CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2014(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1251 CVE-2014-0172 189 DoS Exec Code Overflow 2014-04-11 2017-07-01
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.
1252 CVE-2014-0162 20 Exec Code 2014-04-27 2014-06-05
6.0
None Remote Medium ??? Partial Partial Partial
The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.
1253 CVE-2014-0150 189 Exec Code Overflow 2014-04-18 2020-11-02
4.9
None Local Network Medium ??? Partial Partial Partial
Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow.
1254 CVE-2014-0137 89 Exec Code Sql 2014-05-14 2014-05-15
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists.
1255 CVE-2014-0133 787 Exec Code Overflow 2014-03-28 2021-11-10
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.
1256 CVE-2014-0114 20 Exec Code 2014-04-30 2021-01-26
7.5
None Remote Low Not required Partial Partial Partial
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
1257 CVE-2014-0113 264 Exec Code 2014-04-29 2019-08-12
7.5
None Remote Low Not required Partial Partial Partial
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
1258 CVE-2014-0112 264 Exec Code 2014-04-29 2019-08-12
7.5
None Remote Low Not required Partial Partial Partial
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
1259 CVE-2014-0111 94 Exec Code 2014-04-17 2019-03-21
6.5
None Remote Low ??? Partial Partial Partial
Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."
1260 CVE-2014-0088 119 Exec Code Overflow 2014-04-29 2021-11-10
7.5
None Remote Low Not required Partial Partial Partial
The SPDY implementation in the ngx_http_spdy_module module in nginx 1.5.10 before 1.5.11, when running on a 32-bit platform, allows remote attackers to execute arbitrary code via a crafted request.
1261 CVE-2014-0080 89 Exec Code Sql 2014-02-20 2019-08-08
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.
1262 CVE-2014-0063 119 DoS Exec Code Overflow 2014-03-31 2017-12-16
6.5
None Remote Low ??? Partial Partial Partial
Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.
1263 CVE-2014-0049 120 Exec Code Overflow 2014-03-11 2020-08-26
7.4
None Local Network Medium ??? Complete Complete Complete
Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data.
1264 CVE-2014-0045 189 DoS Exec Code 2014-02-08 2016-12-31
7.5
None Remote Low Not required Partial Partial Partial
The needSamples method in AudioOutputSpeech.cpp in the client in Mumble 1.2.4 and the 1.2.3 pre-release snapshots, Mumble for iOS 1.1 through 1.2.2, and MumbleKit before commit fd190328a9b24d37382b269a5674b0c0c7a7e36d does not check the return value of the opus_decode_float function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Opus voice packet, which triggers an error in opus_decode_float, a conversion of a negative integer to an unsigned integer, and a heap-based buffer over-read and over-write.
1265 CVE-2014-0039 Exec Code 2014-02-08 2014-02-21
4.4
None Local Medium Not required Partial Partial Partial
Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.
1266 CVE-2014-0007 Exec Code 2014-06-20 2014-06-23
7.5
None Remote Low Not required Partial Partial Partial
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.
1267 CVE-2014-0004 119 DoS Exec Code Overflow 2014-03-11 2016-12-31
6.9
None Local Medium Not required Complete Complete Complete
Stack-based buffer overflow in udisks before 1.0.5 and 2.x before 2.1.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long mount point.
1268 CVE-2014-0001 119 DoS Exec Code Overflow 2014-01-31 2019-12-17
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.
1269 CVE-2013-7416 77 Exec Code 2014-12-03 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed.
1270 CVE-2013-7409 119 5 DoS Exec Code Overflow 2014-10-30 2016-12-31
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
1271 CVE-2013-7406 89 Exec Code Sql 2014-10-21 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
1272 CVE-2013-7394 94 Exec Code 2014-08-07 2014-08-07
9.0
None Remote Low ??? Complete Complete Complete
The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT2 due to different vulnerability types.
1273 CVE-2013-7392 Exec Code 2014-07-22 2014-07-22
7.5
None Remote Low Not required Partial Partial Partial
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.
