CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,549 vulnerabilities with CWE-94
CVE-2008-3922
AWStats Totals 1.0-1.14 - Remote Code Execution via Sort Parameter
CVE-2008-3882
ZoneMinder <1.23.3 - Command Injection
CVE-2008-3737
La!Cooda WIZ <1.4.0 & LacoodaST <2.1.3 - RCE
CVE-2008-3769
Freeway 1.4.1.171 - Remote Code Execution via include_page Parameter
CVE-2008-3764
Turnkey PHP Live Helper <2.0.1 - Code Injection
CVE-2008-3721
DeeEmm CMS 0.7.4 - Remote Code Execution via Language Directory Parameter
CVE-2008-3707
CyBoards PHP Lite 1.21 - Remote File Inclusion via script_path Parameter
CVE-2008-2233
openwsman 1.2.0 and 2.0.0 - SSL Session Replay
CVE-2008-3018
Microsoft Office 2000/2003/XP, Converter Pack, Works 8 - RCE via Malformed PICT
CVE-2008-3648
Microsoft Windows XP - Remote Code Execution via nslookup.exe DNS Zone Transfer
CVE-2008-3595
txtSQL 2.2 Final - Remote File Inclusion Code Execution
CVE-2008-3592
Twentyone Degrees Symphony <1.7.01 - RCE
CVE-2008-3570
Africa Be Gone 1.0a - Remote Code Execution via abg_path Parameter
CVE-2008-3575
ezcontents_cms - Remote Code Execution via GLOBALS[gsLanguage] Parameter
CVE-2008-3509
LoveCMS 1.6.2 - Unauthenticated Remote Code Execution via Admin Panel
CVE-2008-3481
Coppermine Photo Gallery <1.4.18 - Info Disclosure
CVE-2008-3455
JnSHosts PHP Hosting Directory 2.0 - RCE
CVE-2008-3433
SpeedBit DAP <8.6.3.9 - Code Injection
CVE-2008-3434
Apple iTunes < 10.5.1 - Remote Code Execution via Trojan Horse Update
CVE-2008-3435
LinkedIn Browser Toolbar <3.0.3.1100 - RCE
CVE-2008-3436
Notepad++ < 4.8.1 - Remote Code Execution via Trojan Horse Update
CVE-2008-3437
OpenOffice.org <2.1.0 - Code Injection
CVE-2008-3439
SpeedBit Video Acceleration <2.2.1.8 - Code Injection
CVE-2008-3440
Sun Java <1.6.0_03 - Code Injection
CVE-2008-3441
Nullsoft Winamp <5.24 - Code Injection
Details
Vulnerabilities 6,549
Exploit Likelihood Medium