Displaying 21 - 40 of 38146
Last import : Feb 18 09:20

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a buffer overflow vulnerability in WellinTech KingView KingMess. A specially crafted KVL file will cause a stack buffer overflow. Successful exploitation may result in execution of arbitrary code with user privileges or abnormal termination of the KingMess program.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a flaw in HPs Intelligent Management Center where a user can upload a zip file which in turn clobbers arbitrary files.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a resource exhaustion vulnerability in Digium Asterisk. When receiving an HTTP POST request to certain URLs, Asterisk HTTP management interface allocates a heap buffer of Content-Length + 1. An attacker could send specially crafted messages with large Content-Length values to exhaust heap memory. Successful exploitation could lead to a denial of service condition.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a flaw in Nagios XIs Alert Cloud which is vulnerable to a cross site scripting attack.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a stack buffer overflow in HP Lefthands Appliance Server. In this strike the default credentials are used to issue a Diag request to the hydra service. Because of improper validation if the diag value in getListSafeTest and getListSupportTest requests. A maximum heap buffer of 0x1000 bytes is allocated in which the value is strcpy to. If a null character is found at the end of...

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a stack buffer overflow in HP Lefthands Appliance Server. In this strike the default credentials are used to issue an snmp request to the hydra service. Because of improper validation if the community string contains testTrap followed by data with a size greater than 0x410 bytes, a stack buffer will overflow.

CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

This strike exploits a flaw in the Squid Proxy Server where a malformed language name will put the server into an infinite loop.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits an integer overflow vulnerability in MySql Database Server. The vulnerability is due to insufficient validation of user supplied input while parsing a geometry query. An authenticated user can exploit this vulnerability by sending a specially crafted geometry query.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

This strike exploits a remote code execution vulnerability in Oracle Java. The vulnerability can be exploited due to insecure use of certain JMX classes. Successful exploitation of these vulnerabilities could result in the execution of arbitrary Java code on the target system.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Novell Zenworks Handheld Management. If the connection packet contains an opcode of 0x01 or 0x02, the following packet can be crafted to overflow a heap buffer. Successful exploitation may result in execution of arbitrary code or abnormal termination causing a denial of service condition.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a buffer overflow in Viscoms Movie Player Pro ActiveX control MOVIEPLAYER.MoviePlayerCtrl.1. The strFontName parameter is not properly validated, and if an overly long string is received it will overflow the buffer.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a lack of authentication and a directory traversal vulnerability in Novell iManager. The getMultiPartParameters function does not check for authentication nor for directory traversal characters. This allows an unauthenticated user to upload a an arbitrary file to any directory on the target Machine.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits a vulnerability in Microsofts Internet Explorer where some contents of memory can be leaked and that leakage can lead to an attacker finding a way around memory protection.

CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

This strike exploits a denial of service vulnerability in Squid Proxy Server. A specially crafted Vary header can be used to cause Squid Proxy Server to terminate abnormally, terminating any current sessions. It will be restarted by Squid Monitor. Repeated attacks will cause Squid Monitor to exit without restarting Squid Proxy Server, causing a denial of service condition.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a denial-of-server vulnerability in MySql Database Server. The vulnerability is due to insufficient validation of user supplied input in a geometry query. An authenticated user can exploit this vulnerability by sending a specially crafted geometry query.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a Use-After-Free vulnerability in Microsoft Internet Explorer. When a sub or sup element calls the Justify* commands multiple times, a Use-After-Free can occur.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike simulates command and control communications from the BlackEnergy botnet. In this strike, ten exchanges between the bot and the command and control server occur in rapid succession. In reality these communications would be further apart.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a stack buffer overflow in Oracle Secure Backup. The vulnerability is due to a lack of bounds checking on the reverse lookup on the connections to the service. By exploiting this vulnerability, an attacker could execute code in the security context of the SYSTEM user.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in SAP NetWeavers Message Server. Specifically, when a request to the server is processed that has the iflag field set to 05 and the optcode 15, the buffer size field is calculated with a max of 78 bytes. Because it is not validated, data with a size greater than 78 bytes will overflow this buffer.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a flaw in SAPs NetWeaver where a user can send a malformed request which can overwrite memory.

Pages