Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-12 | CVE-2018-3686 | Code Injection vulnerability in Intel Sa-00086 Detection Tool 1.2.7.0 Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access. | 6.7 |
| 2018-09-10 | CVE-2018-15886 | Code Injection vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring. | 7.2 |
| 2018-09-10 | CVE-2018-16771 | Code Injection vulnerability in Hoosk 1.7.0 Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php. | 9.8 |
| 2018-09-06 | CVE-2018-16604 | Code Injection vulnerability in Nibbleblog 4.0.5 An issue was discovered in Nibbleblog v4.0.5. | 7.2 |
| 2018-09-04 | CVE-2018-0675 | Code Injection vulnerability in Hibara Attachecase AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors. | 7.8 |
| 2018-09-04 | CVE-2018-0674 | Code Injection vulnerability in Hibara Attachecase AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors. | 7.8 |
| 2018-09-02 | CVE-2018-16343 | Code Injection vulnerability in Seacms 6.61 SeaCMS 6.61 allows remote attackers to execute arbitrary code because parseIf() in include/main.class.php does not block use of $GLOBALS. | 7.2 |
| 2018-08-30 | CVE-2018-6499 | Code Injection vulnerability in Microfocus products Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05, Service Virtualization (SV) with floating licenses using Any version using APLS older than 10.7, Unified Functional Testing (UFT) with floating licenses using Any version using APLS older than 10.7, Network Virtualization (NV) with floating licenses using Any version using APLS older than 10.7 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. | 9.8 |
| 2018-08-30 | CVE-2018-6498 | Code Injection vulnerability in Microfocus products Remote Code Execution in the following products Hybrid Cloud Management Containerized Suite HCM2017.11, HCM2018.02, HCM2018.05, Operations Bridge Containerized Suite 2017.11, 2018.02, 2018.05, Data Center Automation Containerized Suite 2017.01 until 2018.05, Service Management Automation Suite 2017.11, 2018.02, 2018.05 and Network Operations Management (NOM) Suite CDF 2017.11, 2018.02, 2018.05 will allow Remote Code Execution. | 9.8 |
| 2018-08-26 | CVE-2011-2767 | Code Injection vulnerability in multiple products mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. | 9.8 |