Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Displaying 421 - 440 of 38630

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits a reflected cross-site scripting vulnerability found in Quizlord WordPress plugin. This vulnerability is due to inadequate input filtering in the web interface, while parsing input passed to quiz title parameter. By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target users browser.

CVSS: 8.5 (AV:N/AC:L/Au:N/C:C/I:P/A:N)

The strike exploits a vulnerability present in Artifex Ghostscript interpreter for Postscript files. The interpreter is commonly used by various Linux command line utilities such as ImageMagick and convert when processing documents and images. The vulnerability is due to the lack of file type validation by the interpreter. Successful exploitation results in arbitrary OS commands execution.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution vulnerability in Windows dynamic library StructuredQuery.dll. The vulnerability is due to insufficient validation of length parameter in function ReadPWSTR. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in the Google Chrome Browser. Specifically, the vulnerability exists in the Javascript V8 engine. It is possible to craft Javascript in such a way that an out of bounds read will occur in FindSharedFunctionInfo. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a stack buffer overflow vulnerability in EQNEDT component of Microsoft Office. The vulnerability is due to an invalidation of font name field length in an OLE object. An attacker could execute arbitrary code by enticing a user to open a maliciously crafted document using the vulnerable software.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a remote code execution vulnerability in the GDI Graphics Device Interface components of Microsoft Windows. The vulnerability is due to improper handling of EMF records in memory by the GDIPLUS.DLL library. The vulnerability can be exploited by crafting a malicious EMF file and enticing a user to download and open it. Successful exploitation may result in execution of arbitrary...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a Time-Based SQL injection vulnerability in iCMS v7.0.8. The vulnerability is caused by insufficient validation of user input, app=article, on HTTP requests, which are used to create SQL queries. Successful exploitation could allow an attacker to trigger a denial-of-service on the target server for a short period.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in the Google Chrome Browser. Specifically, the vulnerability exists in the Javascript V8 engine. It is possible to craft Javascript in such a way that an out of bounds read of memory can occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a SQL injection vulnerability in IBM Security Identity Governance Virtual Appliance. The vulnerability is caused by insufficient validation of user input on HTTP requests which are used to create SQL queries. Successful exploitation could allow an attacker to have access of back-end database.

CVSS: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits a privilege escalation flaw in Microsoft Windows Task Scheduler ALPC endpoint. The vulnerability consists in the fact that the Task Schedulers ALPC endpoint doesnt impersonate the user that initiates the calls. This allows a low privilege user to change the access control lists of an arbitrary file using the endpoints SchRpcSetSecurity method. Successful exploitation may lead...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com extplorer plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and executing them. Note: This vulnerability was disclosed by the XAttacker Tool.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a directory traversal found in Argus Surveillance DVR. The vulnerability is due to insufficient user input sanitization passed to the RESULTPAGE parameter. A specially crafted HTTP request could allow an attacker to read arbitrary files from the file system.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com jwallpapers plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: The vulnerability was found by analyzing the XAtacker tool.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

A reflected cross side scripting vulnerability is present in Apache ActiveMQ. The vulnerability takes advantage of QueueFilter parameter that is transmitted when performing searches for queues. By exploiting this flaw, an attacker obtains client-side Javascript code execution within victims browser which can lead to information disclosure and credentials theft.

CVSS: 9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)

This strike exploits a buffer overflow vulnerability inside D-Link DIR-615 devices. The vulnerability is due do insufficient user input validation passed to SessionID parameter. By crafting a malicious HTTP request, an attacker can cause DoS conditions or achieve code execution on the target device.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Microsoft Edge. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that an object is passed to the InstanceOf method to dereference a pointer value of an assumed type, which can be changed causing type confusion to occur. This may lead to a denial of service condition in the browser, or...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com facileforms plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: The vulnerability was found by analyzing the XAtacker tool.

CVSS: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)

This strike exploits a vulnerability in ISCs BIND DNS Server. The vulnerability is due to improper handling of certain responses when BIND is configured to use the deny-answer-aliases feature. A remote attacker could exploit this vulnerability by providing a specific response to a DNAME or ANY query to a vulnerable BIND server. Successful exploitation leads to denial-of-service conditions.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com rokdownloads plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and executing them. Note: This vulnerability was disclosed by the XAttacker Tool.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a remote code execution vulnerability found in Apache Struts2 Core. The vulnerability is due to the lack of sanitization while parsing input passed to namespace parameter within conditionalParse method. The vulnerability can be exploited by crafting a malicious HTTP GET request, which contains within the URL an OGNL expression which will be evaluated and executed serverside....

Pages