Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Displaying 401 - 420 of 38219

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla mod simplefileupload plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Google Chrome. Specifically, the vulnerability exists in the v8 Javascript engine. It is possible to craft Javascript in such a way that will allow for out of bounds memory to be accessed. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

This strike exploits a SQL injection in OpenEMR open-source project. The vulnerability is due to insufficient user input sanitization passed through the URI, addressing various PHP scripts. A specially crafted HTTP GET request can cause a SQLi in the context of the database user.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

The strike exploits an authenticated directory traversal vulnerability in Jenkins CI Server. The vulnerable code resides within Stapler web framework used by Jenkins, and lacks input validation when processing the Accept-Language header. The header will be further used to include a language-specific resource by concatenating the headers content to the resources path. By exploiting the vulnerability,...

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a reflected cross site scripting vulnerability in Atmosphere Java Framework. The vulnerability resides in the JSONP transport method supported by the framework and is due to insufficient sanitization. By exploiting this flaw, an attacker obtains client-side Javascript code execution within victims browser which can lead to information disclosure and credentials theft.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com fabrik plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in the Google Chrome. Specifically, the vulnerability exists in the V8 Javascript engine. It is possible to craft Javascript in such a way that will allow for values on the heap to be leaked to the user. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com jbcatalog plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker Tool.

CVSS: 9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)

This strike exploits an out of bounds read vulnerability in Kamailio SIP server. The vulnerability is due to missing input validation in the build res buf from sip req core function, when processing the To header. An attacker can exploit this vulnerability by sending a specially crafted SIP REGISTER request containing a header with two To headers, first of them having an empty tag value. Successful...

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Google Chrome. Specifically, the vulnerability exists in the v8 Javascript engine. It is possible to craft Javascript in such a way that will allow for a Use-After-Free condition to occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com media plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the Xattacker tool.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

A file upload vulnerability was found in the OpenEMR. The vulnerability is caused by the lack of proper input sanitisation passed to the manage site files Web PHP form. Successful exploitation can result in arbitrary code execution in the context of the user running OpenEMR.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com jce plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

The strike exploits a policy bypass vulnerability in Jenkins CI Server. This vulnerability is due to insufficient validation of login requests by the getOrCreate function. By abusing this flaw, an attacker could trigger the removal of the config.xml file from the Jenkins root directory which results in granting administrator access to anonymous users.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a denial of service vulnerability in Linux Kernel TCP segments. The vulnerability is caused by the way how out-of-order TCP segments are stored and handled from the function tcp collapse ofo queue and tcp prune ofo queue. A remote attacker could exploit this vulnerability by keep sending crafted TCP segments packet to the target server. Successful exploitation is able to exhaust...

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits a command injection vulnerability in OpenEMR. The vulnerability is due to improper validation of input passed to edit globals.php script. By exploiting this vulnerability, a remote authenticated attacker can execute arbitrary OS commands on the target router.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Microsoft VBScript Engine. Specifically the vulnerability fakes and overrides the array object to perform arbitrary address reading and writing. In the end, it releases code to execute after constructing an object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a heap buffer overflow vulnerability in H2O Webserver. H2O Webserver has a function to allocate sufficient memory for large HTTP headers, however, in certain cases the buffer position pointer may become negative or overly large. In this case, the buffer will not be reallocated, leading to a buffer overflow. An attacker can exploit this vulnerability by sending a specially crafted...

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability found in WinBox tool for MikroTik RouterOS. The vulnerability is due to improper verification of session ID field in the authentication step. By successfully exploiting this vulnerability, an attacker can obtain the admin credentials of the device.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a Use-After-Free vulnerability in the JavaScript engine of Foxit PDF Reader. This vulnerability is due to improper handling of an annotation object while invoking the mailForm method of the active document. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code.

Pages