Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-02 | CVE-2017-17098 | Code Injection vulnerability in Gps-Server GPS Tracking Software The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request. | 9.8 |
| 2017-12-18 | CVE-2017-17649 | Code Injection vulnerability in Readymade Video Sharing Script Project Readymade Video Sharing Script 3.2 Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. | 6.1 |
| 2017-12-12 | CVE-2017-16682 | Code Injection vulnerability in SAP products SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. | 7.2 |
| 2017-12-07 | CVE-2017-1336 | Code Injection vulnerability in IBM Infosphere Biginsights 4.2.0 IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. | 4.4 |
| 2017-12-06 | CVE-2016-5713 | Code Injection vulnerability in Puppet Agent Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. | 9.8 |
| 2017-11-30 | CVE-2017-14198 | Code Injection vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. | 8.8 |
| 2017-11-27 | CVE-2017-1001002 | Code Injection vulnerability in Mathjs Math.Js math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. | 9.8 |
| 2017-11-21 | CVE-2017-16664 | Code Injection vulnerability in multiple products Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. | 8.8 |
| 2017-11-20 | CVE-2017-16544 | Code Injection vulnerability in multiple products In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. | 8.8 |
| 2017-11-18 | CVE-2017-14077 | Code Injection vulnerability in PHPcaptcha Securimage HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php. | 6.1 |