CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2014(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2014-9095 89 Exec Code Sql 2014-11-26 2017-11-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.
52 CVE-2014-9093 20 DoS Exec Code 2014-11-26 2016-12-03
7.5
None Remote Low Not required Partial Partial Partial
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
53 CVE-2014-9089 89 Exec Code Sql 2014-11-28 2017-01-03
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.
54 CVE-2014-9057 89 Exec Code Sql 2014-12-16 2015-11-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
55 CVE-2014-9029 189 Exec Code Overflow 2014-12-08 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
56 CVE-2014-9028 119 Exec Code Overflow 2014-11-26 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
57 CVE-2014-9005 89 1 Exec Code Sql 2014-11-20 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php.
58 CVE-2014-9002 264 Exec Code 2014-11-20 2017-09-08
10.0
None Remote Low Not required Complete Complete Complete
Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.
59 CVE-2014-9001 94 Exec Code 2014-11-20 2014-11-20
6.5
None Remote Low ??? Partial Partial Partial
reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters.
60 CVE-2014-9000 264 Exec Code +Priv 2014-11-20 2014-11-20
6.5
None Remote Low ??? Partial Partial Partial
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC.
61 CVE-2014-8999 89 Exec Code Sql 2014-11-20 2014-11-24
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.
62 CVE-2014-8998 94 1 Exec Code 2014-11-20 2017-09-08
6.5
None Remote Low ??? Partial Partial Partial
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.
63 CVE-2014-8997 94 1 Exec Code 2014-11-20 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/.
64 CVE-2014-8995 89 Exec Code Sql 2014-11-20 2017-09-08
5.0
None Remote Low Not required None Partial None
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.
65 CVE-2014-8990 77 Exec Code 2014-12-05 2017-07-01
7.5
None Remote Low Not required Partial Partial Partial
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
66 CVE-2014-8967 Exec Code 2014-12-15 2015-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets (CSS) token sequence specifying the run-in value for the display property, leading to improper CElement reference counting.
67 CVE-2014-8966 20 DoS Exec Code Mem. Corr. 2014-12-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
68 CVE-2014-8962 119 Exec Code Overflow 2014-11-26 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
69 CVE-2014-8956 119 Exec Code Overflow 2014-12-12 2014-12-16
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrary code with kernel privileges via unspecified vectors.
70 CVE-2014-8949 94 1 Exec Code 2014-11-16 2014-11-18
6.0
None Remote Medium ??? Partial Partial Partial
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges.
71 CVE-2014-8948 352 1 Exec Code CSRF 2014-11-16 2014-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote attackers to hijack the authentication of administrators for requests that with an unspecified impact via the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to execute arbitrary commands.
72 CVE-2014-8877 94 Exec Code 2014-12-05 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.
73 CVE-2014-8810 89 1 Exec Code Sql 2014-12-24 2018-10-30
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action.
74 CVE-2014-8791 94 Exec Code 2014-12-02 2018-10-09
6.0
None Remote Medium ??? Partial Partial Partial
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
75 CVE-2014-8789 20 Exec Code 2014-12-02 2014-12-05
6.5
None Remote Low ??? Partial Partial Partial
GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled during extraction.
76 CVE-2014-8770 94 1 Exec Code 2014-11-13 2019-07-16
9.0
None Remote Low ??? Complete Complete Complete
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.
77 CVE-2014-8766 89 Exec Code Sql 2014-10-14 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in a browse action to index.php or (2) unspecified parameters to admin.php.
78 CVE-2014-8756 Exec Code 2014-10-17 2021-11-09
6.8
None Remote Medium Not required Partial Partial Partial
The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address.
79 CVE-2014-8755 20 Exec Code 2014-10-17 2014-12-16
6.8
None Remote Medium Not required Partial Partial Partial
Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory."
80 CVE-2014-8728 89 1 Exec Code Sql 2014-12-02 2014-12-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter.
81 CVE-2014-8682 89 1 Exec Code Sql 2014-11-21 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.
82 CVE-2014-8681 89 1 Exec Code Sql 2014-11-21 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.
83 CVE-2014-8669 94 Exec Code 2014-11-06 2014-11-07
10.0
None Remote Low Not required Complete Complete Complete
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors.
84 CVE-2014-8668 89 Exec Code Sql 2014-11-06 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
85 CVE-2014-8664 89 Exec Code Sql 2014-11-06 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
86 CVE-2014-8663 89 Exec Code Sql 2014-11-06 2014-11-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
87 CVE-2014-8661 94 Exec Code 2014-11-06 2014-11-07
10.0
None Remote Low Not required Complete Complete Complete
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors.
88 CVE-2014-8660 94 Exec Code 2014-11-06 2018-12-10
7.2
None Local Low Not required Complete Complete Complete
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors.
89 CVE-2014-8626 119 DoS Exec Code Overflow 2014-11-23 2015-04-30
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding.
90 CVE-2014-8598 19 Exec Code +Info 2014-11-18 2017-09-08
6.4
None Remote Low Not required Partial Partial None
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.
91 CVE-2014-8596 89 1 Exec Code Sql 2014-11-17 2017-10-03
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.
92 CVE-2014-8588 89 Exec Code Sql 2014-11-04 2018-12-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
93 CVE-2014-8586 89 1 Exec Code Sql 2014-11-04 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.
94 CVE-2014-8554 89 Exec Code Sql 2014-11-13 2021-01-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609.
95 CVE-2014-8551 94 Exec Code 2014-11-26 2014-11-26
10.0
None Remote Low Not required Complete Complete Complete
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.
96 CVE-2014-8533 Exec Code 2014-10-29 2014-10-30
7.5
None Remote Low Not required Partial Partial Partial
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to execute arbitrary code via vectors related to ICMP redirection.
97 CVE-2014-8531 310 Exec Code 2014-10-29 2017-09-08
6.5
None Remote Low ??? Partial Partial Partial
The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified vectors.
98 CVE-2014-8517 77 Exec Code 2014-11-17 2017-11-06
7.5
None Remote Low Not required Partial Partial Partial
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
99 CVE-2014-8515 77 Exec Code 2014-12-12 2014-12-16
6.8
None Remote Medium Not required Partial Partial Partial
The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000.
100 CVE-2014-8514 119 Exec Code Overflow 2014-12-27 2016-12-31
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-9188. NOTE: this may be clarified later based on details provided by researchers.
Total number of vulnerabilities : 1572   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.