CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,556 vulnerabilities with CWE-94
CVE-2006-0854
Intensive Point iUser Ecommerce - Remote File Inclusion via Uninitialized include_path Variable
CVE-2006-0723
Magic News Lite 1.2.3 - Remote File Inclusion via php_script_path Parameter
CVE-2006-0725
Plume CMS 1.0.2 - Remote File Inclusion via _PX_config[manager_path] Parameter
CVE-2006-0659
RunCMS < 1.2 - Remote Code Execution via bbPath[path] Parameter
CVE-2006-0565
Loudblog < 0.4 - Remote Code Execution via $GLOBALS[path] Parameter
CVE-2006-0332
Ecartis 1.0.0 snapshot 20050909 - Unauthenticated Arbitrary File Upload via Pantomime
CVE-2006-0308
htmltonuke 2.0 alpha - Remote Code Execution via filnavn Parameter
CVE-2006-0236
Mozilla Thunderbird 1.0.2, 1.0.6, 1.0.7 - Remote Code Execution via Filename Truncation
CVE-2006-0207
PHP 5.1.1 - HTTP Response Splitting via Set-Cookie Header
CVE-2006-0144
Apache2Triad - Remote Code Execution via Malicious Proxy Server Redirection
CVE-2006-0094
oaBoard 1.0 - Remote Code Execution via forum.php inc_stat Parameter
CVE-2006-0064
CubeCart - Remote Code Execution via glob[rootDir] Parameter
CVE-2005-4874
Mozilla 1.7.8 - Information Disclosure via XMLHttpRequest HTTP TRACE Method
CVE-2005-4573
Plogger Beta 2 - Remote Code Execution via config[basedir] Parameter
CVE-2005-4209
WorldClient webmail in Alt-N MDaemon 8.1.3 - Denial of Service via Subject Header Script Injection
CVE-2005-3859
Q-News 2.0 - Remote Code Execution via id Parameter
CVE-2005-3860
Oliver May Athena PHP Website Administration 0.1a - Remote Code Execution via athena_dir Parameter
CVE-2005-3861
phpgreetz < 0.99 - Remote Code Execution via content.php content Parameter
CVE-2005-3835
DeskLance < 2.3 - Remote Code Execution via Main Parameter File Inclusion
CVE-2005-3775
PollVote - Remote File Inclusion via pollname Parameter
CVE-2005-3650
First4Internet XCP DRM - Remote Code Execution via CodeSupport.ocx ActiveX Control
CVE-2005-3554
phpkit 1.6.1 R2 and earlier - Remote Code Execution via Uninitialized Variables
CVE-2005-3571
CodeGrrl PHPCalendar/PHPClique/PHPCurrently/PHPFanBase/PHPQuotes Remote File Inclusion
CVE-2005-3302
HIGH
Blender - Remote Code Execution via Malicious BVH File Hierarchy Element
CVSS 7.3
CVE-2005-2703
Firefox <1.0.7 & Mozilla Suite <1.7.12 - SSRF
Details
Vulnerabilities
6,556
Exploit Likelihood
Medium