Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-31 | CVE-2007-4644 | Code Injection vulnerability in Doomsday Format string vulnerability in the Cl_GetPackets function in cl_main.c in the client in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote Doomsday servers to execute arbitrary code via format string specifiers in a PSV_CONSOLE_TEXT message. | 7.5 |
| 2007-08-31 | CVE-2007-4608 | Code Injection vulnerability in Winterburns.Co.Uk Epersonnel Rc200402 PHP remote file inclusion vulnerability in protection.php in ePersonnel RC_2004_02 allows remote attackers to execute arbitrary PHP code via a URL in the logout_page parameter. | 7.5 |
| 2007-08-31 | CVE-2007-4606 | Code Injection vulnerability in PHPnuke-Clan PHP remote file inclusion vulnerability in convert/mvcw_conver.php in the Virtual War (VWar) module for PHPNuke-Clan (PNC) 4.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1602. | 7.5 |
| 2007-08-31 | CVE-2007-4605 | Code Injection vulnerability in Vwar Virtual WAR PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747. | 7.5 |
| 2007-08-30 | CVE-2007-4596 | Code Injection vulnerability in PHP The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. | 7.5 |
| 2007-08-28 | CVE-2007-4551 | Code Injection vulnerability in Agares Media Arcadem 2.0.1 PHP remote file inclusion vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter. | 7.5 |
| 2007-08-21 | CVE-2007-4464 | Code Injection vulnerability in multiple products CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations. | 4.3 |
| 2007-08-21 | CVE-2007-4458 | Code Injection vulnerability in Firesoft PHP remote file inclusion vulnerability in includes/class/class_tpl.php in Firesoft allows remote attackers to execute arbitrary PHP code via a URL in the cache_file parameter. | 7.5 |
| 2007-08-14 | CVE-2007-4342 | Code Injection vulnerability in PHPcentral Login 1.0 PHP remote file inclusion vulnerability in include.php in PHPCentral Login 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. | 7.5 |
| 2007-08-14 | CVE-2007-4339 | Code Injection vulnerability in PHPcentral Poll Script 1.0 Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll Script 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter in (1) poll.php and (2) pollarchive.php. | 7.5 |