CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2014(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1551 CVE-2011-3195 20 Exec Code 2014-03-21 2014-03-21
6.5
None Remote Low ??? Partial Partial Partial
shared/inc/sql/lists.php in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options.
1552 CVE-2011-3180 Exec Code 2014-04-16 2014-04-17
7.5
None Remote Low Not required Partial Partial Partial
kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown.
1553 CVE-2011-2944 89 2 Exec Code Sql 2014-08-12 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.
1554 CVE-2011-2702 94 Exec Code 2014-10-27 2014-10-31
6.8
None Remote Medium Not required Partial Partial Partial
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.
1555 CVE-2011-2593 189 Exec Code Overflow 2014-08-12 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a crafted Content-Length HTTP header, which triggers a heap-based buffer overflow.
1556 CVE-2011-2592 119 Exec Code Overflow 2014-06-18 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header.
1557 CVE-2010-5301 119 1 Exec Code Overflow 2014-06-13 2016-12-08
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a HEAD request.
1558 CVE-2010-5300 119 1 DoS Exec Code Overflow 2014-06-11 2014-06-12
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name in a zip archive.
1559 CVE-2010-5299 119 3 Exec Code Overflow 2014-05-23 2014-06-30
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. NOTE: it has been reported that the overflow is in the lpFileName parameter of the CreateFileA function, but the overflow is probably caused by a separate, unnamed function.
1560 CVE-2010-5111 119 DoS Exec Code Overflow 2014-06-16 2014-06-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted reply in the (1) TLS_readline or (2) SSL_readline function, related to the EchoPingHttps Smokeping probe.
1561 CVE-2010-4820 94 Exec Code 2014-10-27 2014-11-02
4.4
None Local Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055.
1562 CVE-2010-2236 20 Exec Code 2014-04-15 2014-04-16
6.0
None Remote Medium ??? Partial Partial Partial
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.
1563 CVE-2010-2062 189 Exec Code 2014-12-26 2014-12-29
7.5
None Remote Low Not required Partial Partial Partial
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.
1564 CVE-2010-1445 119 DoS Exec Code Overflow 2014-12-26 2014-12-29
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session.
1565 CVE-2010-1444 119 DoS Exec Code Overflow 2014-12-26 2014-12-29
7.5
None Remote Low Not required Partial Partial Partial
The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.
1566 CVE-2010-1442 119 DoS Exec Code Overflow 2014-12-26 2014-12-29
7.5
None Remote Low Not required Partial Partial Partial
VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer.
1567 CVE-2010-1441 119 DoS Exec Code Overflow 2014-12-26 2014-12-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder.
1568 CVE-2009-5137 119 1 Exec Code Overflow 2014-01-03 2014-01-07
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the [playlist] section in a .pls file, a different vector than CVE-2009-1667.
1569 CVE-2006-1318 94 Exec Code 2014-09-19 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."
1570 CVE-2004-2771 20 Exec Code 2014-12-24 2019-12-27
7.5
None Remote Low Not required Partial Partial Partial
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
1571 CVE-2003-1599 94 Exec Code File Inclusion 2014-10-27 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable.
1572 CVE-2003-1598 89 Exec Code Sql 2014-10-01 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.
Total number of vulnerabilities : 1572   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.