Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,459)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-0618 1Adobe 2Acrobat Acrobat Reader Apr 29, 2026 Jan 10, 2013 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013...Show more Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0614.Show less
CVE-2013-0614 1Adobe 2Acrobat Acrobat Reader Apr 29, 2026 Jan 10, 2013 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013...Show more Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0618.Show less
CVE-2013-0608 1Adobe 2Acrobat Acrobat Reader Apr 29, 2026 Jan 10, 2013 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013...Show more Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0607, CVE-2013-0611, CVE-2013-0614, and CVE-2013-0618.Show less
CVE-2013-0607 1Adobe 2Acrobat Acrobat Reader Apr 29, 2026 Jan 10, 2013 N/A· v4 N/A· v3 10.0 HIGH· v2 Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013...Show more Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error," a different vulnerability than CVE-2013-0608, CVE-2013-0611, CVE-2013-0614, and CVE-2013-0618.Show less
CVE-2013-0007 1Microsoft 15Expression Web Groove ServerOffice+12 more Apr 29, 2026 Jan 9, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
CVE-2012-6329 1Perl 1Perl Apr 29, 2026 Jan 4, 2013 N/A· v4 N/A· v3 7.5 HIGH· v2 The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows...Show more The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.Show less
CVE-2012-6465 1Opera 1Opera Browser Apr 29, 2026 Jan 2, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed SVG image.
CVE-2012-5932 1Microfocus 1Privileged User Manager Apr 29, 2026 Dec 24, 2012 N/A· v4 N/A· v3 10.0 HIGH· v2 Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted applic...Show more Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request.Show less
CVE-2012-5690 1Realnetworks 2Realplayer Realplayer Sp Apr 29, 2026 Dec 19, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer.
CVE-2012-5142 2Google Opensuse 2Chrome Opensuse Apr 29, 2026 Dec 12, 2012 N/A· v4 N/A· v3 10.0 HIGH· v2 Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVE-2012-4791 1Microsoft 1Exchange Server Apr 29, 2026 Dec 12, 2012 N/A· v4 N/A· v3 3.5 LOW· v2 Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchan...Show more Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."Show less
CVE-2012-4786 1Microsoft 5Windows 7 Windows Server 2003Windows Server 2008+2 more Apr 29, 2026 Dec 12, 2012 N/A· v4 N/A· v3 10.0 HIGH· v2 The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT all...Show more The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."Show less
CVE-2012-4781 1Microsoft 1Internet Explorer Apr 29, 2026 Dec 12, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After...Show more Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability."Show less
CVE-2012-4774 1Microsoft 5Windows 7 Windows Server 2003Windows Server 2008+2 more Apr 29, 2026 Dec 12, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file na...Show more Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."Show less
CVE-2012-2556 1Microsoft 9Windows 2003 Server Windows 7Windows 8+6 more Apr 29, 2026 Dec 12, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windo...Show more The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."Show less
CVE-2012-5973 1Ca 1Xcom Data Transport Apr 29, 2026 Dec 10, 2012 N/A· v4 N/A· v3 10.0 HIGH· v2 CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request.
CVE-2011-2732 1Vmware 1Springsource Spring Security Apr 29, 2026 Dec 5, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response split...Show more CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.Show less
CVE-2012-5537 1Simplenews Scheduler Project 1Simplenews Scheduler Apr 29, 2026 Dec 3, 2012 N/A· v4 N/A· v3 6.0 MEDIUM· v2 The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later e...Show more The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling form, which is later executed by cron.Show less
CVE-2012-6046 1Phpenter 1Php Enter Apr 29, 2026 Nov 27, 2012 N/A· v4 N/A· v3 10.0 HIGH· v2 Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter.
CVE-2012-5837 1Mozilla 1Firefox Apr 29, 2026 Nov 21, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.

Previous 1...239240241...323 Next