Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 281 - 300 of 59925
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a use-after-free vulnerability in the JavaScript engine of Foxit PDF Reader. This vulnerability is due to improper handling of freed objects in the JavaScript popUpMenu method. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits an integer overflow vulnerability in Adobe Acrobat Reader ImageConversion component. The vulnerability is due to improper parsing of EmfPlusDrawString data records in an EMF file. Successful exploitation may result in execution of arbitrary code with user privileges. Failure to exploit will not typically result in a crash.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Mozilla Firefox. It is possible to craft Javascript in such a way that allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting attack when calling the crypto.generateCRMFRequest function. This can lead to remote code execution on the victim's machine.
CVSS: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)
This strike exploits an arbitrary file deletion vulnerability in Oracle SE 8. The vulnerability is due to improper filtering of jlnp URL variable. An attacker can entice the victim to click the malicious link. Successful exploitation may lead to file deletion on client side.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Apple Safari Webkit. It is possible to craft Javascript in such a way that will cause type confusion to occur when using a CustomGetterSetter object linked to regExpConstructorInput. This can lead to a denial of service in the browser or potentially allow for remote code execution to occur.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
This strike exploits a vulnerability in Apple Webkit. It is possible to craft Javascript in such a way that an Out of Bounds Read/Write can occur in shiftCountWithArrayStorage. This can cause memory corruption to occur leading to a denial of service in the browser or potentially lead to remote code execution.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits an insecure deserialization vulnerability in Apache Solr. The vulnerability is due to insufficient sanitization of requests made to the Config API. This vulnerability can be exploited by sending a specially crafted HTTP request to the Config API. Successful exploitation could lead to remote code execution withing the context of the server.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a SQL injection vulnerability in the J2Store component 3.x - 3.3.6 for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
The strike reproduces a remote code execution attack on Moodle CMS platform. The vulnerability resides in poor user input sanitization for 'answer' parameter within 'questiontype.php', when defining a new quizz of type 'Calculated'. By exploiting the issue, a remote authenticated attacker may execute arbitrary PHP code with HTTP Server privileges.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
This strike exploits an information disclosure vulnerability in the GDI (Graphics Device Interface) components of Microsoft Windows. The vulnerability is due to improper handling of EMF records in memory by the DoGdiCommentMultiFormats method pertaining to 'gdiplus.dll' library. The vulnerability can be exploited by crafting a malicious EMF file and enticing a user to download and open it....
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
This strike emulates a remote code execution via a POP chain attack on PhpBB forum platform. The vulnerability resides in calling the "file_exists" function with user supplied data when checking the ImageMagick binary path. An authenticated attacker may gain arbitrary code execution by uploading a polyglot JPEG-PHAR file beforehand then setting the ImageMagick path to the polyglot, using...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Internet Explorer browser. Specifically, the vulnerability exists in the VBScript engine. It is possible to create VBScript in such a way that can allow for a use-after-free condition to occur when a pointer to a SafeArray object is created and stored and the object is then destroyed. This may lead to a denial of service condition in the browser,...
CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
The strikes replicates an attack on Ruby on Rails which leads to arbitrary file disclosure. The vulnerability resides in the lack of validation of the "Accept" header which is further parsed within the "template_renderer.rb" file in order to return the template file to be rendered. By exploiting this, a remote unauthenticated attacker may read arbitrary files on the host system...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote file inclusion vulnerability in WordPress Plugin Grace. The vulnerability is due to improper sanitization of the "cfg" parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits an insecure deserialization via XML payload in OpenMRS's Webservices API module. By exploiting the vulnerability, an unauthenticated attacker might be able to execute system commands in the context of the user running the webserver process.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a buffer overflow vulnerability in Microsoft Outlook client. The vulnerability is due to insufficient validation of the countOfFormNameStringObjects field in an RWZ file. A remote attacker could exploit this vulnerability by enticing a user to import a maliciously crafted file. Successful exploitation could lead to arbitrary code execution in the context of the user.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Apple Webkit. Specifically, an attacker can craft javascript that takes advantage of a vulnerability that exists in how the GetIndexedPropertyStorage can cause garbage collection via rope strings, which can lead to a use after free condition. This can cause a denial of service in the browser or potentially allow for remote code execution to occur.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a command injection vulnerability in LAquis SCADA. The PAGINA parameter in HTTP requests to acompanhamentotela.lhtml and the TITULO parameter in requests to relatorioindividual.lhtml are not sanatized for command injection characters. An attacker can send a specially crafted HTTP GET or POST request to achieve command execution on the target machine.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a command injection vulnerability in LAquis SCADA. The NOME parameter in HTTP requests to relatorionome.lhtml is not sanatized for command injection characters. An attacker can send a specially crafted HTTP GET or POST request to achieve command execution on the target machine.
CVSS: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
This strike exploits a remote file inclusion vulnerability in phpMyAdmin. The vulnerability is due to an improper filter, and the ability to execute a SQL sentence. By successfully exploiting this vulnerability, a remote, authenticated attacker could retrieve arbitrary files from the target server.
