Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 461 - 480 of 59925
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a remote code execution vulnerability found in Apache Struts2 Core. The vulnerability is due to the lack of sanitization while parsing input passed to 'namespace' parameter within conditionalParse() method. The vulnerability can be exploited by crafting a malicious HTTP GET request, which contains within the URL an OGNL expression which will be evaluated and executed...
CVSS: 9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)
This strike exploits a buffer overflow vulnerability inside D-Link DIR-615 devices. The vulnerability is due do insufficient user input validation passed to SessionID parameter. By crafting a malicious HTTP request, an attacker can cause DoS conditions or achieve code execution on the target device.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a file upload vulnerability present in Joomla com_media plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the Xattacker tool.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability found in WinBox tool for MikroTik RouterOS. The vulnerability is due to improper verification of session ID field in the authentication step. By successfully exploiting this vulnerability, an attacker can obtain the admin credentials of the device.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
A file upload vulnerability was found in the OpenEMR. The vulnerability is caused by the lack of proper input sanitisation passed to the manage_site_files Web PHP form. Successful exploitation can result in arbitrary code execution in the context of the user running OpenEMR.
CVSS: 9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)
This strike exploits an out of bounds read vulnerability in Kamailio SIP server. The vulnerability is due to missing input validation in the "build_res_buf_from_sip_req" core function, when processing the "To" header. An attacker can exploit this vulnerability by sending a specially crafted SIP REGISTER request containing a header with two "To" headers, first of them...
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Microsoft VBScript Engine. Specifically the vulnerability fakes and overrides the array object to perform arbitrary address reading and writing. In the end, it releases code to execute after constructing an object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Google Chrome. Specifically, the vulnerability exists in the v8 Javascript engine. It is possible to craft Javascript in such a way that will allow for out of bounds memory to be accessed. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a file upload vulnerability present in Joomla com_jbcatalog plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker Tool.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in the Google Chrome. Specifically, the vulnerability exists in the V8 Javascript engine. It is possible to craft Javascript in such a way that will allow for values on the heap to be leaked to the user. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Google Chrome. Specifically, the vulnerability exists in the v8 Javascript engine. It is possible to craft Javascript in such a way that will allow for a use after free condition to occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
The strike exploits a policy bypass vulnerability in Jenkins CI Server. This vulnerability is due to insufficient validation of login requests by the "getOrCreate" function. By abusing this flaw, an attacker could trigger the removal of the config.xml file from the Jenkins' root directory which results in granting administrator access to anonymous users.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This strike exploits a denial of service vulnerability in Linux Kernel TCP segments. The vulnerability is caused by the way how out-of-order TCP segments are stored and handled from the function tcp_collapse_ofo_queue() and tcp_prune_ofo_queue(). A remote attacker could exploit this vulnerability by keep sending crafted TCP segments packet to the target server. Successful exploitation is able to...
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a command injection vulnerability in OpenEMR. The vulnerability is due to improper validation of input passed to 'edit_globals.php' script. By exploiting this vulnerability, a remote authenticated attacker can execute arbitrary OS commands on the target router.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits a reflected cross site scripting vulnerability in Atmosphere Java Framework. The vulnerability resides in the JSONP transport method supported by the framework and is due to insufficient sanitization. By exploiting this flaw, an attacker obtains client-side Javascript code execution within victim's browser which can lead to information disclosure and credentials theft....
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a file upload vulnerability present in Joomla com_jce plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a file upload vulnerability present in Joomla com_fabrik plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a use-after-free vulnerability in the JavaScript engine of Foxit PDF Reader. This vulnerability is due to improper handling of an annotation object while invoking the 'mailForm' method of the active document. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code....
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
The strike exploits an authenticated directory traversal vulnerability in Jenkins CI Server. The vulnerable code resides within Stapler web framework used by Jenkins, and lacks input validation when processing the "Accept-Language" header. The header will be further used to include a language-specific resource by concatenating the header's content to the resource's path. By...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a heap buffer overflow vulnerability in H2O Webserver. H2O Webserver has a function to allocate sufficient memory for large HTTP headers, however, in certain cases the buffer position pointer may become negative or overly large. In this case, the buffer will not be reallocated, leading to a buffer overflow. An attacker can exploit this vulnerability by sending a specially crafted...
