Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,461)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-1939 2Google Lenovo 2Android Shareit Apr 29, 2026 Mar 3, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by...Show more java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.Show less
CVE-2014-2089 1Ilias 1Ilias Apr 29, 2026 Mar 2, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname.
CVE-2013-2817 1Mitsubishielectric 1Mc Worx Suite Apr 29, 2026 Feb 24, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client...Show more An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click.Show less
CVE-2014-0818 1Autodesk 1Autocad Apr 29, 2026 Feb 22, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path.
CVE-2013-6948 1Belkin 1Wemo Home Automation Firmware Apr 29, 2026 Feb 22, 2014 N/A· v4 N/A· v3 7.8 HIGH· v2 The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity re...Show more The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.Show less
CVE-2014-0294 1Microsoft 1Microsoft Forefront Protection 2010 Apr 29, 2026 Feb 12, 2014 N/A· v4 N/A· v3 10.0 HIGH· v2 Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerability."
CVE-2014-1670 1Microsoft 1Bing Apr 29, 2026 Jan 25, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response.
CVE-2014-1202 2Eviware Smartbear 2Soapui Soapui Apr 29, 2026 Jan 25, 2014 N/A· v4 N/A· v3 9.3 HIGH· v2 The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
CVE-2014-0661 1Cisco 14Telepresence System 1000 Telepresence System 1100Telepresence System 1300 65+11 more Apr 29, 2026 Jan 22, 2014 N/A· v4 N/A· v3 8.3 HIGH· v2 The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute a...Show more The System Status Collection Daemon (SSCD) in Cisco TelePresence System 500-37, 1000, 1300-65, and 3xxx before 1.10.2(42), and 500-32, 1300-47, TX1310 65, and TX9xxx before 6.0.4(11), allows remote attackers to execute arbitrary commands or cause a denial of service (stack memory corruption) via a crafted XML-RPC message, aka Bug ID CSCui32796.Show less
CVE-2014-0792 1Sonatype 1Nexus Apr 29, 2026 Jan 17, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.
CVE-2013-2827 1Wellintech 3Kingalarm&event KinggraphicKingscada Apr 29, 2026 Jan 15, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this...Show more An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value.Show less
CVE-2012-0262 1Op5 2Monitor System Op5config Apr 29, 2026 Dec 31, 2013 N/A· v4 N/A· v3 10.0 HIGH· v2 op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.
CVE-2012-0261 1Op5 2Monitor System Portal Apr 29, 2026 Dec 31, 2013 N/A· v4 N/A· v3 10.0 HIGH· v2 license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.
CVE-2013-6795 1Rackspace 1Openstack Windows Guest Agent Apr 29, 2026 Dec 24, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and...Show more The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary.Show less
CVE-2013-7086 1Webbynode 1Webbynode Apr 29, 2026 Dec 19, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message.
CVE-2013-6824 1Zabbix 1Zabbix Apr 29, 2026 Dec 19, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.
CVE-2013-7069 1Beyondgrep 1Ack Apr 29, 2026 Dec 14, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary code via a (1) --pager, (2) --regex, or (3) --output option in a .ackrc file in a directory to be searched.
CVE-2013-7050 1Devscripts Devel Team 1Devscripts Apr 29, 2026 Dec 13, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.
CVE-2013-6421 1Projectsprouts 1Sprout Apr 29, 2026 Dec 12, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) path.
CVE-2013-2751 1Netgear 1Raidiator Apr 29, 2026 Dec 12, 2013 N/A· v4 N/A· v3 10.0 HIGH· v2 Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a...Show more Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."Show less

Previous 1...232233234...324 Next