Search Results (26986 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-6311 2 Debian, Vanderbilt 2 Debian Linux, Adaptive Communication Environment 2024-11-21 9.8 Critical
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
CVE-2014-6310 2 Call-cc, Debian 2 Chicken, Debian Linux 2024-11-21 9.8 Critical
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
CVE-2014-5381 1 Granding 2 Grand Ma300, Grand Ma300 Firmware 2024-11-21 9.8 Critical
Grand MA 300 allows a brute-force attack on the PIN.
CVE-2014-5289 1 Senkas Kolibri Project 1 Senkas Kolibri 2024-11-21 9.8 Critical
Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request.
CVE-2014-5093 1 Status2k 1 Status2k 2024-11-21 9.8 Critical
Status2k does not remove the install directory allowing credential reset.
CVE-2014-5091 1 Status2k 1 Status2k 2024-11-21 9.8 Critical
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
CVE-2014-5087 3 Sphider, Sphider-plus, Sphiderpro 3 Sphider, Sphider-plus, Sphider Pro 2024-11-21 9.8 Critical
A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.
CVE-2014-5081 3 Sphider, Sphider-plus, Sphiderpro 3 Sphider, Sphider-plus, Sphider Pro 2024-11-21 9.8 Critical
sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass
CVE-2014-5071 1 Microsemi 2 S350i, S350i Firmware 2024-11-21 9.8 Critical
SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username.
CVE-2014-5039 1 Eucalyptus 1 Eucalyptus Management Console 2024-11-21 9.6 Critical
Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5007 1 Zohocorp 2 Manageengine Desktop Central, Manageengine Desktop Central Managed Service Providers 2024-11-21 9.8 Critical
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.
CVE-2014-4984 1 Dejavuprotech 1 Crescendo - Sales Crm 2024-11-21 9.8 Critical
Déjà Vu Crescendo Sales CRM has remote SQL Injection
CVE-2014-4982 1 Xorux 1 Lpar2rrd 2024-11-21 9.8 Critical
LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server.
CVE-2014-4981 1 Xorux 1 Lpar2rrd 2024-11-21 9.8 Critical
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters.
CVE-2014-4967 1 Redhat 1 Ansible 2024-11-21 9.8 Critical
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.
CVE-2014-4966 1 Redhat 1 Ansible 2024-11-21 9.8 Critical
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.
CVE-2014-4678 2 Debian, Redhat 2 Debian Linux, Ansible 2024-11-21 9.8 Critical
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.
CVE-2014-4657 1 Redhat 1 Ansible 2024-11-21 9.8 Critical
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
CVE-2014-4651 2 Apache, Redhat 2 Jclouds, Jboss Fuse 2024-11-21 9.8 Critical
It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks.
CVE-2014-4650 2 Python, Redhat 4 Python, Enterprise Linux, Rhel Software Collections and 1 more 2024-11-21 9.8 Critical
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.