Displaying 21 - 40 of 38146
Last import : Jun 17 17:00

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a Use-After-Free vulnerability in Microsoft Internet Explorer. When a sub or sup element calls the Justify* commands multiple times, a Use-After-Free can occur.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a lack of authentication and a directory traversal vulnerability in Novell iManager. The getMultiPartParameters function does not check for authentication nor for directory traversal characters. This allows an unauthenticated user to upload a an arbitrary file to any directory on the target Machine.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a denial-of-server vulnerability in MySql Database Server. The vulnerability is due to insufficient validation of user supplied input in a geometry query. An authenticated user can exploit this vulnerability by sending a specially crafted geometry query.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Novell Zenworks Handheld Management. If the connection packet contains an opcode of 0x01 or 0x02, the following packet can be crafted to overflow a heap buffer. Successful exploitation may result in execution of arbitrary code or abnormal termination causing a denial of service condition.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a flaw in HPs Intelligent Management Center where a user can upload a zip file which in turn clobbers arbitrary files.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a resource exhaustion vulnerability in Digium Asterisk. When receiving an HTTP POST request to certain URLs, Asterisk HTTP management interface allocates a heap buffer of Content-Length + 1. An attacker could send specially crafted messages with large Content-Length values to exhaust heap memory. Successful exploitation could lead to a denial of service condition.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a buffer overflow in Viscoms Movie Player Pro ActiveX control MOVIEPLAYER.MoviePlayerCtrl.1. The strFontName parameter is not properly validated, and if an overly long string is received it will overflow the buffer.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a buffer overflow vulnerability in WellinTech KingView KingMess. A specially crafted KVL file will cause a stack buffer overflow. Successful exploitation may result in execution of arbitrary code with user privileges or abnormal termination of the KingMess program.

CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

This strike exploits a denial of service vulnerability in Squid Proxy Server. A specially crafted Vary header can be used to cause Squid Proxy Server to terminate abnormally, terminating any current sessions. It will be restarted by Squid Monitor. Repeated attacks will cause Squid Monitor to exit without restarting Squid Proxy Server, causing a denial of service condition.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a stack buffer overflow in HP Lefthands Appliance Server. In this strike the default credentials are used to issue a Diag request to the hydra service. Because of improper validation if the diag value in getListSafeTest and getListSupportTest requests. A maximum heap buffer of 0x1000 bytes is allocated in which the value is strcpy to. If a null character is found at the end of...

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

This strike exploits a remote code execution vulnerability in Oracle Java. The vulnerability can be exploited due to insecure use of certain JMX classes. Successful exploitation of these vulnerabilities could result in the execution of arbitrary Java code on the target system.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a stack buffer overflow in HP Lefthands Appliance Server. In this strike the default credentials are used to issue an snmp request to the hydra service. Because of improper validation if the community string contains testTrap followed by data with a size greater than 0x410 bytes, a stack buffer will overflow.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a flaw in Nagios XIs Alert Cloud which is vulnerable to a cross site scripting attack.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits a vulnerability in Microsoft's Internet Explorer where some contents of memory can be leaked and that leakage can lead to an attacker finding a way around memory protection.

CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

This strike exploits a flaw in the Squid Proxy Server where a malformed language name will put the server into an infinite loop.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits an integer overflow vulnerability in MySql Database Server. The vulnerability is due to insufficient validation of user supplied input while parsing a geometry query. An authenticated user can exploit this vulnerability by sending a specially crafted geometry query.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike simulates command and control communications from the BlackEnergy botnet. In this strike, ten exchanges between the bot and the command and control server occur in rapid succession. In reality these communications would be further apart.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a flaw in SAPs NetWeaver where a user can send a malformed request which can overwrite memory.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a flaw in Mozilla products when a large number of fonts referenced will overflow an array.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a Use-After-Free vulnerability in Microsoft Internet Explorer. A Use-After-Free condition occurs if an HTML element, which has a style attribute defined in an HTC file that in turn runs a garbage collection when some attribute of the element is set, is defined and then removed from the DOM using the removeChild function.

Pages