CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,549 vulnerabilities with CWE-94
CVE-2008-1776
phpblock A8.4 - Remote Code Execution via PATH_TO_CODE Parameter
CVE-2008-1760
blogator-script < 1.00 - Remote Code Execution via incl_page Parameter
CVE-2008-1712
mxBB 2.0.0 beta - Remote Code Execution via mx_root_path Parameter
CVE-2008-0083
Windows 2000, 2003 Server, XP - Remote Code Execution via Script Decoding Flaw
CVE-2008-1084
Microsoft Windows Kernel - Local Code Execution via NtUserFnOUTSTRING Input Validation
CVE-2008-1085
Microsoft Internet Explorer <7 - Use After Free
CVE-2008-1086
Internet Explorer - Remote Code Execution via HxTocCtrl ActiveX Control
CVE-2008-1089
Microsoft Visio 2002 SP2, 2003 SP2-SP3, and 2007 up to SP1 - Remote Code Execution via Crafted Object Header Data
CVE-2008-1682
Joomla! com_onlineflashquiz 1.0.2 - RCE
CVE-2008-1016
Apple QuickTime < 7.4.5 - Remote Code Execution via Crafted Movie Media Tracks
CVE-2008-1622
GeeCarts - Remote Code Execution via id Parameter in show.php search.php and view.php
CVE-2008-1609
jaf_cms 4.0 RC2 - Remote Code Execution via URL Parameter Injection
CVE-2008-1233
Mozilla Firefox < 2.0.0.12, SeaMonkey < 1.1.8, Thunderbird < 2.0.0.12 - RCE via XPCNativeWrapper Pollution
CVE-2008-1511
CRITICAL
ooComments 1.0 - Remote File Inclusion via PathToComment Parameter
CVSS 9.8
CVE-2008-1505
SSTREAMTV custompages < 1.1 - Remote Code Execution via cpage Parameter
CVE-2008-0951
Microsoft Windows Vista - Arbitrary Code Execution via Autorun.inf Handling
CVE-2008-1466
W-Agora 4.0 - Remote Code Execution
CVE-2008-1467
CenterIM <4.22.3 - Command Injection
CVE-2008-1201
Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 - Remote Code Execution via Crafted FLA File
CVE-2008-1405
fuzzylime (cms) 3.01 - Remote Code Execution via admindir Parameter
CVE-2008-1416
phpauction_gpl 2.51 - Remote Code Execution via include_path Parameter
CVE-2008-0060
Mac OS X 10.4.11 and 10.5.2 - Remote Code Execution via Help Viewer URL Injection
CVE-2008-1370
wildmary Yap Blog 1.1 - Remote File Inclusion Code Execution
CVE-2008-1368
Microsoft Internet Explorer 5-6 - CRLF Injection
CVE-2008-0110
Microsoft Office Outlook 2000 SP3, XP SP3, 2003 SP2-SP3 - Remote Code Execution via Crafted mailto URI
Details
Vulnerabilities
6,549
Exploit Likelihood
Medium