CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score >= 8)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-1497 94 2 Exec Code 2015-02-16 2017-09-02
10.0
None Remote Low Not required Complete Complete Complete
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
2 CVE-2015-0554 264 1 DoS +Info 2015-01-21 2015-01-23
9.4
None Remote Low Not required Complete None Complete
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
3 CVE-2015-0016 22 1 +Priv Dir. Trav. 2015-01-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."
4 CVE-2014-9727 78 1 Exec Code 2015-05-29 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.
5 CVE-2014-9583 264 1 Exec Code Bypass 2015-01-08 2018-04-26
10.0
None Remote Low Not required Complete Complete Complete
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.
6 CVE-2014-9456 119 1 Overflow 2015-01-02 2019-04-15
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE-2014-1004 for more information.
7 CVE-2014-8835 19 1 Exec Code 2015-01-30 2017-09-07
9.3
None Remote Medium Not required Complete Complete Complete
The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue.
8 CVE-2014-8770 94 1 Exec Code 2014-11-13 2019-07-16
9.0
None Remote Low Single system Complete Complete Complete
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.
9 CVE-2014-8656 255 1 +Info 2014-11-06 2014-11-06
10.0
Admin Remote Low Not required Complete Complete Complete
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors.
10 CVE-2014-7288 264 1 Exec Code 2015-01-31 2017-09-07
9.0
None Remote Low Single system Complete Complete Complete
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
11 CVE-2014-7279 264 1 2017-03-23 2017-03-28
10.0
None Remote Low Not required Complete Complete Complete
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23.
12 CVE-2014-5308 89 1 Exec Code Sql 2014-10-08 2014-10-09
9.0
None Remote Low Single system Complete Complete Complete
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.
13 CVE-2014-5246 264 1 Bypass 2014-08-22 2017-09-07
10.0
None Remote Low Not required Complete Complete Complete
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
14 CVE-2014-4114 20 3 Exec Code 2014-10-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
15 CVE-2014-3914 22 1 Exec Code Dir. Trav. 2014-08-07 2014-08-07
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
16 CVE-2014-3913 119 1 Exec Code Overflow 2014-06-04 2015-08-31
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
17 CVE-2014-3888 119 1 Exec Code Overflow 2014-07-10 2015-10-08
8.3
None Remote Medium Not required Partial Partial Complete
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.
18 CVE-2014-3791 119 1 Exec Code Overflow 2014-05-20 2014-05-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.
19 CVE-2014-3418 78 1 Exec Code 2014-07-15 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.
20 CVE-2014-3220 255 1 2014-05-05 2014-05-23
9.0
None Remote Low Single system Complete Complete Complete
F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.
21 CVE-2014-3008 78 1 Exec Code 2014-04-28 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.
22 CVE-2014-2994 119 1 Exec Code Overflow 2014-04-27 2014-04-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).
23 CVE-2014-2927 287 1 2014-10-15 2015-01-26
9.3
None Remote Medium Not required Complete Complete Complete
The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.
24 CVE-2014-2850 78 1 Exec Code 2014-04-11 2014-04-14
8.5
None Remote Medium Single system Complete Complete Complete
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
25 CVE-2014-2849 264 1 2014-04-11 2014-04-14
8.5
None Remote Low Single system None Complete Complete
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
26 CVE-2014-2623 3 Exec Code 2014-07-17 2017-01-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
27 CVE-2014-2299 119 1 DoS Exec Code Overflow 2014-03-11 2016-06-01
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
28 CVE-2014-2084 264 2 DoS +Info 2014-05-17 2014-06-13
8.5
None Remote Low Not required Partial None Complete
Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown.
29 CVE-2014-1982 287 1 Exec Code +Priv 2014-03-31 2014-03-31
10.0
None Remote Low Not required Complete Complete Complete
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.
30 CVE-2014-1635 119 1 Exec Code Overflow 2014-11-12 2016-03-31
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter.
31 CVE-2014-1202 94 1 Exec Code 2014-01-24 2014-01-27
9.3
None Remote Medium Not required Complete Complete Complete
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
32 CVE-2014-0980 119 1 Exec Code Overflow 2014-02-11 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
33 CVE-2014-0749 119 1 Exec Code Overflow 2014-05-16 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code via a large count value.
34 CVE-2014-0514 264 2 Exec Code 2014-04-15 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.
35 CVE-2014-0497 189 1 Exec Code 2014-02-05 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
36 CVE-2014-0322 416 2 Exec Code 2014-02-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.
37 CVE-2014-0307 119 1 DoS Exec Code Overflow Mem. Corr. 2014-03-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Memory Corruption Vulnerability."
38 CVE-2014-0282 119 1 DoS Exec Code Overflow Mem. Corr. 2014-06-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.
39 CVE-2014-0257 20 1 Exec Code 2014-02-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability."
40 CVE-2013-7246 119 1 Exec Code Overflow 2014-01-30 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014.
41 CVE-2013-7186 119 1 Exec Code Overflow 2013-12-20 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file.
42 CVE-2013-7136 310 1 2013-12-19 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack.
43 CVE-2013-7043 352 1 CSRF 2013-12-10 2017-08-28
8.3
None Remote Medium Not required Partial Partial Complete
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.
44 CVE-2013-6935 119 1 Exec Code Overflow 2013-12-04 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.
45 CVE-2013-6884 255 1 +Priv 2014-01-07 2014-02-24
10.0
None Remote Low Not required Complete Complete Complete
The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.
46 CVE-2013-6881 78 1 Exec Code 2014-01-07 2014-02-25
10.0
None Remote Low Not required Complete Complete Complete
CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task.
47 CVE-2013-6874 119 1 Exec Code Overflow 2013-11-26 2013-11-27
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows remote attackers to execute arbitrary code via a long URL in a .m3u file.
48 CVE-2013-6618 20 1 Exec Code 2013-11-05 2017-08-28
9.0
None Remote Low Single system Complete Complete Complete
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
49 CVE-2013-6343 119 1 Exec Code Overflow 2014-01-22 2016-12-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.
50 CVE-2013-6221 22 1 Exec Code Dir. Trav. 2014-06-18 2014-07-18
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.
Total number of vulnerabilities : 418   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.