Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-30 | CVE-2017-7324 | Code Injection vulnerability in Modx Revolution setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. | 9.8 |
2017-03-30 | CVE-2017-7321 | Code Injection vulnerability in Modx Revolution setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. | 9.8 |
2017-03-29 | CVE-2014-3582 | Code Injection vulnerability in Apache Ambari In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | 9.8 |
2017-03-27 | CVE-2017-6455 | Code Injection vulnerability in NTP NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. | 7.0 |
2017-03-23 | CVE-2015-0855 | Code Injection vulnerability in Pitivi 0.94 The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. | 9.8 |
2017-03-23 | CVE-2016-1602 | Code Injection vulnerability in Suse products A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root). | 7.8 |
2017-03-21 | CVE-2017-6186 | Code Injection vulnerability in Bitdefender Antivirus Plus, Internet Security and Total Security Code injection vulnerability in Bitdefender Total Security 12.0 (and earlier), Internet Security 12.0 (and earlier), and Antivirus Plus 12.0 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Bitdefender process via a "DoubleAgent" attack. | 6.7 |
2017-03-14 | CVE-2016-8020 | Code Injection vulnerability in Mcafee Virusscan Enterprise Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter. | 8.0 |
2017-02-15 | CVE-2017-2968 | Code Injection vulnerability in Adobe Campaign 16.4 Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability. | 9.1 |
2017-02-13 | CVE-2016-8354 | Code Injection vulnerability in Schneider-Electric Unity PRO 11.0/6.0/7.0 An issue was discovered in Schneider Electric Unity PRO prior to V11.1. | 7.0 |