Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Displaying 381 - 400 of 38219

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a Time-Based SQL injection vulnerability in iCMS v7.0.8. The vulnerability is caused by insufficient validation of user input, app=article, on HTTP requests, which are used to create SQL queries. Successful exploitation could allow an attacker to trigger a denial-of-service on the target server for a short period.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in the Google Chrome Browser. Specifically, the vulnerability exists in the Javascript V8 engine. It is possible to craft Javascript in such a way that an out of bounds read of memory can occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a SQL injection vulnerability in IBM Security Identity Governance Virtual Appliance. The vulnerability is caused by insufficient validation of user input on HTTP requests which are used to create SQL queries. Successful exploitation could allow an attacker to have access of back-end database.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com extplorer plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and executing them. Note: This vulnerability was disclosed by the XAttacker Tool.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a directory traversal found in Argus Surveillance DVR. The vulnerability is due to insufficient user input sanitization passed to the RESULTPAGE parameter. A specially crafted HTTP request could allow an attacker to read arbitrary files from the file system.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com jwallpapers plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: The vulnerability was found by analyzing the XAtacker tool.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

A reflected cross side scripting vulnerability is present in Apache ActiveMQ. The vulnerability takes advantage of QueueFilter parameter that is transmitted when performing searches for queues. By exploiting this flaw, an attacker obtains client-side Javascript code execution within victims browser which can lead to information disclosure and credentials theft.

CVSS: 9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)

This strike exploits a buffer overflow vulnerability inside D-Link DIR-615 devices. The vulnerability is due do insufficient user input validation passed to SessionID parameter. By crafting a malicious HTTP request, an attacker can cause DoS conditions or achieve code execution on the target device.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Microsoft Edge. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that an object is passed to the InstanceOf method to dereference a pointer value of an assumed type, which can be changed causing type confusion to occur. This may lead to a denial of service condition in the browser, or...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com facileforms plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: The vulnerability was found by analyzing the XAtacker tool.

CVSS: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)

This strike exploits a vulnerability in ISCs BIND DNS Server. The vulnerability is due to improper handling of certain responses when BIND is configured to use the deny-answer-aliases feature. A remote attacker could exploit this vulnerability by providing a specific response to a DNAME or ANY query to a vulnerable BIND server. Successful exploitation leads to denial-of-service conditions.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a Use-After-Free vulnerability in the JavaScript engine of Foxit PDF Reader. This vulnerability is triggered when accessing an annotations noteIcon property while the annotation object is being destroyed. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com rokdownloads plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and executing them. Note: This vulnerability was disclosed by the XAttacker Tool.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a remote code execution vulnerability found in Apache Struts2 Core. The vulnerability is due to the lack of sanitization while parsing input passed to namespace parameter within conditionalParse method. The vulnerability can be exploited by crafting a malicious HTTP GET request, which contains within the URL an OGNL expression which will be evaluated and executed serverside....

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a directory traversal found in GlassFish open source Java EE project. The vulnerability is due to insufficient user input sanitization passed through the URI, addressing various resources. A specially crafted HTTP GET request could allow an attacker to read arbitrary files from the file system.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution vulnerability in Windows Shell. The vulnerability is due to improper paths parsing in SettingContent-ms files. An attacker can entice a target to open a specially crafted settingcontent-ms file to trigger the vulnerability. Successful exploitation will result in execution of arbitrary code.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Microsoft Edge. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that will allow for type confusion to occur when a call to the EntrySimpleObjectSlotGetter method is made. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com adsmanager plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a Use-After-Free vulnerability in the JavaScript engine of Foxit PDF Reader. This vulnerability is triggered when trying to access a XFS object properties after closing the Doc object related to a document. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com sexycontactform plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker Tool.

Pages