Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-05 | CVE-2018-19002 | Code Injection vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391/4.1.0.3870 LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash. | 7.8 |
| 2019-02-04 | CVE-2019-4038 | Code Injection vulnerability in IBM Security Identity Manager IBM Security Identity Manager 6.0 and 7.0 could allow an attacker to create unexpected control flow paths through the application, potentially bypassing security checks. | 6.2 |
| 2019-01-23 | CVE-2019-6713 | Code Injection vulnerability in Thinkcmf 5.0.190111 app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a file_put_contents call. | 9.8 |
| 2019-01-22 | CVE-2018-19011 | Code Injection vulnerability in Omron Cx-Supervisor CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. | 8.8 |
| 2019-01-15 | CVE-2018-20717 | Code Injection vulnerability in Prestashop In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. | 8.8 |
| 2019-01-15 | CVE-2017-18356 | Code Injection vulnerability in Woocommerce In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. | 8.8 |
| 2019-01-10 | CVE-2018-0461 | Code Injection vulnerability in Cisco IP Phone 8800 Series Firmware 12.5(1) A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. | 8.8 |
| 2019-01-09 | CVE-2018-16168 | Code Injection vulnerability in Jpcert Logontracer LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors. | 9.8 |
| 2019-01-09 | CVE-2016-9651 | Code Injection vulnerability in multiple products A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 |
| 2019-01-09 | CVE-2019-0542 | Code Injection vulnerability in multiple products A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js. | 8.8 |