CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-2921 94 Exec Code 2014-04-21 2014-04-22
7.5
None Remote Low Not required Partial Partial Partial
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via vectors involving a Zend_Pdf_ElementFactory_Proxy object and a pathname with a trailing \0 character.
2 CVE-2014-2894 Exec Code Mem. Corr. 2014-04-23 2014-04-23
0.0
None ??? ??? ??? ??? ??? ???
Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a buffer underflow and memory corruption.
3 CVE-2014-2892 119 Exec Code Overflow 2014-04-22 2014-04-23
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.
4 CVE-2014-2888 Exec Code 2014-04-23 2014-04-23
0.0
None ??? ??? ??? ??? ??? ???
lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.
5 CVE-2014-2874 78 Exec Code 2014-04-15 2014-04-16
10.0
None Remote Low Not required Complete Complete Complete
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context.
6 CVE-2014-2868 Exec Code 2014-04-15 2014-04-16
7.5
None Remote Low Not required Partial Partial Partial
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable.
7 CVE-2014-2867 Exec Code 2014-04-15 2014-04-16
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors.
8 CVE-2014-2850 78 1 Exec Code 2014-04-11 2014-04-14
8.5
None Remote Medium Single system Complete Complete Complete
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
9 CVE-2014-2847 89 1 Exec Code Sql 2014-04-11 2014-04-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter.
10 CVE-2014-2737 89 Exec Code Sql 2014-04-22 2014-04-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function.
11 CVE-2014-2731 Exec Code 2014-04-19 2014-04-21
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.
12 CVE-2014-2709 Exec Code 2014-04-23 2014-04-23
0.0
None ??? ??? ??? ??? ??? ???
lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.
13 CVE-2014-2708 89 Exec Code Sql 2014-04-10 2014-04-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in graph_xport.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
14 CVE-2014-2707 264 Exec Code 2014-04-17 2014-04-18
5.8
None Local Network Low Not required Partial Partial Partial
cups-browsed in cups-filters 1.0.41 before 1.0.51 in allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."
15 CVE-2014-2655 89 Exec Code Sql 2014-04-02 2014-04-19
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias.
16 CVE-2014-2654 89 Exec Code Sql 2014-04-22 2014-04-23
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adunits.php, or (3) edit_campaign.php in www/cp/.
17 CVE-2014-2587 89 1 Exec Code Sql 2014-03-24 2014-04-01
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter).
18 CVE-2014-2544 Exec Code 2014-04-09 2014-04-10
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows remote attackers to execute arbitrary code via unknown vectors.
19 CVE-2014-2543 119 Exec Code Overflow 2014-04-08 2014-04-09
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data.
20 CVE-2014-2540 89 1 Exec Code Sql 2014-04-11 2014-04-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory.
21 CVE-2014-2525 119 Exec Code Overflow 2014-03-28 2014-04-24
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
22 CVE-2014-2523 20 DoS Exec Code 2014-03-24 2014-04-01
10.0
None Remote Low Not required Complete Complete Complete
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
23 CVE-2014-2389 119 Exec Code Overflow 2014-04-12 2014-04-14
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in a certain decryption function in qconnDoor on Blackberry Z10 devices with software 10.1.0.2312, when developer-mode has been previously enabled, allows remote attackers to execute arbitrary code via a crafted packet in a TCP session on a wireless network.
24 CVE-2014-2339 89 Exec Code Sql 2014-03-19 2014-03-20
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter.
25 CVE-2014-2328 Exec Code 2014-04-23 2014-04-23
0.0
None ??? ??? ??? ??? ??? ???
lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.
26 CVE-2014-2323 89 Exec Code Sql 2014-03-14 2014-04-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
27 CVE-2014-2318 89 Exec Code Sql 2014-03-11 2014-03-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter.
28 CVE-2014-2317 89 Exec Code Sql 2014-03-09 2014-03-10
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information.
29 CVE-2014-2316 89 Exec Code Sql 2014-03-09 2014-03-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in se_search_default in the Search Everything plugin before 7.0.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the s parameter to index.php. NOTE: some of these details are obtained from third party information.
30 CVE-2014-2311 89 Exec Code Sql 2014-03-11 2014-03-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
31 CVE-2014-2299 119 DoS Exec Code Overflow 2014-03-11 2014-04-19
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
32 CVE-2014-2286 20 DoS Exec Code 2014-04-18 2014-04-21
7.5
None Remote Low Not required Partial Partial Partial
main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.
33 CVE-2014-2262 119 Exec Code Overflow 2014-02-28 2014-03-03
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program.
34 CVE-2014-2245 89 Exec Code Sql 2014-03-05 2014-03-07
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information.
35 CVE-2014-2240 119 DoS Exec Code Overflow 2014-03-12 2014-04-01
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.
36 CVE-2014-2238 89 Exec Code Sql 2014-03-05 2014-03-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.
37 CVE-2014-2211 89 Exec Code Sql 2014-03-03 2014-03-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.
38 CVE-2014-2210 22 DoS Exec Code Dir. Trav. Bypass +Info 2014-04-04 2014-04-04
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in CA ERwin Web Portal 9.5 allow remote attackers to obtain sensitive information, bypass intended access restrictions, cause a denial of service, or possibly execute arbitrary code via unspecified vectors.
39 CVE-2014-2206 119 DoS Exec Code Overflow 2014-03-05 2014-03-05
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long HTTP Response Header.
40 CVE-2014-2119 264 Exec Code 2014-03-20 2014-03-21
8.5
None Remote Medium Single system Complete Complete Complete
The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.
41 CVE-2014-2089 94 Exec Code 2014-03-02 2014-03-03
6.8
None Remote Medium Not required Partial Partial Partial
ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname.
42 CVE-2014-2088 Exec Code 2014-03-02 2014-03-03
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFiles command, and then accessing the .php file via a direct request to a certain client_id pathname.
43 CVE-2014-2087 119 Exec Code Overflow 2014-03-18 2014-03-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name, which is then deleted from the download queue by the user.
44 CVE-2014-2075 287 Exec Code 2014-02-27 2014-02-27
10.0
None Remote Low Not required Complete Complete Complete
TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors.
45 CVE-2014-2043 89 1 Exec Code Sql 2014-03-13 2014-03-13
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1.1.18.1658 allows remote authenticated users to execute arbitrary SQL commands via the value parameter.
46 CVE-2014-2013 119 Exec Code Overflow 2014-03-03 2014-03-07
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.
47 CVE-2014-1982 287 1 Exec Code +Priv 2014-03-31 2014-03-31
10.0
None Remote Low Not required Complete Complete Complete
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.
48 CVE-2014-1945 89 Exec Code Sql 2014-03-09 2014-03-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.
49 CVE-2014-1939 94 Exec Code 2014-03-02 2014-03-04
7.5
None Remote Low Not required Partial Partial Partial
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.
50 CVE-2014-1912 119 1 Exec Code Overflow 2014-02-28 2014-03-26
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
Total number of vulnerabilities : 20032   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.