CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,548 vulnerabilities with CWE-94
CVE-2009-0149
Apple Mac OS X <10.5.7 - Privilege Escalation/DoS
CVE-2009-0145
macOS 10.4.11 and 10.5 < 10.5.7 - Remote Code Execution via Crafted PDF File
CVE-2009-1128
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 - Remote Code Execution via Crafted Sound Data
CVE-2009-0225
Microsoft Office PowerPoint 2002 SP3 - RCE
CVE-2009-0224
Microsoft Office Compatibility Pack 2007 - Remote Code Execution via Crafted BuildList Records
CVE-2009-0223
Microsoft Office PowerPoint <2003 SP3 - RCE
CVE-2009-0222
Microsoft Office PowerPoint <2003 SP3 - RCE
CVE-2009-1551
Qt quickteam 2 - Remote File Inclusion via qte_web_path or qte_root Parameter
CVE-2009-1469
IceWarp eMail Server < 9.4.2 - CRLF Injection via Forgot Password XML Subject
CVE-2009-0720
HP OpenView Network Node Manager <7.53 - RCE
CVE-2009-1512
X-Forum 0.6.2 - Authenticated PHP Code Injection via adminEMail Parameter
CVE-2009-1429
Symantec AntiVirus < 9.0 and 10.0-10.1 - Remote Code Execution via Crafted Packet
CVE-2009-1463
razorcms < 0.4 - Unauthenticated Static Code Injection via PHP File Upload
CVE-2009-1452
SMA-DB 0.3.13 - Remote Code Execution via _page_css or _page_javascript Parameter
CVE-2009-1450
SMA-DB 0.3.12 - Remote Code Execution via _page_content Parameter
CVE-2009-1444
WebPortal CMS 0.8-beta - Remote Code Execution via lib_path Parameter
CVE-2009-1285
phpMyAdmin < 3.1.3.2 - Remote Code Injection via ConfigFile.class.php
CVE-2009-0552
Microsoft Internet Explorer <6 - RCE
CVE-2009-0084
Microsoft DirectX 8.1 and 9.0 - Use-After-Free via Malformed MJPEG Huffman Table
CVE-2009-1278
Gravity Board X 2.0 BETA - Remote Code Injection via Configure Action
CVE-2009-1144
Xpdf - Untrusted Search Path Privilege Escalation via xpdfrc File
CVE-2009-1248
Acute Control Panel 1.0.0 - Remote Code Execution via Theme Directory Parameter
CVE-2009-0556 HIGH KEV
Microsoft Office PowerPoint <2004 - RCE
CVSS 8.8
CVE-2009-1230
podcast_generator <= 1.1 - Authenticated PHP Code Injection via Recent Parameter
CVE-2009-1151 CRITICAL KEV
phpMyAdmin 2.11.0-2.11.9.4 and 3.x < 3.1.3.1 - Remote Code Injection via Setup Configuration Save
CVSS 9.8
Details
Vulnerabilities 6,548
Exploit Likelihood Medium