Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 481 - 500 of 58316
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote code execution vulnerability found in Modx Revolution CMS. The vulnerability is due to improper input validation while processing parameters before passing them into phpthumb class. An attacker could exploit this vulnerability by crafting a special HTML POST request that can create a file with custom a filename and content. This can result in execution of arbitrary...
CVSS: 4.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a heap buffer overflow vulnerability in OMRON CX-One CX-FLnet. The vulnerability is due to improper parsing of the parameters in a FLN configuration file. An attacker can entice a target to open a specially crafted FLN configuration file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the application....
CVSS: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
The strike exploits an authenticated directory traversal vulnerability in WordPress platform. The vulnerability is due to the lack of sanitization of the thumb POST parameter while handling media files metadata within post.php, and can be exploited by any account with edit rights. As a consequence, an attacker may delete arbitrary files within the file system which can be leveraged to code execution...
CVSS: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
This strike exploits a remote code execution in SoftNAS Cloud. The vulnerability is caused by insufficient validation of recentVersion parameter on HTTP requests. Successful exploitation could allow an attacker to trigger a remote command execution on the target server.
CVSS: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
This strike exploits a directory traversal vulnerability in GitLab. The GitLab projects import component does not properly validate the imported files, which allows an attacker to write symbolic links to public accessible locations on the server. By importing a project containing crafted symbolic links, an attacker could read arbitrary files from the file system to further leverage the vulnerability...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a post-authentication remote code execution vulnerability found in Apache Tika Server. The vulnerability is due to improper input validation while processing HTTP headers from client requests. An attacker could exploit this vulnerability by crafting a special HTML request, resulting in execution of arbitrary commands under the privileges of the current user.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote file inclusion vulnerability in ProjectPier. The vulnerability is due to improper sanitization of id parameter in requests to patch.php script. By exploiting this vulnerability, a remote, unauthenticated attacker could execute arbitrary commands or SQL statements. Note: When run in one-arm mode, this strike will retrieve a malicious sql file from an attacker-controlled...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Internet Explorer browser. Specifically, the vulnerability exists in Jscript.dll. It is possible to craft Javascript in such a way that a user after free condition can occur in JSONStringifyObject. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
The vulnerability allows attackers read access to arbitrary file contents accessible in the Cisco SA520W Security Appliance server by insufficient validation of user input on requests. Successful exploitation could result in arbitrary file access on the target server.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a stack based buffer overflow vulnerability in Easy MPEG to DVD Burner 1.7.11. If a username is imported with an overly large amount of data under the register section, the stack can overflow allowing for remote code execution.
CVSS: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a stack buffer overflow vulnerability in PDFParser. The vulnerability is due to improper bounds checking by the ObjReader::ReadObj function in ObjReader.cpp. By enticing a user to import a specially crafted file, an attacker could potentially run arbitrary code on the target system.
CVSS: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
This strike exploits a cross-site scripting vulnerability in Easy Hosting Control Panel. This vulnerability is due to improper sanitization of op parameter controlled by users in HTTP requests. By enticing an authenticated user to visit an attacker controlled webpage or click a malicious link, an attacker could manipulate database, add backdoor accounts, access any cookies, session tokens, or other...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits an out-of-bounds vulnerability in Adobe Flash Player. This vulnerability is due to heap or stack corruption when rendering a slab. Successful exploitation of this vulnerability leads either to arbitrary code execution or to abnormal termination of the application using the vulnerable Flash version.
CVSS: 7.0 (AV:N/AC:M/Au:S/C:N/I:P/A:C)
This strike exploits cross site request forgery vulnerabilities in Easy Hosting Control Panel. This vulnerability is due to lack of CSRF tokens to protect against malicious HTTP requests. By enticing an authenticated user to visit an attacker controlled webpage or click a malicious link, an attacker could delete the entire database or manipulate the availability of different services running on the...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that uninitialized local variables can be accessed. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits an out-of-bounds vulnerability in Adobe Flash Player. This vulnerability is due to out-of-bounds write in blur filtering. Successful exploitation of this vulnerability leads either to arbitrary code execution or to abnormal termination of the application using the vulnerable Flash version.
CVSS: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
This strike exploits a vulnerability in the Microsoft Internet Explorer browser. Specifically, the vulnerability exists in the Javascript engine. It is possible to craft Javascript in such a way that causes an out of bounds read in the jscriptRegExpFncObj::LastParen method. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a post-authentication remote code execution vulnerability found in Mantis WebServer. The vulnerability is due to improper input validation passed to a sort parameter of the manage proj page.php resource. An attacker could exploit this vulnerability by crafting a special HTML POST request, resulting in a code execution condition under the privileges of the current user.
CVSS: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
This strike exploits a code execution vulnerability in Squid Proxy. The vulnerability is due to improper handling of objects in memory within the ESI and OpenSSL functionalities of the server. By sending a crafted ESI responses to the target server, the attacker can cause denial-of-service conditions on the target proxy service.
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
This strike exploits a vulnerability in NetGain Systems Enterprise Manager prior to v7.2.766. The vulnerability is caused by insufficient validation of user input in http requests. Successful exploitation could result in arbitrary file accessible on target server.
