Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Displaying 341 - 360 of 38219

CVSS: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)

This strike exploits a blind SQL injection vulnerability in ManageEngines OpManager application. The vulnerability is present in a API parameter for managing devices as a result of insufficient user input sanitization. Therefore, an attacker may be able to read arbitrary database records or even access system files, depending on the databases configuration.

CVSS: 6.8 (AV:N/AC:L/Au:S/C:C/I:N/A:N)

This strike exploits a directory traversal vulnerability in FLIR AX8 Thermal Camera. The vulnerability is due to lack of input sanitization while downloading config files using the file parameter in download.php. Successful exploitation results in the disclosure of arbitrary file contents from the target server.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

An insecure deserialization vulnerability was found in Oracle WebLogic Server. This vulnerability is due to insufficient validation of serialized data within T3 requests. The vulnerability can be exploited by sending a specially crafted serialized object. The vulnerability does not require authentication. Successful exploitation can result in arbitrary code execution in the context of the user...

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

A denial of service vulnerability has been found in Red Hat 389 Directory Server. The vulnerability is due to improper parsing of of LDAP search queries in the do search method within slapd/search.c. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted LDAP search queries to a vulnerable server. Successful exploitation of the vulnerability leads to denial of service...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a remote file inclusion vulnerability in WordPress Plugin Wechat Broadcast 1.2.0. The vulnerability is due to improper sanitization of the url parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a directory traversal vulnerability present in multiple firmware versions of D-Link routers. The vulnerability can be exploited by performing GET requests under the path /uir of routers web interface. By exploiting it, an attacker may read arbitrary files from the filesystem which could lead further to credentials disclosure.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a SQL injection vulnerability in the Alexandria Book Library component for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge Browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that illustrates an array type conversion check is not implemented for definite objects. If a native array is processed as a definite object type confusion can occur. This may lead to a denial of service condition...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a remote code execution vulnerability present in Adobe ColdFusion platform. The flaw is due to an insecure deserialization in the Remote Method Invocation RMI server which contains a vulnerable version of Apache Commons BeanUtils. By exploiting an unpatched version of the application, an attacker is thus able to remotely execute arbitrary code with the privileges of the user that...

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits a remote command execution in Microsoft Edge browser. The vulnerability is due to lack of parameter sanitization when running an external application with a crafted hyperlink as an argument. A user accessing an arbitrary page can be enticed to run a malicious script with a minimum of interaction, allowing the attacker to execute arbitrary commands on the system.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits a remote command execution in Imperva SecureSphere Web Application Firewall. The vulnerability resides in the lack of sanitization of the installer-address parameter when the server statues is being queried. By exploiting this flaw, an attacker will be able to execute commands as the root user on the host system.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits a remote command execution in CentOS Web Panel. The vulnerability is due to lack of parameter sanitization when executing service-related operations, with the service name passed as a GET parameter. By exploiting this vulnerability, an authenticated attacker is able to execute system commands as a root user.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a buffer overflow vulnerability in Advantech WebAccess. The vulnerability is due to lack of boundary checks while copying user-supplied data into a stack buffer within BwPSLinkZip.exe. By building a special RPC request, an attacker can cause arbitrary code execution or abnormal termination within the context of the WebAccess process.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a SQL injection vulnerability in the Questions component for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a SQL injection vulnerability in the Jimtawl component 2.2.7 for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a heap-based buffer overflow vulnerability in Microsoft JET Database Engine components of Microsoft Windows. The vulnerability is due to improper handling of input passed to ExcelReadTotalRecord method within the msexcl40.DLL library. The vulnerability can be exploited by crafting a malicious Excel file and enticing a user to download and open it. Successful exploitation may...

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

A file upload vulnerability was found in Apache Pluto PortletV3AnnotatedDemo. The vulnerability is due to improper access control of user-supplied input when the portlet performs a file-uploading operation. Successful exploitation can result arbitrary file upload and possible remote code execution in the context of the user running the webserver.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits an integer underflow vulnerability in Adobe Acrobat Reader. The vulnerability is due to improper parsing of an embedded font by the CoolType module. An exploit could be triggered by opening a crafted XPS document. Successful exploitation could result in information disclosure which could be used to further compromise the target system.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

A stack buffer overflow vulnerability has been found in Red Hat 389 Directory Server. The vulnerability is due to improper handling of ldapsearch query parameters. An attacker can exploit this vulnerability by issuing a special ldapsearch query, allowing arbitrary code execution in the context of the user running the ns-slapd daemon. An unsuccessful attack will cause the daemon to crash.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

An arbitrary file overwrite vulnerability has been identified in Dasan GPON Home Router. The vulnerability is caused by the lack of proper input sanitisation of dest host parameter within the GponForm. The vulnerability can be exploited by sending a specially-crafted POST request, allowing the attacker to execute arbitrary commands on the device with root privileges.

Pages