Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-0928 1Realnetworks 2Realplayer Realplayer Sp Apr 29, 2026 Feb 8, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to exec...Show more The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file.Show less
CVE-2012-0927 1Realnetworks 2Realplayer Realplayer Sp Apr 29, 2026 Feb 8, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size...Show more Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream.Show less
CVE-2012-0926 1Realnetworks 2Realplayer Realplayer Sp Apr 29, 2026 Feb 8, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary co...Show more The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream.Show less
CVE-2012-0925 1Realnetworks 2Realplayer Realplayer Sp Apr 29, 2026 Feb 8, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealV...Show more Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video stream.Show less
CVE-2012-0924 1Realnetworks 2Realplayer Realplayer Sp Apr 29, 2026 Feb 8, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a vid...Show more RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a video stream.Show less
CVE-2012-0923 1Realnetworks 2Realplayer Realplayer Sp Apr 29, 2026 Feb 8, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code...Show more The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code via a crafted RV20 RealVideo video stream.Show less
CVE-2012-0922 1Realnetworks 2Realplayer Realplayer Sp Apr 29, 2026 Feb 8, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file.
CVE-2011-4041 1Broadwin 1Webaccess Apr 29, 2026 Feb 6, 2012 N/A· v4 N/A· v3 10.0 HIGH· v2 webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.
CVE-2011-4512 1Siemens 5Simatic Hmi Panels WinccWincc Flexible+2 more Apr 29, 2026 Feb 3, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATI...Show more CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.Show less
CVE-2011-4791 1Hp 1Data Protector Media Operations Apr 29, 2026 Feb 3, 2012 N/A· v4 N/A· v3 10.0 HIGH· v2 DBServer.exe in HP Data Protector Media Operations 6.11 and earlier allows remote attackers to execute arbitrary code via a crafted request containing a large value in a length field.
CVE-2011-4337 1Sitracker 1Support Incident Tracker Apr 29, 2026 Jan 29, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory vi...Show more Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.Show less
CVE-2012-0934 1Zingiri 1Theme Tuner Plugin Apr 29, 2026 Jan 29, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter.
CVE-2011-3832 1Sitracker 1Support Incident Tracker Apr 29, 2026 Jan 29, 2012 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Eval injection vulnerability in config.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated administrators to execute arbitrary PHP code via the application_name parameter in a save action.
CVE-2012-0329 1Cisco 1Digital Media Manager Apr 29, 2026 Jan 19, 2012 N/A· v4 N/A· v3 9.0 HIGH· v2 Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remote authenticated users to execute arbitrary code via vectors involving a URL and an administrative resource, aka Bug ID CSCts63878.
CVE-2012-0693 1Whmcs 1Whmcompletesolution Apr 29, 2026 Jan 14, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes...Show more submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it "says it affects V5.0.3, and the submitticket.php file, both of which are wrong.Show less
CVE-2011-5061 1Whmcs 1Whmcompletesolution Apr 29, 2026 Jan 14, 2012 N/A· v4 N/A· v3 7.5 HIGH· v2 functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of...Show more functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field.Show less
CVE-2012-0310 1Cogentdatahub 3Cascade Datahub Cogent DatahubOpc Datahub Apr 29, 2026 Jan 13, 2012 N/A· v4 N/A· v3 5.8 MEDIUM· v2 CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response...Show more CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.Show less
CVE-2011-4787 1Hp 1Easy Printer Care Software Apr 29, 2026 Jan 12, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vect...Show more A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4786.Show less
CVE-2011-4786 1Hp 1Easy Printer Care Software Apr 29, 2026 Jan 12, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vect...Show more A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.Show less
CVE-2012-0394 1Apache 1Struts Apr 29, 2026 Jan 8, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavio...Show more The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.Show less

Previous 1...245246247...323 Next