CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,548 vulnerabilities with CWE-94
CVE-2009-2095
Mundi Mail 0.8.2 - Remote Code Execution via Top Parameter
CVE-2009-1719
SUN Jre - Code Injection
CVE-2009-1841
Firefox < 3.0.11 - Remote Code Execution via Chrome Object Privilege Escalation
CVE-2009-1838
Firefox < 3.0.10 - Remote Code Execution via Garbage Collection Event Handler
CVE-2009-1833
Firefox < 3.0.11 - Remote Code Execution via JavaScript Engine Memory Corruption
CVE-2009-1832
Firefox < 3.0.10 - Remote Code Execution via Double Frame Construction
CVE-2009-1392
Firefox < 3.0.11 and SeaMonkey < 1.1.17 - Remote Code Execution via Browser Engine Memory Corruption
CVE-2009-0202
Microsoft Office PowerPoint 2000 and 2002 - Remote Code Execution via Freelance File Layout Information
CVE-2009-1134
Microsoft Office Excel - Remote Code Execution via Malformed BIFF Qsir Record
CVE-2009-0559
Microsoft Office <2000 SP3, XP SP3 - Buffer Overflow
CVE-2009-0558
Microsoft Office <2008 - Code Injection
CVE-2009-0557 HIGH KEV
Microsoft Office Excel - Remote Code Execution via Malformed Record Object
CVSS 7.8
CVE-2009-0549
Microsoft Office Excel - Remote Code Execution via Malformed Record Object
CVE-2009-1712
Apple Safari < 4.0 - Remote Code Execution via Local Java Applet Loading
CVE-2009-1704
Safari < 4.0 - Remote Code Execution via Misinterpreted Image File
CVE-2009-1698
Safari < 4.0 - Remote Code Execution via CSS attr Function Handling
CVE-2009-1960
DokuWiki 2009-02-14, rc2009-02-06, rc2009-01-30 - Remote Code Execution via config_cascade Parameter
CVE-2009-1946
AdaptBB 1.0 - Remote Code Execution
CVE-2009-0955
Apple QuickTime < 7.6.2 - Remote Code Execution via Crafted Image Description Atoms
CVE-2009-1822
InterJoomla ArtForms 2.1b7 - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2009-1677
bitweaver <= 2.6 - Authenticated PHP Code Injection via Display Name
CVE-2009-1579
SquirrelMail - Remote Code Execution via Username Shell Metacharacter Injection
CVE-2009-0945
Apple Safari < 3.2.3 - Remote Code Execution via SVGList Negative Index
CVE-2009-0944
macOS 10.4.11 and 10.5 < 10.5.7 - Remote Code Execution via Microsoft Office Spotlight Importer
CVE-2009-0160
Mac OS X 10.4.11 and 10.5 < 10.5.7 - Remote Code Execution via Crafted PICT Image
Details
Vulnerabilities 6,548
Exploit Likelihood Medium