Total
3678 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9266 | 1 Samsung | 1 Smart Viewer | 2024-11-21 | 6.8 MEDIUM | N/A |
| The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-9185 | 1 Morfy Cms Project | 1 Morfy Cms | 2024-11-21 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the site_url parameter. | |||||
| CVE-2014-9164 | 4 Adobe, Apple, Linux and 1 more | 4 Flash Player, Mac Os X, Linux Kernel and 1 more | 2024-11-21 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0587. | |||||
| CVE-2014-9158 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2024-11-21 | 10.0 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, and CVE-2014-8461. | |||||
| CVE-2014-9001 | 1 Incrediblepbx | 1 Incredible Pbx 11 | 2024-11-21 | 6.5 MEDIUM | N/A |
| reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5) APPTYR, or (6) APPTPHONE parameters. | |||||
| CVE-2014-8998 | 1 X7chat | 1 X7 Chat | 2024-11-21 | 6.5 MEDIUM | N/A |
| lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch. | |||||
| CVE-2014-8997 | 1 Digitalvidhya | 1 Digi Online Examination System | 2024-11-21 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/. | |||||
| CVE-2014-8949 | 1 Imember360 | 1 Imember360 | 2024-11-21 | 6.0 MEDIUM | N/A |
| The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the i4w_trace parameter. NOTE: this can be leveraged with CVE-2014-8948 to allow remote attackers to execute code. NOTE: it is not clear whether this issue itself crosses privileges. | |||||
| CVE-2014-8877 | 1 Creative Minds | 1 Cm Download Manager | 2024-11-21 | 10.0 HIGH | N/A |
| The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function. | |||||
| CVE-2014-8872 | 1 Avm | 4 Fritz\!box 6810 Lte, Fritz\!box 6810 Lte Firmware, Fritz\!box 6840 Lte and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50. | |||||
| CVE-2014-8791 | 1 Enalean | 1 Tuleap | 2024-11-21 | 6.0 MEDIUM | N/A |
| project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter. | |||||
| CVE-2014-8778 | 1 Checkmarx | 1 Cxsast | 2024-11-21 | 9.0 HIGH | N/A |
| Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.Permissions.PermissionState.Unrestricted or (2) System.Security.Permissions.SecurityPermissionFlag.AllFlags permission. | |||||
| CVE-2014-8770 | 1 Magmi Project | 1 Magmi | 2024-11-21 | 9.0 HIGH | N/A |
| Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/. | |||||
| CVE-2014-8677 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name. | |||||
| CVE-2014-8669 | 1 Sap | 1 Customer Relationship Management | 2024-11-21 | 10.0 HIGH | N/A |
| The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-8661 | 1 Sap | 1 Customer Relationship Management Internet Sales | 2024-11-21 | 10.0 HIGH | N/A |
| The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2014-8660 | 1 Sap | 1 Document Management Services | 2024-11-21 | 7.2 HIGH | N/A |
| SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2014-8636 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-11-21 | 7.5 HIGH | N/A |
| The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors. | |||||
| CVE-2014-8551 | 1 Siemens | 4 Simatic Pcs7, Simatic Pcs 7, Simatic Tiaportal and 1 more | 2024-11-21 | 10.0 HIGH | N/A |
| The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets. | |||||
| CVE-2014-8485 | 3 Canonical, Fedoraproject, Gnu | 3 Ubuntu Linux, Fedora, Binutils | 2024-11-21 | 7.5 HIGH | N/A |
| The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. | |||||