Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-14 | CVE-2017-2809 | Code Injection vulnerability in Ansible-Vault Project Ansible-Vault An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. | 7.8 |
| 2017-09-11 | CVE-2015-9227 | Code Injection vulnerability in Alegrocart 1.2.8 PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2. | 7.2 |
| 2017-09-11 | CVE-2015-8351 | Code Injection vulnerability in Gwolle Guestbook Project Gwolle Guestbook PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. | 9.0 |
| 2017-09-05 | CVE-2017-14146 | Code Injection vulnerability in Helpdezk 1.1.1 HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory. | 8.8 |
| 2017-09-01 | CVE-2017-3897 | Code Injection vulnerability in Mcafee Livesafe and Security Scan Plus A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response. | 9.8 |
| 2017-08-31 | CVE-2017-0899 | Code Injection vulnerability in multiple products RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. | 9.8 |
| 2017-08-30 | CVE-2017-1440 | Code Injection vulnerability in IBM Emptoris Services Procurement IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. | 8.8 |
| 2017-08-29 | CVE-2017-10844 | Code Injection vulnerability in Basercms baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. | 8.8 |
| 2017-08-29 | CVE-2017-10835 | Code Injection vulnerability in Nippon-Antenna Scr02Hd Firmware 1.0.3.1000 "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. | 8.8 |
| 2017-08-29 | CVE-2014-8872 | Code Injection vulnerability in AVM products Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50. | 7.8 |