Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 401 - 420 of 59925
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits a directory traversal vulnerability present in multiple firmware versions of D-Link routers. The vulnerability can be exploited by performing GET requests under the path '/uir' of router's web interface. By exploiting it, an attacker may read arbitrary files from the filesystem which could lead further to credentials disclosure.
CVSS: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
This strike exploits a blind SQL injection vulnerability in ManageEngine's OpManager application. The vulnerability is present in a API parameter for managing devices as a result of insufficient user input sanitization. Therefore, an attacker may be able to read arbitrary database records or even access system files, depending on the database's configuration.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
A denial of service vulnerability has been found in Red Hat 389 Directory Server. The vulnerability is due to improper parsing of of LDAP search queries in the 'do_search' method within slapd/search.c. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted LDAP search queries to a vulnerable server. Successful exploitation of the vulnerability leads to denial...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits an arbitrary file upload vulnerability in BlueImp Jquery File Upload widget. The vulnerability is due to the complete lack of server-side authorization or sanitization when handling a file upload. An attacker is thus able to create arbitrary files on the server which in most cases leads to remote arbitrary code execution.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a SQL injection vulnerability in the Alexandria Book Library component for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote file inclusion vulnerability in WordPress Plugin Wechat Broadcast 1.2.0. The vulnerability is due to improper sanitization of the "url" parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to bypass the check whether a given object is an array by wrapping an object with the CrossSite class to replace the vtable of the object. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a buffer overflow vulnerability in Advantech WebAccess. The vulnerability is due to lack of boundary checks while copying user-supplied data into a stack buffer within BwPSLinkZip.exe. By building a special RPC request, an attacker can cause arbitrary code execution or abnormal termination within the context of the WebAccess process.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a heap-based buffer overflow vulnerability in Microsoft JET Database Engine components of Microsoft Windows. The vulnerability is due to improper handling of input passed to 'ExcelReadTotalRecord' method within the 'msexcl40.DLL' library. The vulnerability can be exploited by crafting a malicious Excel file and enticing a user to download and open it....
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a remote command execution in Imperva SecureSphere Web Application Firewall. The vulnerability resides in the lack of sanitization of the 'installer-address' parameter when the server statues is being queried. By exploiting this flaw, an attacker will be able to execute commands as the root user on the host system.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a remote command execution in CentOS Web Panel. The vulnerability is due to lack of parameter sanitization when executing service-related operations, with the service name passed as a GET parameter. By exploiting this vulnerability, an authenticated attacker is able to execute system commands as a root user.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
This strike exploits an integer underflow vulnerability in Adobe Acrobat Reader. The vulnerability is due to improper parsing of an embedded font by the CoolType module. An exploit could be triggered by opening a crafted XPS document. Successful exploitation could result in information disclosure which could be used to further compromise the target system.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote code execution vulnerability present in Adobe ColdFusion platform. The flaw is due to an insecure deserialization in the Remote Method Invocation (RMI) server which contains a vulnerable version of Apache Commons BeanUtils. By exploiting an unpatched version of the application, an attacker is thus able to remotely execute arbitrary code with the privileges of the user...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
An arbitrary file overwrite vulnerability has been identified in Dasan GPON Home Router. The vulnerability is caused by the lack of proper input sanitisation of 'dest_host' parameter within the 'GponForm'. The vulnerability can be exploited by sending a specially-crafted POST request, allowing the attacker to execute arbitrary commands on the device with root privileges.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a SQL injection vulnerability in the Jimtawl component 2.2.7 for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
A stack buffer overflow vulnerability has been found in Red Hat 389 Directory Server. The vulnerability is due to improper handling of 'ldapsearch' query parameters. An attacker can exploit this vulnerability by issuing a special 'ldapsearch' query, allowing arbitrary code execution in the context of the user running the 'ns-slapd' daemon. An unsuccessful attack will...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge Browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that illustrates an array type conversion check is not implemented for definite objects. If a native array is processed as a definite object type confusion can occur. This may lead to a denial of service condition...
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a remote command execution in Microsoft Edge browser. The vulnerability is due to lack of parameter sanitization when running an external application with a crafted hyperlink as an argument. A user accessing an arbitrary page can be enticed to run a malicious script with a minimum of interaction, allowing the attacker to execute arbitrary commands on the system.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a SQL injection vulnerability in the Questions component for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
A file upload vulnerability was found in Apache Pluto PortletV3AnnotatedDemo. The vulnerability is due to improper access control of user-supplied input when the portlet performs a file-uploading operation. Successful exploitation can result arbitrary file upload and possible remote code execution in the context of the user running the webserver.
