Total
5454 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-6334 | 1 Microsoft | 3 Office Compatibility Pack, Office Word Viewer, Word | 2025-04-12 | N/A |
| Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Bad Index Remote Code Execution Vulnerability." | ||||
| CVE-2014-6298 | 1 Mm Forum Project | 1 Mm Forum | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | ||||
| CVE-2014-6261 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | N/A |
| Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657. | ||||
| CVE-2014-6119 | 1 Ibm | 2 Security Appscan, Security Appscan Source | 2025-04-12 | N/A |
| IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to execute arbitrary code via a crafted executable file in an archive. | ||||
| CVE-2014-5210 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-12 | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805. | ||||
| CVE-2015-1695 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-1675, CVE-2015-1696, CVE-2015-1697, CVE-2015-1698, and CVE-2015-1699. | ||||
| CVE-2014-3188 | 2 Google, Redhat | 7 Chrome, Chrome Os, Enterprise Linux Desktop Supplementary and 4 more | 2025-04-12 | N/A |
| Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h. | ||||
| CVE-2014-5194 | 1 Sphider | 1 Sphider | 2025-04-12 | N/A |
| Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter. | ||||
| CVE-2014-5158 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-12 | N/A |
| The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2014-4672 | 1 Yiiframework | 1 Yiiframework | 2025-04-12 | N/A |
| The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property. | ||||
| CVE-2014-4152 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-12 | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key. | ||||
| CVE-2014-4151 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-12 | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request. | ||||
| CVE-2013-7284 | 1 Malcolm Nooning | 1 Pirpc | 2025-04-12 | N/A |
| The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized. | ||||
| CVE-2014-3947 | 1 Alex Kellner | 1 Powermail | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors. | ||||
| CVE-2014-3942 | 1 Typo3 | 1 Typo3 | 2025-04-12 | N/A |
| The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object. | ||||
| CVE-2014-3915 | 1 Rocketsoftware | 1 Rocket Servergraph | 2025-04-12 | N/A |
| The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (4) add, (5) add_flat, (6) remove, (7) set_pwd, (8) add_permissions, (9) revoke_permissions, (10) runAsync, or (11) tsmRequest command. | ||||
| CVE-2014-3910 | 1 Emurasoft | 1 Emftp | 2025-04-12 | N/A |
| Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension. | ||||
| CVE-2014-3829 | 1 Merethis | 2 Centreon, Centreon Enterprise Server | 2025-04-12 | N/A |
| displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable. | ||||
| CVE-2014-3804 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-12 | N/A |
| The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup framework_ip request, a different vulnerability than CVE-2014-3805. | ||||
| CVE-2014-3593 | 2 Redhat, Scientificlinux | 2 Enterprise Linux, Luci | 2025-04-12 | N/A |
| Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. | ||||