CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,548 vulnerabilities with CWE-94
CVE-2009-3114
IBM Lotus Notes 8.0 and 8.5 - Remote Code Execution via RSS Reader Widget
CVE-2009-2628
VMware ACE, Player, Workstation, and Movie Decoder - Remote Code Execution via Crafted AVI File
CVE-2009-2519
Microsoft Windows DHTML Editing ActiveX RCE (2000 SP4, XP SP2-SP3, Server 2003 SP2)
CVE-2009-2499
Microsoft Windows Media Format Runtime <11 - RCE
CVE-2009-2498
Microsoft Windows Media Format Runtime <11 - RCE
CVE-2009-1925
Microsoft Windows Vista/Server 2008 - RCE
CVE-2009-1920
Microsoft Windows JScript 5.1-5.8 - Remote Code Execution via Decoded Script Memory Corruption
CVE-2009-3065
Rein Velt Vedit - Code Injection
CVE-2009-3056
KingCMS 0.6.0 - Remote Code Execution via CONFIG[AdminPath] Parameter
CVE-2009-3055
DataLife Engine 8.2 - Remote Code Execution via dle_config_api Parameter
CVE-2009-3019
Microsoft Internet Explorer 6 on Windows XP SP2/SP3 and IE 7 on Vista - DoS via LI Element Attribute Manipulation
CVE-2009-2627
Acer LunchApp - Remote Code Execution via Run Method
CVE-2009-2791
WebDynamite ProjectButler 1.5.0 - Code Injection
CVE-2009-2773
PHP Paid 4 Mail Script - Remote Code Execution via home.php page Parameter
CVE-2009-2769
Ultrize TimeSheet 1.2.2 - Remote Code Execution via config[include_dir] Parameter
CVE-2009-2494 CRITICAL
Microsoft Windows ATL - Remote Code Execution via Variant Stream Handling
CVSS 9.8
CVE-2009-1545
Windows Media AVI File Handler - Remote Code Execution via Malformed AVI Header
CVE-2009-2736
sun-jester OpenNews 1.0 - Authenticated PHP Code Injection via Overall Width Field
CVE-2009-0668
Zope Object Database < 3.8.2 - Remote Code Execution via ZEO Network Protocol
CVE-2009-2665
Firefox 3.5.x - Remote Code Execution via Link HTTP Header Handling
CVE-2009-2493 HIGH
Microsoft Visual Studio <2008 - RCE
CVSS 8.8
CVE-2009-1919
Microsoft Internet Explorer <6-8 - RCE
CVE-2009-1918
Microsoft Internet Explorer <6-8 - RCE
CVE-2009-0901 HIGH
Microsoft Visual C++ and Visual Studio - Remote Code Execution via Uninitialized VARIANT in ATL
CVSS 8.8
CVE-2009-2641
School Data Navigator - Remote File Inclusion Code Execution
Details
Vulnerabilities 6,548
Exploit Likelihood Medium