Vulnerability Summary for the Week of December 30, 2013
High Vulnerabilities
PrimaryVendor -- Product
Description
Published
CVSS Score
Source & Patch Info
emc -- replication_manager
Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory.
2013-12-27
7.2
CVE-2013-6182
esri -- arcgis
SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via un
Vulnerability Summary for the Week of May 23, 2022
Vulnerability Summary for the Week of July 27, 2020
Vulnerability Summary for the Week of August 11, 2014
Vulnerability Summary for the Week of September 18, 2006
">
High Vulnerabilities
PrimaryVendor -- Product
Description
Discovered
Published
CVSS Score
Source & Patch Info
AEwebworks -- aeDating
Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php.
unknown
2006-09-19
7.0
CVE-2006-4870OTHER-REFBIDFRSIRTSECUNIAXF
All Enthusiast Inc -- ReviewPost PHP Pro
P
Vulnerability Summary for the Week of October 22, 2012
High Vulnerabilities
PrimaryVendor -- Product
Description
Published
CVSS Score
Source & Patch Info
2daybiz -- video_community_portal_script
SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
2012-10-25
7.5
CVE-2011-5215
adobe -- shockwave_player
Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerabilit
Vulnerability Summary for the Week of June 17, 2019
Vulnerability Summary for the Week of December 16, 2019
Vulnerability Summary for the Week of October 17, 2011
High Vulnerabilities
PrimaryVendor -- Product
Description
Published
CVSS Score
Source & Patch Info
apple -- iphone_os
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display.
2011-10-14
9.3
CVE-2011-3430
atcom -- netvolution
SQL injection vulnerability in default.asp in ATCOM N
Summary of Security Items from February 2 through February 8, 2006
/*-->*/
/*-->*/
/*-->*/
/*-->*/
The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an offici
Vulnerability Summary for the Week of August 21, 2017
Vulnerability Summary for the Week of July 21, 2008
">
High Vulnerabilities
PrimaryVendor -- Product
Description
Discovered
Published
CVSS Score
Source & Patch Info
alphadmin -- alphadmin_cms
AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2008-07-25
7.5
CVE-2008-3300BID
AlstraSoft -- Affiliate Network Pro
SQL injecti
Vulnerability Summary for the Week of December 10, 2007
">
High Vulnerabilities
PrimaryVendor -- Product
Description
Discovered
Published
CVSS Score
Source & Patch Info
Aurora -- Aurora Framework
SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information.
unknown
2007-12-13
7.5
CVE-2007-6345OTHER-REF
Vulnerability Summary for the Week of January 31, 2011
High Vulnerabilities
PrimaryVendor -- Product
Description
Published
CVSS Score
Source & Patch Info
automatedsolutions -- modbus/tcp_master_opc_server
Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field.
2011-01-28
7.6
CVE-2010-4709CERT-VNVUPENMISCBIDEXPLOIT-DBSECUNIACONFIRM
cisco -- ios
Unspecifie
Vulnerability Summary for the Week of April 30, 2007
">
High Vulnerabilities
PrimaryVendor -- Product
Description
Discovered
Published
CVSS Score
Source & Patch Info
Adobe -- PhotoshopAdobe -- Photoshop Elements
Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements 5.0, allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
unknown
2007-04-30
8.0
CVE-2007-2365MILW0RMBIDFRSIRTSECUNIAXF
AFFLIB -- AFFLIB
Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers t
4-20 VB Low TAble
Vulnerability Summary for the Week of June 25, 2012
High Vulnerabilities
PrimaryVendor -- Product
Description
Published
CVSS Score
Source & Patch Info
alexis_wilke -- protected_node
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions.
2012-06-26
7.5
CVE-2012-2730
apache -- roller
Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor cons
Vulnerability Summary for the Week of June 3, 2013
High Vulnerabilities
PrimaryVendor -- Product
Description
Published
CVSS Score
Source & Patch Info
apple -- mac_os_x
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
2013-06-05
9.3
CVE-2013-0984
google -- chrome
Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cau
Vulnerability Summary for the Week of October 11, 2021
Summary of Security Items from June 15 through June 21, 2005