CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,556 vulnerabilities with CWE-94
CVE-2005-2837
PlainBlack Software WebGUI <6.7.3 - Code Injection
CVE-2005-1527
awstats < 6.4 - Remote Code Execution via HTTP Referrer in URLPlugin
CVE-2005-2498
PHPXMLRPC < 1.1.1 - Remote Code Execution via Nested XML Tag Injection
CVE-2005-1921
PEAR XML_RPC < 1.3.0 and PHPXMLRPC < 1.1 - Remote Code Execution via Unsanitized XML Input
CVE-2005-1965
Broadpool Siteframe - Remote Code Execution via LOCAL_PATH Parameter
CVE-2005-1996
Bitrix Site Manager 4.0.x - Remote Code Execution via _SERVER[DOCUMENT_ROOT] Parameter
CVE-2005-1876
MEDIUM
CuteNews < 1.3.6 - Authenticated PHP Code Injection via Template File
CVSS 4.5
CVE-2005-1894
FlatNuke 2.5.3 - Remote Code Execution via Referer Header Injection
CVE-2005-0227
PostgreSQL 7.3.0-7.3.9 - Local Code Execution via LOAD Extension
CVE-2005-0679
Tell A Friend Script < 2.7 - Remote Code Execution via script_root Parameter
CVE-2005-0709
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10 - Authenticated Remote Code Execution via CREATE FUNCTION
CVE-2005-1155
Firefox - Remote Code Execution via Favicon JavaScript URL
CVE-2005-0748
WEBInsta Mailing list manager 1.3d - Remote Code Execution via initdb.php absolute_path Parameter
CVE-2005-0720
mcnews 1.3 - Remote Code Execution via Skinfile Parameter
CVE-2005-0103
SquirrelMail < 1.4.4 - Remote Code Execution via webmail.php URL Parameter
CVE-2004-1166
Microsoft IE - Code Injection
CVE-2004-1419
ZeroBoard - Remote Code Execution via _zb_path or dir Parameter Manipulation
CVE-2004-1423
php-calendar < 0.10.1 - Remote Code Execution via phpc_root_path Parameter
CVE-2004-2740
phprojekt - Remote File Inclusion via authform.inc.php path_pre Parameter
CVE-2004-0637
Oracle Database Server <9.2.0.4 - Privilege Escalation
CVE-2004-1926
TikiWiki CMS/Groupware < 1.8.1 - Remote Code Execution via User Profile or Directory Fields
CVE-2003-1599
WordPress 0.70 - Remote Code Execution via wp-links/links.all.php $abspath Variable
CVE-2003-1227
Gallery 1.4 and 1.4-pl1 - Remote Code Execution via GALLERY_BASEDIR Parameter
CVE-2003-1240
CuteNews 0.88 - Remote Code Execution via cutepath Parameter
CVE-2003-1253
Bookmark4U 1.8.3 - Remote Code Execution via Prefix Parameter
Details
Vulnerabilities
6,556
Exploit Likelihood
Medium