Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-06 | CVE-2016-4391 | Code Injection vulnerability in HP Arcsight Winc Connector A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0. | 9.8 |
| 2018-08-03 | CVE-2018-14910 | Code Injection vulnerability in Seacms 6.61 SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). | 8.8 |
| 2018-08-03 | CVE-2018-7748 | Code Injection vulnerability in Servicenow Jakarta report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter. | 8.8 |
| 2018-07-24 | CVE-2018-14579 | Code Injection vulnerability in Golemcms Project Golemcms GolemCMS through 2008-12-24, if the install/ directory remains active after an installation, allows remote attackers to execute arbitrary PHP code by inserting this code into the "Database Information" "Table prefix" form field, or obtain sensitive information via a direct request for install/install.sql. | 9.8 |
| 2018-07-23 | CVE-2018-1999023 | Code Injection vulnerability in Wesnoth the Battle for Wesnoth The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. | 8.8 |
| 2018-07-23 | CVE-2018-1999022 | Code Injection vulnerability in multiple products PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. | 9.8 |
| 2018-07-23 | CVE-2018-1999019 | Code Injection vulnerability in Chamilo LMS Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. | 9.8 |
| 2018-07-20 | CVE-2018-14421 | Code Injection vulnerability in Seacms 6.61 SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). | 8.8 |
| 2018-07-19 | CVE-2014-2302 | Code Injection vulnerability in Webedition CMS 6.2.7.0/6.3.3.0/6.3.8 The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org. | 9.8 |
| 2018-07-19 | CVE-2018-14399 | Code Injection vulnerability in PHPcms Project PHPcms 9.6.0 libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI. | 9.8 |