Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-22 | CVE-2017-9807 | Code Injection vulnerability in Openwebif Project Openwebif An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. | 9.8 |
| 2017-06-21 | CVE-2017-9774 | Code Injection vulnerability in Horde Image API Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. | 8.8 |
| 2017-06-21 | CVE-2017-9771 | Code Injection vulnerability in Websitebaker 2.10.0 install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter. | 9.8 |
| 2017-06-08 | CVE-2015-2252 | Code Injection vulnerability in Huawei Oceanstor UDS Firmware V100R002C01Spc101 Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. | 8.8 |
| 2017-06-05 | CVE-2017-9442 | Code Injection vulnerability in Bigtreecms Bigtree CMS BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. | 8.8 |
| 2017-06-01 | CVE-2015-6531 | Code Injection vulnerability in Paloaltonetworks Pan-Os Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file. | 7.8 |
| 2017-05-31 | CVE-2017-8402 | Code Injection vulnerability in Pivotx 2.3.11 PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file. | 8.8 |
| 2017-05-30 | CVE-2017-7494 | Code Injection vulnerability in multiple products Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. | 9.8 |
| 2017-05-12 | CVE-2017-8912 | Code Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. | 7.2 |
| 2017-05-06 | CVE-2017-7911 | Code Injection vulnerability in Cybervision KAA IOT Platform 0.7.4 A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. | 8.8 |