CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,548 vulnerabilities with CWE-94
CVE-2009-2637
Joomla! com_booklibrary <1.5.2.4 - RCE
CVE-2009-2635
Joomla! com_realestatemanager 1.0 Basic - RCE
CVE-2009-2634
MediaLibrary (com_media_library) 1.5.3 Basic - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2009-2633
Joomla! com_vehiclemanager 1.0 - RCE
CVE-2009-2348
Android 1.5 CRBxx - Unauthenticated Permission Bypass via Camera and Microphone Access
CVE-2009-2477
Firefox 3.5 - Remote Code Execution via TraceMonkey JIT Escape Function
CVE-2009-1539
Microsoft DirectX 7.0-9.0c - Remote Code Execution via QuickTime Movie Parser Filter
CVE-2009-1136
Microsoft Office Web Components Spreadsheet ActiveX Control - Remote Code Execution via msDataSourceObject Method
CVE-2009-0566
Microsoft Office Publisher <2007 SP1 - RCE
CVE-2009-2457
Novell eDirectory < 8.8 SP5 - Denial of Service via Malformed LDAP Bind Packet
CVE-2009-1383
mathTeX - Remote Code Execution via Shell Metacharacters in DPI Tag
CVE-2009-2399
DM FileManager 3.9.4 - Remote Code Execution via SECURITY_FILE Parameter
CVE-2009-2396
DM Albums 1.9.2 - Remote Code Execution via SECURITY_FILE Parameter
CVE-2009-2378
Jax FormMailer 3.0.0 - Remote Code Execution via BASE_DIR Parameter
CVE-2009-2372
Drupal 6.0-6.12 - Authenticated Code Injection via User Signature
CVE-2009-2353
eAccelerator - Remote Code Execution via encoder.php -o Option
CVE-2009-2331
CMS Chainuk < 1.2 - Remote PHP Code Injection via Menu or Title Parameter
CVE-2009-2270
dedecms 5.3 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Double Extension Bypass
CVE-2009-2262
AjaxPortal 3.0 - Remote Code Execution via pathtoserverdata Parameter
CVE-2009-2218
phpCollegeExchange 0.1.5c - Remote Code Execution via URL Parameter Injection
CVE-2009-2182
Campsite 3.3.0 RC1 - Remote Code Execution via GLOBALS[g_campsiteDir] Parameter
CVE-2009-2169
Edraw PDF Viewer Component <3.2.0.126 - RCE
CVE-2009-2143
FireStats < 1.6.2-stable - Remote Code Execution via fs_javascript Parameter
CVE-2009-2118
IrfanView 4.23 - Remote Code Execution via Crafted TIFF 1 BPP Image
CVE-2009-2111
DB Top Sites 1.0 - Remote Code Injection via add_reg.php URL and Location Parameters
Details
Vulnerabilities 6,548
Exploit Likelihood Medium