Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 301 - 320 of 59925
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
This strike exploits a sql injection vulnerability in WordPress Plugin Booking Calendar 8.4.3. The vulnerability is due to improper sanitization of the booking_id parameter. By successfully exploiting this vulnerability, an authenticated attacker could perform sql injection on the target server.
CVSS: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)
The strikes emulates a path traversal attack on WordPress CMS platform. The attack can be carried by a low privileged user by providing a '_wp_attached_file' parameter when editing media files, thus modifying post metadata. By leveraging this vulnerability with a local file inclusion exploit, an attacker may gain code execution on the host system.
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
The strike exploits a local file inclusion vulnerability in WordPress platform, leveraged beforehand by a path traversal via the '_wp_attached_file' parameter. By supplying a '_wp_page_template' metadata parameter, the attacker determines the theme engine to include a malicious uploaded file. By exploiting this vulnerability an authenticated attacker gains remote code execution on...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a remote code execution on Nexus Repository Manager 3. This vulnerability is due to improper handling of the "value" parameter under HTTP parameter when a client sends http traffic to the server. A remote unauthenticated attacker can exploit this vulnerability by sending crafted http requests to the target server. Successful exploitation results in remote code execution...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
A remote code execution vulnerability exists in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. The vulnerability is due to the lack of data sanitization originating from non-form sources in the REST module. A remote attacker can exploit this vulnerability by sending a crafted HTTP packet to the target service. Successful exploitation could lead to arbitrary code execution or crash of the...
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
This strike exploits a information disclosure vulnerability in the GDI (Graphics Device Interface) components of Microsoft Windows. The vulnerability is due to improper handling of EMF records in memory by the 'gdiplus.dll' library. The vulnerability can be exploited by crafting a malicious EMF file and enticing a user to download and open it. Successful exploitation may result in execution...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote file inclusion vulnerability in Elasticsearch Kibana. The vulnerability is due to improper sanitization of the "apis" parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve javascript files from the target server. The other file format can be found in a log file on the target server.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits an input validation vulnerability found in WinRAR. The vulnerability is due to improper input validation while parsing specific header fields from an ACE archive. An attacker could exploit this vulnerability by crafting a special ACE file. A successful exploit could allow the attacker to execute arbitrary commands on the target system.
CVSS: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a buffer overflow vulnerability found in MatrixSSL. The vulnerability is due to improper validation of user-supplied key size within pubRsaDecryptSignedElementExt. An attacker could exploit this vulnerability by crafting special X.509 certificate. A successful exploit could lead to arbitrary code execution or crash of the vulnerable application.
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
This strike exploits a remote command execution vulnerability in Script Security Plugin pertaining to Jenkins master. The vulnerability is due to improper validation of data passed to the Jenkins master sandbox. A specially crafted HTTP POST request containing a sandbox script leads to remote code execution conditions on the vulnerable server.
CVSS: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
This strike exploits an out of bounds vulnerability in NTPsec ntpd. This vulnerability is due to insufficient validation of a parsed field from a NTP packet. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted NTP packet to the target server. Successful exploitation could lead to information disclosure of sensitive information.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that when using the NewScObjectNoCtor or InitProto methods with the SetIsPrototype method of the type handler, a transition to a new type can cause type confusion to occur. This can lead to a denial of service in...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that when using the InjectJsBuiltInLibraryCode method an attacker can clear the disable-implicit-call flag can lead to a stack based use after free condition. This may lead to a denial of service condition in the...
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike executes a vulnerability in Icona SpA C6 Messenger. When the DownloaderActiveX Control propPostDownloadAction parameter is set to run, a remote attacker can download and execute a file via a URL in propDownloadUrl parameter. This strike sends the initial html that contains these parameters before they make an outbound request to receive a malicious file via the propDownloadUrl parameter...
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
An integer overflow vulnerability has been discovered in ZeroMQ libzmq library. The vulnerability is due to improper sanitization of user-supplied data passed to zmq::v2_decoder_t::size_ready function when handling ZMTP messages. A remote attacker could exploit this vulnerability by sending a specially crafted packet to the vulnerable service. Successful exploitation could result in the execution of...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a SQL injection vulnerability in the JE Photo Gallery component 1.1 for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically a type confusion vulnerability exists inside the Chakra Javascript engine InitClass. It is possible for an attacker to craft javascript code in such a way that type confusion will cause a memory access violation to occur. This may lead to remote code execution or a denial of service condition in the browser.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
A remote code execution vulnerability exists in the Cisco IOS Software and Cisco IOS XE Software. The vulnerability is due to improper validation of packet data in the Smart Install feature. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed packet to the target service. Successful exploitation could lead to arbitrary code execution or denial of service (DoS)...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
A heap overflow vulnerability exists in the 'dhcpcore.dll' component of Windows DHCP Client. The vulnerability is triggered by two subsequent null bytes in a Domain Search DHCP Option within a DHCP Offer packet, followed by an arbitrary number of bytes, causing a zero-length buffer to be written, thus overwriting a invalid memory space. By exploiting the vulnerability, an attacker may be...
CVSS: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
This strike exploits an ACL bypass vulnerability in Mosquitto. If the username or client ID field is set to "#" or "+", ACLs will be completely bypassed. An attacker can send a crafted mqtt message to access mqtt topics without proper ACL rights.
