Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 221 - 240 of 59925
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
An OS command injection exists in Centreon 19.04.0 due to lack of sanitization when the 'nagios' binary path is set. By exploiting this flaw, an authenticated remote attacker can run arbitrary OS commands on the target system.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
This strike exploits an information disclosure vulnerability in Microsoft Windows GDI component. The flaw is located in 'bHandleCreateDIBPatternBrush' function and exists due to lack of checks when parsing an EMF file's 'BITMAPINFOHEADER' fields. In order to exploit this vulnerability an attacker must entice the victim to open a malicious 'emf' file.
CVSS: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
This strike simulates a stored XSS attack on Symantec DLP 15.5 MP1. The flaw exists in '/ProtectManager/enforce/admin/senderrecipientpatterns/list' endpoint due to lack of sanitization for the 'name' parameter. A successful authenticated attacker is thus able gain control of victim's browser.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
A code execution vulnerability has been reported in Microsoft Windows ActiveX Data Objects (ADO). The vulnerability is due to improper handling of an object. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted file. Successful exploitation could result in the execution of arbitrary code with the victim's privileges.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Mozilla Firefox. Specifically, the vulnerability exists in the Javascript engine Spidermonkey. It is possible to craft Javascript in such a way that IonMonkey incorrectly predicts the return type of Array.Prototype.pop. This causes type confusion to occur which can result in remote code execution.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a path traversal vulnerability found in Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Mozilla Firefox. Specifically, the vulnerability exists in the Javascript engine Spidermonkey. It is possible to craft Javascript in such a way that in IonMonkey an unexpected ObjectGroup in an ObjectGroupDispatch operation might allow for unsafe code to execute. This could cause type confusion to occur causing a denial of service condition in the browser or...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a file upload vulnerability in Adobe Coldfusion. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending crafted HTTP traffic to the target server. Successful exploitation could lead to file upload and code execution on the target server.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits a directory traversal vulnerability in GrandNode Ecommerce platform. The vulnerability is due to improper sanitization of parameters passed to the "LetsEncryptController" module. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits an integer overflow vulnerability in Microsoft Windows SMB Server. The vulnerability is due to improper handling of SMBv2 requests. A remote, authenticated attacker could exploit this vulnerability to execute arbitrary code on the target system.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a directory traversal vulnerability in Joomla Core 1.5.0 - 3.9.4. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending crafted HTTP traffic to the target server. Successful exploitation could lead to file access outside the media manager root directory.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Apple Webkit JavaScriptCore. Specifically, the vulnerability exists when a Watchpoint jettisons code that has already been freed. This causes a Use-After-Free condition to occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike simulates a remote code execution attack on Oracle Weblogic Server. The flaw is due to lack of authentication and input sanitization when the server receives SOAP calls. By exploiting a vulnerable system, a remote unauthenticated attacker is able to execute arbitrary commands on the target system.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
This strike exploits a information disclosure vulnerability in the GDI+ (Graphics Device Interface) module of Microsoft Windows. The vulnerability is due to improper handling of EMF records in memory. The vulnerability can be exploited by crafting a malicious EMF file and enticing a user to download and open it. Successful exploitation could result in an information leak which could be used to...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
An OS command injection exists in Schneider Electric U.Motion Builder. The flaw, located in 'track_import_export.php', is a result of lack of user-supplied data sanitization and may be exploited via the 'object_id' parameter. A remote unauthenticated attack may lead to arbitrary OS commands being issued on the host system.
CVSS: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
This strike exploits a directory traversal vulnerability in Cisco Prime Infrastructure EPNM. The vulnerability is due to improper sanitization of the "downloadDirectory" parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote code execution vulnerability found in Cisco Prime Infrastructure Web server. The vulnerability is due to improper directory permissions. An unauthenticated attacker could exploit this vulnerability by crafting a special HTTP POST request. A successful exploit could allow the attacker to execute arbitrary commands on the underlying system.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Apple Webkit JavaScriptCore. Specifically, the vulnerability exists during JIT compilation in FTL. It occurs when a loop-invariant code motion moves access to an array before a bounds check occurs. When this happens a denial of service condition, or potentially remote code execution, may occur.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
A remote command execution exists in Exim versions 4.87 to 4.91, due to lack of user input sanitization when processing 'RCPT TO' and 'MAIL FROM' commands. Successful attack results in remote command execution with 'root' privileges.
CVSS: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Google Chrome. Specifically, the vulnerability exists when ExtensionsGuestViewMessageFilter is destroyed while concurrently modifying ProcessIdToFilterMap. When this happens a race condition will occur which can lead to a denial of service in the browser.
