Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-08-07 | CVE-2014-3914 | Path Traversal vulnerability in Rocketsoftware Rocket Servergraph 1.2 Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. | 10.0 |
2014-08-07 | CVE-2013-7394 | Code Injection vulnerability in Splunk The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. | 9.0 |
2014-08-07 | CVE-2013-6771 | Path Traversal vulnerability in Splunk Directory traversal vulnerability in the collect script in Splunk before 5.0.5 allows remote attackers to execute arbitrary commands via a .. | 9.3 |
2014-08-03 | CVE-2013-5758 | OS Command Injection vulnerability in Yealink Sip-T38G cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files. | 9.0 |
2014-07-26 | CVE-2014-2626 | Path Traversal vulnerability in HP Network Virtualization 8.6 Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024. | 9.4 |
2014-07-26 | CVE-2014-4979 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom. | 9.3 |
2014-07-26 | CVE-2014-2363 | Hardcoded Credentials Security Bypass vulnerability in Morpho Itemiser 3 8.17 Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request. | 10.0 |
2014-07-24 | CVE-2014-0607 | Arbitrary File Upload vulnerability in Attachmate Verastream Process Designer 6.0 Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file. | 10.0 |
2014-07-23 | CVE-2014-4502 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size parameter in a mining.subscribe response and a crafted mining.notify request. | 10.0 |
2014-07-23 | CVE-2014-4501 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 3.3.0 allow remote pool servers to have unspecified impact via a long URL in a client.reconnect stratum message to the (1) extract_sockaddr or (2) parse_reconnect functions in util.c. | 10.0 |