This strike exploits a cross-site scripting vulnerability in Easy Hosting Control Panel. This vulnerability is due to improper sanitization of op parameter controlled by users in HTTP requests. By enticing an authenticated user to visit an attacker controlled webpage or click a malicious link, an attacker could manipulate database, add backdoor accounts, access any cookies, session tokens, or other...
CVSS: 7.0 (AV:N/AC:M/Au:S/C:N/I:P/A:C)
This strike exploits cross site request forgery vulnerabilities in Easy Hosting Control Panel. This vulnerability is due to lack of CSRF tokens to protect against malicious HTTP requests. By enticing an authenticated user to visit an attacker controlled webpage or click a malicious link, an attacker could delete the entire database or manipulate the availability of different services running on the...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that uninitialized local variables can be accessed. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits an out-of-bounds vulnerability in Adobe Flash Player. This vulnerability is due to out-of-bounds write in blur filtering. Successful exploitation of this vulnerability leads either to arbitrary code execution or to abnormal termination of the application using the vulnerable Flash version.
CVSS: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
This strike exploits a vulnerability in the Microsoft Internet Explorer browser. Specifically, the vulnerability exists in the Javascript engine. It is possible to craft Javascript in such a way that causes an out of bounds read in the jscriptRegExpFncObj::LastParen method. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a post-authentication remote code execution vulnerability found in Mantis WebServer. The vulnerability is due to improper input validation passed to a sort parameter of the manage proj page.php resource. An attacker could exploit this vulnerability by crafting a special HTML POST request, resulting in a code execution condition under the privileges of the current user.
CVSS: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
This strike exploits a code execution vulnerability in Squid Proxy. The vulnerability is due to improper handling of objects in memory within the ESI and OpenSSL functionalities of the server. By sending a crafted ESI responses to the target server, the attacker can cause denial-of-service conditions on the target proxy service.
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
This strike exploits a vulnerability in NetGain Systems Enterprise Manager prior to v7.2.766. The vulnerability is caused by insufficient validation of user input in http requests. Successful exploitation could result in arbitrary file accessible on target server.