Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,464)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-0248 1Redhat 3Jboss Enterprise Application Platform Jboss Enterprise Web PlatformJboss Web Framework Kit May 6, 2026 Jul 7, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute ar...Show more org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted authentication header, related to Seam logging.Show less
CVE-2014-0602 1Microfocus 1Security Manager May 6, 2026 Jul 7, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in NetIQ Security Manager through 6.5.4 allows remote attackers to execute arbitrary code via unspecified vectors, a different...Show more Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in NetIQ Security Manager through 6.5.4 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3460.Show less
CVE-2014-4672 1Yiiframework 1Yiiframework May 6, 2026 Jul 3, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.
CVE-2013-6309 1Ibm 1Marketing Platform May 6, 2026 Jun 28, 2014 N/A· v4 N/A· v3 6.0 MEDIUM· v2 IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection.
CVE-2014-3011 1Ibm 1Openpages Grc Platform May 6, 2026 Jun 27, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to conduct link injection attacks via unspecified vectors.
CVE-2014-3496 1Redhat 2Openshift Openshift Origin May 6, 2026 Jun 20, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz,...Show more cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.Show less
CVE-2014-4152 1Alienvault 1Open Source Security Information Management May 6, 2026 Jun 18, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.
CVE-2014-4151 1Alienvault 1Open Source Security Information Management May 6, 2026 Jun 18, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.
CVE-2014-3805 1Alienvault 1Open Source Security Information Management May 6, 2026 Jun 13, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a differen...Show more The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.Show less
CVE-2014-3804 1Alienvault 1Open Source Security Information Management May 6, 2026 Jun 13, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sy...Show more The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.Show less
CVE-2013-5352 1Sharetronix 1Sharetronix May 6, 2026 Jun 13, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary PHP code via the (1) activities_text parameter to services/activities/set or (2) comments_text parameter to services/comments/set, whic...Show more Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary PHP code via the (1) activities_text parameter to services/activities/set or (2) comments_text parameter to services/comments/set, which is not properly handled when executing the preg_replace function with the e modifier.Show less
CVE-2014-3915 1Rocketsoftware 1Rocket Servergraph May 6, 2026 Jun 11, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat,...Show more The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command.Show less
CVE-2014-3911 1Samsung 1Ipolis Device Manager May 6, 2026 Jun 11, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other u...Show more Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.Show less
CVE-2014-2777 1Microsoft 1Internet Explorer May 6, 2026 Jun 11, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a differen...Show more Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-1778.Show less
CVE-2014-1774 1Microsoft 1Internet Explorer May 6, 2026 Jun 11, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a differen...Show more Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1788 and CVE-2014-2754.Show less
CVE-2014-1769 1Microsoft 1Internet Explorer May 6, 2026 Jun 11, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a differe...Show more Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.Show less
CVE-2013-1756 1Mark Evans 1Dragonfly Gem May 6, 2026 Jun 9, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.
CVE-2014-2051 1Owncloud 1Owncloud Server May 6, 2026 Jun 5, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."
CVE-2012-6143 1Ingy 1Spoon May 6, 2026 Jun 4, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is d...Show more Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.Show less
CVE-2012-6142 1Jochen Wiedmann 1Html\ May 6, 2026 Jun 4, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when...Show more Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.Show less

Previous 1...229230231...324 Next