Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,465)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-8458 3Adobe AppleMicrosoft 4Acrobat Acrobat ReaderMac Os X+1 more May 6, 2026 Dec 10, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vul...Show more Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.Show less
CVE-2014-8456 3Adobe AppleMicrosoft 4Acrobat Acrobat ReaderMac Os X+1 more May 6, 2026 Dec 10, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vul...Show more Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.Show less
CVE-2014-8447 3Adobe AppleMicrosoft 4Acrobat Acrobat ReaderMac Os X+1 more May 6, 2026 Dec 10, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vul...Show more Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.Show less
CVE-2014-8445 3Adobe AppleMicrosoft 4Acrobat Acrobat ReaderMac Os X+1 more May 6, 2026 Dec 10, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vul...Show more Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.Show less
CVE-2014-0587 1Adobe 1Flash Player May 6, 2026 Dec 10, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption...Show more Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9164.Show less
CVE-2014-8485 3Canonical FedoraprojectGnu 3Binutils FedoraUbuntu Linux May 6, 2026 Dec 9, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an EL...Show more The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.Show less
CVE-2014-9280 1Mantisbt 1Mantisbt May 6, 2026 Dec 8, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter.
CVE-2014-9266 1Samsung 1Smart Viewer May 6, 2026 Dec 8, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-8877 1Creative Minds 1Cm Download Manager May 6, 2026 Dec 5, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearc...Show more The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.Show less
CVE-2014-8791 1Enalean 1Tuleap May 6, 2026 Dec 2, 2014 N/A· v4 N/A· v3 6.0 MEDIUM· v2 project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
CVE-2014-3065 1Ibm 1Java May 6, 2026 Dec 2, 2014 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local...Show more Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache.Show less
CVE-2014-8551 1Siemens 4Simatic Pcs7 Simatic Pcs 7Simatic Tiaportal+1 more May 6, 2026 Nov 26, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers...Show more The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.Show less
CVE-2014-9001 1Incrediblepbx 1Incredible Pbx 11 May 6, 2026 Nov 20, 2014 N/A· v4 N/A· v3 6.5 MEDIUM· v2 reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTP...Show more reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters.Show less
CVE-2014-8998 1X7chat 1X7 Chat May 6, 2026 Nov 20, 2014 N/A· v4 N/A· v3 6.5 MEDIUM· v2 lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switc...Show more lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.Show less
CVE-2014-8997 1Digitalvidhya 1Digi Online Examination System May 6, 2026 Nov 20, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, th...Show more Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/.Show less
CVE-2014-8949 1Imember360 1Imember360 May 6, 2026 Nov 16, 2014 N/A· v4 N/A· v3 6.0 MEDIUM· v2 The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with...Show more The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges.Show less
CVE-2014-0233 1Redhat 1Openshift May 6, 2026 Nov 16, 2014 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file:...Show more Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow remote authenticated users to execute arbitrary commands via shell metacharacters in a directory name that is referenced by a cartridge using the file: URI scheme.Show less
CVE-2012-2301 1Ubercart 1Ubercart May 6, 2026 Nov 16, 2014 N/A· v4 N/A· v3 6.0 MEDIUM· v2 The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.
CVE-2014-8770 1Magmi Project 1Magmi May 6, 2026 Nov 13, 2014 N/A· v4 N/A· v3 9.0 HIGH· v2 Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary...Show more Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.Show less
CVE-2014-0586 1Adobe 4Air Air SdkAir Sdk & Compiler+1 more May 6, 2026 Nov 11, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler be...Show more Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0590.Show less

Previous 1...224225226...324 Next