Total
3686 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3942 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.0 MEDIUM | N/A |
| The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object. | |||||
| CVE-2014-3927 | 1 Mrlg4php Project | 1 Mrlg4php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. | |||||
| CVE-2014-3915 | 1 Rocketsoftware | 1 Rocket Servergraph | 2024-11-21 | 10.0 HIGH | N/A |
| The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command. | |||||
| CVE-2014-3911 | 1 Samsung | 1 Ipolis Device Manager | 2024-11-21 | 9.3 HIGH | N/A |
| Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control. | |||||
| CVE-2014-3910 | 1 Emurasoft | 1 Emftp | 2024-11-21 | 4.4 MEDIUM | N/A |
| Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension. | |||||
| CVE-2014-3829 | 1 Merethis | 2 Centreon, Centreon Enterprise Server | 2024-11-21 | 10.0 HIGH | N/A |
| displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable. | |||||
| CVE-2014-3805 | 1 Alienvault | 1 Open Source Security Information Management | 2024-11-21 | 10.0 HIGH | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_web request, a different vulnerability than CVE-2014-3804. | |||||
| CVE-2014-3804 | 1 Alienvault | 1 Open Source Security Information Management | 2024-11-21 | 10.0 HIGH | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805. | |||||
| CVE-2014-3789 | 1 Cogentdatahub | 1 Cogent Datahub | 2024-11-21 | 7.5 HIGH | N/A |
| GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2014-3666 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 7.5 HIGH | N/A |
| Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel. | |||||
| CVE-2014-3593 | 1 Scientificlinux | 1 Luci | 2024-11-21 | 6.0 MEDIUM | N/A |
| Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. | |||||
| CVE-2014-3582 | 1 Apache | 1 Ambari | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | |||||
| CVE-2014-3560 | 3 Canonical, Redhat, Samba | 3 Ubuntu Linux, Enterprise Linux, Samba | 2024-11-21 | 7.9 HIGH | N/A |
| NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h. | |||||
| CVE-2014-3545 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.0 MEDIUM | N/A |
| Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz. | |||||
| CVE-2014-3541 | 1 Moodle | 1 Moodle | 2024-11-21 | 7.5 HIGH | N/A |
| The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on. | |||||
| CVE-2014-3518 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
| jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-3496 | 1 Redhat | 2 Openshift, Openshift Origin | 2024-11-21 | 10.0 HIGH | N/A |
| cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a cartridge manifest file. | |||||
| CVE-2014-3453 | 1 Flag Module Project | 1 Flag | 2024-11-21 | 6.5 MEDIUM | N/A |
| Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page. | |||||
| CVE-2014-3444 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 9.3 HIGH | N/A |
| The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file. | |||||
| CVE-2014-3429 | 3 Ipython, Mageia, Opensuse | 3 Ipython Notebook, Mageia, Opensuse | 2024-11-21 | 6.8 MEDIUM | N/A |
| IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page. | |||||