Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2002-12-31 CVE-2002-2299 Code Injection vulnerability in Atthat.Com Thatware
PHP remote file inclusion vulnerability in thatfile.php in Thatware 0.3 through 0.5.2 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
network
atthat-com CWE-94
6.8
2002-12-31 CVE-2002-2298 Code Injection vulnerability in Atthat.Com Thatware
PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
network
atthat-com CWE-94
6.8
2002-12-31 CVE-2002-2297 Code Injection vulnerability in Atthat.Com Thatware 0.5.2/0.5.3
PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
network
atthat-com CWE-94
6.8
2002-12-31 CVE-2002-2287 Code Injection vulnerability in PHPbb Advanced Quick Reply Hack 1.0.0/1.1.0
PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.
network
low complexity
phpbb CWE-94
7.5
2002-12-31 CVE-2002-2249 Code Injection vulnerability in PHP Evolution News Evolution 1.0/2.0
PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php.
network
low complexity
php-evolution CWE-94
7.5
2001-05-03 CVE-2001-0308 Code Injection vulnerability in Bajie Java Http Server
UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ...
network
low complexity
bajie CWE-94
7.5
2001-05-03 CVE-2001-0307 Code Injection vulnerability in Bajie Java Http Server
Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.
network
low complexity
bajie CWE-94
7.5
1996-05-29 CVE-1999-0509 Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands.
network
low complexity
CWE-94
critical
10.0