CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2014(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-7169 78 Exec Code 2014-09-25 2021-11-17
10.0
None Remote Low Not required Complete Complete Complete
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
2 CVE-2014-7153 89 Exec Code Sql 2014-09-22 2014-09-22
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php.
3 CVE-2014-6446 94 1 Exec Code 2014-09-26 2015-10-01
7.5
None Remote Low Not required Partial Partial Partial
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.
4 CVE-2014-6278 78 Exec Code 2014-09-30 2021-11-17
10.0
None Remote Low Not required Complete Complete Complete
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
5 CVE-2014-6277 78 DoS Exec Code 2014-09-27 2018-08-09
10.0
None Remote Low Not required Complete Complete Complete
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.
6 CVE-2014-6273 119 DoS Exec Code Overflow 2014-09-30 2020-01-08
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
7 CVE-2014-6271 78 Exec Code 2014-09-24 2021-11-17
10.0
None Remote Low Not required Complete Complete Complete
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
8 CVE-2014-6270 119 DoS Exec Code Overflow 2014-09-12 2017-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.
9 CVE-2014-6252 119 DoS Exec Code Overflow 2014-09-05 2018-12-10
6.5
None Remote Low ??? Partial Partial Partial
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.
10 CVE-2014-6241 89 Exec Code Sql 2014-09-11 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
11 CVE-2014-6239 89 Exec Code Sql 2014-09-11 2014-09-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
12 CVE-2014-6235 Exec Code 2014-09-11 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.
13 CVE-2014-6233 89 Exec Code Sql 2014-09-11 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
14 CVE-2014-6231 Exec Code 2014-09-11 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extension before 1.2.5 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.
15 CVE-2014-6055 119 DoS Exec Code Overflow 2014-09-30 2020-10-23
6.5
None Remote Low ??? Partial Partial Partial
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
16 CVE-2014-6051 189 DoS Exec Code Overflow 2014-09-30 2020-10-23
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.
17 CVE-2014-5521 89 1 Exec Code Sql 2014-09-02 2014-09-03
6.5
None Remote Low ??? Partial Partial Partial
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.
18 CVE-2014-5519 94 1 Exec Code 2014-09-11 2014-11-13
7.5
None Remote Low Not required Partial Partial Partial
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party information.
19 CVE-2014-5506 Exec Code 2014-09-04 2017-01-07
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.
20 CVE-2014-5505 119 Exec Code Overflow 2014-09-04 2017-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.
21 CVE-2014-5504 255 Exec Code 2014-09-04 2014-09-08
7.5
None Remote Low Not required Partial Partial Partial
SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.
22 CVE-2014-5460 20 2 Exec Code 2014-09-11 2018-10-09
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.
23 CVE-2014-5440 89 Exec Code Sql 2014-09-12 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter.
24 CVE-2014-5340 94 Exec Code 2014-09-02 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL.
25 CVE-2014-5324 94 Exec Code 2014-09-26 2014-09-27
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file.
26 CVE-2014-4824 89 Exec Code Sql 2014-09-18 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
27 CVE-2014-4424 89 Exec Code Sql 2014-09-19 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
28 CVE-2014-4418 20 Exec Code 2014-09-18 2019-03-08
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388.
29 CVE-2014-4416 20 Exec Code 2014-09-19 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4401.
30 CVE-2014-4415 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
31 CVE-2014-4414 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
32 CVE-2014-4413 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
33 CVE-2014-4412 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
34 CVE-2014-4411 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
35 CVE-2014-4410 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2019-03-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
36 CVE-2014-4405 DoS Exec Code 2014-09-18 2019-03-08
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.
37 CVE-2014-4404 119 Exec Code Overflow 2014-09-18 2019-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
38 CVE-2014-4402 119 Exec Code Overflow 2014-09-19 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
An unspecified IOAcceleratorFamily function in Apple OS X before 10.9.5 lacks proper bounds checking on read operations, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
39 CVE-2014-4401 20 Exec Code 2014-09-19 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, and CVE-2014-4416.
40 CVE-2014-4400 20 Exec Code 2014-09-19 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4401, and CVE-2014-4416.
41 CVE-2014-4399 20 Exec Code 2014-09-19 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
42 CVE-2014-4398 20 Exec Code 2014-09-19 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
43 CVE-2014-4397 20 Exec Code 2014-09-19 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
44 CVE-2014-4396 20 Exec Code 2014-09-19 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4395, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
45 CVE-2014-4395 20 Exec Code 2014-09-19 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4394, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
46 CVE-2014-4394 20 Exec Code 2014-09-19 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
An unspecified integrated graphics driver routine in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 does not properly validate calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application, a different vulnerability than CVE-2014-4395, CVE-2014-4396, CVE-2014-4397, CVE-2014-4398, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, and CVE-2014-4416.
47 CVE-2014-4393 119 DoS Exec Code Overflow 2014-09-19 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the shader compiler in the Intel Graphics Driver subsystem in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GLSL shader.
48 CVE-2014-4390 20 Exec Code 2014-09-19 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Bluetooth in Apple OS X before 10.9.5 does not properly validate API calls, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
49 CVE-2014-4389 189 Exec Code Overflow 2014-09-18 2019-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.
50 CVE-2014-4388 20 Exec Code 2014-09-18 2019-03-08
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418.
Total number of vulnerabilities : 152   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.