CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,549 vulnerabilities with CWE-94
CVE-2007-6542
Arcadem < 2.04 - Remote Code Execution via admin/frontpage_right.php loadadminpage Parameter
CVE-2007-6515
SiteScape Forum - Remote Code Execution via TCL Code Separator in Query String
CVE-2007-6485
Centreon 1.4.1 - Remote Code Execution via FileOreonConf Parameter
CVE-2007-6459
Anon Proxy Server 0.100-0.101 - Command Injection
CVE-2007-6464
Form Tools 1.5.0b - Remote Code Execution via g_root_dir Parameter
CVE-2007-6396
Flat PHP Board <1.2 - Code Injection
CVE-2007-6412
bitweaver < 2.0.0 - Remote Code Execution via Wiki Comments Edit Action
CVE-2007-6348
SquirrelMail 1.4.11 and 1.4.12 - Remote Code Execution via Trojaned PHP File Inclusion
CVE-2007-6347
ViArt CMS/HelpDesk/Shop Evaluation/Shop Free <3.3.2 - RCE
CVE-2007-6324
CityWriter 0.9.7 - Remote Code Execution via Path Parameter in head.php
CVE-2007-6325
Fastpublish CMS 1.9999 - Remote File Inclusion via config[fsBase] Parameter
CVE-2007-5344
Microsoft IE - Code Injection
CVE-2007-5351
Microsoft Windows Vista - Remote Code Execution via SMBv2 Packet
CVE-2007-6289
iptel serweb < 2.0.0dev1 - Remote Code Execution via _SERWEB[configdir] Parameter
CVE-2007-6296
phpMyChat 0.14.5 - Remote Code Execution via From Parameter in users_popupL.php3
CVE-2007-4575
OpenOffice < 2.3 - Remote Code Execution via Crafted Database Documents
CVE-2007-5615
Jetty < 6.1.6rc0 - HTTP Response Splitting via CRLF Injection
CVE-2007-6229
Rayzz Script 2.0 - Remote Code Execution via CFG[site][project_path] Parameter
CVE-2007-6231
tellmatic 1.0.7 - Remote Code Execution via tm_includepath Parameter
CVE-2007-6191
Armin Burger p.mapper <3.2.0 beta3 - RCE
CVE-2007-6177
PHP_CON 1.3 - Remote Code Execution via webappcfg[APPPATH] Parameter
CVE-2007-6139
Mp3 ToolBox 1.0 beta 5 - Remote Code Execution via Skin File Parameter
CVE-2007-6147
IAPR COMMENCE 1.3 - Remote Code Execution via PHP Remote File Inclusion
CVE-2007-6105
TalkBack 2.2.7 - Remote Code Execution via PHP File Inclusion
CVE-2007-6082
Sciurus Hosting Panel - Code Injection
Details
Vulnerabilities 6,549
Exploit Likelihood Medium