Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-2596 1Siemens 1Wincc Apr 29, 2026 Jun 8, 2012 N/A· v4 N/A· v3 5.5 MEDIUM· v2 The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settin...Show more The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack.Show less
CVE-2011-4458 1Bestpractical 1Rt Apr 29, 2026 Jun 4, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a...Show more Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093.Show less
CVE-2012-0295 1Symantec 1Endpoint Protection Apr 29, 2026 May 23, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation...Show more The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294.Show less
CVE-2012-2924 1Hypermethod 1Elearning Server Apr 29, 2026 May 21, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2012-0671 1Apple 1Quicktime Apr 29, 2026 May 16, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.
CVE-2012-1328 1Cisco 2Unified Ip Phone Unified Ip Phone Firmware Apr 29, 2026 May 3, 2012 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected dat...Show more Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.Show less
CVE-2011-4237 1Cisco 1Ciscoworks Common Services Apr 29, 2026 May 3, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and condu...Show more CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter, aka Bug ID CSCtu18693.Show less
CVE-2011-3285 1Cisco 25500 Series Adaptive Security Appliance Adaptive Security Appliance Software Apr 29, 2026 May 2, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP...Show more CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors, aka Bug ID CSCth63101.Show less
CVE-2012-2273 1Comodo 1Comodo Internet Security Apr 29, 2026 Apr 20, 2012 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel ImageBase value.
CVE-2011-2478 1Google 1Sketchup Apr 29, 2026 Apr 17, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file.
CVE-2011-4882 1Atvise 1Webmi2ads Apr 29, 2026 Apr 13, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to cause a denial of service (application exit) via an unspecified command in an HTTP request.
CVE-2012-2224 1Xunlei 1Thunder Apr 29, 2026 Apr 11, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Xunlei Thunder before 7.2.6 allows remote attackers to execute arbitrary code via a crafted file, related to a "DLL injection vulnerability."
CVE-2012-1594 1Wireshark 1Wireshark Apr 29, 2026 Apr 11, 2012 N/A· v4 N/A· v3 3.3 LOW· v2 epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.
CVE-2012-0172 1Microsoft 1Internet Explorer Apr 29, 2026 Apr 10, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerabilit...Show more Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability."Show less
CVE-2012-0171 1Microsoft 1Internet Explorer Apr 29, 2026 Apr 10, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerabilit...Show more Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability."Show less
CVE-2012-0170 1Microsoft 1Internet Explorer Apr 29, 2026 Apr 10, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnera...Show more Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability."Show less
CVE-2012-0169 1Microsoft 1Internet Explorer Apr 29, 2026 Apr 10, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability."
CVE-2012-0168 1Microsoft 1Internet Explorer Apr 29, 2026 Apr 10, 2012 N/A· v4 N/A· v3 7.6 HIGH· v2 Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print...Show more Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability."Show less
CVE-2012-0158 1Microsoft 10Biztalk Server Commerce ServerCommerce Server 2009+7 more Apr 22, 2026 Apr 10, 2012 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components S...Show more The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."Show less
CVE-2012-1924 1Opera 1Opera Browser Apr 29, 2026 Mar 28, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog.

Previous 1...243244245...323 Next