CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Denial Of Service,Execute Code,File Inclusion,Gain Privilege,Bypass,Gain Information) (CVSS score >= 8)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-1497 94 2 Exec Code 2015-02-16 2017-09-02
10.0
None Remote Low Not required Complete Complete Complete
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
2 CVE-2015-0554 264 1 DoS +Info 2015-01-21 2015-01-23
9.4
None Remote Low Not required Complete None Complete
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
3 CVE-2015-0016 22 1 +Priv Dir. Trav. 2015-01-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."
4 CVE-2014-9727 78 1 Exec Code 2015-05-29 2018-08-13
10.0
None Remote Low Not required Complete Complete Complete
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.
5 CVE-2014-9583 264 1 Exec Code Bypass 2015-01-08 2018-04-26
10.0
None Remote Low Not required Complete Complete Complete
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a request, which allows remote attackers to bypass authentication and execute arbitrary commands via a NET_CMD_ID_MANU_CMD packet to UDP port 9999. NOTE: this issue was incorrectly mapped to CVE-2014-10000, but that ID is invalid due to its use as an example of the 2014 CVE ID syntax change.
6 CVE-2014-8835 19 1 Exec Code 2015-01-30 2017-09-07
9.3
None Remote Medium Not required Complete Complete Complete
The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue.
7 CVE-2014-8770 94 1 Exec Code 2014-11-13 2014-11-14
9.0
None Remote Low Single system Complete Complete Complete
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.
8 CVE-2014-8656 255 1 +Info 2014-11-06 2014-11-06
10.0
Admin Remote Low Not required Complete Complete Complete
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors.
9 CVE-2014-7288 264 1 Exec Code 2015-01-31 2017-09-07
9.0
None Remote Low Single system Complete Complete Complete
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
10 CVE-2014-5308 89 1 Exec Code Sql 2014-10-08 2014-10-09
9.0
None Remote Low Single system Complete Complete Complete
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.
11 CVE-2014-5246 264 1 Bypass 2014-08-22 2017-09-07
10.0
None Remote Low Not required Complete Complete Complete
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
12 CVE-2014-4114 20 3 Exec Code 2014-10-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
13 CVE-2014-3914 22 1 Exec Code Dir. Trav. 2014-08-07 2014-08-07
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
14 CVE-2014-3913 119 1 Exec Code Overflow 2014-06-04 2015-08-31
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
15 CVE-2014-3888 119 1 Exec Code Overflow 2014-07-10 2015-10-08
8.3
None Remote Medium Not required Partial Partial Complete
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.
16 CVE-2014-3791 119 1 Exec Code Overflow 2014-05-20 2014-05-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.
17 CVE-2014-3418 78 1 Exec Code 2014-07-15 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.
18 CVE-2014-3008 78 1 Exec Code 2014-04-28 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.
19 CVE-2014-2994 119 1 Exec Code Overflow 2014-04-27 2014-04-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).
20 CVE-2014-2850 78 1 Exec Code 2014-04-11 2014-04-14
8.5
None Remote Medium Single system Complete Complete Complete
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
21 CVE-2014-2623 3 Exec Code 2014-07-17 2017-01-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
22 CVE-2014-2299 119 1 DoS Exec Code Overflow 2014-03-11 2016-06-01
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.
23 CVE-2014-2084 264 2 DoS +Info 2014-05-17 2014-06-13
8.5
None Remote Low Not required Partial None Complete
Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown.
24 CVE-2014-1982 287 1 Exec Code +Priv 2014-03-31 2014-03-31
10.0
None Remote Low Not required Complete Complete Complete
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.
25 CVE-2014-1635 119 1 Exec Code Overflow 2014-11-12 2016-03-31
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter.
26 CVE-2014-1202 94 1 Exec Code 2014-01-24 2014-01-27
9.3
None Remote Medium Not required Complete Complete Complete
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
27 CVE-2014-0980 119 1 Exec Code Overflow 2014-02-11 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
28 CVE-2014-0749 119 1 Exec Code Overflow 2014-05-16 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code via a large count value.
29 CVE-2014-0514 264 2 Exec Code 2014-04-15 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.
30 CVE-2014-0497 189 1 Exec Code 2014-02-05 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
31 CVE-2014-0322 416 2 Exec Code 2014-02-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.
32 CVE-2014-0307 119 1 DoS Exec Code Overflow Mem. Corr. 2014-03-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Memory Corruption Vulnerability."
33 CVE-2014-0282 119 1 DoS Exec Code Overflow Mem. Corr. 2014-06-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1775, CVE-2014-1779, CVE-2014-1799, CVE-2014-1803, and CVE-2014-2757.
34 CVE-2014-0257 20 1 Exec Code 2014-02-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability."
35 CVE-2013-7246 119 1 Exec Code Overflow 2014-01-30 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014.
36 CVE-2013-7186 119 1 Exec Code Overflow 2013-12-20 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file.
37 CVE-2013-6935 119 1 Exec Code Overflow 2013-12-04 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the SourcePath value in a .wcf file.
38 CVE-2013-6884 255 1 +Priv 2014-01-07 2014-02-24
10.0
None Remote Low Not required Complete Complete Complete
The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.
39 CVE-2013-6881 78 1 Exec Code 2014-01-07 2014-02-25
10.0
None Remote Low Not required Complete Complete Complete
CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task.
40 CVE-2013-6874 119 1 Exec Code Overflow 2013-11-26 2013-11-27
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows remote attackers to execute arbitrary code via a long URL in a .m3u file.
41 CVE-2013-6618 20 1 Exec Code 2013-11-05 2017-08-28
9.0
None Remote Low Single system Complete Complete Complete
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
42 CVE-2013-6343 119 1 Exec Code Overflow 2014-01-22 2016-12-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.
43 CVE-2013-6221 22 1 Exec Code Dir. Trav. 2014-06-18 2014-07-18
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.
44 CVE-2013-6194 1 DoS Exec Code 2014-01-03 2016-04-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
45 CVE-2013-6040 2 Exec Code 2014-01-20 2015-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls allow remote attackers to execute arbitrary code via a crafted HTML document.
46 CVE-2013-6021 119 1 Exec Code Overflow 2013-10-19 2015-07-27
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie.
47 CVE-2013-5946 78 1 Exec Code 2013-12-18 2013-12-19
10.0
None Remote Low Not required Complete Complete Complete
The runShellCmd function in systemCheck.htm in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "Ping or Trace an IP Address" or (2) "Perform a DNS Lookup" section.
48 CVE-2013-5758 78 2 Exec Code 2014-08-03 2014-08-04
9.0
None Remote Low Single system Complete Complete Complete
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.
49 CVE-2013-5578 119 1 Exec Code Overflow 2013-08-24 2013-08-26
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO ActiveX control in WinGraphviz.dll in StarUML allows remote attackers to execute arbitrary code via a long argument.
50 CVE-2013-5486 78 1 Exec Code Dir. Trav. 2013-09-23 2016-09-16
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
Total number of vulnerabilities : 381   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.