Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-11-07 | CVE-2014-2177 | Code Injection vulnerability in Cisco products The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126. | 9.0 |
| 2014-11-06 | CVE-2014-8669 | Code Injection vulnerability in SAP Customer Relationship Management The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2014-11-06 | CVE-2014-8661 | Code Injection vulnerability in SAP Customer Relationship Management Internet Sales The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors. | 10.0 |
| 2014-11-06 | CVE-2014-8656 | Credentials Management vulnerability in Compal Broadband Networks products The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors. | 10.0 |
| 2014-11-04 | CVE-2014-7875 | Remote Denial of Service vulnerability in HP LaserJet Printers Unspecified vulnerability on the HP LaserJet CM3530 Multifunction Printer CC519A and CC520A with firmware before 53.236.2 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. | 9.0 |
| 2014-10-31 | CVE-2014-7985 | Path Traversal vulnerability in Espocrm Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. | 10.0 |
| 2014-10-29 | CVE-2014-4877 | Path Traversal vulnerability in GNU Wget Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. | 9.3 |
| 2014-10-27 | CVE-2014-3954 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freebsd Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted DNS parameters in a router advertisement message. | 10.0 |
| 2014-10-23 | CVE-2014-3829 | Code Injection vulnerability in Merethis Centreon and Centreon Enterprise Server displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable. | 10.0 |
| 2014-10-23 | CVE-2014-3828 | SQL Injection vulnerability in Merethis Centreon and Centreon Enterprise Server Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/. | 10.0 |