Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-09 | CVE-2018-2363 | Code Injection vulnerability in SAP products SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. | 8.8 |
| 2018-01-05 | CVE-2017-16905 | Code Injection vulnerability in Duolingo Tinycards The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack. | 8.1 |
| 2018-01-03 | CVE-2017-1000480 | Code Injection vulnerability in Smarty Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name. | 9.8 |
| 2018-01-02 | CVE-2017-17098 | Code Injection vulnerability in Gps-Server GPS Tracking Software The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request. | 9.8 |
| 2017-12-18 | CVE-2017-17649 | Code Injection vulnerability in Readymade Video Sharing Script Project Readymade Video Sharing Script 3.2 Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. | 6.1 |
| 2017-12-12 | CVE-2017-16682 | Code Injection vulnerability in SAP products SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. | 7.2 |
| 2017-12-07 | CVE-2017-1336 | Code Injection vulnerability in IBM Infosphere Biginsights 4.2.0 IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject code that could allow access to restricted data and files. | 4.4 |
| 2017-12-06 | CVE-2016-5713 | Code Injection vulnerability in Puppet Agent Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. | 9.8 |
| 2017-11-30 | CVE-2017-14198 | Code Injection vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. | 8.8 |
| 2017-11-27 | CVE-2017-1001002 | Code Injection vulnerability in Mathjs Math.Js math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. | 9.8 |