Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-07 | CVE-2016-6175 | Code Injection vulnerability in PHP-Gettext Project PHP-Gettext Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. | 9.8 |
| 2017-01-23 | CVE-2016-7102 | Code Injection vulnerability in Owncloud Desktop Client ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. | 8.4 |
| 2017-01-23 | CVE-2016-2242 | Code Injection vulnerability in Exponentcms Exponent CMS Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php. | 9.8 |
| 2017-01-23 | CVE-2016-10157 | Code Injection vulnerability in Akamai Netsession 1.9.3.1 Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. | 9.8 |
| 2017-01-20 | CVE-2017-5543 | Code Injection vulnerability in Intelliants Subrion 4.0.5 includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request. | 9.8 |
| 2016-12-23 | CVE-2016-7968 | Code Injection vulnerability in KDE Kmail KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. | 6.5 |
| 2016-12-23 | CVE-2016-7966 | Code Injection vulnerability in multiple products Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. | 7.3 |
| 2016-12-23 | CVE-2016-7787 | Code Injection vulnerability in multiple products A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. | 4.9 |
| 2016-12-22 | CVE-2016-7954 | Code Injection vulnerability in Bundler Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. | 9.8 |
| 2016-12-17 | CVE-2016-9949 | Code Injection vulnerability in multiple products An issue was discovered in Apport before 2.20.4. | 7.8 |