Search Results (26986 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2727 1 Trustwave 1 Mailmarshal 2024-11-21 9.8 Critical
The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.
CVE-2014-2651 1 Atos 28 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 25 more 2024-11-21 9.8 Critical
Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface
CVE-2014-2650 1 Atos 30 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 27 more 2024-11-21 9.8 Critical
Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface
CVE-2014-2595 1 Barracuda 1 Web Application Firewall 2024-11-21 9.8 Critical
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.
CVE-2014-2228 1 Talend 1 Restlet 2024-11-21 9.8 Critical
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.
CVE-2014-2073 1 3ds 1 Catia 2024-11-21 9.8 Critical
Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to "CATV5_Backbone_Bus."
CVE-2014-2072 1 3ds 1 Catia 2024-11-21 9.8 Critical
Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks
CVE-2014-2025 1 Unitedplanet 1 Intrexx 2024-11-21 9.8 Critical
Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unknown vectors.
CVE-2014-1925 1 Koha 1 Koha 2024-11-21 9.8 Critical
SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924.
CVE-2014-1924 1 Koha 1 Koha 2024-11-21 9.8 Critical
The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
CVE-2014-1860 1 Contao 1 Contao Cms 2024-11-21 9.8 Critical
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
CVE-2014-1634 1 Magento 1 Advanced Newsletter 2024-11-21 9.8 Critical
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
CVE-2014-1598 1 Centurystar Project 1 Centurystar 2024-11-21 9.8 Critical
centurystar 7.12 ActiveX Control has a Stack Buffer Overflow
CVE-2014-1409 1 Mobileiron 2 Sentry, Virtual Smartphone Platform 2024-11-21 9.1 Critical
MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords
CVE-2014-0234 1 Redhat 1 Openshift 2024-11-21 9.8 Critical
The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281.
CVE-2014-0175 3 Debian, Puppet, Redhat 3 Debian Linux, Marionette Collective, Openshift 2024-11-21 9.8 Critical
mcollective has a default password set at install
CVE-2014-0156 1 Manageiq 1 Awesomespawn 2024-11-21 9.8 Critical
Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.
CVE-2014-0048 2 Apache, Docker 2 Geode, Docker 2024-11-21 9.8 Critical
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.
CVE-2014-0011 1 Tigervnc 1 Tigervnc 2024-11-21 9.8 Critical
Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering.
CVE-2013-7487 1 Swann 8 Dvr-16cif, Dvr-16cif Firmware, Dvr04b and 5 more 2024-11-21 9.8 Critical
On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arbitrary code via TCP port 9000.