CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,549 vulnerabilities with CWE-94
CVE-2008-5922
CFAGCMS 1 - Remote Code Execution via Main or Right Parameter Injection
CVE-2008-5920
WebSVN 1.x - Remote Code Execution via Username preg_replace Eval Switch
CVE-2008-4835 CRITICAL
Microsoft Windows - Remote Code Execution via Malformed SMB NT Trans2 Request
CVSS 9.8
CVE-2008-5517
git < 1.5.6 - Remote Code Execution via gitweb Shell Metacharacters
CVE-2008-5866
Proxim Wireless Tsunami MP.11 2411 - Info Disclosure
CVE-2008-2383
xterm - Command Injection via DECRQSS Escape Sequence
CVE-2008-5801
TYPO3 Dictionary Extension < 0.1.9 - Remote Code Execution
CVE-2008-5793
recly clickheat-heatmap 1.0.1 - Remote Code Execution via PHP File Inclusion
CVE-2008-5792
Indiscripts Enthusiast <3.1.4 - RCE
CVE-2008-5790
Recly!Competitions 1.0 - Remote Code Execution via PHP File Inclusion
CVE-2008-5789
Joomla! Recly Interactive Feederator 1.0.5 - RCE
CVE-2008-5764
WorkSimple 1.2.1 - Remote Code Execution via Lang Parameter
CVE-2008-5763
Simple Text-File Login Script <1.0.6 - RCE
CVE-2008-5750
Microsoft Internet Explorer 8 beta 2 - Command Injection
CVE-2008-5749
Google Chrome <1.0.154.36 - Command Injection
CVE-2008-4305
php-collab < 2.5 - Authenticated PHP Code Injection via URI Parameter
CVE-2008-2434
Trend Micro HouseCall 6.51.0.1028 and 6.6.0.1278 - Remote Code Execution via Custom Update Server Argument
CVE-2008-5694
Sandbox 1.4.1 - Remote Code Execution via PHP File Inclusion
CVE-2008-5671
Joomla 1.0.11-1.0.14 - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2008-5499
Adobe Flash Player ActionScript Launch Command Execution Vulnerability
CVE-2008-5619
Chuggnutt HTML to Text Converter <5.2.10 - RCE
CVE-2008-5585
lcxBBportal 0.1 Alpha 2 - Remote Code Execution via phpbb_root_path Parameter
CVE-2008-5577
scssboard 1.0-1.12 - Remote Code Execution via index.php inc_function Parameter
CVE-2008-4024
Microsoft Office <2004 for Mac - Code Injection
CVE-2008-5305
TWiki < 4.2.4 - Remote Code Execution via SEARCH Variable
Details
Vulnerabilities 6,549
Exploit Likelihood Medium