CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,549 vulnerabilities with CWE-94
CVE-2008-1043
Linux Web Shop php User Base 1.3 BETA - Remote Code Execution via Menu Parameter
CVE-2008-1046
Quinsonnas Mail Checker 1.55 - Remote Code Execution via footer.php op[footer_body] Parameter
CVE-2008-1051
phpProfiles 4.5.2 BETA - Remote Code Execution via include/body_comm.inc.php content Parameter
CVE-2008-0858
Kerio MailServer < 6.5.0 - Remote Code Execution via Visnetic Anti-Virus Plugin
CVE-2008-0804
Thecus N5200Pro NAS Server Control Panel - Remote Code Execution via usrgetform.html name Parameter
CVE-2008-0803
LookStrike Lan Manager 0.9 - Remote Code Execution via sys_conf[path][real] Parameter
CVE-2008-0786
Cacti 0.8.6-0.8.7 - HTTP Response Splitting via CRLF Injection
CVE-2008-0743
Joovili < 2.1 - Remote Code Execution via members_help.php hlp Parameter
CVE-2008-0076
Microsoft IE - Code Injection
CVE-2008-0078
Microsoft Internet Explorer - Remote Code Execution via Crafted Image
CVE-2008-0104
Microsoft Office Publisher 2000, 2002, and 2003 SP2 - Remote Code Execution via Crafted .pub File
CVE-2008-0075
Microsoft Internet Information Services 5.1-6.0 - Remote Code Execution via ASP Page Input
CVE-2008-0600
Linux Kernel 2.6.17-2.6.24.1 - Local Privilege Escalation via vmsplice_to_pipe Pointer Dereference
CVE-2008-0039
Apple Mail - Remote Code Execution via Crafted file:// URL
CVE-2008-0042
Apple Mac OS X 10.4.11 and 10.5-10.5.1 - Remote Code Execution via Terminal.app URL Scheme Handling
CVE-2008-0687
Youtube Clone Script - Stored Cross-Site Scripting via lang[please_wait] Parameter
CVE-2008-0417
Firefox < 2.0.0.11 - CRLF Injection in Password Store
CVE-2008-0043
Apple iPhoto < 7.1.2 - Remote Code Execution via Photocast Subscription
CVE-2008-0213
HP Virtual Rooms < 6 - Remote Code Execution via ActiveX Control
CVE-2008-0645
Portail Web Php 2.5.1.1 - Remote Code Execution via site_path Parameter
CVE-2008-0648
OpenSiteAdmin < 0.9.1.1 - Remote Code Execution via Path Parameter in Multiple Scripts
CVE-2008-0635
Openads 2.4.0-2.4.2 - Remote Code Execution
CVE-2008-0582
Skype 3.1-3.6.0.244 - Cross-Zone Scripting via Full Name Field in SkypeFind
CVE-2008-0583
Skype 3.6.0.244 and earlier - Cross-Zone Scripting via Metacafe Movie Metadata
CVE-2008-0566
DeltaScripts PHP Links 1.3 - Remote Code Execution via full_path_to_public_program Parameter
Details
Vulnerabilities 6,549
Exploit Likelihood Medium