Vulnerabilities (CVE)

Filtered by CWE-94
Total 6506 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-6356 1 Microsoft 2 Office Compatibility Pack, Word 2026-06-17 9.3 HIGH N/A
Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Invalid Index Remote Code Execution Vulnerability."
CVE-2014-6335 1 Microsoft 3 Office Compatibility Pack, Office Word Viewer, Word 2026-06-17 9.3 HIGH N/A
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Invalid Pointer Remote Code Execution Vulnerability."
CVE-2014-6334 1 Microsoft 3 Office Compatibility Pack, Office Word Viewer, Word 2026-06-17 9.3 HIGH N/A
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Bad Index Remote Code Execution Vulnerability."
CVE-2014-6333 1 Microsoft 3 Office Compatibility Pack, Office Word Viewer, Word 2026-06-17 9.3 HIGH N/A
Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Double Delete Remote Code Execution Vulnerability."
CVE-2014-6321 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2026-06-17 10.0 HIGH N/A
Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability."
CVE-2014-6298 1 Mm Forum Project 1 Mm Forum 2026-06-17 7.5 HIGH N/A
Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
CVE-2014-6287 1 Rejetto 1 Http File Server 2026-06-17 10.0 HIGH 9.8 CRITICAL
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
CVE-2014-6261 1 Zenoss 1 Zenoss Core 2026-06-17 9.3 HIGH N/A
Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657.
CVE-2014-6119 1 Ibm 2 Security Appscan, Security Appscan Source 2026-06-17 9.3 HIGH N/A
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to execute arbitrary code via a crafted executable file in an archive.
CVE-2014-5519 1 Phpwiki Project 1 Phpwiki 2026-06-17 7.5 HIGH N/A
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party information.
CVE-2014-5401 1 Hospira 1 Mednet 2026-06-17 10.0 HIGH 9.8 CRITICAL
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet 6.1. Existing versions of MedNet can be upgraded to MedNet 6.1.
CVE-2014-5340 1 Check Mk Project 1 Check Mk 2026-06-17 9.3 HIGH N/A
The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL.
CVE-2014-5324 1 Najeebmedia 1 N-media File Uploader 2026-06-17 6.5 MEDIUM N/A
Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file.
CVE-2014-5297 1 X2engine 1 X2engine 2026-06-17 7.5 HIGH N/A
The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSRF) attacks via crafted serialized data in the report parameter.
CVE-2014-5261 1 Cacti 1 Cacti 2026-06-17 7.5 HIGH N/A
The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.
CVE-2014-5210 1 Alienvault 1 Open Source Security Information Management 2026-06-17 10.0 HIGH N/A
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.
CVE-2014-5194 1 Sphider 1 Sphider 2026-06-17 6.5 MEDIUM N/A
Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote authenticated users to inject arbitrary PHP code into settings/conf.php via the _word_upper_bound parameter.
CVE-2014-5158 1 Alienvault 1 Open Source Security Information Management 2026-06-17 10.0 HIGH N/A
The (1) av-centerd SOAP service and (2) backup command in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2014-5112 1 Netfortris 1 Trixbox 2026-06-17 7.5 HIGH N/A
maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.
CVE-2014-5090 1 Status2k 1 Status2k 2026-06-17 6.5 MEDIUM N/A
admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.