1274 CVE-2013-7388 119 Exec Code Overflow 2014-07-01 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap (BMP). NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and codebases (ADT1).
1275 CVE-2013-7386 134 DoS Exec Code 2014-06-02 2014-06-03
5.0
None Remote Low Not required None None Partial
Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.
1276 CVE-2013-7375 89 Exec Code Sql 2014-05-05 2016-12-31
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.
1277 CVE-2013-7369 89 Exec Code Sql 2014-04-18 2014-04-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to GetCommand.
1278 CVE-2013-7362 94 Exec Code 2014-04-10 2014-04-11
7.5
None Remote Low Not required Partial Partial Partial
An unspecified RFC function in SAP CCMS Agent allows remote attackers to execute arbitrary commands via unknown vectors.
1279 CVE-2013-7355 89 Exec Code Sql 2014-04-10 2014-04-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema.
1280 CVE-2013-7349 89 1 Exec Code Sql 2014-04-01 2016-12-31
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates.
1281 CVE-2013-7344 Exec Code 2014-03-24 2014-03-24
6.5
None Remote Low ??? Partial Partial Partial
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions.
1282 CVE-2013-7323 Exec Code 2014-06-09 2014-06-24
7.5
None Remote Low Not required Partial Partial Partial
python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
1283 CVE-2013-7284 94 Exec Code 2014-04-29 2014-04-30
6.8
None Remote Medium Not required Partial Partial Partial
The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.
1284 CVE-2013-7278 89 Exec Code Sql 2014-01-08 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp.
1285 CVE-2013-7262 89 Exec Code Sql 2014-01-05 2021-06-07
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.
1286 CVE-2013-7260 119 1 Exec Code Overflow 2014-01-03 2020-05-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.
1287 CVE-2013-7259 352 Exec Code CSRF 2014-04-29 2014-08-04
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/.
1288 CVE-2013-7246 119 1 Exec Code Overflow 2014-01-30 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014.
1289 CVE-2013-7225 89 Exec Code Sql 2014-01-02 2014-01-03
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature.
1290 CVE-2013-7221 264 Exec Code 2014-04-29 2014-04-29
4.6
None Local Low Not required Partial Partial Partial
The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation.
1291 CVE-2013-7220 Exec Code 2014-04-29 2014-04-29
4.6
None Local Low Not required Partial Partial Partial
js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.
1292 CVE-2013-7219 89 Exec Code Sql 2014-01-21 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter.
1293 CVE-2013-7179 20 Exec Code 2014-02-04 2015-12-18
8.3
None Local Network Low Not required Complete Complete Complete
The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter.
1294 CVE-2013-7175 89 Exec Code Sql 2014-01-24 2016-12-31
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) Title, (2) File name, or (3) Candidate Name field.
1295 CVE-2013-7139 89 Exec Code Sql 2014-01-09 2014-01-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.
1296 CVE-2013-7106 119 DoS Exec Code Overflow 2014-01-15 2014-02-25
6.5
None Remote Low ??? Partial Partial Partial
Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the (1) display_nav_table, (2) page_limit_selector, (3) print_export_link, or (4) page_num_selector function in cgi/cgiutils.c; (5) status_page_num_selector function in cgi/status.c; or (6) display_command_expansion function in cgi/config.c. NOTE: this can be exploited without authentication by leveraging CVE-2013-7107.
1297 CVE-2013-7034 94 Exec Code 2014-05-05 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.
1298 CVE-2013-6955 264 Exec Code 2014-01-09 2014-01-10
10.0
None Remote Low Not required Complete Complete Complete
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.
1299 CVE-2013-6952 310 Exec Code 2014-02-22 2014-03-06
10.0
None Remote Low Not required Complete Complete Complete
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.
1300 CVE-2013-6934 189 DoS Exec Code Overflow 2014-01-23 2019-09-12
7.5
None Remote Low Not required Partial Partial Partial
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
Total number of vulnerabilities : 1572   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 (This Page)27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.