Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-3310 2Cisco Microsoft 2Ciscoworks Common Services Windows Apr 29, 2026 Oct 20, 2011 N/A· v4 N/A· v3 9.0 HIGH· v2 The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, C...Show more The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535.Show less
CVE-2011-2585 1Cisco 1Show And Share Apr 29, 2026 Oct 20, 2011 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote authenticated users to upload and execute arbitrary code by leveraging video upload privileges, aka Bug ID CSCto69857.
CVE-2010-4964 1Dlink 2Dcs 2121 Dcs 2121 Firmware Apr 29, 2026 Oct 16, 2011 N/A· v4 N/A· v3 9.0 HIGH· v2 recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 allows remote attackers to execute arbitrary commands via shell metacharacters in the Password field, related to a "semicolon injection" vulnerability.
CVE-2011-3261 1Apple 1Iphone Os Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
CVE-2011-3260 1Apple 1Iphone Os Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.
CVE-2011-3256 1Apple 1Iphone Os Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory co...Show more FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.Show less
CVE-2011-3231 1Apple 1Safari Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a craft...Show more The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.Show less
CVE-2011-3229 1Apple 1Safari Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.
CVE-2011-3228 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
CVE-2011-3221 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted...Show more QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.Show less
CVE-2011-0224 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QuickTime movie file.
CVE-2011-1969 1Microsoft 1Forefront Unified Access Gateway Apr 29, 2026 Oct 12, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on cl...Show more Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."Show less
CVE-2011-1895 1Microsoft 1Forefront Unified Access Gateway Apr 29, 2026 Oct 12, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attack...Show more CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."Show less
CVE-2010-4948 1Phpgalleryscript 1Php Free Photo Gallery Apr 29, 2026 Oct 9, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in PHP Free Photo Gallery script allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2010-4943 1Brothersoft 1Saurus Cms Apr 29, 2026 Oct 9, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php.
CVE-2010-4939 1Scripts.bdr130 1Mailform Apr 29, 2026 Oct 9, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.
CVE-2010-4924 1Clearbudget 1Clearbudget Apr 29, 2026 Oct 9, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed...Show more PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable third partyShow less
CVE-2010-4918 1Ijoomla 1Com Magazine Apr 29, 2026 Oct 8, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php.
CVE-2010-4914 1Deltascripts 1Php Classifieds Apr 29, 2026 Oct 8, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in tools/phpmailer/class.phpmailer.php in PHP Classifieds 7.3 allows remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter.
CVE-2010-4884 1Hinnendahl 1Gaestebuch Apr 29, 2026 Oct 7, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.

Previous 1...248249250...323 Next