Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-19 | CVE-2014-2302 | Code Injection vulnerability in Webedition CMS 6.2.7.0/6.3.3.0/6.3.8 The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org. | 9.8 |
| 2018-07-19 | CVE-2018-14399 | Code Injection vulnerability in PHPcms Project PHPcms 9.6.0 libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI. | 9.8 |
| 2018-07-11 | CVE-2018-8284 | Code Injection vulnerability in Microsoft products A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. | 8.1 |
| 2018-07-10 | CVE-2018-2427 | Code Injection vulnerability in SAP products SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. | 8.8 |
| 2018-07-10 | CVE-2018-13818 | Code Injection vulnerability in Symfony Twig Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. | 9.8 |
| 2018-07-06 | CVE-2018-3608 | Code Injection vulnerability in Trendmicro products A vulnerability in Trend Micro Maximum Security's (Consumer) 2018 (versions 12.0.1191 and below) User-Mode Hooking (UMH) driver could allow an attacker to create a specially crafted packet that could alter a vulnerable system in such a way that malicious code could be injected into other processes. | 9.8 |
| 2018-07-06 | CVE-2017-1329 | Code Injection vulnerability in IBM products IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. | 5.4 |
| 2018-07-06 | CVE-2017-1248 | Code Injection vulnerability in IBM products IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. | 6.1 |
| 2018-07-06 | CVE-2017-1242 | Code Injection vulnerability in IBM products IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. | 5.4 |
| 2018-07-01 | CVE-2018-13043 | Code Injection vulnerability in multiple products scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. | 9.8 |