Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-0391 1Apache 1Struts Apr 22, 2026 Jan 8, 2012 N/A· v4 9.8 CRITICAL· v3 9.3 HIGH· v2 The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to...Show more The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.Show less
CVE-2011-5021 1Phpids 1Phpids Apr 29, 2026 Dec 29, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service (ReDoS) filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors.
CVE-2011-3378 1Rpm 1Rpm Apr 29, 2026 Dec 24, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are...Show more RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.Show less
CVE-2011-1392 1.bbsoftware 1Bb Flashback Apr 29, 2026 Dec 23, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) Start, (2) PauseAndSav...Show more The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the (1) Start, (2) PauseAndSave, (3) InsertMarker, and (4) InsertSoundToFBRAtMarker methods, which allows remote attackers to execute arbitrary code via unspecified vectors.Show less
CVE-2011-1391 1.bbsoftware 1Bb Flashback Apr 29, 2026 Dec 23, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the InsertMarker method, which...Show more The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the InsertMarker method, which allows remote attackers to execute arbitrary code via unspecified vectors.Show less
CVE-2011-1388 1.bbsoftware 1Bb Flashback Apr 29, 2026 Dec 23, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestCompatibilityRecordMod...Show more The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestCompatibilityRecordMode method, which allows remote attackers to execute arbitrary code via unspecified vectors.Show less
CVE-2011-4453 1Pmwiki 1Pmwiki Apr 29, 2026 Dec 22, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintende...Show more The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.Show less
CVE-2011-4203 1Moodle 1Moodle Apr 29, 2026 Dec 22, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and condu...Show more CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable.Show less
CVE-2011-4828 1Autosectools 1V Cms Apr 29, 2026 Dec 15, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it...Show more Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/.Show less
CVE-2011-4825 3Phpletter PhpmyfaqTinymce 3Ajax File And Image Manager PhpmyfaqTinymce Apr 29, 2026 Dec 15, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allow...Show more Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.Show less
CVE-2011-3413 1Microsoft 4Office Office Compatibility PackPowerpoint+1 more Apr 29, 2026 Dec 14, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or caus...Show more Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability."Show less
CVE-2011-3412 1Microsoft 1Publisher Apr 29, 2026 Dec 14, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability....Show more Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."Show less
CVE-2011-3411 1Microsoft 1Publisher Apr 29, 2026 Dec 14, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
CVE-2011-3403 1Microsoft 2Excel Office Apr 29, 2026 Dec 14, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerabil...Show more Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."Show less
CVE-2011-3401 1Microsoft 3Windows 7 Windows VistaWindows Xp Apr 29, 2026 Dec 14, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Wi...Show more ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability."Show less
CVE-2011-3400 1Microsoft 2Windows Server 2003 Windows Xp Apr 29, 2026 Dec 14, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
CVE-2011-3397 1Microsoft 2Windows Server 2003 Windows Xp Apr 29, 2026 Dec 14, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior"...Show more The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."Show less
CVE-2011-1508 1Microsoft 1Publisher Apr 29, 2026 Dec 14, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, a...Show more Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."Show less
CVE-2011-4201 1Restorepoint 1Restorepoint Apr 29, 2026 Dec 13, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) pid1 or (2) pid2 parameter in a stop_remote_support action.
CVE-2011-4668 1Ibm 1Tivoli Netcool/reporter Apr 29, 2026 Dec 2, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.

Previous 1...246247248...323 Next