Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Displaying 441 - 460 of 38630

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a directory traversal found in GlassFish open source Java EE project. The vulnerability is due to insufficient user input sanitization passed through the URI, addressing various resources. A specially crafted HTTP GET request could allow an attacker to read arbitrary files from the file system.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution vulnerability in Windows Shell. The vulnerability is due to improper paths parsing in SettingContent-ms files. An attacker can entice a target to open a specially crafted settingcontent-ms file to trigger the vulnerability. Successful exploitation will result in execution of arbitrary code.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Microsoft Edge. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that will allow for type confusion to occur when a call to the EntrySimpleObjectSlotGetter method is made. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com adsmanager plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a Use-After-Free vulnerability in the JavaScript engine of Foxit PDF Reader. This vulnerability is triggered when trying to access a XFS object properties after closing the Doc object related to a document. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a Use-After-Free vulnerability in the JavaScript engine of Foxit PDF Reader. This vulnerability is triggered when accessing an annotations noteIcon property while the annotation object is being destroyed. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com sexycontactform plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker Tool.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla mod simplefileupload plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com media plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the Xattacker tool.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

The strike exploits an authenticated directory traversal vulnerability in Jenkins CI Server. The vulnerable code resides within Stapler web framework used by Jenkins, and lacks input validation when processing the Accept-Language header. The header will be further used to include a language-specific resource by concatenating the headers content to the resources path. By exploiting the vulnerability,...

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a reflected cross site scripting vulnerability in Atmosphere Java Framework. The vulnerability resides in the JSONP transport method supported by the framework and is due to insufficient sanitization. By exploiting this flaw, an attacker obtains client-side Javascript code execution within victims browser which can lead to information disclosure and credentials theft.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

The strike exploits a policy bypass vulnerability in Jenkins CI Server. This vulnerability is due to insufficient validation of login requests by the getOrCreate function. By abusing this flaw, an attacker could trigger the removal of the config.xml file from the Jenkins root directory which results in granting administrator access to anonymous users.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com fabrik plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in the Google Chrome. Specifically, the vulnerability exists in the V8 Javascript engine. It is possible to craft Javascript in such a way that will allow for values on the heap to be leaked to the user. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com jbcatalog plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker Tool.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Google Chrome. Specifically, the vulnerability exists in the v8 Javascript engine. It is possible to craft Javascript in such a way that will allow for a Use-After-Free condition to occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

A file upload vulnerability was found in the OpenEMR. The vulnerability is caused by the lack of proper input sanitisation passed to the manage site files Web PHP form. Successful exploitation can result in arbitrary code execution in the context of the user running OpenEMR.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a denial of service vulnerability in Linux Kernel TCP segments. The vulnerability is caused by the way how out-of-order TCP segments are stored and handled from the function tcp collapse ofo queue and tcp prune ofo queue. A remote attacker could exploit this vulnerability by keep sending crafted TCP segments packet to the target server. Successful exploitation is able to exhaust...

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits a command injection vulnerability in OpenEMR. The vulnerability is due to improper validation of input passed to edit globals.php script. By exploiting this vulnerability, a remote authenticated attacker can execute arbitrary OS commands on the target router.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a file upload vulnerability present in Joomla com jce plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool.

Pages