CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2014(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-5458 89 Exec Code Sql 2014-08-25 2015-11-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sqrl_verify.php in php-sqrl allows remote attackers to execute arbitrary SQL commands via the message parameter.
2 CVE-2014-5454 Exec Code 2014-08-25 2017-09-08
6.0
None Remote Medium ??? Partial Partial Partial
Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
3 CVE-2014-5399 89 Exec Code Sql 2014-08-28 2015-11-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
4 CVE-2014-5383 89 Exec Code Sql 2014-08-21 2015-09-08
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
5 CVE-2014-5262 89 Exec Code Sql 2014-08-22 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
6 CVE-2014-5261 94 Exec Code 2014-08-22 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.
7 CVE-2014-5249 89 Exec Code Sql 2014-08-14 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
8 CVE-2014-5210 94 Exec Code 2014-08-21 2014-08-21
10.0
None Remote Low Not required Complete Complete Complete
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.
9 CVE-2014-5203 Exec Code 2014-08-18 2014-08-28
7.5
None Remote Low Not required Partial Partial Partial
wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.
10 CVE-2014-5201 89 Exec Code Sql 2014-08-12 2015-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php.
11 CVE-2014-5200 89 Exec Code Sql 2014-08-12 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
12 CVE-2014-5192 89 1 Exec Code Sql 2014-08-07 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter.
13 CVE-2014-5189 89 Exec Code Sql 2014-08-07 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
14 CVE-2014-5186 89 Exec Code Sql 2014-08-06 2014-08-07
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php.
15 CVE-2014-5185 89 Exec Code Sql 2014-08-06 2014-08-07
6.0
None Remote Medium ??? Partial Partial Partial
SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php.
16 CVE-2014-5184 89 Exec Code Sql 2014-08-06 2014-08-07
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php.
17 CVE-2014-5183 89 Exec Code Sql 2014-08-06 2014-08-07
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php.
18 CVE-2014-5182 89 Exec Code Sql 2014-08-06 2014-08-07
6.0
None Remote Medium ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.
19 CVE-2014-5180 89 Exec Code Sql 2014-08-06 2014-08-07
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php.
20 CVE-2014-5159 89 Exec Code Sql 2014-08-21 2014-08-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.
21 CVE-2014-5158 94 Exec Code 2014-08-21 2014-08-21
10.0
None Remote Low Not required Complete Complete Complete
The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.
22 CVE-2014-5119 189 DoS Exec Code 2014-08-29 2020-03-31
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
23 CVE-2014-5097 89 Exec Code Sql 2014-08-22 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php.
24 CVE-2014-5090 94 Exec Code 2014-08-06 2014-08-07
6.5
None Remote Low ??? Partial Partial Partial
admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.
25 CVE-2014-5089 89 Exec Code Sql 2014-08-06 2014-08-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter.
26 CVE-2014-5082 89 1 Exec Code Sql 2014-08-06 2015-11-04
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.
27 CVE-2014-5073 1 Exec Code 2014-08-29 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call.
28 CVE-2014-4767 94 Exec Code 2014-08-22 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.3 does not properly use the Liberty Repository for feature installation, which allows remote authenticated users to execute arbitrary code via unspecified vectors.
29 CVE-2014-4647 119 Exec Code Overflow 2014-08-07 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the loadExtensionFactory method in the TSVisualization ActiveX control in Embarcadero ER/Studio Data Architect allows remote attackers to execute arbitrary code via unspecified vectors.
30 CVE-2014-4345 189 DoS Exec Code Overflow 2014-08-14 2020-01-21
8.5
None Remote Medium ??? Complete Complete Complete
Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.
31 CVE-2014-4343 415 DoS Exec Code Mem. Corr. 2014-08-14 2020-01-21
7.6
None Remote High Not required Complete Complete Complete
Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.
32 CVE-2014-4197 89 Exec Code Sql 2014-08-22 2014-08-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allow remote attackers to execute arbitrary SQL commands via the (1) CARDS or (2) XACTION parameter.
33 CVE-2014-4067 119 DoS Exec Code Overflow Mem. Corr. 2014-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4055.
34 CVE-2014-4063 119 DoS Exec Code Overflow Mem. Corr. 2014-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2826, and CVE-2014-2827.
35 CVE-2014-4060 416 Exec Code 2014-08-12 2019-05-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka "CSyncBasePlayer Use After Free Vulnerability."
36 CVE-2014-4058 119 DoS Exec Code Overflow Mem. Corr. 2014-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
37 CVE-2014-4057 119 DoS Exec Code Overflow Mem. Corr. 2014-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, and CVE-2014-2823.
38 CVE-2014-4056 119 DoS Exec Code Overflow Mem. Corr. 2014-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
39 CVE-2014-4055 119 DoS Exec Code Overflow Mem. Corr. 2014-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4067.
40 CVE-2014-4052 119 DoS Exec Code Overflow Mem. Corr. 2014-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
41 CVE-2014-4051 119 DoS Exec Code Overflow Mem. Corr. 2014-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2784.
42 CVE-2014-4050 119 DoS Exec Code Overflow Mem. Corr. 2014-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4055, and CVE-2014-4067.
43 CVE-2014-3914 22 1 Exec Code Dir. Trav. 2014-08-07 2014-08-07
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
44 CVE-2014-3906 89 Exec Code Sql 2014-08-19 2014-08-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
45 CVE-2014-3904 89 Exec Code Sql 2014-08-17 2014-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
46 CVE-2014-3773 89 Exec Code Sql 2014-08-07 2014-08-07
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/.
47 CVE-2014-3597 119 DoS Exec Code Overflow 2014-08-23 2017-01-07
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.
48 CVE-2014-3560 94 Exec Code 2014-08-06 2019-04-22
7.9
None Local Network Medium Not required Complete Complete Complete
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.
49 CVE-2014-3524 Exec Code 2014-08-26 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.
50 CVE-2014-3459 119 Exec Code Overflow 2014-08-07 2014-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property.
Total number of vulnerabilities : 104   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.