CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2014(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2014-6295 89 Exec Code Sql 2014-10-03 2014-10-06
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
252 CVE-2014-6293 89 Exec Code Sql 2014-10-03 2014-10-06
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014.
253 CVE-2014-6278 78 Exec Code 2014-09-30 2021-11-17
10.0
None Remote Low Not required Complete Complete Complete
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
254 CVE-2014-6277 78 DoS Exec Code 2014-09-27 2018-08-09
10.0
None Remote Low Not required Complete Complete Complete
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.
255 CVE-2014-6273 119 DoS Exec Code Overflow 2014-09-30 2020-01-08
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.
256 CVE-2014-6271 78 Exec Code 2014-09-24 2021-11-17
10.0
None Remote Low Not required Complete Complete Complete
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
257 CVE-2014-6270 119 DoS Exec Code Overflow 2014-09-12 2017-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.
258 CVE-2014-6261 94 Exec Code 2014-12-15 2016-03-21
9.3
None Remote Medium Not required Complete Complete Complete
Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657.
259 CVE-2014-6260 77 DoS Exec Code 2014-12-15 2016-03-21
6.8
None Remote Medium Not required Partial Partial Partial
Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412.
260 CVE-2014-6252 119 DoS Exec Code Overflow 2014-09-05 2018-12-10
6.5
None Remote Low ??? Partial Partial Partial
Buffer overflow in disp+work.exe 7000.52.12.34966 and 7200.117.19.50294 in the Dispatcher in SAP NetWeaver 7.00 and 7.20 allows remote authenticated users to cause a denial of service or execute arbitrary code via unspecified vectors.
261 CVE-2014-6242 89 1 Exec Code Sql CSRF 2014-10-02 2018-10-09
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
262 CVE-2014-6241 89 Exec Code Sql 2014-09-11 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
263 CVE-2014-6239 89 Exec Code Sql 2014-09-11 2014-09-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
264 CVE-2014-6235 Exec Code 2014-09-11 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.
265 CVE-2014-6233 89 Exec Code Sql 2014-09-11 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
266 CVE-2014-6231 Exec Code 2014-09-11 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extension before 1.2.5 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.
267 CVE-2014-6183 399 Exec Code 2014-11-23 2017-09-08
4.0
None Remote Low ??? None None Partial
IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.
268 CVE-2014-6140 310 Exec Code 2014-12-06 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before 9.0.60100 uses the same secret HMAC token across different customers' installations, which allows remote attackers to execute arbitrary code via crafted marshalled Ruby objects in cookies to (1) Enrollment and Apple iOS Management Extender, (2) Self-service portal, (3) Trusted Services provider, or (4) Admin Portal.
269 CVE-2014-6122 264 Exec Code 2014-12-23 2017-09-08
5.5
None Remote Low ??? None Partial Partial
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to write to arbitrary folders, and consequently execute arbitrary commands, via a modified argument.
270 CVE-2014-6119 94 Exec Code 2014-12-23 2017-09-08
9.3
None Remote Medium Not required Complete Complete Complete
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to execute arbitrary code via a crafted executable file in an archive.
271 CVE-2014-6080 89 Exec Code Sql 2014-12-18 2017-09-08
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
272 CVE-2014-6055 119 DoS Exec Code Overflow 2014-09-30 2020-10-23
6.5
None Remote Low ??? Partial Partial Partial
Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.
273 CVE-2014-6052 20 DoS Exec Code 2014-12-15 2020-10-23
7.5
None Remote Low Not required Partial Partial Partial
The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.
274 CVE-2014-6051 189 DoS Exec Code Overflow 2014-09-30 2020-10-23
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.
275 CVE-2014-6037 22 1 Exec Code Dir. Trav. 2014-10-26 2020-03-26
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
276 CVE-2014-6030 89 Exec Code Sql 2014-11-06 2014-11-06
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.
277 CVE-2014-5521 89 1 Exec Code Sql 2014-09-02 2014-09-03
6.5
None Remote Low ??? Partial Partial Partial
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.
278 CVE-2014-5520 89 1 Exec Code Sql 2014-10-26 2014-10-31
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.
279 CVE-2014-5519 94 1 Exec Code 2014-09-11 2014-11-13
7.5
None Remote Low Not required Partial Partial Partial
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party information.
