Displaying 301 - 320 of 38219

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits an authentication bypass vulnerability in the Cisco Elastic Services Controller. The vulnerability is due to improper filtering of the Authorization header. An attacker could exploit this vulnerability by sending a crafted http traffic to the target server. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could achieve authentication bypass on the...

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Mozilla Firefox. Specifically the vulnerability exists in the Javascript engine Spidermonkey. Inside SpiderMonkey, IonMonkey fails to detect changes properly when the ObjGroup is modified during a prototype change. This can lead to a denial of service or potentially allow for remote code execution to occur.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a denial of service vulnerability in HPE Intelligent Management Center. The vulnerability is due to improper validation of user input on port 2810. By exploiting this vulnerability, a remote, unauthenticated attacker could run arbitrary command on the target server.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

An unrestricted file upload vulnerability exists in WordPress Ninja Forms plugin, with File Upload extension enabled v3.0.22. The flaw is a result of no sanitization when parsing user-provided parameters name and tmp name when submitting files. A successful attacker is thus able to upload PHP webshells in order to execute arbitrary commands on the target webserver.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

A remote code execution exists in Apache Superset through the Import Dashboards feature. The vulnerability exists as a result of an insecure pickle deserialization, allowing execution of arbitrary methods from the Python library. An authenticated attacker can therefore execute arbitrary code on the target system under the user that runs the gunicorn webserver.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits an access bypass vulnerability in Apache Tomcat JK Status Manager. By inserting a semicolon after the jkstatus uri, access restrictions are bypassed. An attacker could send specially crafted HTTP GET requests to change ports, resulting in a denial of service condition, or to disclose information about the target server.

CVSS: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)

This strike creates an Empire Python launcher backdoor. This backdoor will try to connect to the hackers server and setup a connection which would allow the hacker to use other modules such as remote code execution in Empire.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a buffer overflow vulnerability found in Icecast server. The vulnerability is due do insufficient offset calculations while copying user-supplied data into a stack-based buffer within url add client pertaining to auth url.c. By crafting a malicious HTTP request, an attacker can cause denial of service conditions or achieve code execution on the target device.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits a cross-site scripting vulnerability in Roundcube Webmail. The vulnerability is due to improper parsing when verifying attached HTML documents for script tags which can be bypassed by using a certain sequence of HTML tags. By exploiting this flaw, an attacker may be able to execute malicious scripts in the victims browser which may lead to account hijacking.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits an off-by-one vulnerability in libmspack library. This vulnerability is due to improper handling of block alignment when processing blocks using quantum compression within cabd sys read block function. The vulnerability can be exploited by crafting a malicious CAB file with an application that uses the vulnerable library. Successful exploitation may result in execution of...

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Internet Explorer Browser. Specifically, the vulnerability exists in the VBScript component. An input array can be resized during an rtFilter call causing an out of bounds memory read to occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Internet Explorer Browser. Specifically, the vulnerability exists in VBScript. If a Variant is an object, the object destructor is going to be called and the variant type will be unset. It is possible for the object destructor to then call the attacker controlled code to free the memory holding the variant, and if called upon later a Use-After-...

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

A Use-After-Free vulnerability exists in Foxit Reader. The specific flaw resides within the handling of the delay property for Annotation objects. Successful exploitation may result in execution of arbitrary code with user privileges. Failure to exploit will not typically result in a crash.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

An unauthenticated stored cross-site scripting vulnerability exists in Advantech WebAccess. The vulnerability resides within bwMainLeft.asp and can be exploited by crafting a GET request containing a malicious pname parameter. By exploiting this vulnerability an attacker could execute arbitrary scripts on the target browser.

CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

This strike exploits a remote code execution vulnerability in Nagios XI Snoopy component. The vulnerability resides in the lack of request sanitization when parsing the url parameter within magpie debug.php file. By providing the -o flag within the parameters value, an attacker is able to download a Php script from an arbitrary url and dump it to a publicly accessible path in order to execute...

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Google Chrome browser. Specifically, the vulnerability exists in the Google Chrome V8 javascript engine. By passing a prototype chain of objects with a large expected nof properties the instance size value can be controlled. An integer overflow results in too small of a value being used causing memory corruption to occur. This may lead to a denial of...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a buffer overflow vulnerability in Oracle GoldenGate Manager. The vulnerability is due to an input validation error when processing malformed command names. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed command to the target application. Successful exploitation could lead to arbitrary code execution.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike simulates an exploitation of a local file inclusion vulnerability present in PHP Proxy. The vulnerability results from the lack of input sanitization when handling the q parameter. By exploiting this flaw, an attacker could read arbitrary files from the servers file system.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a remote code execution existing in the WordPress GDPR Compliance plugin. The vulnerability resides in the lack of requests authorization when performing the AJAX wpgdprc process action call as a unauthenticated user, resulting in alteration of database entries. An attacker is thus able to add a privileged user to a WordPress platform and subsequently execute PHP code as the user...

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits a stored cross-site scripting vulnerability in WordPress Plugin Ninja Forms. The vulnerability is due to improper sanitization of the end date parameter. By successfully exploiting this vulnerability, an authenticated attacker could take control of the victims browser.

Pages