CWE-94— Improper Control of Generation of Code (Code Injection)
6,197 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-94page 25 of 124
- CVE-2009-4789NONECVSS 0.0EG 0.02010-04-21
Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp…
- CVE-2009-4793NONECVSS 0.0EG 0.02010-04-22
Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos act…
- CVE-2009-4834NONECVSS 0.0EG 0.02010-05-04
lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to now_connect.php.
- CVE-2009-4836NONECVSS 0.0EG 0.02010-05-06
Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter.
- CVE-2009-4887NONECVSS 0.0EG 0.02010-06-11
PHP remote file inclusion vulnerability in index.php in CMS S.Builder 3.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in a binn_include_path cookie. NOTE: this can also be…
- CVE-2009-4928NONECVSS 0.0EG 0.02010-07-12
PHP remote file inclusion vulnerability in config.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922 and CVE-2006-7055.
- CVE-2009-4977NONECVSS 0.0EG 0.02010-08-25
PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 allows remote authenticated users to execute arbitrary PHP code via a URL in the main_content parameter.
- CVE-2009-4993NONECVSS 0.0EG 0.02010-08-25
PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
- CVE-2009-5095NONECVSS 0.0EG 0.02011-09-12
PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter.
- CVE-2009-5097NONECVSS 0.0EG 0.02011-09-13
Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3.
- CVE-2010-0019NONECVSS 0.0EG 0.02010-08-11
Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and frame…
- CVE-2010-0020NONECVSS 0.0EG 0.02010-02-10
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate …
- CVE-2010-0027NONECVSS 0.0EG 0.02010-01-22
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows r…
- CVE-2010-0031NONECVSS 0.0EG 0.02010-02-10
Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placemen…
- CVE-2010-0032NONECVSS 0.0EG 0.02010-02-10
Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
- CVE-2010-0043NONECVSS 0.0EG 0.02010-03-15
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
- CVE-2010-0046NONECVSS 0.0EG 0.02010-03-15
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.
- CVE-2010-0103NONECVSS 0.0EG 0.02010-03-10
UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Wi…
- CVE-2010-0155NONECVSS 0.0EG 0.02010-09-14
CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP header…
- CVE-2010-0178NONECVSS 0.0EG 0.02010-04-05
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary Jav…
- CVE-2010-0179NONECVSS 0.0EG 0.02010-04-05
Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privile…
- CVE-2010-0187NONECVSS 0.0EG 0.02010-02-15
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.
- CVE-2010-0188HIGHCVSS 7.8EG 9.0⚠ KEV2010-02-22
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2010-0191NONECVSS 0.0EG 0.02010-04-14
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."
- CVE-2010-0195NONECVSS 0.0EG 0.02010-04-14
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors.
- CVE-2010-0209NONECVSS 0.0EG 0.02010-08-11
Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than C…
- CVE-2010-0239NONECVSS 0.0EG 0.02010-02-10
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to …
- CVE-2010-0240NONECVSS 0.0EG 0.02010-02-10
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packe…
- CVE-2010-0241NONECVSS 0.0EG 0.02010-02-10
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to exe…
- CVE-2010-0244NONECVSS 0.0EG 0.02010-01-22
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to m…
- CVE-2010-0245NONECVSS 0.0EG 0.02010-01-22
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption,…
- CVE-2010-0246NONECVSS 0.0EG 0.02010-01-22
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption,…
- CVE-2010-0247NONECVSS 0.0EG 0.02010-01-22
Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading …
- CVE-2010-0248HIGHCVSS 8.1EG 8.12010-01-22
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to m…
- CVE-2010-0252NONECVSS 0.0EG 0.02010-02-10
The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windo…
- CVE-2010-0254NONECVSS 0.0EG 0.02010-04-14
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corrup…
- CVE-2010-0256NONECVSS 0.0EG 0.02010-04-14
Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calcu…
- CVE-2010-0257NONECVSS 0.0EG 0.02010-03-10
Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
- CVE-2010-0258HIGHCVSS 7.8EG 7.82010-03-10
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File…
- CVE-2010-0260NONECVSS 0.0EG 0.02010-03-10
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrar…
- CVE-2010-0262NONECVSS 0.0EG 0.02010-03-10
Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack v…
- CVE-2010-0263NONECVSS 0.0EG 0.02010-03-10
Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office Shar…
- CVE-2010-0264NONECVSS 0.0EG 0.02010-03-10
Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "…
- CVE-2010-0266NONECVSS 0.0EG 0.02010-07-15
Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary c…
- CVE-2010-0267NONECVSS 0.0EG 0.02010-03-31
Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memo…
- CVE-2010-0367NONECVSS 0.0EG 0.02010-01-21
Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.p…
- CVE-2010-0402NONECVSS 0.0EG 0.02010-05-05
OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command.
- CVE-2010-0483NONECVSS 0.0EG 0.02010-03-03
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local …
- CVE-2010-0490NONECVSS 0.0EG 0.02010-03-31
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to m…
- CVE-2010-0492HIGHCVSS 8.1EG 8.12010-03-31
Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory c…
Map vulnerabilities like CWE-94 to your infrastructure
EchelonGraph correlates every CVE — across CWE-94 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →