Total
3687 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2293 | 1 Zikula | 1 Zikula Application Framework | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php. | |||||
CVE-2014-2223 | 1 Plogger | 1 Plogger | 2024-11-21 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/. | |||||
CVE-2014-2208 | 1 Facebook | 1 Hiphop Virtual Machine | 2024-11-21 | 7.5 HIGH | N/A |
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string. | |||||
CVE-2014-2196 | 1 Cisco | 1 Wide Area Application Services | 2024-11-21 | 9.3 HIGH | N/A |
Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479. | |||||
CVE-2014-2177 | 1 Cisco | 7 Rv120w, Rv120w Firmware, Rv180 and 4 more | 2024-11-21 | 9.0 HIGH | N/A |
The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126. | |||||
CVE-2014-2170 | 1 Cisco | 2 Telepresence Tc Software, Telepresence Te Software | 2024-11-21 | 9.0 HIGH | N/A |
Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to tshell (aka tcsh) scripts, aka Bug ID CSCue60202. | |||||
CVE-2014-2089 | 1 Ilias | 1 Ilias | 2024-11-21 | 6.8 MEDIUM | N/A |
ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname. | |||||
CVE-2014-2051 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 7.5 HIGH | N/A |
ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query." | |||||
CVE-2014-2044 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 7.5 HIGH | N/A |
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program. | |||||
CVE-2014-2027 | 1 Egroupware | 1 Egroupware | 2024-11-21 | 7.5 HIGH | N/A |
eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php. | |||||
CVE-2014-1999 | 1 Fuelphp | 1 Fuelphp | 2024-11-21 | 7.5 HIGH | N/A |
The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response. | |||||
CVE-2014-1979 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2024-11-21 | 6.8 MEDIUM | N/A |
The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message. | |||||
CVE-2014-1939 | 2 Google, Lenovo | 2 Android, Shareit | 2024-11-21 | 7.5 HIGH | N/A |
java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels. | |||||
CVE-2014-1824 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2024-11-21 | 9.3 HIGH | N/A |
Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted Journal (aka .JNT) file, aka "Windows Journal Remote Code Execution Vulnerability." | |||||
CVE-2014-1813 | 1 Microsoft | 1 Web Applications | 2024-11-21 | 8.5 HIGH | N/A |
Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka "Web Applications Page Content Vulnerability." | |||||
CVE-2014-1806 | 1 Microsoft | 1 .net Framework | 2024-11-21 | 10.0 HIGH | N/A |
The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability." | |||||
CVE-2014-1774 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1788 and CVE-2014-2754. | |||||
CVE-2014-1769 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776. | |||||
CVE-2014-1716 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2024-11-21 | 7.5 HIGH | N/A |
Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)." | |||||
CVE-2014-1691 | 1 Horde | 1 Horde Application Framework | 2024-11-21 | 7.5 HIGH | N/A |
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form. |