CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2014(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-2874 78 Exec Code 2014-04-15 2014-04-16
10.0
None Remote Low Not required Complete Complete Complete
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context.
2 CVE-2014-2868 Exec Code 2014-04-15 2014-04-16
7.5
None Remote Low Not required Partial Partial Partial
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable.
3 CVE-2014-2867 Exec Code 2014-04-15 2014-04-16
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors.
4 CVE-2014-2850 78 1 Exec Code 2014-04-11 2014-04-14
8.5
None Remote Medium Single system Complete Complete Complete
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
5 CVE-2014-2847 89 1 Exec Code Sql 2014-04-11 2014-04-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter.
6 CVE-2014-2731 Exec Code 2014-04-19 2014-04-19
0.0
None ??? ??? ??? ??? ??? ???
Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.
7 CVE-2014-2708 89 Exec Code Sql 2014-04-10 2014-04-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in graph_xport.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
8 CVE-2014-2707 264 Exec Code 2014-04-17 2014-04-18
5.8
None Local Network Low Not required Partial Partial Partial
cups-browsed in cups-filters 1.0.41 before 1.0.51 in allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."
9 CVE-2014-2655 89 Exec Code Sql 2014-04-02 2014-04-19
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias.
10 CVE-2014-2587 89 1 Exec Code Sql 2014-03-24 2014-04-01
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter).
11 CVE-2014-2544 Exec Code 2014-04-09 2014-04-10
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows remote attackers to execute arbitrary code via unknown vectors.
12 CVE-2014-2543 119 Exec Code Overflow 2014-04-08 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data.
13 CVE-2014-2540 89 1 Exec Code Sql 2014-04-11 2014-04-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory.
14 CVE-2014-2525 119 Exec Code Overflow 2014-03-28 2014-04-19
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
15 CVE-2014-2523 20 DoS Exec Code 2014-03-24 2014-04-01
10.0
None Remote Low Not required Complete Complete Complete
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
16 CVE-2014-2389 119 Exec Code Overflow 2014-04-12 2014-04-14
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in a certain decryption function in qconnDoor on Blackberry Z10 devices with software 10.1.0.2312, when developer-mode has been previously enabled, allows remote attackers to execute arbitrary code via a crafted packet in a TCP session on a wireless network.
17 CVE-2014-2339 89 Exec Code Sql 2014-03-19 2014-03-20
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter.
18 CVE-2014-2323 89 Exec Code Sql 2014-03-14 2014-04-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
19 CVE-2014-2318 89 Exec Code Sql 2014-03-11 2014-03-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter.
20 CVE-2014-2317 89 Exec Code Sql 2014-03-09 2014-03-10
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information.
21 CVE-2014-2316 89 Exec Code Sql 2014-03-09 2014-03-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php. NOTE: some of these details are obtained from third party information.
22 CVE-2014-2311 89 Exec Code Sql 2014-03-11 2014-03-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
23 CVE-2014-2299 119 DoS Exec Code Overflow 2014-03-11 2014-04-19
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
24 CVE-2014-2286 DoS Exec Code 2014-04-18 2014-04-18
0.0
None ??? ??? ??? ??? ??? ???
main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.
25 CVE-2014-2262 119 Exec Code Overflow 2014-02-28 2014-03-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program.
26 CVE-2014-2245 89 Exec Code Sql 2014-03-05 2014-03-07
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information.
27 CVE-2014-2240 119 DoS Exec Code Overflow 2014-03-12 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.
28 CVE-2014-2238 89 Exec Code Sql 2014-03-05 2014-03-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.
29 CVE-2014-2211 89 Exec Code Sql 2014-03-03 2014-03-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.
30 CVE-2014-2210 22 DoS Exec Code Dir. Trav. Bypass +Info 2014-04-04 2014-04-04
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors.
31 CVE-2014-2206 119 DoS Exec Code Overflow 2014-03-05 2014-03-05
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long HTTP Response Header.
32 CVE-2014-2119 264 Exec Code 2014-03-20 2014-03-21
8.5
None Remote Medium Single system Complete Complete Complete
The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.
33 CVE-2014-2089 94 Exec Code 2014-03-02 2014-03-03
6.8
None Remote Medium Not required Partial Partial Partial
ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname.
34 CVE-2014-2088 Exec Code 2014-03-02 2014-03-03
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain client_id pathname.
35 CVE-2014-2087 119 Exec Code Overflow 2014-03-18 2014-03-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name, which is then deleted from the download queue by the user.
36 CVE-2014-2075 287 Exec Code 2014-02-27 2014-02-27
10.0
None Remote Low Not required Complete Complete Complete
TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors.
37 CVE-2014-2043 89 1 Exec Code Sql 2014-03-13 2014-03-13
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1.1.18.1658 allows remote authenticated users to execute arbitrary SQL commands via the value parameter.
38 CVE-2014-2013 119 Exec Code Overflow 2014-03-03 2014-03-07
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.
39 CVE-2014-1982 287 1 Exec Code +Priv 2014-03-31 2014-03-31
10.0
None Remote Low Not required Complete Complete Complete
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.
40 CVE-2014-1945 89 Exec Code Sql 2014-03-09 2014-03-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.
41 CVE-2014-1939 94 Exec Code 2014-03-02 2014-03-04
7.5
None Remote Low Not required Partial Partial Partial
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.
42 CVE-2014-1912 119 1 Exec Code Overflow 2014-02-28 2014-03-26
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
43 CVE-2014-1903 264 Exec Code 2014-02-18 2014-02-21
7.5
None Remote Low Not required Partial Partial Partial
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
44 CVE-2014-1887 264 Exec Code +Info 2014-03-02 2014-03-07
4.3
None Remote Medium Not required Partial None None
The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated by (1) freelifetimecheating.com and (2) www.babesroulette.com.
45 CVE-2014-1886 264 Exec Code 2014-03-02 2014-03-07
6.8
None Remote Medium Not required Partial Partial Partial
The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites."
46 CVE-2014-1885 264 Exec Code 2014-03-02 2014-03-07
6.4
None Remote Low Not required None Partial Partial
The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain.
47 CVE-2014-1854 89 1 Exec Code Sql 2014-02-27 2014-03-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.
48 CVE-2014-1761 119 DoS Exec Code Overflow Mem. Corr. 2014-03-25 2014-04-19
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.
49 CVE-2014-1760 119 DoS Exec Code Overflow Mem. Corr. 2014-04-08 2014-04-09
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
50 CVE-2014-1759 DoS Exec Code 2014-04-08 2014-04-09
9.3
None Remote Medium Not required Complete Complete Complete
pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted .pub file, aka "Arbitrary Pointer Dereference Vulnerability."
Total number of vulnerabilities : 417   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.