CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In June 2014 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-4648 2014-06-28 2014-06-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a "security failure."
2 CVE-2014-4644 89 1 Exec Code Sql 2014-06-25 2015-01-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter.
3 CVE-2014-4334 119 1 Exec Code Overflow 2014-06-19 2014-06-20
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001.
4 CVE-2014-4307 89 Exec Code Sql 2014-06-18 2014-06-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter.
5 CVE-2014-4305 89 Exec Code Sql 2014-06-18 2014-06-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
6 CVE-2014-4190 119 DoS Overflow 2014-06-17 2014-06-18
7.8
None Remote Low Not required None None Complete
Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300, S5700, S6300, S6700, S2350, S2750, and LSW S9700 with software V200R003 before V200R003SPH005; and S7700, S9300, S9300E, and LSW S9700 with software V200R005 before V200R005C00SPC300 allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet.
7 CVE-2014-4174 119 DoS Exec Code Overflow Mem. Corr. 2014-06-18 2014-06-19
9.3
None Remote Medium Not required Complete Complete Complete
wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet.
8 CVE-2014-4158 119 2 Exec Code Overflow 2014-06-13 2015-09-02
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request.
9 CVE-2014-4153 200 +Info 2014-06-18 2014-06-19
7.8
None Remote Low Not required Complete None None
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request.
10 CVE-2014-4152 94 Exec Code 2014-06-18 2014-06-19
10.0
None Remote Low Not required Complete Complete Complete
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.
11 CVE-2014-4151 94 Exec Code 2014-06-18 2014-06-19
10.0
None Remote Low Not required Complete Complete Complete
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.
12 CVE-2014-4034 89 1 Exec Code Sql 2014-06-11 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
13 CVE-2014-4003 264 2014-06-09 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system.
14 CVE-2014-3984 2014-06-06 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors.
15 CVE-2014-3973 89 Exec Code Sql 2014-06-05 2014-06-06
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
16 CVE-2014-3969 264 +Priv 2014-06-05 2018-10-30
7.4
None Local Network Medium Single system Complete Complete Complete
Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors.
17 CVE-2014-3962 89 1 Exec Code Sql 2014-06-04 2014-06-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php.
18 CVE-2014-3961 89 1 Exec Code Sql 2014-06-04 2014-06-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.
19 CVE-2014-3937 89 Exec Code Sql 2014-06-02 2014-06-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
20 CVE-2014-3936 119 Exec Code Overflow 2014-06-02 2015-10-08
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.
21 CVE-2014-3935 89 Exec Code Sql 2014-06-02 2014-06-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter.
22 CVE-2014-3934 89 Exec Code Sql 2014-06-02 2014-06-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
23 CVE-2014-3932 89 Exec Code Sql 2014-06-02 2014-06-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
24 CVE-2014-3915 94 Exec Code 2014-06-11 2014-06-12
10.0
None Remote Low Not required Complete Complete Complete
The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command.
25 CVE-2014-3913 119 1 Exec Code Overflow 2014-06-04 2015-08-31
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
26 CVE-2014-3912 119 Exec Code Overflow 2014-06-05 2014-06-06
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote attackers to execute arbitrary code via a long value.
27 CVE-2014-3911 94 Exec Code 2014-06-11 2014-06-12
9.3
None Remote Medium Not required Complete Complete Complete
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.
28 CVE-2014-3834 264 2014-06-04 2014-06-04
7.5
None Remote Low Not required Partial Partial Partial
ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors.
29 CVE-2014-3814 20 DoS 2014-06-13 2014-06-26
7.8
None Remote Low Not required None None Complete
The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via a sequence of malformed packets to the device IP.
30 CVE-2014-3813 DoS 2014-06-13 2014-06-26
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reboot) via vectors related to a DNS lookup.
31 CVE-2014-3805 94 Exec Code 2014-06-13 2017-09-15
10.0
None Remote Low Not required Complete Complete Complete
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.
32 CVE-2014-3804 94 Exec Code 2014-06-13 2017-09-15
10.0
None Remote Low Not required Complete Complete Complete
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.
33 CVE-2014-3790 264 Exec Code 2014-06-01 2014-06-21
9.0
None Remote Low Single system Complete Complete Complete
Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.
34 CVE-2014-3496 94 Exec Code 2014-06-20 2017-01-06
10.0
None Remote Low Not required Complete Complete Complete
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.
35 CVE-2014-3157 119 DoS Overflow 2014-06-11 2017-12-28
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library.
36 CVE-2014-3156 119 DoS Overflow 2014-06-11 2017-12-28
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/renderer/renderer_clipboard_client.cc and content/renderer/webclipboard_impl.cc.
37 CVE-2014-3154 DoS 2014-06-11 2017-12-28
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown.
38 CVE-2014-3153 264 1 +Priv 2014-06-07 2019-04-22
7.2
None Local Low Not required Complete Complete Complete
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
39 CVE-2014-3073 Exec Code 2014-06-21 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors.
40 CVE-2014-3053 287 Bypass 2014-06-21 2017-08-28
8.0
None Local Network Low Not required Complete Partial Complete
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.
41 CVE-2014-2978 119 DoS Exec Code Overflow 2014-06-11 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.
42 CVE-2014-2977 189 DoS Exec Code Overflow 2014-06-11 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.
43 CVE-2014-2962 22 Dir. Trav. 2014-06-19 2016-12-23
7.8
None Remote Low Not required Complete None None
Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.
44 CVE-2014-2959 78 Exec Code 2014-06-02 2014-06-26
9.0
None Remote Low Not required Complete Partial Partial
logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter.
45 CVE-2014-2782 119 DoS Exec Code Overflow Mem. Corr. 2014-06-19 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, CVE-2014-2766, and CVE-2014-2775.
46 CVE-2014-2778 119 DoS Exec Code Overflow Mem. Corr. 2014-06-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a (1) .doc or (2) .docx document, aka "Embedded Font Vulnerability."
47 CVE-2014-2777 94 2014-06-11 2018-10-12
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-1778.
48 CVE-2014-2776 119 DoS Exec Code Overflow Mem. Corr. 2014-06-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, and CVE-2014-2772.
49 CVE-2014-2775 119 DoS Exec Code Overflow Mem. Corr. 2014-06-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, and CVE-2014-2766.
50 CVE-2014-2773 119 DoS Exec Code Overflow Mem. Corr. 2014-06-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2768.
Total number of vulnerabilities : 160   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.