CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,548 vulnerabilities with CWE-94
CVE-2009-1064
Orbit Downloader <= 2.8.7 - Arbitrary File Write via ActiveX Control Argument Injection
CVE-2009-1102
Java SE JDK and JRE 6 Update 12 and earlier - Remote Code Execution via Code Generation
CVE-2009-1088
Hannon Hill Cascade Server 5.7 - Authenticated Remote Code Execution via XSLT Stylesheet
CVE-2009-1083
Sun Java System Identity Manager 7.0-8.0 - Remote Code Execution via Resource Adapter Password Control Characters
CVE-2009-1025
Beerwin PHPLinkAdmin 1.0 - Remote Code Execution via Page Parameter
CVE-2009-0970
PHP Pro Bid 6.05 - Remote Code Execution via fileExtension Parameter
CVE-2009-0966
YABSoft Mega File Hosting 1.2 - Remote Code Execution via URL Parameter in cross.php
CVE-2009-0191
Foxit Reader 2.3-3.0 - Remote Code Execution via JBIG2 Symbol Dictionary Segment
CVE-2009-0820
phpScheduleIt <1.2.11 - Code Injection
CVE-2009-0811
SopCast SopCore ActiveX <3.0.3.501 - RCE
CVE-2009-0759
ZNC < 0.066 - Authenticated CRLF Injection in Webadmin
CVE-2009-0208
HP Virtual Rooms Client <7.0.1 - RCE
CVE-2009-0625
Cisco ACE 4710 and Application Control Engine Module - Denial of Service via SNMPv3 Packet
CVE-2009-0238
HIGH
KEV
Microsoft Excel 2000 SP3-2007 SP1 - Remote Code Execution via Crafted Excel Document
CVSS 8.8
CVE-2009-0701
Cybershade CMS 0.2b - Remote Code Execution via THEME_header and THEME_footer Parameters
CVE-2009-0677
RavenNuke 2.30 - Authenticated Remote Code Execution via Your Account Module Avatarlist preg_replace
CVE-2009-0674
RavenNuke 2.30 - Path Disclosure via aFonts Array Parameter
CVE-2009-0673
RavenNuke 2.30 - Authenticated PHP Code Injection via Your Account Custom Fields
CVE-2009-0643
Simple PHP News 1.0 - Code Injection
CVE-2009-0639
phpyabs 0.1.2 - Remote Code Execution via Azione Parameter
CVE-2009-0610
Simple PHP News 1.0 final - Code Injection
CVE-2009-0595
phpSkelSite 1.4 - Remote Code Execution via Theme Parameter
CVE-2009-0572
FlatnuX CMS - Remote Code Execution
CVE-2009-0530
SnippetMaster 2.2.2 - Remote Code Execution via PHP File Inclusion
CVE-2009-0527
AdaptCMS Lite 1.4 - Remote Code Execution via RSS Importer Sitepath Parameter
Details
Vulnerabilities
6,548
Exploit Likelihood
Medium