CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2014(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2014-3634 119 DoS Exec Code Overflow 2014-11-02 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.
552 CVE-2014-3618 119 DoS Exec Code Overflow 2014-09-08 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."
553 CVE-2014-3597 119 DoS Exec Code Overflow 2014-08-23 2017-01-07
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.
554 CVE-2014-3593 94 Exec Code 2014-10-15 2014-10-22
6.0
None Remote Medium ??? Partial Partial Partial
Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration.
555 CVE-2014-3564 119 DoS Exec Code Overflow 2014-10-20 2016-10-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."
556 CVE-2014-3560 94 Exec Code 2014-08-06 2019-04-22
7.9
None Local Network Medium Not required Complete Complete Complete
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.
557 CVE-2014-3554 120 DoS Exec Code Overflow 2014-07-31 2021-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.
558 CVE-2014-3545 94 Exec Code 2014-07-29 2020-12-01
6.0
None Remote Medium ??? Partial Partial Partial
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.
559 CVE-2014-3541 94 Exec Code 2014-07-29 2020-12-01
7.5
None Remote Low Not required Partial Partial Partial
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.
560 CVE-2014-3524 Exec Code 2014-08-26 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.
561 CVE-2014-3518 94 Exec Code 2014-07-22 2014-07-23
6.8
None Remote Medium Not required Partial Partial Partial
jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors.
562 CVE-2014-3515 Exec Code 2014-07-09 2017-01-07
7.5
None Remote Low Not required Partial Partial Partial
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to "type confusion" issues in (1) ArrayObject and (2) SPLObjectStorage.
563 CVE-2014-3496 94 Exec Code 2014-06-20 2019-12-17
10.0
None Remote Low Not required Complete Complete Complete
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.
564 CVE-2014-3486 59 Exec Code 2014-07-07 2017-01-07
6.9
None Local Medium Not required Complete Complete Complete
The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name.
565 CVE-2014-3483 89 Exec Code Sql 2014-07-07 2019-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.
566 CVE-2014-3482 89 Exec Code Sql 2014-07-07 2019-08-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.
567 CVE-2014-3466 119 DoS Exec Code Overflow Mem. Corr. 2014-06-03 2017-12-29
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.
568 CVE-2014-3461 119 Exec Code Overflow 2014-11-04 2014-11-05
6.8
None Remote Medium Not required Partial Partial Partial
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."
569 CVE-2014-3460 22 Exec Code Dir. Trav. 2014-05-20 2021-04-13
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname.
570 CVE-2014-3459 119 Exec Code Overflow 2014-08-07 2014-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property.
571 CVE-2014-3453 94 Exec Code 2014-05-17 2014-05-19
6.5
None Remote Low ??? Partial Partial Partial
Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page.
572 CVE-2014-3446 89 Exec Code Sql 2014-10-30 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.
573 CVE-2014-3444 94 DoS Exec Code 2014-05-20 2014-05-20
9.3
None Remote Medium Not required Complete Complete Complete
The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file.
574 CVE-2014-3434 119 1 Exec Code Overflow 2014-08-06 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.
575 CVE-2014-3429 94 Exec Code 2014-08-07 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.
576 CVE-2014-3418 78 1 Exec Code 2014-07-15 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.
577 CVE-2014-3415 89 Exec Code Sql 2014-05-29 2015-08-01
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group.
578 CVE-2014-3412 Exec Code 2014-05-20 2014-05-21
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors.
579 CVE-2014-3411 Exec Code 2014-05-19 2017-01-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the NSM XDB service in Juniper NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vectors.
580 CVE-2014-3366 89 Exec Code Sql 2014-10-31 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.
581 CVE-2014-3339 89 Exec Code Sql 2014-08-12 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.
582 CVE-2014-3338 20 Exec Code +Priv 2014-08-12 2017-08-29
8.5
None Remote Medium ??? Complete Complete Complete
The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491.
583 CVE-2014-3336 89 Exec Code Sql 2014-08-11 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016.
584 CVE-2014-3326 89 Exec Code Sql 2014-07-26 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957.
585 CVE-2014-3312 287 Exec Code 2014-07-09 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.
586 CVE-2014-3311 119 Exec Code Overflow 2014-07-10 2017-08-29
5.1
None Remote High Not required Partial Partial Partial
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.
587 CVE-2014-3307 Exec Code 2014-07-02 2015-12-03
6.8
None Local Network High Not required Complete Complete Complete
The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513.
588 CVE-2014-3306 20 Exec Code 2014-07-18 2017-01-12
10.0
None Remote Low Not required Complete Complete Complete
The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808.
589 CVE-2014-3287 89 Exec Code Sql 2014-06-10 2016-09-07
4.0
None Remote Low ??? Partial None None
SQL injection vulnerability in BulkViewFileContentsAction.java in the Java interface in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to execute arbitrary SQL commands via crafted filename parameters in a URL, aka Bug ID CSCuo17337.
590 CVE-2014-3275 89 Exec Code Sql 2014-05-26 2015-09-16
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCul21337.
591 CVE-2014-3261 119 Exec Code Overflow 2014-05-26 2018-10-30
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in the Smart Call Home implementation in Cisco NX-OS on Fabric Interconnects in Cisco Unified Computing System 1.4 before 1.4(1i), NX-OS 5.0 before 5.0(3)U2(2) on Nexus 3000 devices, NX-OS 4.1 before 4.1(2)E1(1l) on Nexus 4000 devices, NX-OS 5.x before 5.1(3)N1(1) on Nexus 5000 devices, NX-OS 5.2 before 5.2(3a) on Nexus 7000 devices, and CG-OS CG4 before CG4(2) on Connected 1000 Connected Grid Routers allows remote SMTP servers to execute arbitrary code via a crafted reply, aka Bug IDs CSCtk00695, CSCts56633, CSCts56632, CSCts56628, CSCug14405, and CSCuf61322.
592 CVE-2014-3246 89 1 Exec Code Sql 2014-05-13 2014-05-14
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.
593 CVE-2014-3210 89 Exec Code Sql 2014-05-22 2018-10-09
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.
594 CVE-2014-3204 264 Exec Code Bypass 2014-05-06 2014-05-07
4.4
None Local Medium Not required Partial Partial Partial
Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by right-clicking on the indicator bar and then pressing the ALT and F2 keys.
595 CVE-2014-3203 264 Exec Code Bypass 2014-05-06 2014-05-07
4.4
None Local Medium Not required Partial Partial Partial
Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by pressing the SUPER key before the screen auto-locks.
596 CVE-2014-3188 94 Exec Code 2014-10-08 2016-09-07
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h.
597 CVE-2014-3186 119 DoS Exec Code Overflow 2014-09-28 2015-05-14
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.
598 CVE-2014-3185 119 DoS Exec Code Overflow Mem. Corr. 2014-09-28 2015-05-12
6.9
None Local Medium Not required Complete Complete Complete
Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.
599 CVE-2014-3183 119 DoS Exec Code Overflow 2014-09-28 2014-09-29
6.9
None Local Medium Not required Complete Complete Complete
Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report.
600 CVE-2014-3182 119 DoS Exec Code Overflow 2014-09-28 2015-10-08
6.9
None Local Medium Not required Complete Complete Complete
Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.
Total number of vulnerabilities : 1572   Page : 1 2 3 4 5 6 7 8 9 10 11 12 (This Page)13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.