280 CVE-2014-5506 Exec Code 2014-09-04 2017-01-07
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.
281 CVE-2014-5505 119 Exec Code Overflow 2014-09-04 2017-09-08
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.
282 CVE-2014-5504 255 Exec Code 2014-09-04 2014-09-08
7.5
None Remote Low Not required Partial Partial Partial
SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL.
283 CVE-2014-5503 89 Exec Code Sql 2014-10-07 2014-10-08
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode.
284 CVE-2014-5501 119 Exec Code Overflow 2014-10-07 2014-10-08
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file.
285 CVE-2014-5462 89 Exec Code Sql 2014-12-08 2018-08-23
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edit_layout.php; (2) form_patient_id, (3) form_drug_name, or (4) form_lot_number parameter to interface/reports/prescriptions_report.php; (5) payment_id parameter to interface/billing/edit_payment.php; (6) id parameter to interface/forms_admin/forms_admin.php; (7) form_pid or (8) form_encounter parameter to interface/billing/sl_eob_search.php; (9) sortby parameter to interface/logview/logview.php; form_facility parameter to (10) procedure_stats.php, (11) pending_followup.php, or (12) pending_orders.php in interface/orders/; (13) patient, (14) encounterid, (15) formid, or (16) issue parameter to interface/patient_file/deleter.php; (17) search_term parameter to interface/patient_file/encounter/coding_popup.php; (18) text parameter to interface/patient_file/encounter/search_code.php; (19) form_addr1, (20) form_addr2, (21) form_attn, (22) form_country, (23) form_freeb_type, (24) form_partner, (25) form_name, (26) form_zip, (27) form_state, (28) form_city, or (29) form_cms_id parameter to interface/practice/ins_search.php; (30) form_pid parameter to interface/patient_file/problem_encounter.php; (31) patient, (32) form_provider, (33) form_apptstatus, or (34) form_facility parameter to interface/reports/appointments_report.php; (35) db_id parameter to interface/patient_file/summary/demographics_save.php; (36) p parameter to interface/fax/fax_dispatch_newpid.php; or (37) patient_id parameter to interface/patient_file/reminder/patient_reminders.php.
286 CVE-2014-5460 20 2 Exec Code 2014-09-11 2018-10-09
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.
287 CVE-2014-5458 89 Exec Code Sql 2014-08-25 2015-11-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sqrl_verify.php in php-sqrl allows remote attackers to execute arbitrary SQL commands via the message parameter.
288 CVE-2014-5454 Exec Code 2014-08-25 2017-09-08
6.0
None Remote Medium ??? Partial Partial Partial
Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
289 CVE-2014-5440 89 Exec Code Sql 2014-09-12 2017-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter.
290 CVE-2014-5424 264 DoS Exec Code 2014-11-14 2014-11-14
7.5
None Remote Low Not required Partial Partial Partial
Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an outdated compiler.
291 CVE-2014-5399 89 Exec Code Sql 2014-08-28 2015-11-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
292 CVE-2014-5389 89 Exec Code Sql 2014-10-06 2015-11-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php.
293 CVE-2014-5387 89 Exec Code Sql 2014-11-04 2020-07-06
6.5
None Remote Low ??? Partial Partial Partial
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.
294 CVE-2014-5383 89 Exec Code Sql 2014-08-21 2015-09-08
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
295 CVE-2014-5342 Exec Code 2014-11-19 2014-11-19
10.0
None Remote Low Not required Complete Complete Complete
Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627.
296 CVE-2014-5340 94 Exec Code 2014-09-02 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL.
297 CVE-2014-5324 94 Exec Code 2014-09-26 2014-09-27
6.5
None Remote Low ??? Partial Partial Partial
Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file.
298 CVE-2014-5314 119 Exec Code Overflow 2014-11-24 2014-12-30
9.0
None Remote Low ??? Complete Complete Complete
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.
299 CVE-2014-5308 89 1 Exec Code Sql 2014-10-08 2014-10-09
9.0
None Remote Low ??? Complete Complete Complete
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.
300 CVE-2014-5300 287 1 Exec Code Bypass 2014-10-08 2018-10-09
5.0
None Remote Low Not required None Partial None
Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature.
Total number of vulnerabilities : 1572   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.