Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,411)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-4451 1Eset Software 1System Analyzer Tool Apr 23, 2026 Oct 6, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain METHOD_NEITHER IOCTL request to \Device\esiasdrv that overwri...Show more The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain METHOD_NEITHER IOCTL request to \Device\esiasdrv that overwrites a pointer.Show less
CVE-2008-4439 1Martinwood 1Datafeed Studio Apr 23, 2026 Oct 3, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provena...Show more PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2008-3638 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Sep 26, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs.
CVE-2008-4206 1Attachmax 1Dolphin Apr 23, 2026 Sep 24, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter.
CVE-2008-4141 1X10media 1.x10 Automatic Mp3 Script Apr 23, 2026 Sep 24, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and...Show more Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.php.Show less
CVE-2008-4138 1Technote 1Technote Apr 23, 2026 Sep 24, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in TECHNOTE 7 allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter.
CVE-2008-4188 1Typo3 1Secure Directory Apr 23, 2026 Sep 23, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) extension before 1.0.2 allows remote attackers to execute arbitrary code via unknown vectors related to "injection of control characters."
CVE-2008-3949 1Suse 1Suse Linux Apr 23, 2026 Sep 22, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python...Show more emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.Show less
CVE-2008-4134 1Phprealty 1Phprealty Apr 23, 2026 Sep 19, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and earlier, and possibly other versions before 0.05, allows remote attackers to execute arbitrary PHP code via a URL in the INC parame...Show more PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and earlier, and possibly other versions before 0.05, allows remote attackers to execute arbitrary PHP code via a URL in the INC parameter.Show less
CVE-2008-1093 1Acresso 2Flexnet Connect Intallshield Update Agent Apr 23, 2026 Sep 18, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arb...Show more Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.Show less
CVE-2008-4047 1Novell 1Novell Forum Apr 23, 2026 Sep 11, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7.0, 7.1, 7.2, 7.3, and 8.0 allows remote attackers to execute arbitrary TCL code via a modified URL. NOTE: this might overlap CVE-2007-6515.
CVE-2008-3956 1Microsoft 1Organization Chart Apr 23, 2026 Sep 11, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
CVE-2008-2253 1Microsoft 1Windows Media Player Apr 23, 2026 Sep 11, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server,...Show more Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability."Show less
CVE-2008-2436 1Novell 1Iprint Client Apr 23, 2026 Sep 5, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to t...Show more Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx.Show less
CVE-2008-3922 1Telartis Bv 1Awstats Totals Apr 23, 2026 Sep 4, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymo...Show more awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.Show less
CVE-2008-3919 1Justsystems 1Ichitaro Apr 23, 2026 Sep 4, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008.
CVE-2008-3882 1Zoneminder 1Zoneminder Apr 23, 2026 Sep 2, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state par...Show more Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.Show less
CVE-2008-3737 2Spacetag System Consultants 2La Cooda Wiz Lacoodast Apr 23, 2026 Aug 27, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to execute arbitrary PHP scripts, and delete files, read files, and...Show more Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to execute arbitrary PHP scripts, and delete files, read files, and possibly have unknown other impact.Show less
CVE-2008-3769 1Openfreeway 1Freeway Apr 23, 2026 Aug 22, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 PHP remote file inclusion vulnerability in admin/create_order_new.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter.
CVE-2008-3764 1Turnkeywebtools 1Php Live Helper Apr 23, 2026 Aug 21, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php.

Previous 1...280281282...321 Next