CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-0925 94 Exec Code 2015-01-22 2015-01-23
9.0
None Remote Low Single system Complete Complete Complete
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname.
2 CVE-2015-0554 264 1 DoS +Info 2015-01-21 2015-01-23
9.4
None Remote Low Not required Complete None Complete
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
3 CVE-2015-0437 2015-01-21 2015-01-23
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
4 CVE-2015-0408 2015-01-21 2015-01-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
5 CVE-2015-0395 2015-01-21 2015-01-23
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
6 CVE-2015-0309 119 Exec Code Overflow 2015-01-13 2015-01-22
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0304.
7 CVE-2015-0308 Exec Code 2015-01-13 2015-01-22
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors.
8 CVE-2015-0306 DoS Exec Code Mem. Corr. 2015-01-13 2015-01-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0303.
9 CVE-2015-0305 Exec Code 2015-01-13 2015-01-22
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion."
10 CVE-2015-0304 119 Exec Code Overflow 2015-01-13 2015-01-22
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0309.
11 CVE-2015-0303 DoS Exec Code Mem. Corr. 2015-01-13 2015-01-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0306.
12 CVE-2015-0301 20 2015-01-13 2015-01-22
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files, which has unspecified impact and attack vectors.
13 CVE-2015-0016 22 +Priv Dir. Trav. 2015-01-13 2015-01-14
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."
14 CVE-2015-0014 119 Exec Code Overflow 2015-01-13 2015-01-14
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows Telnet Service Buffer Overflow Vulnerability."
15 CVE-2014-9583 264 1 Exec Code Bypass 2015-01-08 2015-01-09
10.0
None Remote Low Not required Complete Complete Complete
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.
16 CVE-2014-9496 119 Overflow 2015-01-16 2015-01-22
10.0
None Remote Low Not required Complete Complete Complete
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
17 CVE-2014-9495 119 Exec Code Overflow 2015-01-10 2015-01-22
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
18 CVE-2014-9458 119 Overflow 2015-01-02 2015-01-05
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors.
19 CVE-2014-9456 119 1 Overflow 2015-01-02 2015-01-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE-2014-1004 for more information.
20 CVE-2014-9406 255 2014-12-18 2014-12-18
10.0
Admin Remote Low Not required Complete Complete Complete
ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php.
21 CVE-2014-9387 264 +Priv 2014-12-17 2014-12-18
10.0
User Remote Low Not required Complete Complete Complete
SAP BussinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
22 CVE-2014-9373 22 Exec Code Dir. Trav. 2014-12-16 2014-12-17
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename.
23 CVE-2014-9371 20 Exec Code 2014-12-16 2014-12-17
10.0
None Remote Low Not required Complete Complete Complete
The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.
24 CVE-2014-9357 264 Exec Code 2014-12-16 2014-12-30
10.0
None Remote Low Not required Complete Complete Complete
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.
25 CVE-2014-9223 119 DoS Exec Code Overflow 2014-12-24 2014-12-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors related to authorization.
26 CVE-2014-9222 17 +Priv Mem. Corr. 2014-12-24 2014-12-29
10.0
None Remote Low Not required Complete Complete Complete
AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway products and other vendors and products, allows remote attackers to gain privileges via a crafted cookie that triggers memory corruption, aka the "Misfortune Cookie" vulnerability.
27 CVE-2014-9193 264 2014-12-19 2014-12-22
9.0
Admin Remote Low Single system Complete Complete Complete
Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting.
28 CVE-2014-9190 119 Exec Code Overflow 2015-01-09 2015-01-12
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist.
29 CVE-2014-9188 119 Exec Code Overflow 2014-12-27 2014-12-29
9.0
None Remote Low Not required Complete Partial Partial
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8513 and CVE-2014-8514. NOTE: this may be clarified later based on details provided by researchers.
30 CVE-2014-9183 255 +Priv 2014-12-02 2014-12-03
10.0
User Remote Low Not required Complete Complete Complete
ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges.
31 CVE-2014-9165 Exec Code 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-8455.
32 CVE-2014-9164 94 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0587.
33 CVE-2014-9163 119 Exec Code Overflow 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014.
34 CVE-2014-9159 Exec Code Overflow 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-8460.
35 CVE-2014-9158 94 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-8461.
36 CVE-2014-9134 Exec Code 2014-12-03 2014-12-05
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
37 CVE-2014-9002 264 Exec Code 2014-11-20 2014-11-20
10.0
None Remote Low Not required Complete Complete Complete
Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.
38 CVE-2014-8966 20 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
39 CVE-2014-8877 94 Exec Code 2014-12-05 2014-12-05
10.0
None Remote Low Not required Complete Complete Complete
The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.
40 CVE-2014-8770 94 1 Exec Code 2014-11-13 2014-11-14
9.0
None Remote Low Single system Complete Complete Complete
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.
41 CVE-2014-8669 94 Exec Code 2014-11-06 2014-11-06
10.0
None Remote Low Not required Complete Complete Complete
The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors.
42 CVE-2014-8661 94 Exec Code 2014-11-06 2014-11-06
10.0
None Remote Low Not required Complete Complete Complete
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors.
43 CVE-2014-8656 255 1 +Info 2014-11-06 2014-11-06
10.0
Admin Remote Low Not required Complete Complete Complete
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors.
44 CVE-2014-8567 399 DoS 2014-11-14 2014-12-16
9.4
None Remote Low Not required None Complete Complete
The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.
45 CVE-2014-8551 94 Exec Code 2014-11-26 2014-11-26
10.0
None Remote Low Not required Complete Complete Complete
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.
46 CVE-2014-8511 119 Exec Code Overflow 2014-12-27 2014-12-29
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in an ActiveX control in Atx45.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8512. NOTE: this may be clarified later based on details provided by researchers.
47 CVE-2014-8496 255 +Priv 2014-12-09 2014-12-10
10.0
User Remote Low Not required Complete Complete Complete
Digicom DG-5514T ADSL router with firmware 3.2 generates predictable session IDs, which allows remote attackers to gain administrator privileges via a brute force session hijacking attack.
48 CVE-2014-8461 94 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-9158.
49 CVE-2014-8460 119 Exec Code Overflow 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-9159.
50 CVE-2014-8459 94 DoS Exec Code Mem. Corr. 2014-12-10 2014-12-11
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8461, and CVE-2014-9158.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.