Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-08-14 | CVE-2007-4328 | Code Injection vulnerability in Mapos Scripts Bilder Galerie 1.0/1.1 Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder Galerie 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) galerie.php, or (3) anzagien.php. | 6.8 |
2007-08-08 | CVE-2007-4244 | Code Injection vulnerability in Joomla J Reactions PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter. | 7.5 |
2007-08-08 | CVE-2007-4187 | Code Injection vulnerability in Joomla 1.5.0Beta Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/. | 7.5 |
2007-07-27 | CVE-2007-4038 | Code Injection vulnerability in Mozilla Firefox and Thunderbird Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670. | 4.3 |
2007-07-15 | CVE-2007-3773 | Code Injection vulnerability in Generic Youtube Clone Script Generic Youtube Clone Script Cross-site request forgery (CSRF) vulnerability in the Email-Template module in Generic YouTube Clone Script allows remote attackers to upload files with arbitrary file types to templates/emails/ as administrators. | 9.3 |
2007-07-05 | CVE-2007-3586 | Code Injection vulnerability in Mycms Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. | 7.5 |
2007-06-20 | CVE-2007-3303 | Code Injection vulnerability in Apache Http Server 2.0.59/2.2.4 Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. | 4.9 |
2007-06-12 | CVE-2007-0218 | Code Injection vulnerability in Microsoft Internet Explorer 5.01/6/7.0 Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. | 9.3 |
2007-06-08 | CVE-2007-3130 | Code Injection vulnerability in Joomla Jd-Wiki 1.0.2 Multiple PHP remote file inclusion vulnerabilities in the OpenWiki (formerly JD-Wiki) component (com_jd-wiki) 1.0.2, and possibly earlier, for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) dwpage.php or (2) wantedpages.php, different vectors than CVE-2006-4074. | 6.8 |
2007-06-01 | CVE-2007-2868 | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption. | 9.3 |