Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-07-07 | CVE-2016-2119 | Code Injection vulnerability in Samba libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag. | 7.5 |
2016-07-03 | CVE-2016-5734 | Code Injection vulnerability in PHPmyadmin phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation. | 9.8 |
2016-05-28 | CVE-2016-1413 | Code Injection vulnerability in Cisco Secure Firewall Management Center The web interface in Cisco Firepower Management Center 5.4.0 through 6.0.0.1 allows remote authenticated users to modify pages by placing crafted code in a parameter value, aka Bug ID CSCuy76517. | 6.5 |
2016-04-08 | CVE-2016-3154 | Code Injection vulnerability in Spip The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. | 9.8 |
2016-04-08 | CVE-2016-3153 | Code Injection vulnerability in multiple products SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function. | 9.8 |
2016-02-18 | CVE-2015-5970 | Code Injection vulnerability in Novell Zenworks Configuration Management The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference. | 5.3 |
2016-02-12 | CVE-2016-1986 | Code Injection vulnerability in HP Continuous Delivery Automation 1.3.0 HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 9.8 |
2016-02-10 | CVE-2016-0033 | Code Injection vulnerability in Microsoft .Net Framework Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of Service Vulnerability." | 7.5 |
2016-01-30 | CVE-2016-1985 | Code Injection vulnerability in HP Operations Manager HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | 10.0 |
2016-01-08 | CVE-2015-8761 | Code Injection vulnerability in Values Project Values 7.X1.0/7.X1.1 The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via the exported values list in a ctools import. | 9.0 |