Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2017-02-13 CVE-2015-8771 Code Injection vulnerability in Gosa Project Gosa Plugin
The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.
network
low complexity
gosa-project CWE-94
critical
9.8
2017-02-09 CVE-2016-5727 Code Injection vulnerability in Simplemachines Simple Machines Forum 2.1
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop.
network
low complexity
simplemachines CWE-94
8.8
2017-02-09 CVE-2016-5726 Code Injection vulnerability in Simplemachines Simple Machines Forum 2.1
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
network
low complexity
simplemachines CWE-94
critical
9.8
2017-02-07 CVE-2016-6175 Code Injection vulnerability in PHP-Gettext Project PHP-Gettext
Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.
network
low complexity
php-gettext-project CWE-94
critical
9.8
2017-01-23 CVE-2016-7102 Code Injection vulnerability in Owncloud Desktop Client
ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive.
local
low complexity
owncloud CWE-94
8.4
2017-01-23 CVE-2016-2242 Code Injection vulnerability in Exponentcms Exponent CMS
Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.
network
low complexity
exponentcms CWE-94
critical
9.8
2017-01-23 CVE-2016-10157 Code Injection vulnerability in Akamai Netsession 1.9.3.1
Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path.
network
low complexity
akamai CWE-94
critical
9.8
2017-01-20 CVE-2017-5543 Code Injection vulnerability in Intelliants Subrion 4.0.5
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
network
low complexity
intelliants CWE-94
critical
9.8
2016-12-23 CVE-2016-7968 Code Injection vulnerability in KDE Kmail
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled.
network
low complexity
kde CWE-94
6.5
2016-12-23 CVE-2016-7966 Code Injection vulnerability in multiple products
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer.
network
low complexity
kde debian fedoraproject suse CWE-94
7.3