Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,465)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-0603 1Attachmate 1Reflection Ftp Client May 6, 2026 Feb 6, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service (memory corruption) and execute arbitrary code via vectors related to the (1) GetGl...Show more The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service (memory corruption) and execute arbitrary code via vectors related to the (1) GetGlobalSettings or (2) GetSiteProperties3 methods, which triggers a dereference of an arbitrary memory address. NOTE: this issue was MERGED with CVE-2014-0606 because it is the same type of vulnerability, affecting the same set of versions, and discovered by the same researcher.Show less
CVE-2015-1311 1Sap 1Hana Extended Application Services May 6, 2026 Jan 22, 2015 N/A· v4 N/A· v3 10.0 HIGH· v2 The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details ar...Show more The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2015-0925 1Ipass 1Ipass Open Mobile May 6, 2026 Jan 22, 2015 N/A· v4 N/A· v3 9.0 HIGH· v2 The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached throug...Show more The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname.Show less
CVE-2015-1059 1Insanevisions 1Adaptcms May 6, 2026 Jan 16, 2015 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request...Show more Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads.Show less
CVE-2014-8636 1Mozilla 2Firefox Seamonkey May 6, 2026 Jan 14, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaSc...Show more The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.Show less
CVE-2014-9567 1Projectsend 1Projectsend May 6, 2026 Jan 7, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing...Show more Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.Show less
CVE-2014-9521 1Infinitewp 1Infinitewp May 6, 2026 Jan 5, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a...Show more Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file with a double extension, then accessing it via a direct request to the file in the uploads directory, as demonstrated by the .php.swp filename.Show less
CVE-2014-2208 1Facebook 1Hiphop Virtual Machine May 6, 2026 Dec 28, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by ente...Show more CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.Show less
CVE-2014-6119 1Ibm 2Security Appscan Security Appscan Source May 6, 2026 Dec 23, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to...Show more IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to execute arbitrary code via a crafted executable file in an archive.Show less
CVE-2014-9185 1Morfy Cms Project 1Morfy Cms May 6, 2026 Dec 19, 2014 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the site_url parameter.
CVE-2014-6261 1Zenoss 1Zenoss Core May 6, 2026 Dec 15, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that...Show more Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657.Show less
CVE-2014-7260 1Ultrapop 1I Httpd May 6, 2026 Dec 12, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The Server Side Includes (SSI) implementation in the File Upload BBS component in ULTRAPOP.JP i-HTTPD allows remote attackers to execute arbitrary commands by uploading files containing commands in SSI directives.
CVE-2014-7192 1Joyent 1Node.js May 6, 2026 Dec 11, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code vi...Show more Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file.Show less
CVE-2014-6361 1Microsoft 2Excel Office Compatibility Pack May 6, 2026 Dec 11, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Excel Inva...Show more Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Excel Invalid Pointer Remote Code Execution Vulnerability."Show less
CVE-2014-6360 1Microsoft 2Excel Office Compatibility Pack May 6, 2026 Dec 11, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Global Free Remote Code Execution in Excel Vulnerability."
CVE-2014-6356 1Microsoft 2Office Compatibility Pack Word May 6, 2026 Dec 11, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Invalid Index Remote Code Execution Vul...Show more Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Invalid Index Remote Code Execution Vulnerability."Show less
CVE-2014-9164 1Adobe 1Flash Player May 6, 2026 Dec 10, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption...Show more Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0587.Show less
CVE-2014-9158 3Adobe AppleMicrosoft 4Acrobat Acrobat ReaderMac Os X+1 more May 6, 2026 Dec 10, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vul...Show more Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-8461.Show less
CVE-2014-8461 3Adobe AppleMicrosoft 4Acrobat Acrobat ReaderMac Os X+1 more May 6, 2026 Dec 10, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vul...Show more Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-9158.Show less
CVE-2014-8459 3Adobe AppleMicrosoft 4Acrobat Acrobat ReaderMac Os X+1 more May 6, 2026 Dec 10, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vul...Show more Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8461, and CVE-2014-9158.Show less

Previous 1...223224225...324 Next