Search Results (6990 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-0585 5 Adobe, Apple, Linux and 2 more 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more 2025-04-12 N/A
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0586, and CVE-2014-0590.
CVE-2014-0586 5 Adobe, Apple, Linux and 2 more 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more 2025-04-12 N/A
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, and CVE-2014-0590.
CVE-2014-0587 5 Adobe, Apple, Linux and 2 more 5 Flash Player, Mac Os X, Linux Kernel and 2 more 2025-04-12 N/A
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9164.
CVE-2014-0602 1 Microfocus 1 Security Manager 2025-04-12 N/A
Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in NetIQ Security Manager through 6.5.4 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3460.
CVE-2014-0603 1 Attachmate 1 Reflection Ftp Client 2025-04-12 N/A
The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service (memory corruption) and execute arbitrary code via vectors related to the (1) GetGlobalSettings or (2) GetSiteProperties3 methods, which triggers a dereference of an arbitrary memory address. NOTE: this issue was MERGED with CVE-2014-0606 because it is the same type of vulnerability, affecting the same set of versions, and discovered by the same researcher.
CVE-2014-8661 1 Sap 1 Customer Relationship Management Internet Sales 2025-04-12 N/A
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2014-2044 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program.
CVE-2014-2051 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."
CVE-2014-2089 1 Ilias 1 Ilias 2025-04-12 N/A
ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname.
CVE-2014-2170 1 Cisco 2 Telepresence Tc Software, Telepresence Te Software 2025-04-12 N/A
Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to tshell (aka tcsh) scripts, aka Bug ID CSCue60202.
CVE-2014-2177 1 Cisco 7 Rv120w, Rv120w Firmware, Rv180 and 4 more 2025-04-12 N/A
The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.
CVE-2014-2196 1 Cisco 1 Wide Area Application Services 2025-04-12 N/A
Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when SharePoint prefetch optimization is enabled, allows remote SharePoint servers to execute arbitrary code via a malformed response, aka Bug ID CSCue18479.
CVE-2014-2208 1 Facebook 1 Hiphop Virtual Machine 2025-04-12 N/A
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.
CVE-2014-2223 1 Plogger 1 Plogger 2025-04-12 N/A
Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/.
CVE-2014-8660 1 Sap 1 Document Management Services 2025-04-12 N/A
SAP Document Management Services allows local users to execute arbitrary commands via unspecified vectors.
CVE-2014-8636 1 Mozilla 2 Firefox, Seamonkey 2025-04-12 N/A
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.
CVE-2014-2331 1 Check Mk Project 1 Check Mk 2025-04-12 N/A
Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.
CVE-2014-2720 1 Izarc 1 Izarc 2025-04-12 N/A
IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote attackers to conduct file-extension spoofing attacks via a modified Central Directory, as demonstrated by unintended code execution prompted by a .jpg extension in the Central Directory and a .exe extension in the local file header.
CVE-2014-2777 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary web script with increased privileges via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-1778.
CVE-2014-2866 1 Paperthin 1 Commonspot Content Server 2025-04-12 N/A
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code.