Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,455)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-0755 1Wikyblog 1Wikyblog Apr 29, 2026 Feb 27, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter.
CVE-2010-0678 1Katalog.hurricane 1Katalog Stron Hurricane Apr 29, 2026 Feb 22, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL...Show more PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includes_directory parameter.Show less
CVE-2009-1571 1Mozilla 2Firefox Seamonkey Apr 29, 2026 Feb 22, 2010 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via un...Show more Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.Show less
CVE-2009-4646 1Accellion 1Secure File Transfer Appliance Apr 29, 2026 Feb 19, 2010 N/A· v4 N/A· v3 9.0 HIGH· v2 Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a req...Show more Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string.Show less
CVE-2010-0647 2Apple Google 2Chrome Webkit Apr 29, 2026 Feb 18, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence.
CVE-2009-3302 3Apache CanonicalDebian 3Debian Linux OpenofficeUbuntu Linux Apr 29, 2026 Feb 16, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a...Show more filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."Show less
CVE-2010-0187 1Adobe 2Adobe Air Flash Player Apr 29, 2026 Feb 15, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
CVE-2009-3735 1Panda 1Panda Activescan Apr 29, 2026 Feb 11, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify...Show more The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.Show less
CVE-2010-0252 1Microsoft 6Windows 2000 Windows 2003 ServerWindows 7+3 more Apr 29, 2026 Feb 10, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold,...Show more The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."Show less
CVE-2010-0241 1Microsoft 2Windows Server 2008 Windows Vista Apr 29, 2026 Feb 10, 2010 N/A· v4 N/A· v3 10.0 HIGH· v2 The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remo...Show more The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."Show less
CVE-2010-0240 1Microsoft 2Windows Server 2008 Windows Vista Apr 29, 2026 Feb 10, 2010 N/A· v4 N/A· v3 10.0 HIGH· v2 The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (...Show more The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."Show less
CVE-2010-0239 1Microsoft 2Windows Server 2008 Windows Vista Apr 29, 2026 Feb 10, 2010 N/A· v4 N/A· v3 10.0 HIGH· v2 The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows r...Show more The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."Show less
CVE-2010-0032 1Microsoft 1Powerpoint Apr 29, 2026 Feb 10, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
CVE-2010-0031 1Microsoft 2Office Powerpoint Apr 29, 2026 Feb 10, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceh...Show more Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."Show less
CVE-2010-0020 1Microsoft 6Windows 2000 Windows 2003 ServerWindows 7+3 more Apr 29, 2026 Feb 10, 2010 N/A· v4 N/A· v3 9.0 HIGH· v2 The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not...Show more The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."Show less
CVE-2009-4636 1Ffmpeg 1Ffmpeg Apr 29, 2026 Feb 10, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop.
CVE-2009-4635 1Ffmpeg 1Ffmpeg Apr 29, 2026 Feb 10, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec...Show more FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow.Show less
CVE-2009-4273 1Systemtap 1Systemtap Apr 29, 2026 Jan 26, 2010 N/A· v4 N/A· v3 10.0 HIGH· v2 stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request.
CVE-2010-0248 1Microsoft 1Internet Explorer Apr 29, 2026 Jan 22, 2010 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is de...Show more Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability."Show less
CVE-2010-0247 1Microsoft 1Internet Explorer Apr 29, 2026 Jan 22, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) i...Show more Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."Show less

Previous 1...262263264...323 Next