| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2014-4649 |
89 |
|
Exec Code Sql |
2014-06-28 |
2014-06-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field. |
|
2 |
CVE-2014-4648 |
|
|
|
2014-06-28 |
2014-06-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact and attack vectors, related to a "security failure." |
|
3 |
CVE-2014-4644 |
89 |
1
|
Exec Code Sql |
2014-06-25 |
2015-01-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
4 |
CVE-2014-4643 |
119 |
1
|
DoS Exec Code Overflow |
2014-06-25 |
2014-06-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in a reply to a (1) USER, (2) PASS, (3) PASV, (4) SYST, (5) PWD, or (6) CDUP command. |
|
5 |
CVE-2014-4617 |
20 |
|
DoS |
2014-06-25 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. |
|
6 |
CVE-2014-4507 |
22 |
|
Dir. Trav. |
2014-06-20 |
2014-06-23 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fetch_boot_file. |
|
7 |
CVE-2014-4336 |
77 |
|
Exec Code |
2014-06-22 |
2018-01-03 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. |
|
8 |
CVE-2014-4334 |
119 |
1
|
Exec Code Overflow |
2014-06-19 |
2014-06-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in Ubisoft Rayman Legends before 1.3.140380 allows remote attackers to execute arbitrary code via a long string in the "second connection" to TCP port 1001. |
|
9 |
CVE-2014-4333 |
352 |
|
Sql CSRF |
2014-06-19 |
2018-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810. |
|
10 |
CVE-2014-4307 |
89 |
|
Exec Code Sql |
2014-06-18 |
2014-06-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter. |
|
11 |
CVE-2014-4306 |
22 |
|
Dir. Trav. |
2014-06-18 |
2014-06-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action. |
|
12 |
CVE-2014-4305 |
89 |
|
Exec Code Sql |
2014-06-18 |
2014-06-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
13 |
CVE-2014-4193 |
310 |
|
|
2014-06-17 |
2021-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than CVE-2007-6755. |
|
14 |
CVE-2014-4192 |
310 |
|
|
2014-06-17 |
2021-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) processes certain requests for output bytes by considering only the requested byte count and not the use of cached bytes, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755. |
|
15 |
CVE-2014-4191 |
310 |
|
|
2014-06-17 |
2021-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) sends a long series of random bytes during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755. |
|
16 |
CVE-2014-4190 |
119 |
|
DoS Overflow |
2014-06-17 |
2014-06-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6700, S5300, and S6300 with software V200R002 before V200R002SPH005; S7700, S9300, S9300E, S5300, S5700, S6300, S6700, S2350, S2750, and LSW S9700 with software V200R003 before V200R003SPH005; and S7700, S9300, S9300E, and LSW S9700 with software V200R005 before V200R005C00SPC300 allow remote attackers to cause a denial of service (device restart) via a crafted length field in a packet. |
|
17 |
CVE-2014-4188 |
352 |
|
CSRF |
2014-06-17 |
2015-09-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
|
18 |
CVE-2014-4174 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2014-06-18 |
2014-06-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet. |
|
19 |
CVE-2014-4163 |
352 |
|
CSRF |
2014-06-16 |
2014-06-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php. |
|
20 |
CVE-2014-4162 |
352 |
1
|
CSRF |
2014-06-16 |
2014-07-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Zyxel P-660HW-T1 (v3) wireless router allow remote attackers to hijack the authentication of administrators for requests that change the (1) wifi password or (2) SSID via a request to Forms/WLAN_General_1. |
|
21 |
CVE-2014-4159 |
|
|
|
2014-06-13 |
2016-12-16 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. |
|
22 |
CVE-2014-4158 |
119 |
2
|
Exec Code Overflow |
2014-06-13 |
2015-09-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request. |
|
23 |
CVE-2014-4155 |
352 |
1
|
CSRF |
2014-06-19 |
2014-07-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1. |
|
24 |
CVE-2014-4153 |
200 |
|
+Info |
2014-06-18 |
2014-06-19 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request. |
|
25 |
CVE-2014-4152 |
94 |
|
Exec Code |
2014-06-18 |
2014-06-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key. |
|
26 |
CVE-2014-4151 |
94 |
|
Exec Code |
2014-06-18 |
2014-06-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request. |
|
27 |
CVE-2014-4049 |
119 |
|
DoS Exec Code Overflow |
2014-06-18 |
2018-10-30 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function. |
|
28 |
CVE-2014-4047 |
|
|
DoS |
2014-06-17 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections. |
|
29 |
CVE-2014-4046 |
|
|
Exec Code |
2014-06-17 |
2018-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action. |
|
30 |
CVE-2014-4044 |
119 |
|
DoS Overflow |
2014-06-17 |
2014-06-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests. |
|
31 |
CVE-2014-4040 |
310 |
|
+Info |
2014-06-17 |
2015-03-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. |
|
32 |
CVE-2014-4034 |
89 |
1
|
Exec Code Sql |
2014-06-11 |
2017-08-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. |
|
33 |
CVE-2014-4030 |
352 |
|
CSRF |
2014-06-25 |
2014-06-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php. |
|
34 |
CVE-2014-4014 |
264 |
1
|
Bypass |
2014-06-23 |
2018-12-18 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root. |
|
35 |
CVE-2014-4012 |
255 |
|
|
2014-06-09 |
2014-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
|
36 |
CVE-2014-4011 |
255 |
|
|
2014-06-09 |
2014-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
|
37 |
CVE-2014-4010 |
255 |
|
|
2014-06-09 |
2014-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
|
38 |
CVE-2014-4009 |
255 |
|
|
2014-06-09 |
2014-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
|
39 |
CVE-2014-4008 |
255 |
|
|
2014-06-09 |
2014-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
|
40 |
CVE-2014-4007 |
255 |
|
|
2014-06-09 |
2014-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
|
41 |
CVE-2014-4006 |
255 |
|
|
2014-06-09 |
2014-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
|
42 |
CVE-2014-4005 |
255 |
|
|
2014-06-09 |
2014-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
|
43 |
CVE-2014-4004 |
255 |
|
|
2014-06-09 |
2014-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. |
|
44 |
CVE-2014-4003 |
264 |
|
|
2014-06-09 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The System Landscape Directory (SLD) in SAP NetWeaver allows remote attackers to modify information via vectors related to adding a system. |
|
45 |
CVE-2014-3984 |
|
|
|
2014-06-06 |
2017-12-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors. |
|
46 |
CVE-2014-3977 |
59 |
1
|
|
2014-06-08 |
2021-08-31 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179. |
|
47 |
CVE-2014-3976 |
119 |
1
|
DoS Exec Code Overflow |
2014-06-05 |
2015-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sys_reboot.html. NOTE: some of these details are obtained from third party information. |
|
48 |
CVE-2014-3975 |
22 |
1
|
Dir. Trav. |
2014-06-05 |
2014-06-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter. |
|
49 |
CVE-2014-3973 |
89 |
|
Exec Code Sql |
2014-06-05 |
2014-06-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.3.21 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
50 |
CVE-2014-3969 |
264 |
|
+Priv |
2014-06-05 |
2018-10-30 |
7.4 |
None |
Local Network |
Medium |
??? |
Complete |
Complete |
Complete |
|
Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors. |
