CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,548 vulnerabilities with CWE-94
CVE-2009-3128
Microsoft Excel 2002/2003 SP3 & Office Excel Viewer 2003 SP3 - RCE via Malformed Record Object
CVE-2009-3127
Microsoft Office Excel - Remote Code Execution via Crafted Spreadsheet
CVE-2009-2514
Microsoft Windows <2000 SP4 XP SP2-SP3 Server 2003 SP2 - RCE
CVE-2009-2512 CRITICAL
Windows Vista/Server 2008 - Code Injection
CVSS 9.8
CVE-2009-3850
Blender 2.34, 2.35a, 2.40, 2.49b - Remote Code Execution via ScriptLink SDNA onLoad Action
CVE-2009-3865
JDK and JRE 6 - Remote Code Execution via Deployment Toolkit Plugin
CVE-2009-3465
Adobe Shockwave Player < 11.5.2.602 - Remote Code Execution via Crafted Shockwave Content
CVE-2009-3464
Adobe Shockwave Player < 11.5.2.602 - Remote Code Execution via Crafted Shockwave Content
CVE-2009-3631
TYPO3 < 4.0.12, 4.1.x < 4.1.13, 4.2.x < 4.2.10, 4.3.x < 4.3beta2 - Authenticated Command Injection via Filename
CVE-2009-3822
Fiji Web Design Ajax Chat (com_ajaxchat) 1.0 - Remote Code Execution via GLOBALS[mosConfig_absolute_path] Parameter
CVE-2009-3817
BookLibrary (com_booklibrary) 1.0 - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2009-3814
RunCMS 2M1 - Authenticated PHP Code Injection via Filter/Banning Feature
CVE-2009-3760
Citrix XenCenterWeb - Remote Code Execution via config/writeconfig.php Pool1 Parameter
CVE-2009-3705
Achievo < 1.4.0 - Remote Code Execution via Debugger Config Parameter
CVE-2009-2532
Windows Vista and Server 2008 - Remote Code Execution via SMBv2 Command Value
CVE-2009-2531
Microsoft Internet Explorer <8 - Code Injection
CVE-2009-2530
Microsoft Internet Explorer <8 - Code Injection
CVE-2009-2529 HIGH
Microsoft Internet Explorer <8 - RCE
CVSS 8.1
CVE-2009-2528
Microsoft Office XP SP3 - Memory Corruption
CVE-2009-2525
Microsoft Windows Media Runtime - RCE
CVE-2009-2503
Microsoft Windows and .NET Framework - Remote Code Execution via Crafted TIFF Image
CVE-2009-2497
Microsoft .NET Framework <3.5 SP1 - RCE
CVE-2009-1547 HIGH
Internet Explorer 5.01 SP4, 6, 6 SP1, 7 - Remote Code Execution via Crafted Data Stream Header
CVSS 8.8
CVE-2009-0555
Microsoft Windows Media Runtime - RCE
CVE-2009-0091
Microsoft .NET Framework 2.0, 2.0 SP1, 3.5 - Remote Code Execution via Type Verification Bypass
Details
Vulnerabilities 6,548
Exploit Likelihood Medium