The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder before 4.04R03 allows remote attackers to execute arbitrary code via a crafted GetVOLHeader method call, which writes null bytes to an arbitrary address.
Max CVSS
6.8
EPSS Score
3.76%
Published
2014-10-17
Updated
2021-11-09
Panasonic Network Camera View 3 and 4 allows remote attackers to execute arbitrary code via a crafted page, which triggers an invalid pointer dereference, related to "the ability to nullify an arbitrary address in memory."
Max CVSS
6.8
EPSS Score
10.19%
Published
2014-10-17
Updated
2014-12-16
McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote attackers to execute arbitrary code via vectors related to ICMP redirection.
Max CVSS
7.5
EPSS Score
0.39%
Published
2014-10-29
Updated
2014-10-30
The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) before 9.3 uses weak cipher algorithms, which makes it easier for remote authenticated users to execute arbitrary code via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.31%
Published
2014-10-29
Updated
2017-09-08
The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) allows remote attackers to execute arbitrary code via a crafted packet, which triggers an out-of-bounds read, related to "Improper Indexing."
Max CVSS
7.5
EPSS Score
61.81%
Published
2014-10-31
Updated
2014-11-03
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.
Max CVSS
7.5
EPSS Score
1.59%
Published
2014-10-16
Updated
2017-09-08
Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 in Foxit PDF SDK ActiveX 2.3 through 5.0.1820 before 5.0.2.924 allows remote attackers to execute arbitrary code via a long string, related to global variables.
Max CVSS
6.8
EPSS Score
62.66%
Published
2014-10-17
Updated
2016-04-04
The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted web site.
Max CVSS
9.3
EPSS Score
1.18%
Published
2014-10-05
Updated
2014-10-10
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) in a filename to bin/upload.cgi, as demonstrated using .htaccess to execute arbitrary code.
Max CVSS
6.8
EPSS Score
12.12%
Published
2014-10-16
Updated
2017-09-08
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
Max CVSS
10.0
EPSS Score
89.02%
Published
2014-10-07
Updated
2019-12-10
The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols.
Max CVSS
7.5
EPSS Score
29.11%
Published
2014-10-10
Updated
2014-10-10
Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors.
Max CVSS
7.5
EPSS Score
48.35%
Published
2014-10-21
Updated
2015-11-25

CVE-2014-6352

Known exploited
Public exploit
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.
Max CVSS
9.3
EPSS Score
96.88%
Published
2014-10-22
Updated
2018-10-12
CISA KEV Added
2022-02-25
Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.86%
Published
2014-10-03
Updated
2014-10-06

CVE-2014-6037

Public exploit
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
Max CVSS
7.5
EPSS Score
96.59%
Published
2014-10-26
Updated
2020-03-26
Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file.
Max CVSS
9.3
EPSS Score
19.37%
Published
2014-10-07
Updated
2014-10-08
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter to mdm/mdmLogUploader.
Max CVSS
7.5
EPSS Score
90.22%
Published
2014-10-21
Updated
2020-01-17

CVE-2014-5005

Public exploit
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
Max CVSS
7.5
EPSS Score
97.22%
Published
2014-10-21
Updated
2020-01-17

CVE-2014-4877

Public exploit
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
Max CVSS
9.3
EPSS Score
7.82%
Published
2014-10-29
Updated
2017-02-17

CVE-2014-4872

Public exploit
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.
Max CVSS
7.5
EPSS Score
95.93%
Published
2014-10-10
Updated
2023-08-02
IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote attackers to execute arbitrary code via a crafted URL.
Max CVSS
7.5
EPSS Score
2.43%
Published
2014-10-19
Updated
2017-08-29
Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to execute arbitrary code via unknown vectors.
Max CVSS
6.5
EPSS Score
0.50%
Published
2014-10-28
Updated
2017-08-29
Heap-based buffer overflow in the kernel in Apple OS X before 10.10 allows physically proximate attackers to execute arbitrary code via crafted resource forks in an HFS filesystem.
Max CVSS
7.2
EPSS Score
0.13%
Published
2014-10-18
Updated
2017-08-29
Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio samples in an m4a file.
Max CVSS
6.8
EPSS Score
3.96%
Published
2014-10-18
Updated
2017-08-29

CVE-2014-4148

Known exploited
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted TrueType font, as exploited in the wild in October 2014, aka "TrueType Font Parsing Remote Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
42.14%
Published
2014-10-15
Updated
2019-02-26
CISA KEV Added
2022-05-25
76 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!