Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-11-15 CVE-2014-4000 Code Injection vulnerability in Cacti
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
network
low complexity
cacti CWE-94
8.8
8.8
2017-11-10 CVE-2017-16783 Code Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
network
low complexity
cmsmadesimple CWE-94
critical
 9.8
9.8
2017-10-30 CVE-2017-7411 Code Injection vulnerability in Enalean Tuleap
An issue was discovered in Enalean Tuleap 9.6 and prior versions.
network
low complexity
enalean CWE-94
8.8
8.8
2017-10-27 CVE-2017-15935 Code Injection vulnerability in Artica Pandora FMS 7.0
Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function.
network
low complexity
artica CWE-94
7.2
7.2
2017-10-16 CVE-2017-15376 Code Injection vulnerability in Mobatek Mobaxterm 10.4
The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23.
network
low complexity
mobatek CWE-94
critical
 9.8
9.8
2017-10-05 CVE-2017-14353 Code Injection vulnerability in HP Ucmdb Foundation Software
A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.
network
low complexity
hp CWE-94
8.8
8.8
2017-10-03 CVE-2015-6576 Code Injection vulnerability in Atlassian Bamboo
Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.
network
low complexity
atlassian CWE-94
8.8
8.8
2017-09-28 CVE-2017-13676 Code Injection vulnerability in Norton Remove & Reinstall
Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability.
local
high complexity
norton CWE-94
7.0
7.0
2017-09-27 CVE-2017-14764 Code Injection vulnerability in Genixcms 1.1.4
In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module.
network
low complexity
genixcms CWE-94
8.8
8.8
2017-09-15 CVE-2014-9463 Code Injection vulnerability in Vbseo
functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php.
network
low complexity
vbseo CWE-94
8.8
8.8