Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-07 | CVE-2017-1336 | Code Injection vulnerability in IBM Infosphere Biginsights 4.2.0 IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. | 4.4 |
| 2017-12-06 | CVE-2016-5713 | Code Injection vulnerability in Puppet Agent Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. | 9.8 |
| 2017-11-30 | CVE-2017-14198 | Code Injection vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. | 8.8 |
| 2017-11-27 | CVE-2017-1001002 | Code Injection vulnerability in Mathjs Math.Js math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. | 9.8 |
| 2017-11-21 | CVE-2017-16664 | Code Injection vulnerability in multiple products Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. | 8.8 |
| 2017-11-20 | CVE-2017-16544 | Code Injection vulnerability in multiple products In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. | 8.8 |
| 2017-11-18 | CVE-2017-14077 | Code Injection vulnerability in PHPcaptcha Securimage HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php. | 6.1 |
| 2017-11-17 | CVE-2017-16871 | Code Injection vulnerability in Updraftplus The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. | 8.1 |
| 2017-11-17 | CVE-2017-1000196 | Code Injection vulnerability in Octobercms October October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server. | 9.8 |
| 2017-11-15 | CVE-2017-15806 | Code Injection vulnerability in Zetacomponents Mail The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php." | 8.1 |