Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-1661 1Esri 1Arcmap Apr 29, 2026 Jul 12, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) fil...Show more ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.Show less
CVE-2012-1037 1Glpi Project 1Glpi Apr 29, 2026 Jul 12, 2012 N/A· v4 N/A· v3 6.5 MEDIUM· v2 PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter.
CVE-2012-2486 1Cisco 15Telepresence Manager Telepresence Multipoint SwitchTelepresence Multipoint Switch Software+12 more Apr 29, 2026 Jul 12, 2012 N/A· v4 N/A· v3 8.3 HIGH· v2 The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TeleP...Show more The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953.Show less
CVE-2012-1524 1Microsoft 1Internet Explorer Apr 29, 2026 Jul 10, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability."
CVE-2012-1522 1Microsoft 1Internet Explorer Apr 29, 2026 Jul 10, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability."
CVE-2012-0175 1Microsoft 6Windows 2003 Server Windows 7Windows Server 2003+3 more Apr 29, 2026 Jul 10, 2012 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a craft...Show more The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."Show less
CVE-2012-2174 1Ibm 1Lotus Notes Apr 29, 2026 Jun 20, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.
CVE-2012-3289 1Vmware 4Esx EsxiPlayer+1 more Apr 29, 2026 Jun 14, 2012 N/A· v4 N/A· v3 7.8 HIGH· v2 VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic fr...Show more VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device.Show less
CVE-2012-2041 1Adobe 1Coldfusion Apr 29, 2026 Jun 13, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2012-1881 1Microsoft 1Internet Explorer Apr 29, 2026 Jun 12, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulne...Show more Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability."Show less
CVE-2012-1880 1Microsoft 1Internet Explorer Apr 29, 2026 Jun 12, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerabilit...Show more Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability."Show less
CVE-2012-1879 1Microsoft 1Internet Explorer Apr 29, 2026 Jun 12, 2012 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Re...Show more Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability."Show less
CVE-2012-1878 1Microsoft 1Internet Explorer Apr 29, 2026 Jun 12, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Executi...Show more Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability."Show less
CVE-2012-1877 1Microsoft 1Internet Explorer Apr 29, 2026 Jun 12, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution V...Show more Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability."Show less
CVE-2012-1876 1Microsoft 1Internet Explorer Apr 29, 2026 Jun 12, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading...Show more Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.Show less
CVE-2012-1875 1Microsoft 1Internet Explorer Apr 29, 2026 Jun 12, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
CVE-2012-1874 1Microsoft 1Internet Explorer Apr 29, 2026 Jun 12, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Exec...Show more Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability."Show less
CVE-2012-1855 1Microsoft 1.net Framework Apr 29, 2026 Jun 12, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a...Show more Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."Show less
CVE-2012-1523 1Microsoft 1Internet Explorer Apr 29, 2026 Jun 12, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnera...Show more Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability."Show less
CVE-2012-0173 1Microsoft 5Windows 7 Windows Server 2003Windows Server 2008+2 more Apr 29, 2026 Jun 12, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly proc...Show more The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.Show less

Previous 1...242243244...323 Next