CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,554 vulnerabilities with CWE-94
CVE-2006-3846
Mambo MultiBanners 1.0.1 - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2006-3847
MoSpray 1.8 RC1 - Remote Code Execution via basedir Parameter
CVE-2006-3773
SMF-Forum Bridge Component for Mambo - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2006-3774
Joomla perForms Component < 1.0 - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2006-3776
IDevSpot AutoHost and PhpHostBot - Remote Code Execution via order/index.php page Parameter
CVE-2006-3777
IDevSpot PhpLinkExchange 1.0 - Remote Code Execution via Page Parameter
CVE-2006-3730 HIGH
Microsoft IE - Code Injection
CVSS 8.8
CVE-2006-3748
LoudMouth Component for Mambo - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2006-3749
Mambo Sitemap 2.0.0 - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2006-3750
Hashcash Component for Joomla! 1.2.1 - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2006-3751
htmlarea3 - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2006-1301
Microsoft Excel <2005 - Code Injection
CVE-2006-1308
Microsoft Excel 2000-2004 - Remote Code Execution via Crafted FNGROUPCOUNT Value
CVE-2006-1309
Microsoft Excel <2005 - Code Injection
CVE-2006-1304
Microsoft Excel 2000-2003 - Remote Code Execution via Crafted COLINFO Record
CVE-2006-1306
Microsoft Excel 2000-2004 - Remote Code Execution via Crafted BIFF Record
CVE-2006-2388
Microsoft Excel 2000-2004 - Remote Code Execution via Malformed Cell Comments
CVE-2006-3562
plume_cms 1.0.4 - Remote Code Execution via _PX_config[manager_path] Parameter
CVE-2006-3556
ExtCalendar 2.0 - Remote File Inclusion Code Execution
CVE-2006-3530
Joomla pc_cookbook - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2006-3528
Simpleboard < 1.1.0 - Remote Code Execution via PHP File Inclusion in sbp Parameter
CVE-2006-1316
Microsoft Office < - Code Injection
CVE-2006-2389
Microsoft Office - Remote Code Execution via Malformed Property Record Length
CVE-2006-3395
SiteBuilder-FX 3.5 - Remote Code Execution via admindir Parameter
CVE-2006-3396
Galleria Mambo Module <= 1.0 - Remote Code Execution via mosConfig_absolute_path Parameter
Details
Vulnerabilities 6,554
Exploit Likelihood Medium