Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 441 - 460 of 59925
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in the Google Chrome Browser. Specifically, the vulnerability exists in the Javascript V8 engine. It is possible to craft Javascript in such a way that an out of bounds read will occur in FindSharedFunctionInfo. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits a SQL injection vulnerability in IBM Security Identity Governance Virtual Appliance. The vulnerability is caused by insufficient validation of user input on HTTP requests which are used to create SQL queries. Successful exploitation could allow an attacker to have access of back-end database.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits a directory traversal vulnerability in cgit web server. The vulnerability is caused by insufficient validation of user input, path, on HTTP requests. Successful exploitation could allow an attacker to have arbitrary file accessible on target system.
CVSS: 8.5 (AV:N/AC:L/Au:N/C:C/I:P/A:N)
The strike exploits a vulnerability present in Artifex Ghostscript interpreter for Postscript files. The interpreter is commonly used by various Linux command line utilities such as "ImageMagick" and "convert" when processing documents and images. The vulnerability is due to the lack of file type validation by the interpreter. Successful exploitation results in arbitrary OS...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a file upload vulnerability present in Joomla com_adsmanager plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Microsoft Edge. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that an object is passed to the InstanceOf method to dereference a pointer value of an assumed type, which can be changed causing type confusion to occur. This may lead to a denial of service condition in the browser, or...
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
A reflected cross side scripting vulnerability is present in Apache ActiveMQ. The vulnerability takes advantage of "QueueFilter" parameter that is transmitted when performing searches for queues. By exploiting this flaw, an attacker obtains client-side Javascript code execution within victim's browser which can lead to information disclosure and credentials theft.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a file upload vulnerability present in Joomla com_sexycontactform plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker Tool.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a file upload vulnerability present in Joomla com_rokdownloads plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and executing them. Note: This vulnerability was disclosed by the XAttacker Tool.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits a directory traversal found in Argus Surveillance DVR. The vulnerability is due to insufficient user input sanitization passed to the 'RESULTPAGE' parameter. A specially crafted HTTP request could allow an attacker to read arbitrary files from the file system.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a file upload vulnerability present in Joomla com_facileforms plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: The vulnerability was found by analyzing the XAtacker tool.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits a directory traversal found in GlassFish open source Java EE project. The vulnerability is due to insufficient user input sanitization passed through the URI, addressing various resources. A specially crafted HTTP GET request could allow an attacker to read arbitrary files from the file system.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a file upload vulnerability present in Joomla com_extplorer plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and executing them. Note: This vulnerability was disclosed by the XAttacker Tool.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a use-after-free vulnerability in the JavaScript engine of Foxit PDF Reader. This vulnerability is triggered when accessing an annotation's noteIcon property while the annotation object is being destroyed. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code.
CVSS: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
This strike exploits a vulnerability in ISC's BIND DNS Server. The vulnerability is due to improper handling of certain responses when BIND is configured to use the deny-answer-aliases feature. A remote attacker could exploit this vulnerability by providing a specific response to a DNAME or ANY query to a vulnerable BIND server. Successful exploitation leads to denial-of-service conditions....
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a file upload vulnerability present in Joomla com_jwallpapers plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: The vulnerability was found by analyzing the XAtacker tool.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a use-after-free vulnerability in the JavaScript engine of Foxit PDF Reader. This vulnerability is triggered when trying to access a XFS object properties after closing the Doc object related to a document. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a file upload vulnerability present in Joomla mod_simplefileupload plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a remote code execution vulnerability in Windows Shell. The vulnerability is due to improper paths parsing in SettingContent-ms files. An attacker can entice a target to open a specially crafted settingcontent-ms file to trigger the vulnerability. Successful exploitation will result in execution of arbitrary code.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Microsoft Edge. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that will allow for type confusion to occur when a call to the EntrySimpleObjectSlotGetter method is made. This may lead to a denial of service condition in the browser, or potentially remote code execution.
