Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 361 - 380 of 58316
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
A remote code execution exists in Apache Superset through the Import Dashboards feature. The vulnerability exists as a result of an insecure pickle deserialization, allowing execution of arbitrary methods from the Python library. An authenticated attacker can therefore execute arbitrary code on the target system under the user that runs the gunicorn webserver.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a buffer overflow vulnerability in Oracle GoldenGate Manager. The vulnerability is due to an input validation error when processing malformed command names. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed command to the target application. Successful exploitation could lead to arbitrary code execution.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike simulates an exploitation of a local file inclusion vulnerability present in PHP Proxy. The vulnerability results from the lack of input sanitization when handling the q parameter. By exploiting this flaw, an attacker could read arbitrary files from the servers file system.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote code execution existing in the WordPress GDPR Compliance plugin. The vulnerability resides in the lack of requests authorization when performing the AJAX wpgdprc process action call as a unauthenticated user, resulting in alteration of database entries. An attacker is thus able to add a privileged user to a WordPress platform and subsequently execute PHP code as the user...
CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
This strike exploits a stored cross-site scripting vulnerability in WordPress Plugin Ninja Forms. The vulnerability is due to improper sanitization of the end date parameter. By successfully exploiting this vulnerability, an authenticated attacker could take control of the victims browser.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a buffer overflow vulnerability in Advantech WebAccess. The vulnerability is due to lack of boundary checks while copying user-supplied data into a stack buffer within BwPSLinkZip.exe. By building a special RPC request, an attacker can cause arbitrary code execution or abnormal termination of the WebAccess process.
CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
This strike exploits a directory traversal vulnerability in TP-Link TL-R600VPN router. The vulnerability can be exploited by issuing GET requests to the /help path. Since the webserver runs with root privileges, an attacker may gain access to the contents of any file residing on the file system.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
This strike exploits an out of bounds array-indexing vulnerability in ImageMagick. The vulnerability is due to uninitialized data when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. By enticing a user to process or upload a...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Google Chrome browser. Specifically, the vulnerability exists in the Google Chrome V8 javascript engine. It is possible to change the elements kind by getters. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unauthenticated stored cross-site scripting vulnerability exists in Nagios XI web interface. The vulnerability resides within api tool.php and can be exploited by crafting a GET request containing a malicious host parameter. The parameters value is then stored in bpi.conf and is later included in the web management interface. By exploiting this vulnerability an attacker could execute arbitrary...
CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
This strike exploits a remote code execution vulnerability in Nagios XI Snoopy component. The vulnerability resides in the lack of request sanitization when parsing the url parameter within magpie debug.php file. By providing the -o flag within the parameters value, an attacker is able to download a Php script from an arbitrary url and dump it to a publicly accessible path in order to execute...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Google Chrome browser. Specifically, the vulnerability exists in the Google Chrome V8 javascript engine. By passing a prototype chain of objects with a large expected nof properties the instance size value can be controlled. An integer overflow results in too small of a value being used causing memory corruption to occur. This may lead to a denial of...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
A heap corruption vulnerability was discovered in net-snmp, a suite of Simple Network Management Protocol applications. The vulnerability is due to a buffer overflow triggered when parsing the PDU prior to the authentication process. A remote, unauthenticated attacker can take advantage of this flaw to crash the snmpd process or execute arbitrary code within the context of the snmpd user.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits a directory traversal vulnerability in uWSGI PHP plugin. The vulnerability is caused by insufficient validation of user input on HTTP requests. Successful exploitation could allow an attacker to have arbitrary file accessible on target system.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
The strike exploits a heap buffer overflow vulnerability in LibTIFF. The vulnerability is due to insufficient length checks while processing TIFF files compressed with JBIG. A remote, unauthenticated attacker can exploit this vulnerability by enticing a target user to open a crafted TIFF file compressed with JBIG with an application that uses LibTIFF. Successful exploitation could result in the...
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a command injection vulnerability in WordPress Plugin Plainview Activity Monitor. The vulnerability is due to improper sanitization of the ip parameter under lookup mode. By successfully exploiting this vulnerability, an authenticated attacker could perform remote code execution on the target server.
CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
An arbitrary file read vulnerability has been reported in ACME mini httpd. This vulnerability is due to the way mini httpd process HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the affected server. Successful exploitation of this vulnerability can lead to disclosure of the content of arbitrary file on the target...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that when NewScObjectNoCtor is used to set a new objects proto type confusion can occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits an SQL injection vulnerability in the Saxum Astro 4.0.14 component for Joomla! The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that bypasses the fix for a stack to heap copy by adding a line that allocates head to the heap. This may lead to a denial of service condition in the browser, or potentially remote code execution.
