This strike exploits a directory traversal vulnerability in Cisco Data Center Network Manager. The vulnerability is due to insufficient validation of 'filename' HTTP parameter in the 'saveZoneInputFileToServer' method. An authenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in arbitrary file...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a remote command execution vulnerability in ThinkPHP 5.x less than v5.0.23, v5.1.31. The vulnerability is due to improper validation of parameters in a HTTP GET request. A remote, unauthenticated attacker could exploit this by sending a maliciously crafted request to the server. A successful attack may result in arbitrary command execution in the context of the server process...
CVSS: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
An insecure deserialization vulnerability exists in Apache Tomcat. The vulnerability is due to insufficient validation of a cached session file before deserialization. An attacker can exploit this vulnerability by crafting a malicious HTTP request. Successful exploitation results in full control of the target server.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
A use after free vulnerability exists in PDF parser of Nitro Pro 13.9.1.155 due to incorrect manipulation of objects in memory. An attacker may execute arbitrary code on a victim's system by enticing the victim to open a crafted PDF file. Successful exploitation may lead to remote code execution with the privileges of the user running the application.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Apple Webkit. Specifically, an attacker can craft JavaScript in such a way that Checked and Unchecked ArithNegate operations are incorrectly swapped during Common Subexpression Elimination. This will lead to out-of-bounds memory access on an array after being JIT compiled.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
A command injection vulnerability exists in in Apache Kylin project versions 2.3.0-2.3.2, 2.4.0-2.4.1, 2.5.0-2.5.2, 2.6.0-2.6.4 and 3.0.0. The vulnerability is due to lack of validation for user-supplied input to 'migrate' REST API endpoint. A remote authenticated attacker may execute arbitrary commands by sending a crafted POST request.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
A code execution vulnerability exists in some versions of Microsoft .NET Framework. The vulnerability is due to insecure deserialization of XPS files by the 'XamlReader::Load()' function within 'PresentationFramework.dll'. A remote attacker could exploit this vulnerability by enticing a target user to download and open a crafted XPS file, which may result in the execution of...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Internet Explorer scripting engine. Specifically, an attacker can craft an HTML page containing a Javascript script which creates an array of objects, and the object is reassigned in a custom sort function which then calls 'CollectGarbage()' resulting in use after free condition due to a dangling pointer. A remote attacker could exploit...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Google Chrome. Specifically, an attacker can craft JavaScript in such a way that when read_requests are modified from inside the accessor, the loop's iterator becomes invalid, and continuing to iterate through will cause out of bounds memory to be accessed. This can cause a denial of service condition in the browser or potentially lead to remote code...
Pages