Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-4545 1Prestashop 1Prestashop Apr 29, 2026 Dec 2, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 CRLF injection vulnerability in admin/displayImage.php in Prestashop 1.4.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the name parameter.
CVE-2011-4646 1Lesterchan 1Wp Postratings Apr 29, 2026 Nov 30, 2011 N/A· v4 N/A· v3 6.0 MEDIUM· v2 SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary...Show more SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.Show less
CVE-2011-3828 1Sunplus Tech 1Dvr Remote Activex Control Apr 29, 2026 Nov 26, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote attackers to execute arbitrary code via a crafted DVRobot.dll file in a manifest directory on a web server.
CVE-2011-4260 1Realnetworks 1Realplayer Apr 29, 2026 Nov 24, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file.
CVE-2011-4258 1Realnetworks 1Realplayer Apr 29, 2026 Nov 24, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file.
CVE-2011-4257 1Realnetworks 1Realplayer Apr 29, 2026 Nov 24, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data.
CVE-2011-4256 1Realnetworks 1Realplayer Apr 29, 2026 Nov 24, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2011-4254 1Realnetworks 1Realplayer Apr 29, 2026 Nov 24, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request.
CVE-2011-4252 1Realnetworks 1Realplayer Apr 29, 2026 Nov 24, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height.
CVE-2011-4251 1Realnetworks 1Realplayer Apr 29, 2026 Nov 24, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file.
CVE-2011-4248 1Realnetworks 1Realplayer Apr 29, 2026 Nov 24, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file.
CVE-2011-4247 1Realnetworks 1Realplayer Apr 29, 2026 Nov 24, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream.
CVE-2011-4047 1Dell 1Kace K2000 Systems Deployment Appliance Apr 29, 2026 Nov 12, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access.
CVE-2011-3655 1Mozilla 2Firefox Thunderbird Apr 29, 2026 Nov 9, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
CVE-2011-3379 1Php 1Php Apr 29, 2026 Nov 3, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behav...Show more The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.Show less
CVE-2010-5040 1John Bradshaw 1Np Gallery Plugin Apr 29, 2026 Nov 2, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: som...Show more PHP remote file inclusion vulnerability in nucleus/plugins/NP_gallery.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIR_NUCLEUS parameter. NOTE: some of these details are obtained from third party information.Show less
CVE-2010-5038 1Groonesworld 1Simple Contact Form Apr 29, 2026 Nov 2, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in contact/contact.php in Groone's Simple Contact Form allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
CVE-2010-4998 1Maulana Al Matien 1Ardeacore Php Framework Apr 29, 2026 Nov 2, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore parameter. NOTE: some of...Show more PHP remote file inclusion vulnerability in ardeaCore/lib/core/ardeaInit.php in ardeaCore PHP Framework 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the pathForArdeaCore parameter. NOTE: some of these details are obtained from third party information.Show less
CVE-2011-4075 1Phpldapadmin Project 1Phpldapadmin Apr 29, 2026 Nov 2, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as ex...Show more The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.Show less
CVE-2010-4988 1Familycms 1Family Connections Who Is Chatting Apr 29, 2026 Nov 1, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in mod_chatting/themes/default/header.php in Family Connections Who is Chatting 2.2.3 allows remote attackers to execute arbitrary PHP code via a URL in the TMPL[path] parameter.

Previous 1...247248249...323 Next