Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-16 | CVE-2007-0983 | Code Injection vulnerability in Ansatheus AT Contenator PHP remote file inclusion vulnerability in _admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Root_To_Script parameter. | 6.8 |
2007-02-15 | CVE-2006-7021 | Code Injection vulnerability in Plume-Cms Plume CMS 1.1.3 PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter. | 7.5 |
2007-02-13 | CVE-2007-0209 | Code Injection vulnerability in Microsoft Office and Works Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption. | 9.3 |
2007-02-13 | CVE-2007-0025 | Code Injection vulnerability in Microsoft Visual Studio .Net and Windows 2003 Server The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. | 9.3 |
2007-02-08 | CVE-2007-0854 | Code Injection vulnerability in Cpanel Webhost Manager Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. | 7.5 |
2007-02-08 | CVE-2006-6976 | Code Injection vulnerability in Centipaid PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter. | 7.5 |
2007-02-04 | CVE-2007-0699 | Code Injection vulnerability in Portail web PHP Portail web PHP 0.99 PHP remote file inclusion vulnerability in includes/includes.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) before 2.5.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter. | 7.5 |
2007-02-03 | CVE-2007-0675 | Code Injection vulnerability in Microsoft Windows Vista A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. | 7.6 |
2007-02-01 | CVE-2007-0649 | Code Injection vulnerability in Openemr Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. | 4.3 |
2007-01-29 | CVE-2006-6962 | Code Injection vulnerability in Joomla RS Gallery2 1.11.2 PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. | 6.8 |