Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-29 | CVE-2017-10844 | Code Injection vulnerability in Basercms baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to execute arbitrary PHP code on the server via unspecified vectors. | 8.8 |
| 2017-08-29 | CVE-2017-10835 | Code Injection vulnerability in Nippon-Antenna Scr02Hd Firmware 1.0.3.1000 "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. | 8.8 |
| 2017-08-29 | CVE-2014-8872 | Code Injection vulnerability in AVM products Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50. | 7.8 |
| 2017-08-17 | CVE-2017-6782 | Code Injection vulnerability in Cisco Prime Infrastructure 3.2(0.0) A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. | 5.4 |
| 2017-08-17 | CVE-2011-0469 | Code Injection vulnerability in Suse Opensuse Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011. | 9.8 |
| 2017-08-14 | CVE-2017-1469 | Code Injection vulnerability in IBM Infosphere Information Server 11.3/11.5/9.1 IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. | 7.8 |
| 2017-08-10 | CVE-2017-3753 | Code Injection vulnerability in Lenovo products A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. | 6.8 |
| 2017-07-31 | CVE-2017-11760 | Code Injection vulnerability in Projeqtor uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area. | 8.8 |
| 2017-07-28 | CVE-2017-11715 | Code Injection vulnerability in Metinfo Project Metinfo job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php. | 9.8 |
| 2017-07-27 | CVE-2017-11675 | Code Injection vulnerability in Zen-Cart ZEN Cart 1.5.5E The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index. | 8.8 |