Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-18 | CVE-2018-8756 | Code Injection vulnerability in Yzmcms 3.7.1 Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request. | 7.2 |
| 2018-03-15 | CVE-2018-7756 | Code Injection vulnerability in Dewesoft X3 RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a "SETFIREWALL Off" command. | 9.8 |
| 2018-03-14 | CVE-2018-5782 | Code Injection vulnerability in Mitel Connect Onsite and St14.2 A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. | 9.8 |
| 2018-03-14 | CVE-2018-5781 | Code Injection vulnerability in Mitel Connect Onsite and St14.2 A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. | 9.8 |
| 2018-03-14 | CVE-2018-5780 | Code Injection vulnerability in Mitel Connect Onsite and St14.2 A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. | 9.8 |
| 2018-03-14 | CVE-2018-5779 | Code Injection vulnerability in Mitel Connect Onsite and St14.2 A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. | 9.8 |
| 2018-03-14 | CVE-2018-8097 | Code Injection vulnerability in Python-Eve EVE io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter. | 9.8 |
| 2018-03-13 | CVE-2018-1000070 | Code Injection vulnerability in Bitmessage Pybitmessage 0.6.2 Bitmessage PyBitmessage version v0.6.2 (and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0) contains a Eval injection vulnerability in main program, file src/messagetypes/__init__.py function constructObject that can result in Code Execution. | 8.8 |
| 2018-02-25 | CVE-2018-7466 | Code Injection vulnerability in Testlink install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value. | 7.5 |
| 2018-02-22 | CVE-2018-6488 | Code Injection vulnerability in Microfocus Ucmdb Configuration Manager 4.10/4.11/4.12 Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, version 4.10, 4.11, 4.12. | 9.8 |