Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVEs (6,504)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-1999-0702 1Microsoft 1Internet Explorer Apr 16, 2026 Sep 10, 1999 N/A· v4 N/A· v3 10.0 HIGH· v2 Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.
CVE-1999-0891 1Microsoft 1Internet Explorer Apr 16, 2026 Sep 1, 1999 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.
CVE-1999-0491 1Gnu 1Bash Apr 16, 2026 Apr 20, 1999 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
CVE-1999-0509 - - Apr 16, 2026 May 29, 1996 N/A· v4 N/A· v3 10.0 HIGH· v2 Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands.

Previous 1...322 323 324 325326