Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,459)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-1966 1Apache 1Struts Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
CVE-2013-1965 1Apache 2Struts Struts2 Showcase Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redir...Show more Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.Show less
CVE-2013-3178 1Microsoft 1Silverlight Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight ap...Show more Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight application, aka "Null Pointer Vulnerability."Show less
CVE-2013-3174 1Microsoft 7Windows 7 Windows 8Windows Server 2003+4 more Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitra...Show more DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."Show less
CVE-2013-3171 1Microsoft 1.net Framework Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code vi...Show more The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."Show less
CVE-2013-3164 1Microsoft 1Internet Explorer Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2013-3162 1Microsoft 1Internet Explorer Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"...Show more Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3115.Show less
CVE-2013-3161 1Microsoft 1Internet Explorer Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a d...Show more Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143.Show less
CVE-2013-3153 1Microsoft 1Internet Explorer Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"...Show more Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3148.Show less
CVE-2013-3152 1Microsoft 1Internet Explorer Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a differe...Show more Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3146.Show less
CVE-2013-3151 1Microsoft 1Internet Explorer Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"...Show more Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3163.Show less
CVE-2013-3150 1Microsoft 1Internet Explorer Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a differen...Show more Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3145.Show less
CVE-2013-3149 1Microsoft 1Internet Explorer Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2013-3148 1Microsoft 1Internet Explorer Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"...Show more Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3153.Show less
CVE-2013-3147 1Microsoft 1Internet Explorer Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2013-3146 1Microsoft 1Internet Explorer Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a differe...Show more Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3152.Show less
CVE-2013-3145 1Microsoft 1Internet Explorer Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a differen...Show more Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3150.Show less
CVE-2013-3144 1Microsoft 1Internet Explorer Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"...Show more Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3151 and CVE-2013-3163.Show less
CVE-2013-3143 1Microsoft 1Internet Explorer Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a d...Show more Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3161.Show less
CVE-2013-3134 1Microsoft 1.net Framework Apr 29, 2026 Jul 10, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code v...Show more The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."Show less

Previous 1...236237238...323 Next