CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,554 vulnerabilities with CWE-94
CVE-2006-2122
CoolMenus - Remote File Inclusion via Page Parameter
CVE-2006-1890
myWebland myEvent 1.2 - Remote Code Execution via myevent_path Parameter
CVE-2006-1896
phpBB - Authenticated PHP Code Execution via Font Colour 3 or Signature Values
CVE-2006-1781
Circle R Monster Top List < 1.4.2 - Remote Code Execution via Root Path Parameter
CVE-2006-1749
phpListPro <= 2.01 - Remote Code Execution via config.php returnpath Parameter
CVE-2006-1688
SQuery 4.5- - Remote Code Execution
CVE-2006-1636
VWar <= 1.5.0 R12 - Remote Code Execution via vwar_root Parameter
CVE-2006-1610
SQuery <4.5 - Remote Code Execution
CVE-2006-1540
Microsoft Office - Remote Code Execution via Malformed Document Record
CVE-2006-1503
Virtual War <1.5.0 R11 - Code Injection
CVE-2006-1491
Horde Application Framework <3.0.10, <3.1.1 - Code Injection
CVE-2006-1371
Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 - Authenticated RCE
CVE-2006-1359
Microsoft Internet Explorer <7 - RCE/DoS
CVE-2006-1251
sa-exim 4.2 - Arbitrary File Deletion via Unquoted To Field in greylistclean.cron
CVE-2006-0397
Apple Mac OS X 10.4-10.4.5 - Unprotected User Data Exposure via File Type Spoofing
CVE-2006-0398
Mac OS X 10.4-10.4.5 - Unprotected User Data Exposure via File Type Spoofing
CVE-2006-0399
Apple Mac OS X 10.4-10.4.5 - Unprotected User Data Exposure via File Type Spoofing
CVE-2006-1154
Fantastic News 2.1.2 and 2.1.4 - Remote File Inclusion via CONFIG[script_path] Parameter
CVE-2006-1031
iGENUS Webmail <= 2.02 - Remote File Inclusion via SG_HOME Parameter
CVE-2006-1039
SAP Web Application Server - HTTP Response Injection via Encoded Headers
CVE-2006-0388
macOS 10.3-10.4.4 - Remote Code Execution via Safari HTTP Redirection
CVE-2006-0945
Archangel Weblog 0.90.02 - Authenticated Remote Code Execution via admin/index.php index Parameter
CVE-2006-0887
PHPLib < 7.4a - Remote Code Execution via Base64-Encoded Cookie
CVE-2006-0854
Intensive Point iUser Ecommerce - Remote File Inclusion via Uninitialized include_path Variable
CVE-2006-0723
Magic News Lite 1.2.3 - Remote File Inclusion via php_script_path Parameter
Details
Vulnerabilities
6,554
Exploit Likelihood
Medium