Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-26 | CVE-2017-8284 | Code Injection vulnerability in Qemu The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. | 7.0 |
| 2017-04-12 | CVE-2016-4895 | Code Injection vulnerability in Setucocms Project Setucocms SetsucoCMS all versions allows remote authenticated attackers to conduct code injection attacks via unspecified vectors. | 8.8 |
| 2017-04-11 | CVE-2017-7694 | Code Injection vulnerability in Getsymphony Symphony Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. | 8.8 |
| 2017-04-11 | CVE-2017-7691 | Code Injection vulnerability in SAP Trex A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). | 9.8 |
| 2017-04-10 | CVE-2017-7625 | Code Injection vulnerability in Fiyo CMS In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | 9.8 |
| 2017-04-10 | CVE-2016-5072 | Code Injection vulnerability in Oxidforge Oxid Eshop 4.9.8/5.2.8 OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. | 8.8 |
| 2017-04-07 | CVE-2017-7570 | Code Injection vulnerability in Pivotx 2.3.11 PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension. | 8.8 |
| 2017-04-06 | CVE-2017-4964 | Code Injection vulnerability in Cloudfoundry Bosh Azure CPI 22 Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability." | 8.8 |
| 2017-04-03 | CVE-2017-7402 | Code Injection vulnerability in Lucidcrew Pixie 1.04 Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg. | 9.8 |
| 2017-04-03 | CVE-2014-3927 | Code Injection vulnerability in Mrlg4PHP Project Mrlg4PHP mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. | 9.8 |