Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 241 - 260 of 59925
CVSS: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
This strike exploits a directory traversal vulnerability in Adobe ColdFusion CKEditor. The vulnerability is due to improper sanitization in the file upload.cfm. An attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could upload arbitrary files to the target server.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits an remote code execution vulnerability in the GDI+ (Graphics Device Interface) module of Microsoft Windows. The vulnerability is due to improper handling of EMF records in memory by the 'DoRotatedStretchBlt' method pertaining to 'gdiplus.dll' library. The vulnerability can be exploited by crafting a malicious EMF file and enticing a user to download and open...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits an SQL injection vulnerability in Zoho ManageEngine Applications Manager. The vulnerability is caused by insufficient validation of user input "resourcetype" on HTTP requests which are used to create SQL queries. Successful exploitation could allow an attacker abilities to execute SQL queries on the target server.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Apple Safari Webkit. Specifically, the vulnerability exists when making a call to the InlineTextBox::paint method. It is possible to craft Javascript in such a way that when invoking this method memory corruption will occur leading to an out of bounds memory read. This can lead to a denial of service or potentially allow for remote code execution to occur....
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike reproduces an attack on Microsoft Windows' DHCP client, on a buffer overflow vulnerability. The flaw results from the lack of field counting when parsing 'Options' fields in a DHCP ACK packet, resulting in overwrite of memory areas. As a consequence of exploiting this bug, a remote attacker controlling a DHCP server may take advantage and gain control of vulnerable Windows-...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a remote code execution vulnerability in Jenkins. The vulnerability is due to improper filtering of the "value" parameter when invoking a method on Java objects. An attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in remote code execution on the target server.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike replicates an attack known as Bluekeep against a Microsoft Windows RDP Server (Remote Desktop Services), exploiting a use-after-free vulnerability. The flaw resides in a single memory zone being addressed by two different pointers when creating a RDP channel with the name 'MS_T120', when the connection is set up. A successful exploitation grants the attacker complete control...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. It is possible to create javascript in such a way that allows for type confusion to occur when utilizing the Javascript localCompare method. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a file inclusion and remote command execution vulnerability in Atlassian Confluence Server. The vulnerability is due to improper sanitization of the "_template" parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server and achieve file inclusion or achieve remote command execution...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike simulates a remote code execution attack on a Oracle Weblogic Server. The flaw is due to no authentication and no client input sanitization on server when receiving SOAP calls. By exploiting a vulnerable system, a remote unauthenticated attacker is able to execute arbitrary commands on the target system.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike recreates a buffer overflow attack in Microsoft Windows SMBv1 service. The vulnerability is due to insufficient sanitization of user-supplied input while processing SMB_COM_NT_TRANSACT requests. A remote, unauthenticated attacker could exploit this vulnerability via a specially-crafted SMB packet, containing a bad value for 'SizeOfListInBytes' for the specified SMB package type...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Apple Safari Webkit. Specifically, it is possible to craft Javascript in such a way that allows for a use-after-free vulnerability to occur when calling the updateReferencedText method. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This strike exploits a null pointer dereference vulnerability in Memcached daemon. The vulnerability is due to inadequate 'lru' command client request handing. By crafting a special MEMCACHE packet, an attacker can cause denial-of-service conditions in the context of the targeted application.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike simulates the traffic caused by exploiting a vulnerability in the Mozilla Firefox browser. Specifically, the vulnerability exists in the 'Custom Elements' stream handler component of Firefox. When handling an HTML5 stream in concert with custom HTML elements, the stream parser object is freed while still in use, leading to a crash. An attacker can exploit this vulnerability by...
CVSS: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
This strike simulates an arbitrary file upload attack on Oracle Weblogic. The vulnerability is a result of no sanitization for the 'wl_upload_application_name' header. Successful exploitation requires valid credentials and leads to arbitrary file upload and remote code execution.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
A remote code execution vulnerability exists in Drupal 7.x before 7.62, Drupal 8.5.x before 8.5.9 and Drupal 8.6.x before 8.6.6. The vulnerability is located within the PHP's built-in phar stream wrapper, when performing file operations on an untrusted 'phar://' URI. A remote attacker can exploit this vulnerability by sending a crafted HTTP packet to the target service. Successful...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits an integer overflow vulnerability in Lighttpd. The vulnerability is due to url mishandling of /%2F? in burl.c under HTTP GET request. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in denial-of-service on the target server. *Note: The exploit will work only when the target...
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
This strike exploits a PHP information disclosure vulnerability before version 5.6.31 and 7.x before 7.1.7 . This vulnerability is due to improper handling of objects in memory under GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c file. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted image file to the target server. Successful exploitation results in...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge Chakra engine. Specifically the vulnerability is under the CrossSite class, which passes Javascript variables across different contexts. An attacker who successfully exploits the vulnerability could trigger a Use-After-Free condition.
CVSS: 9.0 (AV:N/AC:L/Au:N/C:C/I:P/A:P)
This strike replicates an integer overflow exploit for Chrome browser engine. The vulnerability can be triggered via the Array JS API by using the 'ArrayConcat' or 'ArrayPrototypeFill' as entry points. By successfully exploiting this flaw, an attacker can execute arbitrary code in the context of the Chrome's 'renderer' process.
