Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Displaying 401 - 420 of 58316

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a SQL injection vulnerability in the Jimtawl component 2.2.7 for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a heap-based buffer overflow vulnerability in Microsoft JET Database Engine components of Microsoft Windows. The vulnerability is due to improper handling of input passed to ExcelReadTotalRecord method within the msexcl40.DLL library. The vulnerability can be exploited by crafting a malicious Excel file and enticing a user to download and open it. Successful exploitation may...

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits an integer underflow vulnerability in Adobe Acrobat Reader. The vulnerability is due to improper parsing of an embedded font by the CoolType module. An exploit could be triggered by opening a crafted XPS document. Successful exploitation could result in information disclosure which could be used to further compromise the target system.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge Browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that illustrates an array type conversion check is not implemented for definite objects. If a native array is processed as a definite object type confusion can occur. This may lead to a denial of service condition...

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits a remote command execution in Microsoft Edge browser. The vulnerability is due to lack of parameter sanitization when running an external application with a crafted hyperlink as an argument. A user accessing an arbitrary page can be enticed to run a malicious script with a minimum of interaction, allowing the attacker to execute arbitrary commands on the system.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

An arbitrary file overwrite vulnerability has been identified in Dasan GPON Home Router. The vulnerability is caused by the lack of proper input sanitisation of dest host parameter within the GponForm. The vulnerability can be exploited by sending a specially-crafted POST request, allowing the attacker to execute arbitrary commands on the device with root privileges.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits a remote command execution in CentOS Web Panel. The vulnerability is due to lack of parameter sanitization when executing service-related operations, with the service name passed as a GET parameter. By exploiting this vulnerability, an authenticated attacker is able to execute system commands as a root user.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution on SonicWall Global Management System. The vulnerability is due to lack of string sanitization when updating the systems timezone via a crafted XML file. An attacker exploiting the flaw has complete access to the system as the root user.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in the Google Chrome Browser. Specifically, the vulnerability exists in the Javascript V8 engine. It is possible to craft Javascript in such a way that an out of bounds read will occur in Array.concat. This may lead to a denial of service condition in the browser, or potentially remote code execution. This strike demonstrates the vulnerability by crashing the...

CVSS: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)

This strike exploits a stored cross site scripting vulnerability in MyBB platform. The vulnerability can be exploited by crafting a malicious video attachment when creating a new topic. By exploiting this flaw, an attacker obtains client-side Javascript code execution within victims browser which can lead to information disclosure and credentials theft.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that will cause a denial of service condition in the browser.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits a stored cross site scripting vulnerability in Supervene RazDC. The vulnerability is due to the lack of user-supplied input sanitization within save user.cgi form, while parsing input passed to various HTTP parameters. By exploiting this vulnerability, a remote, unauthenticated attacker can execute arbitrary OS commands on the target server.

CVSS: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)

This strike exploits a blind SQL injection vulnerability in ManageEngines OpManager application. The vulnerability is present in the global search input field as a result of insufficient user input sanitization. Therefore, an attacker may be able to read arbitrary database records or even access system files, depending on the databases configuration.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a Use-After-Free vulnerability in Internet Explorer. The vulnerability is due to an attempt to use a TextArea object after it has been improperly deleted. An attacker could exploit this vulnerability by enticing a user to view a malicious web page, executing arbitrary code on the victim Machine.

CVSS: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)

This strike exploits a flaw in Linux kernels that support CIPSO extensions. The vulnerability resides in a logical error when IP option fields are parsed, causing an infinite loop to happen. An attacker could produce a denial of service condition, rendering the system unavailable.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits a vulnerability in the Google Chrome Browser. Specifically, the vulnerability exists in the Javascript V8 engine. It is possible to craft Javascript in such a way that when calling Array.indexOf, properties of the array can be changed, and certain values in memory can be disclosed to the user.

CVSS: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)

This strike exploits a cross site scripting vulnerability in ManageEngines Desktop Central Platform. The vulnerability can be exploited by through maliciuos input passed via q parameter in the search field. By exploiting this flaw, an attacker obtains client-side Javascript code execution within victims browser which can lead to information disclosure and credentials theft.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a directory traversal vulnerability in cgit web server. The vulnerability is caused by insufficient validation of user input, path, on HTTP requests. Successful exploitation could allow an attacker to have arbitrary file accessible on target system.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a command injection vulnerability in Supervene RazDC. The vulnerability is due to the lack of user-supplied input sanitization while parsing input passed to password Password and password2 Confirm Password HTTP parameters within create user.cgi form. By exploiting this vulnerability, a remote, unauthenticated attacker can execute arbitrary OS commands on the target server....

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a command injection vulnerability in Supervene RazDC. The vulnerability is due to improper validation of input passed to User Reset Password CGI script. By exploiting this vulnerability, a remote, unauthenticated attacker can execute arbitrary OS commands on the target server.

Pages