Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 21 - 40 of 148036
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits an insecure deserialization vulnerability in Oracle Coherence library, which is used in popular products such as Oracle WebLogic Server. The vulnerability is a result of insufficient validation of T3 requests in the RemoteConstructor class. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to a vulnerable server.Successful exploitation...
CVSS: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Windows win32k kernel driver caused by improper initialized objects in memory. A remote attacker could successfully exploit the vulnerability to execute arbitrary code or cause a denial of service by enticing a user to execute a PE binary file. Note: this exploit was used in 'WizardOpium' malware operation to gain higher privileges on the infected...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Apple Webkit. Specifically, an attacker can craft JavaScript in such a way that when a for loop is executed and a JSPropertyNameEnumerator object is created, the structure IDs inside the JSPropertyNameEnumerator object can get reused after their parents have been freed leading to type confusion. This can potentially lead to a denial of service or allow for...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a directory traversal vulnerability in multiple F5 BIG-IP products. The vulnerability is due to improper handling of user-supplied path in HTTP requests. A remote, unauthenticated attacker could exploit this by sending a maliciously crafted request to the server. A successful attack may result in arbitrary file read, write or remote code execution in the security context of ROOT...
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a SQL injection vulnerability in Cisco Data Center Network Manager. The vulnerability is due to insufficient input validation when processing HTTP requests within the 'getConfigTemplateFileName' method pertaining to the 'ConfigTemplateHandler' Java class. An authenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target...
CVSS: 8.3 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits an insecure deserialization vulnerability in Apache OFBiz. The vulnerability is a result of insufficient validation of XML-RPC requests in the SerializableParser class. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to a vulnerable server. Successful exploitation can lead to remote code execution, in the context of the user running...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
A use after free vulnerability exists in PDF parser of Nitro Pro 13.9.1.155 due to incorrect manipulation of objects in memory. An attacker may execute arbitrary code on a victim's system by enticing the victim to open a crafted PDF file. Successful exploitation may lead to remote code execution with the privileges of the user running the application.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
This strike exploits a vulnerability in the TerraMaster NAS device. This device allows for the attacker to inject Javascript in the URL because it does not properly validate pages that do not exist. It is possible for an attacker to perform a Reflected XSS attack by injecting javascript in the requested URL.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits the vulnerability known as 'Zerologon'. This privilege escalation vulnerability is due to the insecure usage of AES-CFB8 encryption for Netlogon sessions in Microsoft Netlogon Remote Protocol (MS-NRPC). A remote (same LAN) unauthenticated attacker can exploit this vulnerability to impersonate the identity of any machine on a network when attempting to authenticate to...
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
A remote code execution vulnerability exists in Wing FTP Server due to lack of user input sanitization for the Lua Console feature. By sending a crafted 'command' POST parameter, an authenticated user could execute arbitrary commands as the superuser.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a command injection vulnerability in IBM Spectrum Protect Plus. The vulnerability is due to a combination of missing authentication of the hostname uri and a lack of input sanitization for injection or invalid characters in the hostname parameter. When an attacker sends an HTTP POST request to "/emi/api/hostname", command execution can occur.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This strike exploits a file upload vulnerability in Apache Struts2. When an attacker sends an HTTP request with a crafted parameter to the server a denial of service condition on the file upload functionality will occur.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a vulnerability in the TerraMaster NAS device. This device allows for the option to pass command line arguments to the system during the creation of a user but does not properly validate the arguments passed via the checkName parameter. It is possible to execute system commands as a root user on a vulnerable device.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
A remote command injection vulnerability exists in Intellian Aptus Web due to lack of user authentication when handling HTTP CGI requests. By sending a crafted JSON file with a POST request, a remote unauthenticated attacker may execute arbitrary system commands as the system's superuser.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Apple Webkit. Specifically, an attacker can craft JavaScript in such a way that when the Webcore SVGAnimateElementBase:resetAnimatedType method is invoked a Use After Free condition can occur . This can potentially lead to a denial of service or allow for remote code execution in the context of the current running process.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This strike exploits an infinite loop vulnerability in the WebSocket module of Apache Tomcat. The vulnerability is caused by improper validations of the extended payload length. A remote, unauthenticated attacker can send crafted WebSocket requests to the server resulting in each of the worker nodes entering an infinite loop; multiple such requests could lead to a denial of service. Note: The strike...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
A SQL injection vulnerability exists in D-Link Central WiFi Manager CWM(100) due to lack of user request authorization. The vulnerable code resides in '/web/Public/Conn.php' source and uses the HTTP 'dbSQL' parameter value to perform database lookups. By sending a crafted HTTP POST request, a remote unauthenticated attacker may gain access to the platform by adding user accounts...
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits an out-of-bounds read vulnerability in Adobe Acrobat and Acrobat Reader. The vulnerability is due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure when handling PDF files. An attacker can exploit this vulnerability by creating a specially crafted PDF file and enticing a user to open it. Successful...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
A remote code execution vulnerability exists in D-Link Central WiFi Manager CWM(100) due to lack of user-supplied data sanitization. The vulnerable code resides in '/web/Lib/Action/IndexAction.class.php' source and uses the HTTP 'Cookie' header value to construct a string which is later evalued as PHP code. By sending a crafted HTTP POST request, a remote unauthenticated attacker...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
A server-side template injection vulnerability that leads to remote code execution exists in vBulletin due to a logic bug in the patch for CVE-2019-16759. By exploiting it, a remote unauthenticated attacker may execute arbitrary code using server's PHP engine.
