This strike exploits a remote code execution vulnerability in the PHP imap open function on Ubuntu or Debian. This vulnerability is due to improper handling of the -oProxyCommand values when a client sends http traffic to the server which has some imap functionality. A remote attacker can exploit this vulnerability by sending crafted http requests to the target server. Successful exploitation results...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits an out-of-bounds write in Netatalk package. The vulnerability is due to a missing bounds check in the handling of the DSI Opensession command. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target application. Successful exploitation could lead to arbitrary code execution with privileges of the root user.
CVSS: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
This strike exploits an SQL injection vulnerability in Dolibarr ERP-CRM. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit. this by sending a specifically crafted rowid parameter, potentially resulting in the execution of SQL commands which may lead to information disclosure.
CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
This strike exploits a information disclosure vulnerability found in Cisco Small Business RV320 and RV325 routers. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Apple WebKit. Specifically, the vulnerability exists in the AbstractValue Set method. Javascript can be crafted in such a way that the attacker can write into the immutable butterfly of a Copy on Write array. This can lead to a Use-After-Free condition causing a denial of service or potentially lead to remote code execution.
CVSS: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
This strike exploits a use-before-initialization vulnerability in VLC Media Player. The vulnerability arises when a memory allocation fails due to a large enough ChunkSize flag, thus leaving the p peek pointer unintialized. By exploiting this, an attacker could cause information leaks on the target system.
CVSS: 4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N)
This strike exploits a reflected XSS vulnerability inside the Samsung DVR Web Viewer. Web Viewer is vulnerable to a cross-site scripting attack that will allow remote attackers to inject code.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This strike exploits a null pointer dereference vulnerability in Microsoft Edge browser. The vulnerability resides in the way the browsers engine handles dynamically created namespacesURI elements. By exploiting the vulnerability an attacker is able to cause denial of service conditions on targets browser.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose. To trigger this vulnerability, an attacker must send a specially crafted MQTT SUBSCRIBE packet over the network, without a preliminary CONNECT packet. Successful exploitation results in remote code execution or denial of service conditions of the application.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a Use-After-Free in com.adobe.tvsdk.mediacore.metadata. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process.
CVSS: 6.8 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
This strike exploits a vulnerability in Webkit. Specifically, it is possible to create an array having a Proxy object in the prototype chain. This may cause a denial of service condition in the browser or allow for remote code execution to occur.
CVSS: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
This strike exploits an information disclosure vulnerability in the Mozilla Firefox browser. Specifically, the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that result in the stack pointer being off by 8 bytes. When this occurs a memory address gets leaked that can be used as part of an exploit. This strike demonstrates the information disclosure by dumping the leaked...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Internet Explorer Out-Of-Bound write. Specifically, the vulnerability exists in the Javascript JsArrayFunctionHeapSort. It is possible to craft Javascript in such a way that will cause a denial of service condition in the browser.
CVSS: 5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P)
An exploitable stack-based buffer overflow exists in Losant Arduino MQTT client library. The vulnerability is a result of improper checks when a MQTT PUBLISH packet is received by the client which leads to certain memory areas from the stack to be overwritten. By controlling a rogue server, an attacker may be able to obtain code execution on connected MQTT peers.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a buffer overflow vulnerability in Microsoft Outlook client. The vulnerability is due to insufficient input validation of an unknown header field of Outlook Rules RWZ files. A remote attacker could exploit this vulnerability by enticing a user to import a maliciously crafted file. Successful exploitation could lead to arbitrary code execution in the context of the user.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
A denial of service vulnerability exists in Eclipse Mosquitto broker. The vulnerability is due to a flaw in the module that handles Publish messages. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed message to the target service. Successful exploitation could crash the vulnerable application.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a OS command injection vulnerability found in Cisco Small Business RV320 and RV325 routers. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by crafting a special HTTP POST request. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root.
Pages