CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,549 vulnerabilities with CWE-94
CVE-2008-0111
Microsoft Excel 2000 SP3-2007 - Remote Code Execution via Crafted Data Validation Records
CVE-2008-0112
Microsoft Excel 2000 SP3 and Office for Mac 2004/2008 - Remote Code Execution via Crafted SLK File Import
CVE-2008-0113
Microsoft Office Excel Viewer 2003 up to SP3 - Remote Code Execution via Malformed Cell Comments
CVE-2008-0114
Microsoft Excel 2000 SP3-2003 SP2, Viewer 2003, Office for Mac 2004 - RCE via Crafted Style Records
CVE-2008-0115
Microsoft Excel 2000-2007, Viewer 2003, Compatibility Pack, Office for Mac 2004 - RCE via Malformed Formulas
CVE-2008-0116
Microsoft Excel 2000-2003, Viewer 2003, Compatibility Pack, Office 2004-2008 for Mac - RCE via Malformed RTF Tags
CVE-2008-0118
Microsoft Office 2000/2003/XP, Excel Viewer 2003, Office 2004 for Mac - RCE via Crafted Document
CVE-2008-0300
Mapbender 2.4-2.4.4 - Remote Code Execution via mapFiler.php Factor Parameter
CVE-2008-1217
IBM Lotus Notes 6.5, 7.0.x-7.0.2 CCH, 8.0.x-8.0.1 - Remote Code Execution via Crafted Email Attachment
CVE-2008-1214
Numara FootPrints 8.1 - Remote Code Execution via PROJECTNUM Parameter
CVE-2008-1170
KCWiki 1.0 - Remote Code Execution via Page Parameter File Inclusion
CVE-2008-1171
123 Flash Chat Module for phpBB - Remote File Inclusion via phpbb_root_path Parameter
CVE-2008-1136
SynCE vdccm 0.92-0.10.0 - Remote Code Execution via TCP Port 5679
CVE-2008-1128
phpmytourney 2 - Remote Code Execution via tourney/index.php page Parameter
CVE-2008-1123
SiteBuilder Elite 1.2 - Remote Code Execution via CarpPath Parameter
CVE-2008-1124
Podcast Generator <1.0 BETA 2 - RCE
CVE-2008-1126
Barryvan Compo Manager 0.3 - Remote Code Execution via main.php pageURL Parameter
CVE-2008-1081
Opera < 9.26 - Remote Code Execution via Image Comment Script Injection
CVE-2008-1074
GROUP-E 1.6.41 - Remote Code Execution via CFG[PREPEND_FILE] Parameter
CVE-2008-1067
phpQLAdmin 2.2.7 - Remote Code Execution via _SESSION[path] Parameter
CVE-2008-1068
Portail Web Php < 2.5.1.1 - Remote Code Execution via site_path Parameter
CVE-2008-1069
Quantum Game Library 0.7.2c - Remote Code Execution via CONFIG[gameroot] Parameter
CVE-2008-1059
Sniplets Plugin 1.1.2 and 1.2.2 - Remote Code Execution via libpath Parameter
CVE-2008-1060
Sniplets Plugin 1.1.2 and 1.2.2 - Remote Code Execution via Text Parameter
CVE-2008-1038
DBHcms - Remote Code Execution via extmanager_install Parameter
Details
Vulnerabilities 6,549
Exploit Likelihood Medium