High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info apple -- iphone_os The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display. 2011-10-14 9.3 CVE-2011-3430 atcom -- netvolution SQL injection vulnerability in default.asp in ATCOM N
/*-->*/ /*-->*/ /*-->*/ /*-->*/ The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an offici
High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info emc -- replication_manager Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory. 2013-12-27 7.2 CVE-2013-6182 esri -- arcgis SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via un
"> High Vulnerabilities PrimaryVendor -- Product Description Discovered Published CVSS Score Source & Patch Info AEwebworks -- aeDating Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php. unknown 2006-09-19 7.0 CVE-2006-4870OTHER-REFBIDFRSIRTSECUNIAXF All Enthusiast Inc -- ReviewPost PHP Pro P
"> High Vulnerabilities PrimaryVendor -- Product Description Discovered Published CVSS Score Source & Patch Info alphadmin -- alphadmin_cms AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass authentication and gain administrative access by setting the aa_login cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. unknown 2008-07-25 7.5 CVE-2008-3300BID AlstraSoft -- Affiliate Network Pro SQL injecti
"> High Vulnerabilities PrimaryVendor -- Product Description Discovered Published CVSS Score Source & Patch Info Aurora -- Aurora Framework SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information. unknown 2007-12-13 7.5 CVE-2007-6345OTHER-REF
High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info automatedsolutions -- modbus/tcp_master_opc_server Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field. 2011-01-28 7.6 CVE-2010-4709CERT-VNVUPENMISCBIDEXPLOIT-DBSECUNIACONFIRM cisco -- ios Unspecifie
"> High Vulnerabilities PrimaryVendor -- Product Description Discovered Published CVSS Score Source & Patch Info Adobe -- PhotoshopAdobe -- Photoshop Elements Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements 5.0, allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file. unknown 2007-04-30 8.0 CVE-2007-2365MILW0RMBIDFRSIRTSECUNIAXF AFFLIB -- AFFLIB Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers t
High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info 2daybiz -- video_community_portal_script SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. 2012-10-25 7.5 CVE-2011-5215 adobe -- shockwave_player Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerabilit
High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info alexis_wilke -- protected_node The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions. 2012-06-26 7.5 CVE-2012-2730 apache -- roller Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor cons
High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source & Patch Info apple -- mac_os_x Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. 2013-06-05 9.3 CVE-2013-0984 google -- chrome Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cau