Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2016-07-07 CVE-2016-2119 Code Injection vulnerability in Samba
libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.
network
high complexity
samba CWE-94
7.5
2016-07-03 CVE-2016-5734 Code Injection vulnerability in PHPmyadmin
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
network
low complexity
phpmyadmin CWE-94
critical
9.8
2016-05-28 CVE-2016-1413 Code Injection vulnerability in Cisco Secure Firewall Management Center
The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517.
network
low complexity
cisco CWE-94
6.5
2016-04-08 CVE-2016-3154 Code Injection vulnerability in Spip
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object.
network
low complexity
spip CWE-94
critical
9.8
2016-04-08 CVE-2016-3153 Code Injection vulnerability in multiple products
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
network
low complexity
debian spip CWE-94
critical
9.8
2016-02-18 CVE-2015-5970 Code Injection vulnerability in Novell Zenworks Configuration Management
The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference.
network
low complexity
novell CWE-94
5.3
2016-02-12 CVE-2016-1986 Code Injection vulnerability in HP Continuous Delivery Automation 1.3.0
HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
network
low complexity
hp CWE-94
critical
9.8
2016-02-10 CVE-2016-0033 Code Injection vulnerability in Microsoft .Net Framework
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability."
network
low complexity
microsoft CWE-94
7.5
2016-01-30 CVE-2016-1985 Code Injection vulnerability in HP Operations Manager
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
network
low complexity
hp CWE-94
critical
10.0
2016-01-08 CVE-2015-8761 Code Injection vulnerability in Values Project Values 7.X1.0/7.X1.1
The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import.
network
low complexity
values-project CWE-94
critical
9.0