CWE-94

Improper Control of Generation of Code ('Code Injection')

BaseDraftLikelihood: Medium

Description

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-242 · CAPEC-35 · CAPEC-77

CVEs mapped to this weakness (4,559)

page 203 of 228

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2013-6427	Hewlettpackard Hplip	—	0.01	Dec 9, 2013	upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.
CVE-2013-4376	—	—	0.02	Dec 9, 2013	The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, related to the path to libx2go-server-db-sqlite3-wrapper.pl.
CVE-2013-6385	Drupal Drupal	—	0.02	Dec 7, 2013	The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution…
CVE-2013-4479	Supmua Sup	—	0.01	Dec 7, 2013	lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.
CVE-2013-4478	Supmua Sup	—	0.00	Dec 7, 2013	Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.
CVE-2013-4446	Drupal Context module	—	0.01	Dec 7, 2013	The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code…
CVE-2012-6535	Djvulibre Project Djvulibre	—	0.05	Dec 2, 2013	DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.
CVE-2013-6866	Sybase Adaptive Server Enterprise	—	0.02	Nov 23, 2013	SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689.
CVE-2013-6865	Sybase Adaptive Server Enterprise	—	0.02	Nov 23, 2013	SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989.
CVE-2013-4495	Adaptivecomputing Torque Resource Manager	—	0.05	Nov 20, 2013	The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 4.2.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the email (-M switch) to qsub.
CVE-2013-4438	Saltstack Salt	—	0.01	Nov 5, 2013	Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.
CVE-2013-6349	McAfee Email Gateway	—	0.01	Nov 2, 2013	McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2013-2208	Andreas Krennmair Tpp	—	0.01	Oct 28, 2013	tpp 1.3.1 allows remote attackers to execute arbitrary commands via a --exec command in a TPP template file.
CVE-2013-4957	Puppet (software) Puppet Enterprise	—	0.00	Oct 25, 2013	The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type.
CVE-2013-3244	SAP ERP Central Component	—	0.01	Oct 24, 2013	Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request.
CVE-2013-4203	Richard Cook Rgpg	—	0.01	Oct 11, 2013	The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
CVE-2013-5325	Adobe Inc. Acrobat	—	0.01	Oct 9, 2013	Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote attackers to execute arbitrary JavaScript code in a javascript: URL via a crafted PDF document.
CVE-2013-3200	Microsoft Windows	—	0.01	Oct 9, 2013	The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate attackers to execute arbitrary…
CVE-2013-4330	Apache Camel	—	0.18	Oct 4, 2013	Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.
CVE-2013-6009	Open-Xchange Appsuite	—	0.00	Oct 3, 2013	CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.

CVE-2013-6427Dec 9, 2013
Hewlettpackard
Hplip
risk 0.00cvss —epss 0.01
upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.
CVE-2013-4376Dec 9, 2013
risk 0.00cvss —epss 0.02
The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server before 4.0.0.2 allows remote attackers to execute arbitrary code via unspecified vectors, related to the path to libx2go-server-db-sqlite3-wrapper.pl.
CVE-2013-6385Dec 7, 2013
Drupal
Drupal
risk 0.00cvss —epss 0.02
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote attackers to trigger application-specific impacts such as arbitrary code execution…
CVE-2013-4479Dec 7, 2013
Supmua
Sup
risk 0.00cvss —epss 0.01
lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the content_type of an email attachment.
CVE-2013-4478Dec 7, 2013
Supmua
Sup
risk 0.00cvss —epss 0.00
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.
CVE-2013-4446Dec 7, 2013
Drupal
Context module
risk 0.00cvss —epss 0.01
The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the json_decode function, allows remote attackers to execute arbitrary PHP code…
CVE-2012-6535Dec 2, 2013
Djvulibre Project
Djvulibre
risk 0.00cvss —epss 0.05
DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.
CVE-2013-6866Nov 23, 2013
Sybase
Adaptive Server Enterprise
risk 0.00cvss —epss 0.02
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689.
CVE-2013-6865Nov 23, 2013
Sybase
Adaptive Server Enterprise
risk 0.00cvss —epss 0.02
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR732989.
CVE-2013-4495Nov 20, 2013
Adaptivecomputing
Torque Resource Manager
risk 0.00cvss —epss 0.05
The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 4.2.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the email (-M switch) to qsub.
CVE-2013-4438Nov 5, 2013
Saltstack
Salt
risk 0.00cvss —epss 0.01
Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.
CVE-2013-6349Nov 2, 2013
McAfee
Email Gateway
risk 0.00cvss —epss 0.01
McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
CVE-2013-2208Oct 28, 2013
Andreas Krennmair
Tpp
risk 0.00cvss —epss 0.01
tpp 1.3.1 allows remote attackers to execute arbitrary commands via a --exec command in a TPP template file.
CVE-2013-4957Oct 25, 2013
Puppet (software)
Puppet Enterprise
risk 0.00cvss —epss 0.00
The dashboard report in Puppet Enterprise before 3.0.1 allows attackers to execute arbitrary YAML code via a crafted report-specific type.
CVE-2013-3244Oct 24, 2013
SAP
ERP Central Component
risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB function in the Project System (PS-IS) module for SAP ERP Central Component (ECC) allow remote attackers to execute arbitrary code via a (1) RFC or (2) SOAP-RFC request.
CVE-2013-4203Oct 11, 2013
Richard Cook
Rgpg
risk 0.00cvss —epss 0.01
The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem before 0.2.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
CVE-2013-5325Oct 9, 2013
Adobe Inc.
Acrobat
risk 0.00cvss —epss 0.01
Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote attackers to execute arbitrary JavaScript code in a javascript: URL via a crafted PDF document.
CVE-2013-3200Oct 9, 2013
Microsoft
Windows
risk 0.00cvss —epss 0.01
The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow physically proximate attackers to execute arbitrary…
CVE-2013-4330Oct 4, 2013
Apache
Camel
risk 0.00cvss —epss 0.18
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.
CVE-2013-6009Oct 3, 2013
Open-Xchange
Appsuite
risk 0.00cvss —epss 0.00
CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the ajax/defer servlet.