CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,552 vulnerabilities with CWE-94
CVE-2007-0994
Mozilla Firefox <2.0.0.2 & SeaMonkey <1.1.1 - XSS
CVE-2007-1247
aWebNews 1.5 - Remote Code Execution via path_to_news Parameter
CVE-2007-1253
Blender < 2.43 - Remote Code Execution via Crafted KML/KMZ File Import
CVE-2007-1233
stwc-counter < 3.4.0 - Remote Code Execution via stwc_counter_verzeichniss Parameter
CVE-2007-1139
Cromosoft Simple Plantilla PHP - Unrestricted File Upload via Double Extension
CVE-2007-1141
Magic News Plus 1.0.2 - Remote Code Execution via php_script_path Parameter
CVE-2007-1147
hbm - Remote Code Execution via hbmpath Parameter
CVE-2007-1148
LoveCMS 1.4 - Remote Code Execution via Install Step Parameter
CVE-2007-1153
CuteNews 1.3.6 - Remote Code Execution via PHP File Inclusion
CVE-2007-1164
DBImageGallery 1.2.2 - Remote Code Execution via donsimg_base_path Parameter
CVE-2007-1165
DBGuestbook 1.1 - Remote Code Execution via dbs_base_path Parameter
CVE-2007-1093
JP1/Cm2/Network Node Manager <07-10-05 - RCE/DoS
CVE-2007-1078
FlashGameScript 1.5.4 - Remote Code Execution via index.php func Parameter
CVE-2007-1055
MediaWiki < 1.8.2 - Cross-Site Scripting via AJAX rs Parameter
CVE-2007-0983
AT Contenator < 1.0 - Remote Code Execution via Root_To_Script Parameter
CVE-2007-0986
Jupiter CMS 1.1.5 - Remote Code Execution via FTP URL in Index.php
CVE-2007-0209
Microsoft Office 2000/2003/XP/2004 for Mac - Remote Code Execution via Malformed Drawing Object
CVE-2007-0025
Microsoft Visual Studio .NET and Windows 2003 Server - Remote Code Execution via Malformed RTF OLE Object
CVE-2007-0862
gnopaste < 0.5.3 - Remote Code Execution via GNP_REAL_PATH Parameter
CVE-2007-0854
cPanel WebHost Manager - Remote File Inclusion via obj Parameter
CVE-2007-0831
atsphp 5.0.1 - Remote Code Execution via CONF[path] Parameter
CVE-2007-0699
Guernion Sylvain Portail Web Php <2.5.1.1 - RCE
CVE-2007-0675
Windows Vista - Unauthenticated Arbitrary File Deletion via Speech Recognition ActiveX Control
CVE-2007-0649
OpenEMR < 2.8.2 - Remote Code Execution via Variable Overwrite in interface/globals.php
CVE-2007-0499
phpIndexPage <= 1.0.1 - Remote Code Execution via env[inc_path] Parameter
Details
Vulnerabilities 6,552
Exploit Likelihood Medium