Displaying 321 - 340 of 38219

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

An unauthenticated stored cross-site scripting vulnerability exists in Nagios XI web interface. The vulnerability resides within api tool.php and can be exploited by crafting a GET request containing a malicious host parameter. The parameters value is then stored in bpi.conf and is later included in the web management interface. By exploiting this vulnerability an attacker could execute arbitrary...

CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

This strike exploits a directory traversal vulnerability in TP-Link TL-R600VPN router. The vulnerability can be exploited by issuing GET requests to the /help path. Since the webserver runs with root privileges, an attacker may gain access to the contents of any file residing on the file system.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits an out of bounds array-indexing vulnerability in ImageMagick. The vulnerability is due to uninitialized data when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. By enticing a user to process or upload a...

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Google Chrome browser. Specifically, the vulnerability exists in the Google Chrome V8 javascript engine. It is possible to change the elements kind by getters. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a buffer overflow vulnerability in Advantech WebAccess. The vulnerability is due to lack of boundary checks while copying user-supplied data into a stack buffer within BwPSLinkZip.exe. By building a special RPC request, an attacker can cause arbitrary code execution or abnormal termination of the WebAccess process.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that it is possible to incorrectly remove a bounds check. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

A heap corruption vulnerability was discovered in net-snmp, a suite of Simple Network Management Protocol applications. The vulnerability is due to a buffer overflow triggered when parsing the PDU prior to the authentication process. A remote, unauthenticated attacker can take advantage of this flaw to crash the snmpd process or execute arbitrary code within the context of the snmpd user.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a directory traversal vulnerability in uWSGI PHP plugin. The vulnerability is caused by insufficient validation of user input on HTTP requests. Successful exploitation could allow an attacker to have arbitrary file accessible on target system.

CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)

An arbitrary file read vulnerability has been reported in ACME mini httpd. This vulnerability is due to the way mini httpd process HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the affected server. Successful exploitation of this vulnerability can lead to disclosure of the content of arbitrary file on the target...

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

The strike exploits a heap buffer overflow vulnerability in LibTIFF. The vulnerability is due to insufficient length checks while processing TIFF files compressed with JBIG. A remote, unauthenticated attacker can exploit this vulnerability by enticing a target user to open a crafted TIFF file compressed with JBIG with an application that uses LibTIFF. Successful exploitation could result in the...

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that when NewScObjectNoCtor is used to set a new objects proto type confusion can occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits a command injection vulnerability in WordPress Plugin Plainview Activity Monitor. The vulnerability is due to improper sanitization of the ip parameter under lookup mode. By successfully exploiting this vulnerability, an authenticated attacker could perform remote code execution on the target server.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits an SQL injection vulnerability in the Saxum Astro 4.0.14 component for Joomla! The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that bypasses the fix for a stack to heap copy by adding a line that allocates head to the heap. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a denial of serviceDoS vulnerability in IP fragments. The vulnerability is caused by the way how out-of-order IP fragments are handled from the kernel. A remote attacker could exploit this vulnerability by keep sending large amount crafted IP segments packet to the target server. Successful exploitation is able to exhaust target servers resource and lead to denial-of-service. *...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a remote file inclusion vulnerability in WordPress Plugin Localize My Post 1.0. The vulnerability is due to improper sanitization of the file parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server.

CVSS: 6.8 (AV:N/AC:L/Au:S/C:C/I:N/A:N)

This strike exploits a directory traversal vulnerability in CentOS Web Panel. The vulnerability is due to lack of parameter sanitization while executing service-related operations, with the service name passed as a GET parameter. Successful exploitation results in the disclosure of arbitrary file contents from the target server.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike simulates a directory traversal attack on Responsive FileManager. The vulnerability can be exploited by issuing requests to the endpoint that handles AJAX calls. By exploiting it, an attacker may read arbitrary files from the filesystem.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that the JITed code does not check the input value, which can lead to type confusion. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits an arbitrary file upload vulnerability in BlueImp Jquery File Upload widget. The vulnerability is due to the complete lack of server-side authorization or sanitization when handling a file upload. An attacker is thus able to create arbitrary files on the server which in most cases leads to remote arbitrary code execution.

Pages