ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php.
Max CVSS
10.0
EPSS Score
0.31%
Published
2014-12-18
Updated
2014-12-18
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
Max CVSS
10.0
EPSS Score
0.79%
Published
2014-12-17
Updated
2018-10-09
Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename.
Max CVSS
10.0
EPSS Score
17.70%
Published
2014-12-16
Updated
2014-12-17
The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.
Max CVSS
10.0
EPSS Score
34.08%
Published
2014-12-16
Updated
2015-03-07
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.
Max CVSS
10.0
EPSS Score
1.43%
Published
2014-12-16
Updated
2018-10-09
Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.
Max CVSS
10.0
EPSS Score
4.62%
Published
2014-12-24
Updated
2016-09-06

CVE-2014-9222

Public exploit
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
Max CVSS
10.0
EPSS Score
97.21%
Published
2014-12-24
Updated
2018-08-31
Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting.
Max CVSS
9.0
EPSS Score
0.22%
Published
2014-12-20
Updated
2014-12-22
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers.
Max CVSS
9.0
EPSS Score
26.97%
Published
2014-12-27
Updated
2014-12-29
ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges.
Max CVSS
10.0
EPSS Score
0.31%
Published
2014-12-02
Updated
2014-12-03
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-8455.
Max CVSS
10.0
EPSS Score
90.87%
Published
2014-12-10
Updated
2014-12-12
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0587.
Max CVSS
10.0
EPSS Score
0.49%
Published
2014-12-10
Updated
2018-12-20

CVE-2014-9163

Known exploited
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014.
Max CVSS
10.0
EPSS Score
7.31%
Published
2014-12-10
Updated
2018-12-20
CISA KEV Added
2022-04-13
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to obtain sensitive information via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.53%
Published
2014-12-10
Updated
2018-12-20
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-8460.
Max CVSS
10.0
EPSS Score
29.50%
Published
2014-12-10
Updated
2014-12-12
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-8461.
Max CVSS
10.0
EPSS Score
83.95%
Published
2014-12-10
Updated
2014-12-12
Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.86%
Published
2014-12-03
Updated
2014-12-05
Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.
Max CVSS
10.0
EPSS Score
3.11%
Published
2014-11-20
Updated
2017-09-08
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
53.08%
Published
2014-12-11
Updated
2018-10-12
The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.
Max CVSS
10.0
EPSS Score
46.09%
Published
2014-12-05
Updated
2018-10-09
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.
Max CVSS
9.0
EPSS Score
0.22%
Published
2014-11-13
Updated
2019-07-16
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
2.03%
Published
2014-11-06
Updated
2014-11-07
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.60%
Published
2014-11-06
Updated
2014-11-07
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors.
Max CVSS
10.0
EPSS Score
0.45%
Published
2014-11-06
Updated
2014-11-06
The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.
Max CVSS
9.4
EPSS Score
1.71%
Published
2014-11-14
Updated
2019-07-09
872 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!