CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2014(Gain Privilege) (CVSS score >= 8)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-9387 264 +Priv 2014-12-17 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
2 CVE-2014-9222 17 +Priv Mem. Corr. 2014-12-24 2018-08-31
10.0
None Remote Low Not required Complete Complete Complete
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
3 CVE-2014-9183 255 +Priv 2014-12-02 2014-12-03
10.0
None Remote Low Not required Complete Complete Complete
ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges.
4 CVE-2014-8496 255 +Priv 2014-12-10 2014-12-10
10.0
None Remote Low Not required Complete Complete Complete
Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack.
5 CVE-2014-8418 264 +Priv 2014-11-24 2019-07-16
9.0
None Remote Low ??? Complete Complete Complete
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.
6 CVE-2014-8373 264 +Priv 2014-12-11 2018-10-09
9.0
None Remote Low ??? Complete Complete Complete
The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect (by) Using VMRC" function.
7 CVE-2014-8368 264 Exec Code +Priv 2014-11-25 2018-12-20
9.0
None Remote Low ??? Complete Complete Complete
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.
8 CVE-2014-6625 284 +Priv 2014-11-19 2014-11-19
9.0
None Remote Low ??? Complete Complete Complete
The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors.
9 CVE-2014-4626 264 +Priv 2014-12-17 2014-12-17
9.0
None Remote Low ??? Complete Complete Complete
EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515.
10 CVE-2014-4618 264 +Priv 2014-08-20 2017-08-29
8.5
None Remote Medium ??? Complete Complete Complete
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object.
11 CVE-2014-4073 264 +Priv 2014-10-15 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability."
12 CVE-2014-3816 264 +Priv 2014-07-11 2014-07-18
9.0
None Remote Low ??? Complete Complete Complete
Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before 13.2R5, 13.3 before 13.3R2-S2, and 14.1 before 14.1R1 allows remote authenticated users to gain privileges via unspecified combinations of CLI commands and arguments.
13 CVE-2014-3338 20 Exec Code +Priv 2014-08-12 2017-08-29
8.5
None Remote Medium ??? Complete Complete Complete
The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491.
14 CVE-2014-2816 264 +Priv 2014-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka "SharePoint Page Content Vulnerability."
15 CVE-2014-2613 +Priv 2014-06-28 2014-07-24
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privileges via unknown vectors.
16 CVE-2014-2606 +Priv 2014-07-16 2017-08-29
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors.
17 CVE-2014-2515 264 +Priv 2014-08-20 2017-08-29
8.5
None Remote Medium ??? Complete Complete Complete
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.
18 CVE-2014-2127 20 +Priv 2014-04-10 2014-04-10
8.5
None Remote Medium ??? Complete Complete Complete
Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.
19 CVE-2014-2126 264 +Priv 2014-04-10 2014-04-10
8.5
None Remote Medium ??? Complete Complete Complete
Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to gain privileges by leveraging level-0 ASDM access, aka Bug ID CSCuj33496.
20 CVE-2014-1982 287 1 Exec Code +Priv 2014-03-31 2014-03-31
10.0
None Remote Low Not required Complete Complete Complete
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.
21 CVE-2014-1812 255 +Priv +Info 2014-05-14 2019-05-13
9.0
None Remote Low ??? Complete Complete Complete
The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka "Group Policy Preferences Password Elevation of Privilege Vulnerability."
22 CVE-2014-1756 +Priv 2014-05-14 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Microsoft Office Chinese Grammar Checking Vulnerability."
23 CVE-2014-1666 264 DoS +Priv 2014-01-26 2018-01-03
8.3
None Local Network Low Not required Complete Complete Complete
The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.
24 CVE-2014-1379 DoS +Priv 2014-07-01 2015-11-20
10.0
None Remote Low Not required Complete Complete Complete
Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a 32-bit executable file for a crafted application.
25 CVE-2014-0629 264 +Priv +Info 2014-03-06 2014-03-07
8.5
None Remote Medium ??? Complete Complete Complete
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation.
26 CVE-2013-7383 264 +Priv 2014-05-20 2014-05-21
9.0
None Remote Low ??? Complete Complete Complete
x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0.1.10 allows remote authenticated users to gain privileges via unspecified vectors, possibly related to backticks.
27 CVE-2013-7248 255 +Priv 2014-01-26 2014-01-27
10.0
None Remote Low Not required Complete Complete Complete
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.
28 CVE-2013-6990 264 +Priv 2014-04-30 2017-08-29
9.0
None Remote Low ??? Complete Complete Complete
FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface.
29 CVE-2013-6884 255 1 +Priv 2014-01-07 2014-02-25
10.0
None Remote Low Not required Complete Complete Complete
The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.
30 CVE-2013-6838 310 +Priv 2014-01-28 2014-01-31
10.0
None Remote Low Not required Complete Complete Complete
An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges by leveraging knowledge of this key.
31 CVE-2013-6775 264 +Priv 2014-03-31 2014-03-31
10.0
None Remote Low Not required Complete Complete Complete
The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su.
32 CVE-2013-6774 +Priv 2014-03-31 2015-11-10
10.0
None Remote Low Not required Complete Complete Complete
Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser.
33 CVE-2013-6769 20 +Priv 2014-03-31 2014-03-31
10.0
None Remote Low Not required Complete Complete Complete
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su.
34 CVE-2013-6744 264 +Priv 2014-05-30 2017-08-29
8.5
None Remote Medium ??? Complete Complete Complete
The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.
35 CVE-2013-3678 +Priv 2014-11-19 2018-10-09
9.0
None Remote Low ??? Complete Complete Complete
Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request.
36 CVE-2013-3092 287 +Priv Bypass 2014-09-29 2014-10-01
8.3
None Local Network Low Not required Complete Complete Complete
The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header.
37 CVE-2013-1398 310 +Priv +Info 2014-03-14 2019-07-10
8.5
None Remote Medium ??? Complete Complete Complete
The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the master role.
38 CVE-2012-5390 264 +Priv 2014-06-06 2014-06-09
10.0
None Remote Low Not required Complete Complete Complete
The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job.
Total number of vulnerabilities : 38   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.