Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-03-30 CVE-2017-7324 Code Injection vulnerability in Modx Revolution
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter.
network
low complexity
modx CWE-94
critical
9.8
2017-03-30 CVE-2017-7321 Code Injection vulnerability in Modx Revolution
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.
network
low complexity
modx CWE-94
critical
9.8
2017-03-29 CVE-2014-3582 Code Injection vulnerability in Apache Ambari
In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.
network
low complexity
apache CWE-94
critical
9.8
2017-03-27 CVE-2017-6455 Code Injection vulnerability in NTP
NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.
local
high complexity
ntp CWE-94
7.0
2017-03-23 CVE-2015-0855 Code Injection vulnerability in Pitivi 0.94
The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path.
network
low complexity
pitivi CWE-94
critical
9.8
2017-03-23 CVE-2016-1602 Code Injection vulnerability in Suse products
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).
local
low complexity
suse CWE-94
7.8
2017-03-21 CVE-2017-6186 Code Injection vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security
Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack.
local
low complexity
bitdefender CWE-94
6.7
2017-03-14 CVE-2016-8020 Code Injection vulnerability in Mcafee Virusscan Enterprise
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.
network
high complexity
mcafee CWE-94
8.0
2017-02-15 CVE-2017-2968 Code Injection vulnerability in Adobe Campaign 16.4
Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability.
network
low complexity
adobe CWE-94
critical
9.1
2017-02-13 CVE-2016-8354 Code Injection vulnerability in Schneider-Electric Unity PRO 11.0/6.0/7.0
An issue was discovered in Schneider Electric Unity PRO prior to V11.1.
local
high complexity
schneider-electric CWE-94
7.0