Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-28 | CVE-2017-13676 | Code Injection vulnerability in Norton Remove & Reinstall Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. | 7.0 |
| 2017-09-27 | CVE-2017-14764 | Code Injection vulnerability in Genixcms 1.1.4 In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module. | 8.8 |
| 2017-09-15 | CVE-2014-9463 | Code Injection vulnerability in Vbseo functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. | 8.8 |
| 2017-09-14 | CVE-2017-2809 | Code Injection vulnerability in Ansible-Vault Project Ansible-Vault An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. | 7.8 |
| 2017-09-11 | CVE-2015-9227 | Code Injection vulnerability in Alegrocart 1.2.8 PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2. | 7.2 |
| 2017-09-11 | CVE-2015-8351 | Code Injection vulnerability in Gwolle Guestbook Project Gwolle Guestbook PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. | 9.0 |
| 2017-09-05 | CVE-2017-14146 | Code Injection vulnerability in Helpdezk 1.1.1 HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary PHP code by uploading a .php attachment and then requesting it in the helpdezk\app\uploads\helpdezk\attachments\ directory. | 8.8 |
| 2017-09-01 | CVE-2017-3897 | Code Injection vulnerability in Mcafee Livesafe and Security Scan Plus A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response. | 9.8 |
| 2017-08-31 | CVE-2017-0899 | Code Injection vulnerability in multiple products RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. | 9.8 |
| 2017-08-30 | CVE-2017-1440 | Code Injection vulnerability in IBM Emptoris Services Procurement IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. | 8.8 |