Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Displaying 341 - 360 of 58316

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits a out of memory vulnerability in Chromes Javascript V8 engine. The vulnerability resides in the way the browsers engine handles dynamically created arrays. By exploiting the vulnerability an attacker is able to cause denial of service conditions on targets browser.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a heap Use-After-Free vulnerability in libVNC LibVNCServer. The vulnerability is due to improper validation of the file transfer request size by the File Transfer extension. Successful exploitation may result in remote code execution on the target server.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

An out-of-bounds read vulnerability exists in Foxit Reader and PhantomPDF. This vulnerability is due to improper handling of the xdpContent property of a submit object. A remote attacker could exploit this vulnerability by enticing a user to open a malicious PDF document. Successful exploitation would allow the attacker to gain sensitive information that may help in further attacks.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a buffer overflow vulnerability in tiffcp component of libtiff. The vulnerability is due to insufficient input validation of an unknown TIFF header field . A remote attacker could exploit this vulnerability by enticing a user to import a specially crafted TIFF file. Successful exploitation could lead to arbitrary code execution or denial-of-service conditions in the context of...

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

An insecure deserialization vulnerability exists in HPE intelligent Management Center PLAT v7.3 E0504. The flaw arises due to lack of security checks when processing the POST payload for the /imc/topo/WebDMDebugServlet endpoint. Successful attacks result in arbitrary remote code execution with root privileges.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike replicates a remote code execution attack on Ruby on Rails <5.2.2.1, <6.0.0.beta3. The flaw resides in the deterministic way the platform generates its secret token in development mode, making it easy to be guessed. A successful exploitation results in arbitrary code execution through Marshal object injection.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits an authentication bypass vulnerability in the Cisco Elastic Services Controller. The vulnerability is due to improper filtering of the Authorization header. An attacker could exploit this vulnerability by sending a crafted http traffic to the target server. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could achieve authentication bypass on the...

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Mozilla Firefox. Specifically the vulnerability exists in the Javascript engine Spidermonkey. Inside SpiderMonkey, IonMonkey fails to detect changes properly when the ObjGroup is modified during a prototype change. This can lead to a denial of service or potentially allow for remote code execution to occur.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a denial of service vulnerability in HPE Intelligent Management Center. The vulnerability is due to improper validation of user input on port 2810. By exploiting this vulnerability, a remote, unauthenticated attacker could run arbitrary command on the target server.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

An unrestricted file upload vulnerability exists in WordPress Ninja Forms plugin, with File Upload extension enabled v3.0.22. The flaw is a result of no sanitization when parsing user-provided parameters name and tmp name when submitting files. A successful attacker is thus able to upload PHP webshells in order to execute arbitrary commands on the target webserver.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Windows scripting engine. The vulnerability is due to incorrect handling of objects in memory. An attacker could exploit this vulnerability by enticing a user to view a malicious web page. Successful exploitation of the vulnerability could trigger a code execution condition on client side.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits an access bypass vulnerability in Apache Tomcat JK Status Manager. By inserting a semicolon after the jkstatus uri, access restrictions are bypassed. An attacker could send specially crafted HTTP GET requests to change ports, resulting in a denial of service condition, or to disclose information about the target server.

CVSS: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)

This strike creates an Empire Python launcher backdoor. This backdoor will try to connect to the hackers server and setup a connection which would allow the hacker to use other modules such as remote code execution in Empire.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a buffer overflow vulnerability found in Icecast server. The vulnerability is due do insufficient offset calculations while copying user-supplied data into a stack-based buffer within url add client pertaining to auth url.c. By crafting a malicious HTTP request, an attacker can cause denial of service conditions or achieve code execution on the target device.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits a cross-site scripting vulnerability in Roundcube Webmail. The vulnerability is due to improper parsing when verifying attached HTML documents for script tags which can be bypassed by using a certain sequence of HTML tags. By exploiting this flaw, an attacker may be able to execute malicious scripts in the victims browser which may lead to account hijacking.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits an off-by-one vulnerability in libmspack library. This vulnerability is due to improper handling of block alignment when processing blocks using quantum compression within cabd sys read block function. The vulnerability can be exploited by crafting a malicious CAB file with an application that uses the vulnerable library. Successful exploitation may result in execution of...

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Internet Explorer Browser. Specifically, the vulnerability exists in the VBScript component. An input array can be resized during an rtFilter call causing an out of bounds memory read to occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

A Use-After-Free vulnerability exists in Foxit Reader. The specific flaw resides within the handling of the delay property for Annotation objects. Successful exploitation may result in execution of arbitrary code with user privileges. Failure to exploit will not typically result in a crash.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

An unauthenticated stored cross-site scripting vulnerability exists in Advantech WebAccess. The vulnerability resides within bwMainLeft.asp and can be exploited by crafting a GET request containing a malicious pname parameter. By exploiting this vulnerability an attacker could execute arbitrary scripts on the target browser.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Internet Explorer Browser. Specifically, the vulnerability exists in VBScript. If a Variant is an object, the object destructor is going to be called and the variant type will be unset. It is possible for the object destructor to then call the attacker controlled code to free the memory holding the variant, and if called upon later a Use-After-...

Pages