0.9.5 - Remote Code Execution via module_path Parameter
CVE-2009-3672
Microsoft Internet Explorer 6 and 7 - Remote Code Execution via STYLE Tag Memory Corruption
CVE-2009-4115
CutePHP CuteNews 1.4.6 - Code Injection
CVE-2009-4113
CutePHP CuteNews <8b - Code Injection
CVE-2009-4111
PEAR Mail <1.2.0b2 - Command Injection
CVE-2009-4024
Net_Ping <2.4.5 - Command Injection
CVE-2009-4023
PEAR Mail <1.1.14 - Command Injection
CVE-2009-4094
D4J eZine (com_ezine) 2.1 - Remote Code Execution via GLOBALS[mosConfig_absolute_path] Parameter
CVE-2009-4085
PHP Traverser 0.8.0 - Remote Code Execution
CVE-2009-4082
Outreach Project Tool < 1.2.7 - Remote Code Execution via CRM_path Parameter
CVE-2009-3578
Autodesk Maya 6.5-2010 and Alias Wavefront Maya 6.5-7.0 - Remote Code Execution via MEL Script Nodes
CVE-2009-3577
Autodesk 3ds Max 6-9 and 2008-2010 - Remote Code Execution via MAXScript DOSCommand Method
CVE-2009-3576
Autodesk Softimage 7.x and Softimage XSI 6.x - Remote Code Execution via Scene Table of Contents Script_Content Element
CVE-2009-3890
WordPress < 2.8.5 - Authenticated Remote Code Execution via Multiple-Extension Filename Upload
CVE-2009-3134
Microsoft Office Excel and Compatibility Pack - Remote Code Execution via Malformed Record Object
CVE-2009-3133
Microsoft Office Excel and Compatibility Pack - Remote Code Execution via Malformed Spreadsheet Object
CVE-2009-3132
Microsoft Office Excel and Compatibility Pack - Remote Code Execution via Malformed Spreadsheet Formula
CVE-2009-3131
Microsoft Office Excel and Compatibility Pack - Remote Code Execution via Crafted Spreadsheet Formula
Details
Vulnerabilities
6,548
Exploit Likelihood
Medium