Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-02-13 | CVE-2015-8771 | Code Injection vulnerability in Gosa Project Gosa Plugin The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password. | 9.8 |
2017-02-09 | CVE-2016-5727 | Code Injection vulnerability in Simplemachines Simple Machines Forum 2.1 LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop. | 8.8 |
2017-02-09 | CVE-2016-5726 | Code Injection vulnerability in Simplemachines Simple Machines Forum 2.1 Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter. | 9.8 |
2017-02-07 | CVE-2016-6175 | Code Injection vulnerability in PHP-Gettext Project PHP-Gettext Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header. | 9.8 |
2017-01-23 | CVE-2016-7102 | Code Injection vulnerability in Owncloud Desktop Client ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. | 8.4 |
2017-01-23 | CVE-2016-2242 | Code Injection vulnerability in Exponentcms Exponent CMS Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php. | 9.8 |
2017-01-23 | CVE-2016-10157 | Code Injection vulnerability in Akamai Netsession 1.9.3.1 Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. | 9.8 |
2017-01-20 | CVE-2017-5543 | Code Injection vulnerability in Intelliants Subrion 4.0.5 includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request. | 9.8 |
2016-12-23 | CVE-2016-7968 | Code Injection vulnerability in KDE Kmail KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. | 6.5 |
2016-12-23 | CVE-2016-7966 | Code Injection vulnerability in multiple products Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. | 7.3 |