Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-21 | CVE-2017-16664 | Code Injection vulnerability in multiple products Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. | 8.8 |
| 2017-11-20 | CVE-2017-16544 | Code Injection vulnerability in multiple products In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. | 8.8 |
| 2017-11-18 | CVE-2017-14077 | Code Injection vulnerability in PHPcaptcha Securimage HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php. | 6.1 |
| 2017-11-17 | CVE-2017-16871 | Code Injection vulnerability in Updraftplus The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. | 8.1 |
| 2017-11-17 | CVE-2017-1000196 | Code Injection vulnerability in Octobercms October October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server. | 9.8 |
| 2017-11-15 | CVE-2017-15806 | Code Injection vulnerability in Zetacomponents Mail The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php." | 8.1 |
| 2017-11-15 | CVE-2014-4000 | Code Injection vulnerability in Cacti Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()). | 8.8 |
| 2017-11-10 | CVE-2017-16783 | Code Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. | 9.8 |
| 2017-10-30 | CVE-2017-7411 | Code Injection vulnerability in Enalean Tuleap An issue was discovered in Enalean Tuleap 9.6 and prior versions. | 8.8 |
| 2017-10-27 | CVE-2017-15935 | Code Injection vulnerability in Artica Pandora FMS 7.0 Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. | 7.2 |