CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6551 CVE-2014-4055 119 DoS Exec Code Overflow Mem. Corr. 2014-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4050, and CVE-2014-4067.
6552 CVE-2014-4052 119 DoS Exec Code Overflow Mem. Corr. 2014-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
6553 CVE-2014-4051 119 DoS Exec Code Overflow Mem. Corr. 2014-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2784.
6554 CVE-2014-4050 119 DoS Exec Code Overflow Mem. Corr. 2014-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2808, CVE-2014-2825, CVE-2014-4055, and CVE-2014-4067.
6555 CVE-2014-3984 2014-06-06 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors.
6556 CVE-2014-3954 119 DoS Exec Code Overflow 2014-10-27 2014-10-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message.
6557 CVE-2014-3939 119 Exec Code Overflow 2014-07-23 2014-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer bitmap data in a PXD file.
6558 CVE-2014-3938 189 Exec Code Overflow 2014-07-23 2014-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow.
6559 CVE-2014-3936 119 Exec Code Overflow 2014-06-02 2015-10-08
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.
6560 CVE-2014-3915 94 Exec Code 2014-06-11 2014-06-12
10.0
None Remote Low Not required Complete Complete Complete
The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command.
6561 CVE-2014-3914 22 1 Exec Code Dir. Trav. 2014-08-07 2014-08-07
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor servlet, execute arbitrary files via a .. (dot dot) in the query parameter in a (2) run or (3) runClear action to the fileRequestor servlet, (4) read arbitrary files via a readDataFile action to the fileRequestor servlet, (5) execute arbitrary code via a save_server_groups action to the userRequest servlet, or (6) delete arbitrary files via a del action in the fileRequestServlet servlet.
6562 CVE-2014-3913 119 1 Exec Code Overflow 2014-06-04 2015-08-31
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
6563 CVE-2014-3912 119 Exec Code Overflow 2014-06-05 2014-06-06
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote attackers to execute arbitrary code via a long value.
6564 CVE-2014-3911 94 Exec Code 2014-06-11 2014-06-12
9.3
None Remote Medium Not required Complete Complete Complete
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.
6565 CVE-2014-3829 94 Exec Code 2014-10-22 2014-10-23
10.0
None Remote Low Not required Complete Complete Complete
displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.
6566 CVE-2014-3828 89 Exec Code Sql 2014-10-22 2015-08-31
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.
6567 CVE-2014-3816 264 +Priv 2014-07-11 2014-07-18
9.0
None Remote Low Single system Complete Complete Complete
Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D20, 12.1X47 before 12.1X47-D10, 12.2 before 12.2R8-S2, 12.3 before 12.3R7, 13.1 before 13.1R4-S2, 13.2 before 13.2R5, 13.3 before 13.3R2-S2, and 14.1 before 14.1R1 allows remote authenticated users to gain privileges via unspecified combinations of CLI commands and arguments.
6568 CVE-2014-3805 94 Exec Code 2014-06-13 2017-09-15
10.0
None Remote Low Not required Complete Complete Complete
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804.
6569 CVE-2014-3804 94 Exec Code 2014-06-13 2017-09-15
10.0
None Remote Low Not required Complete Complete Complete
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805.
6570 CVE-2014-3791 119 1 Exec Code Overflow 2014-05-20 2014-05-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.
6571 CVE-2014-3790 264 Exec Code 2014-06-01 2014-06-21
9.0
None Remote Low Single system Complete Complete Complete
Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.
6572 CVE-2014-3692 255 +Priv 2015-01-16 2015-01-20
10.0
Admin Remote Low Not required Complete Complete Complete
The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.
6573 CVE-2014-3525 2014-08-22 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.
6574 CVE-2014-3524 Exec Code 2014-08-26 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.
6575 CVE-2014-3496 94 Exec Code 2014-06-20 2017-01-06
10.0
None Remote Low Not required Complete Complete Complete
cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file.
6576 CVE-2014-3444 94 DoS Exec Code 2014-05-20 2014-05-20
9.3
None Remote Medium Not required Complete Complete Complete
The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file.
6577 CVE-2014-3440 20 Exec Code 2015-01-21 2017-01-02
9.0
None Remote Low Single system Complete Complete Complete
The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.
6578 CVE-2014-3418 78 1 Exec Code 2014-07-15 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.
6579 CVE-2014-3413 798 +Info 2018-04-05 2018-08-10
10.0
Admin Remote Low Not required Complete Complete Complete
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access.
6580 CVE-2014-3412 Exec Code 2014-05-20 2014-05-21
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors.
6581 CVE-2014-3411 Exec Code 2014-05-19 2017-01-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the NSM XDB service in Juniper NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vectors.
6582 CVE-2014-3389 2014-10-10 2014-10-12
9.0
None Remote Low Single system Complete Complete Complete
The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a tunnel filter, which allows remote authenticated users to obtain failover-unit access via crafted packets, aka Bug ID CSCuq28582.
6583 CVE-2014-3333 264 2014-08-11 2017-08-28
9.0
None Remote Low Single system Complete Complete Complete
The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014.
6584 CVE-2014-3306 20 Exec Code 2014-07-17 2017-01-12
10.0
None Remote Low Not required Complete Complete Complete
The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808.
6585 CVE-2014-3220 255 1 2014-05-05 2014-05-23
9.0
None Remote Low Single system Complete Complete Complete
F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.
6586 CVE-2014-3206 20 Exec Code 2018-02-23 2018-03-19
10.0
None Remote Low Not required Complete Complete Complete
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
6587 CVE-2014-3205 798 2018-02-23 2018-03-18
10.0
None Remote Low Not required Complete Complete Complete
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '[email protected]##$$%FREDESWWSED' for a backdoor user.
6588 CVE-2014-3188 94 Exec Code 2014-10-08 2016-09-07
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h.
6589 CVE-2014-3177 94 Exec Code 2014-08-26 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176.
6590 CVE-2014-3176 94 Exec Code 2014-08-26 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177.
6591 CVE-2014-3175 DoS 2014-08-26 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components.
6592 CVE-2014-3150 254 +Info 2017-11-15 2017-12-04
9.0
None Remote Low Single system Complete Complete Complete
Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript.
6593 CVE-2014-3113 119 Exec Code Overflow 2014-07-07 2017-01-06
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file.
6594 CVE-2014-3073 Exec Code 2014-06-21 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Security Access Manager (ISAM) for Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows remote attackers to execute arbitrary code via unknown vectors.
6595 CVE-2014-3062 Exec Code 2014-09-27 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2 MR2 allows remote attackers to execute arbitrary code via unknown vectors.
6596 CVE-2014-3060 2014-10-01 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network and capturing a session cookie.
6597 CVE-2014-3059 2014-10-01 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Administrative Console on the IBM WebSphere DataPower XC10 appliance 2.5 allows remote attackers to obtain administrative privileges by leveraging access to an eXtreme Scale distributed ObjectGrid network.
6598 CVE-2014-3008 78 1 Exec Code 2014-04-28 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.
6599 CVE-2014-3007 78 Exec Code 2014-04-27 2014-04-28
10.0
None Remote Low Not required Complete Complete Complete
Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.
6600 CVE-2014-2994 119 1 Exec Code Overflow 2014-04-27 2014-04-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute).
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.