CVE-2014-3791

Public exploit
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.
Max CVSS
10.0
EPSS Score
90.41%
Published
2014-05-20
Updated
2014-05-21

CVE-2014-3789

Public exploit
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
32.99%
Published
2014-05-22
Updated
2016-12-08

CVE-2014-2928

Public exploit
The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.
Max CVSS
7.1
EPSS Score
62.37%
Published
2014-05-12
Updated
2015-11-20

CVE-2014-1812

Known exploited
Public exploit
The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka "Group Policy Preferences Password Elevation of Privilege Vulnerability."
Max CVSS
9.0
EPSS Score
0.37%
Published
2014-05-14
Updated
2019-05-13
CISA KEV Added
2021-11-03

CVE-2014-1649

Public exploit
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
Max CVSS
7.9
EPSS Score
97.49%
Published
2014-05-16
Updated
2014-07-24

CVE-2014-0782

Public exploit
Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.
Max CVSS
8.3
EPSS Score
52.82%
Published
2014-05-16
Updated
2014-05-19

CVE-2013-5036

Public exploit
The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller.rb.
Max CVSS
7.5
EPSS Score
92.22%
Published
2014-05-27
Updated
2017-08-29

CVE-2013-4730

Public exploit
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
Max CVSS
10.0
EPSS Score
76.59%
Published
2014-05-15
Updated
2016-12-31

CVE-2013-4490

Public exploit
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
Max CVSS
6.5
EPSS Score
19.97%
Published
2014-05-13
Updated
2014-05-14

CVE-2013-4468

Public exploit
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php.
Max CVSS
6.5
EPSS Score
33.77%
Published
2014-05-14
Updated
2014-05-15

CVE-2013-3982

Public exploit
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page.
Max CVSS
5.0
EPSS Score
0.41%
Published
2014-05-26
Updated
2017-08-29

CVE-2013-3977

Public exploit
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.
Max CVSS
4.3
EPSS Score
0.57%
Published
2014-05-26
Updated
2017-08-29

CVE-2013-3975

Public exploit
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.
Max CVSS
5.0
EPSS Score
0.41%
Published
2014-05-26
Updated
2017-08-29

CVE-2012-4915

Public exploit
Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.
Max CVSS
5.0
EPSS Score
93.16%
Published
2014-05-29
Updated
2017-08-29

CVE-2010-5299

Public exploit
Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. NOTE: it has been reported that the overflow is in the lpFileName parameter of the CreateFileA function, but the overflow is probably caused by a separate, unnamed function.
Max CVSS
6.8
EPSS Score
72.66%
Published
2014-05-23
Updated
2014-06-30
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!