Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-29 | CVE-2018-12995 | Code Injection vulnerability in Onefilecms onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen. | 8.8 |
| 2018-06-29 | CVE-2018-12994 | Code Injection vulnerability in Onefilecms onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen. | 8.8 |
| 2018-06-25 | CVE-2018-11587 | Code Injection vulnerability in Centreon and Centreon web There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. | 9.8 |
| 2018-06-18 | CVE-2018-12531 | Code Injection vulnerability in Metinfo 6.0.0 An issue was discovered in MetInfo 6.0.0. | 9.8 |
| 2018-06-13 | CVE-2017-3907 | Code Injection vulnerability in Mcafee Threat Intelligence Exchange 2.1.0 Code Injection vulnerability in the ePolicy Orchestrator (ePO) extension in McAfee Threat Intelligence Exchange (TIE) Server 2.1.0 and earlier allows remote attackers to execute arbitrary HTML code to be reflected in the response web page via unspecified vector. | 9.8 |
| 2018-06-11 | CVE-2018-5158 | Code Injection vulnerability in multiple products The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. | 8.8 |
| 2018-06-11 | CVE-2017-7798 | Code Injection vulnerability in multiple products The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. | 8.8 |
| 2018-06-11 | CVE-2018-6512 | Code Injection vulnerability in Puppet Pe-Razor-Server, Puppet Enterprise and Razor-Server The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. | 9.8 |
| 2018-06-08 | CVE-2018-11228 | Code Injection vulnerability in Crestron Toolbox Protocol Firmware 1.502.0047.001 Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). | 9.8 |
| 2018-06-07 | CVE-2017-16151 | Code Injection vulnerability in Electronjs Electron Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. | 9.8 |