CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,550 vulnerabilities with CWE-94
CVE-2007-4464
Fileinfo Plugin 2.0.9 - CRLF Injection in PE File IMAGE_EXPORT_DIRECTORY
CVE-2007-3037
Windows Media Player 7.1, 9, 10, 11 - Remote Code Execution via Crafted Skin File Header
CVE-2007-4339
PHPCentral Poll Script 1.0 - Remote Code Execution via _SERVER[DOCUMENT_ROOT] Parameter
CVE-2007-4342
PHPCentral Login 1.0 - Remote Code Execution via _SERVER[DOCUMENT_ROOT] Parameter
CVE-2007-4328
Mapos Bilder Galerie - Remote Code Execution via config[root_ordner] Parameter
CVE-2007-4290 CRITICAL
Guestbook Script 1.9 - Remote Code Execution via script_root Parameter
CVSS 9.8
CVE-2007-4244
J! Reactions < 1.8.1 - Remote Code Execution via comPath Parameter
CVE-2007-4187
Joomla! 1.5 beta - Remote Code Execution via com_search searchword Parameter
CVE-2007-4169
vgallite - Remote File Inclusion via dirpath Parameter
CVE-2007-4038
Mozilla Firefox <2.0.0.5 - Command Injection
CVE-2007-4009
Parallels Confixx 2.0.12-3.3.1 - Remote Code Execution via thisdir Parameter
CVE-2007-3773
Generic YouTube Clone Script - Cross-Site Request Forgery in Email-Template Module
CVE-2007-3586
MyCMS < 0.9.8 - Remote Code Execution via Score Parameter or Login Cookie
CVE-2007-3550
Microsoft Internet Explorer 6.0 and 7.0 - Denial of Service via Zone Domain Specification
CVE-2007-3303
Apache httpd 2.0.59 and 2.2.4 - Denial of Service via Worker Process Manipulation
CVE-2007-0218
Microsoft Internet Explorer 5.01 and 6 - Remote Code Execution via Urlmon.dll COM Object Instantiation
CVE-2007-3130
Joomla JD-Wiki 1.0.2 - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2007-2868
Mozilla Firefox <1.5.0.12 & Thunderbird <2.0.0.4 - DoS/Code Injection
CVE-2007-2899
NavBoard 2.6.0 - Remote Code Execution via admin_config.php Parameter Injection
CVE-2007-2900
Scallywag 2005-04-25 - Remote Code Execution via Path Parameter in Template.php
CVE-2007-2816
ol_bookmarks 0.7.4 - Remote Code Execution via Root Parameter in Theme Files
CVE-2007-2826
Madirish Webmail 2.0 - Remote Code Execution via GLOBALS[basedir] Parameter
CVE-2007-2609
gnu_edu 1.3b2 - Remote Code Execution via PHP File Inclusion
CVE-2007-2572
NoAh < 0.9_pre_1.2 - Remote Code Execution via tpls[1] Parameter
CVE-2007-2575
vm_watermark 0.4.1 - Remote Code Execution via GALLERY_BASEDIR Parameter
Details
Vulnerabilities 6,550
Exploit Likelihood Medium