Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Displaying 221 - 240 of 58316

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits a information disclosure vulnerability in the GDI+ Graphics Device Interface module of Microsoft Windows. The vulnerability is due to improper handling of EMF records in memory. The vulnerability can be exploited by crafting a malicious EMF file and enticing a user to download and open it. Successful exploitation could result in an information leak which could be used to further...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

An OS command injection exists in Schneider Electric U.Motion Builder. The flaw, located in track import export.php, is a result of lack of user-supplied data sanitization and may be exploited via the object id parameter. A remote unauthenticated attack may lead to arbitrary OS commands being issued on the host system.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike simulates a remote code execution attack on Oracle Weblogic Server. The flaw is due to lack of authentication and input sanitization when the server receives SOAP calls. By exploiting a vulnerable system, a remote unauthenticated attacker is able to execute arbitrary commands on the target system.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Apple Webkit JavaScriptCore. Specifically, the vulnerability exists during JIT compilation in FTL. It occurs when a loop-invariant code motion moves access to an array before a bounds check occurs. When this happens a denial of service condition, or potentially remote code execution, may occur.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a directory traversal vulnerability in Joomla Core 1.5.0 - 3.9.4. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending crafted HTTP traffic to the target server. Successful exploitation could lead to file access outside the media manager root directory.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

A remote command execution exists in Exim versions 4.87 to 4.91, due to lack of user input sanitization when processing RCPT TO and MAIL FROM commands. Successful attack results in remote command execution with root privileges.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a remote code execution vulnerability found in Cisco Prime Infrastructure Web server. The vulnerability is due to improper directory permissions. An unauthenticated attacker could exploit this vulnerability by crafting a special HTTP POST request. A successful exploit could allow the attacker to execute arbitrary commands on the underlying system.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Apple Safari Webkit. Specifically, the vulnerability exists when making a call to the InlineTextBox::paint method. It is possible to craft Javascript in such a way that when invoking this method memory corruption will occur leading to an out of bounds memory read. This can lead to a denial of service or potentially allow for remote code execution to occur....

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits an remote code execution vulnerability in the GDI+ Graphics Device Interface module of Microsoft Windows. The vulnerability is due to improper handling of EMF records in memory by the DoRotatedStretchBlt method pertaining to gdiplus.dll library. The vulnerability can be exploited by crafting a malicious EMF file and enticing a user to download and open it. Successful exploitation...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike reproduces an attack on Microsoft Windows DHCP client, on a buffer overflow vulnerability. The flaw results from the lack of field counting when parsing Options fields in a DHCP ACK packet, resulting in overwrite of memory areas. As a consequence of exploiting this bug, a remote attacker controlling a DHCP server may take advantage and gain control of vulnerable Windows-based DHCP clients...

CVSS: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Google Chrome. Specifically, the vulnerability exists when ExtensionsGuestViewMessageFilter is destroyed while concurrently modifying ProcessIdToFilterMap. When this happens a race condition will occur which can lead to a denial of service in the browser.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution vulnerability in Jenkins. The vulnerability is due to improper filtering of the value parameter when invoking a method on Java objects. An attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in remote code execution on the target server.

CVSS: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)

This strike exploits a directory traversal vulnerability in Adobe ColdFusion CKEditor. The vulnerability is due to improper sanitization in the file upload.cfm. An attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could upload arbitrary files to the target server.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike replicates an attack known as Bluekeep against a Microsoft Windows RDP Server Remote Desktop Services, exploiting a Use-After-Free vulnerability. The flaw resides in a single memory zone being addressed by two different pointers when creating a RDP channel with the name MS T120, when the connection is set up. A successful exploitation grants the attacker complete control over the target...

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits an SQL injection vulnerability in Zoho ManageEngine Applications Manager. The vulnerability is caused by insufficient validation of user input resourcetype on HTTP requests which are used to create SQL queries. Successful exploitation could allow an attacker abilities to execute SQL queries on the target server.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike recreates a buffer overflow attack in Microsoft Windows SMBv1 service. The vulnerability is due to insufficient sanitization of user-supplied input while processing SMB COM NT TRANSACT requests. A remote, unauthenticated attacker could exploit this vulnerability via a specially-crafted SMB packet, containing a bad value for SizeOfListInBytes for the specified SMB package type. Successful...

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a file inclusion and remote command execution vulnerability in Atlassian Confluence Server. The vulnerability is due to improper sanitization of the template parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server and achieve file inclusion or achieve remote command execution by SSTI,...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike simulates the traffic caused by exploiting a vulnerability in the Mozilla Firefox browser. Specifically, the vulnerability exists in the Custom Elements stream handler component of Firefox. When handling an HTML5 stream in concert with custom HTML elements, the stream parser object is freed while still in use, leading to a crash. An attacker can exploit this vulnerability by passing a...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits an integer overflow vulnerability in Lighttpd. The vulnerability is due to url mishandling of /%2F? in burl.c under HTTP GET request. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in denial-of-service on the target server. *Note: The exploit will work only when the target...

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Apple Safari Webkit. Specifically, it is possible to craft Javascript in such a way that allows for a Use-After-Free vulnerability to occur when calling the updateReferencedText method. This may lead to a denial of service condition in the browser, or potentially remote code execution.

Pages