Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 381 - 400 of 58316
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that it is possible to incorrectly remove a bounds check. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote file inclusion vulnerability in WordPress Plugin Localize My Post 1.0. The vulnerability is due to improper sanitization of the file parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server.
CVSS: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
This strike exploits a blind SQL injection vulnerability in ManageEngines OpManager application. The vulnerability is present in a API parameter for managing devices as a result of insufficient user input sanitization. Therefore, an attacker may be able to read arbitrary database records or even access system files, depending on the databases configuration.
CVSS: 6.8 (AV:N/AC:L/Au:S/C:C/I:N/A:N)
This strike exploits a directory traversal vulnerability in CentOS Web Panel. The vulnerability is due to lack of parameter sanitization while executing service-related operations, with the service name passed as a GET parameter. Successful exploitation results in the disclosure of arbitrary file contents from the target server.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike simulates a directory traversal attack on Responsive FileManager. The vulnerability can be exploited by issuing requests to the endpoint that handles AJAX calls. By exploiting it, an attacker may read arbitrary files from the filesystem.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote file inclusion vulnerability in WordPress Plugin Wechat Broadcast 1.2.0. The vulnerability is due to improper sanitization of the url parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that the JITed code does not check the input value, which can lead to type confusion. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits an arbitrary file upload vulnerability in BlueImp Jquery File Upload widget. The vulnerability is due to the complete lack of server-side authorization or sanitization when handling a file upload. An attacker is thus able to create arbitrary files on the server which in most cases leads to remote arbitrary code execution.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This strike exploits a denial of serviceDoS vulnerability in IP fragments. The vulnerability is caused by the way how out-of-order IP fragments are handled from the kernel. A remote attacker could exploit this vulnerability by keep sending large amount crafted IP segments packet to the target server. Successful exploitation is able to exhaust target servers resource and lead to denial-of-service. *...
CVSS: 6.8 (AV:N/AC:L/Au:S/C:C/I:N/A:N)
This strike exploits a directory traversal vulnerability in FLIR AX8 Thermal Camera. The vulnerability is due to lack of input sanitization while downloading config files using the file parameter in download.php. Successful exploitation results in the disclosure of arbitrary file contents from the target server.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
An insecure deserialization vulnerability was found in Oracle WebLogic Server. This vulnerability is due to insufficient validation of serialized data within T3 requests. The vulnerability can be exploited by sending a specially crafted serialized object. The vulnerability does not require authentication. Successful exploitation can result in arbitrary code execution in the context of the user...
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
A denial of service vulnerability has been found in Red Hat 389 Directory Server. The vulnerability is due to improper parsing of of LDAP search queries in the do search method within slapd/search.c. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted LDAP search queries to a vulnerable server. Successful exploitation of the vulnerability leads to denial of service...
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits a directory traversal vulnerability present in multiple firmware versions of D-Link routers. The vulnerability can be exploited by performing GET requests under the path /uir of routers web interface. By exploiting it, an attacker may read arbitrary files from the filesystem which could lead further to credentials disclosure.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a SQL injection vulnerability in the Alexandria Book Library component for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote code execution vulnerability present in Adobe ColdFusion platform. The flaw is due to an insecure deserialization in the Remote Method Invocation RMI server which contains a vulnerable version of Apache Commons BeanUtils. By exploiting an unpatched version of the application, an attacker is thus able to remotely execute arbitrary code with the privileges of the user that...
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
A file upload vulnerability was found in Apache Pluto PortletV3AnnotatedDemo. The vulnerability is due to improper access control of user-supplied input when the portlet performs a file-uploading operation. Successful exploitation can result arbitrary file upload and possible remote code execution in the context of the user running the webserver.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
A stack buffer overflow vulnerability has been found in Red Hat 389 Directory Server. The vulnerability is due to improper handling of ldapsearch query parameters. An attacker can exploit this vulnerability by issuing a special ldapsearch query, allowing arbitrary code execution in the context of the user running the ns-slapd daemon. An unsuccessful attack will cause the daemon to crash.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a remote command execution in Imperva SecureSphere Web Application Firewall. The vulnerability resides in the lack of sanitization of the installer-address parameter when the server statues is being queried. By exploiting this flaw, an attacker will be able to execute commands as the root user on the host system.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a buffer overflow vulnerability in Advantech WebAccess. The vulnerability is due to lack of boundary checks while copying user-supplied data into a stack buffer within BwPSLinkZip.exe. By building a special RPC request, an attacker can cause arbitrary code execution or abnormal termination within the context of the WebAccess process.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a SQL injection vulnerability in the Questions component for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.
