Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 421 - 440 of 59925
CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
This strike exploits a stored cross site scripting vulnerability in Supervene RazDC. The vulnerability is due to the lack of user-supplied input sanitization within 'save_user.cgi' form, while parsing input passed to various HTTP parameters. By exploiting this vulnerability, a remote, unauthenticated attacker can execute arbitrary OS commands on the target server.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that will cause a denial of service condition in the browser.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
This strike exploits a vulnerability in the Google Chrome Browser. Specifically, the vulnerability exists in the Javascript V8 engine. It is possible to craft Javascript in such a way that when calling Array.indexOf, properties of the array can be changed, and certain values in memory can be disclosed to the user.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a Use-After-Free vulnerability in Internet Explorer. The vulnerability is due to an attempt to use a TextArea object after it has been improperly deleted. An attacker could exploit this vulnerability by enticing a user to view a malicious web page, executing arbitrary code on the victim machine.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in the Google Chrome Browser. Specifically, the vulnerability exists in the Javascript V8 engine. It is possible to craft Javascript in such a way that an out of bounds read will occur in Array.concat. This may lead to a denial of service condition in the browser, or potentially remote code execution. This strike demonstrates the vulnerability by crashing the...
CVSS: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
This strike exploits a stored cross site scripting vulnerability in MyBB platform. The vulnerability can be exploited by crafting a malicious video attachment when creating a new topic. By exploiting this flaw, an attacker obtains client-side Javascript code execution within victim's browser which can lead to information disclosure and credentials theft.
CVSS: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
This strike exploits a blind SQL injection vulnerability in ManageEngine's OpManager application. The vulnerability is present in the global search input field as a result of insufficient user input sanitization. Therefore, an attacker may be able to read arbitrary database records or even access system files, depending on the database's configuration.
CVSS: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
This strike exploits a cross site scripting vulnerability in ManageEngine's Desktop Central Platform. The vulnerability can be exploited by through maliciuos input passed via "q" parameter in the search field. By exploiting this flaw, an attacker obtains client-side Javascript code execution within victim's browser which can lead to information disclosure and credentials theft...
CVSS: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
This strike exploits a flaw in Linux kernels that support CIPSO extensions. The vulnerability resides in a logical error when IP option fields are parsed, causing an infinite loop to happen. An attacker could produce a denial of service condition, rendering the system unavailable.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a remote code execution on SonicWall Global Management System. The vulnerability is due to lack of string sanitization when updating the system's timezone via a crafted XML file. An attacker exploiting the flaw has complete access to the system as the root user.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a stack buffer overflow vulnerability in EQNEDT component of Microsoft Office. The vulnerability is due to an invalidation of font name field length in an OLE object. An attacker could execute arbitrary code by enticing a user to open a maliciously crafted document using the vulnerable software.
CVSS: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a privilege escalation flaw in Microsoft Windows Task Scheduler ALPC endpoint. The vulnerability consists in the fact that the Task Scheduler's ALPC endpoint doesn't impersonate the user that initiates the calls. This allows a low privilege user to change the access control lists of an arbitrary file using the endpoint's "SchRpcSetSecurity" method....
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a Time-Based SQL injection vulnerability in iCMS v7.0.8. The vulnerability is caused by insufficient validation of user input, app=article, on HTTP requests, which are used to create SQL queries. Successful exploitation could allow an attacker to trigger a denial-of-service on the target server for a short period.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a command injection vulnerability in Supervene RazDC. The vulnerability is due to the lack of user-supplied input sanitization while parsing input passed to 'password' (Password) and 'password2' (Confirm Password) HTTP parameters within 'create_user.cgi' form. By exploiting this vulnerability, a remote, unauthenticated attacker can execute arbitrary...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a remote code execution vulnerability in the GDI (Graphics Device Interface) components of Microsoft Windows. The vulnerability is due to improper handling of EMF records in memory by the 'GDIPLUS.DLL' library. The vulnerability can be exploited by crafting a malicious EMF file and enticing a user to download and open it. Successful exploitation may result in execution...
CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
This strike exploits a reflected cross-site scripting vulnerability found in Quizlord WordPress plugin. This vulnerability is due to inadequate input filtering in the web interface, while parsing input passed to quiz title parameter. By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target user's browser.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a command injection vulnerability in Supervene RazDC. The vulnerability is due to improper validation of input passed to 'User Reset Password' CGI script. By exploiting this vulnerability, a remote, unauthenticated attacker can execute arbitrary OS commands on the target server.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a remote code execution vulnerability in Windows dynamic library StructuredQuery.dll. The vulnerability is due to insufficient validation of length parameter in function ReadPWSTR. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
This strike exploits a user enumeration vulnerability in OpenSSH. When processing a specially malformed authentication message, OpenSSH will crash, leading to a denial of service condition. This exploit only works if the malicious message is sent using a valid user name. If the username is invalid, OpenSSH will not crash and will send back an authentication failure message. However if it does crash...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in the Google Chrome Browser. Specifically, the vulnerability exists in the Javascript V8 engine. It is possible to craft Javascript in such a way that an out of bounds read of memory can occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.
