Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,471)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-16670 1Smartbear 1Soapui Nov 21, 2024 Feb 19, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file.
CVE-2018-6889 1Typesettercms 1Typesetter Nov 21, 2024 Feb 12, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger ar...Show more An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction.Show less
CVE-2018-6574 3Debian GolangRedhat 6Debian Linux Enterprise Linux ServerEnterprise Linux Server Aus+3 more Nov 21, 2024 Feb 7, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -p...Show more Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.Show less
CVE-2018-0007 1Juniper 1Junos Nov 21, 2024 Jan 10, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check co...Show more An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a denial of service. Further crafted packets may be able to sustain the denial of service condition. Score: 6.5 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Further, if the attacker is authenticated on the target device receiving and processing the malicious LLDP packet, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over the target device thereby elevating their permissions and privileges, and taking control of the device. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to one or more local segments, via LLDP proxy / tunneling agents or other LLDP through Layer 3 deployments, through one or more local segment broadcasts, may be able to cause multiple Junos devices to enter an improper boundary check condition allowing a memory corruption to occur, leading to multiple distributed Denials of Services. These Denials of Services attacks may have cascading Denials of Services to adjacent connected devices, impacts network devices, servers, workstations, etc. Further crafted packets may be able to sustain these Denials of Services conditions. Score 6.8 MEDIUM (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H) Further, if the attacker is authenticated on one or more target devices receiving and processing these malicious LLDP packets, while receiving the crafted packets, the attacker may be able to perform command or arbitrary code injection over multiple target devices thereby elevating their permissions and privileges, and taking control multiple devices. Score: 7.8 HIGH (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D46, 14.1X53-D50, 14.1X53-D107; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F2-S17, 15.1F5-S8, 15.1F6-S8, 15.1R5-S7, 15.1R7; 15.1X49 versions prior to 15.1X49-D90; 15.1X53 versions prior to 15.1X53-D65; 16.1 versions prior to 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2; 17.1 versions prior to 17.1R2. No other Juniper Networks products or platforms are affected by this issue.Show less
CVE-2018-2363 1Sap 2Business Application Software Integrated Solution Netweaver Nov 21, 2024 Jan 9, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore con...Show more SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. A malicious user can therefore control the behaviour of the system or can potentially escalate privileges by executing malicious code without legitimate credentials.Show less
CVE-2017-16905 1Duolingo 1Tinycards Nov 21, 2024 Jan 5, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack.
CVE-2017-1000480 1Smarty 1Smarty Nov 21, 2024 Jan 3, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
CVE-2017-17098 1Gps Server 1Gps Tracking Software Nov 21, 2024 Jan 2, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log view...Show more The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request.Show less
CVE-2017-17649 1Readymade Video Sharing Script Project 1Readymade Video Sharing Script May 13, 2026 Dec 18, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.
CVE-2017-16682 1Sap 2Business Application Software Integrated Solution Netweaver Internet Transaction Server May 13, 2026 Dec 12, 2017 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application...Show more SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.Show less
CVE-2017-1336 1Ibm 1Infosphere Biginsights May 13, 2026 Dec 7, 2017 N/A· v4 4.4 MEDIUM· v3 3.6 LOW· v2 IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. IBM X-Force ID: 126244.
CVE-2016-5713 1Puppet 1Puppet Agent May 13, 2026 Dec 6, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug...Show more Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.Show less
CVE-2017-14198 1Squiz 1Matrix May 13, 2026 Nov 30, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. Authenticated users with permissions to edit design assets can cause Remote Code Execution (RCE) via a maliciously crafted time_format tag.
CVE-2017-1001004 1Typed Function Project 1Typed Function May 13, 2026 Nov 27, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
CVE-2017-1001002 1Mathjs 1Math.js May 13, 2026 Nov 27, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
CVE-2017-16664 2Debian Otrs 2Debian Linux Otrs May 13, 2026 Nov 21, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell...Show more Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.Show less
CVE-2017-16544 5Busybox CanonicalDebian+2 more 6Busybox Debian LinuxEsxi+3 more May 13, 2026 Nov 20, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any...Show more In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.Show less
CVE-2017-14077 1Phpcaptcha 1Securimage May 13, 2026 Nov 18, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.
CVE-2017-16871 1Updraftplus 1Updraftplus May 13, 2026 Nov 17, 2017 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associat...Show more The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross a privilege boundaryShow less
CVE-2017-1000196 1Octobercms 1October May 13, 2026 Nov 17, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server.

Previous 1...215216217...324 Next