Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 501 - 520 of 58316
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a code execution vulnerability in HAProxy. The vulnerability is due to improper validation of frame length on incoming HTTP/2 packets. By sending a malicious request to the target server, the attacker can cause denial-of-service conditions on the proxy service.
CVSS: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
This strike exploits a cross-site scripting vulnerability in Easy Hosting Control Panel. This vulnerability is due to improper sanitization of domainop action parameter controlled by users in HTTP requests. By enticing an authenticated user to visit an attacker controlled webpage or click a malicious link, an attacker could access any cookies, session tokens, or other sensitive information retained...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that the ConvertObjectToObjectPattern method will contain incorrect members. When on of these members is referenced type confusion will occur. This may lead to a denial of service condition in the browser, or...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. Javascript can be crafted in such a way that allows for memory corruption to occur when a call to setPrototypeOf is made. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 5.8 (AV:N/AC:M/Au:N/C:P/I:N/A:P)
This strike exploits a remote command execution vulnerability in GitList. The vulnerability is due to improper sanitization of user-controlled values passed in search queries. By exploiting this vulnerability, a remote, unauthenticated attacker can execute arbitrary operating system commands on the target server.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a stack-based buffer overflow vulnerability in Flexense DiskBoss Enterprise. The vulnerability is due to improper validation of user-supplied data sent over the network. Successful exploitation will allow an attacker to execute arbitrary code in the context of Local System account. NOTE: When run in one-arm mode, the strike will execute calc.exe on the target system. Vulnerable...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote file inclusion vulnerability in WordPress Plugin WP Spritz 1.0. The vulnerability is due to improper sanitization of the url parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server.
CVSS: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
This strike exploits a remote code execution flaw in Drupal Core. This vulnerability is due to improper handling of the HTTP parameter when a client sends http traffic to the server. A remote attacker can exploit this vulnerability by sending crafted http requests to the target server. Successful exploitation results in remote code execution.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a memory corruption vulnerability in the Linux Kernel Netfilter service. When processing TCP SYN packets with TCP header length less than 5, an integer overflow will occur when calculating data offset, eventually resulting in memory corruption. Successful exploitation may result in out of bounds reads and writes to kernel memory, abnormal termination of the netfilter process, or...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a buffer overflow vulnerability in the FTPShell client. The vulnerability is due to improper response length check, which allows a malicious server to overflow the client with a servers command response. This can result in either a denial of service condition or lead to remote code execution in the context of the current user, allowing for complete compromise of the remote system...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a policy bypass vulnerability in Apache httpd FilesMatch. FilesMatch is intended to prevent files which do not match certain regex patterns to be uploaded via HTTP PUT messages. One of these patterns is AP REG DOLLAR ENDONLY, which is intended to prevent files ending with the \n character. However, this option does not work properly, allowing for files ending with \n to be...
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a remote buffer overflow vulnerability in Easy File Sharing EFS Web Server. The vulnerability is due to insufficient validation of UserID parameter within forum.ghp. Remote attackers can exploit this vulnerability by crafting a malicious login request, ultimately gaining code execution on the target system with elevated privileges.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a path traversal vulnerability in Sitecore CMS. The vulnerability is due to insufficient validation of file parameter processed in LogViewer application. Remote attackers can exploit this vulnerability by crafting a malicious HTTP request, ultimately gaining access to read arbitrary files.
CVSS: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
This strike exploits a code injection vulnerability in TestLink Open Source Test Management. The vulnerability is due to improper sanitization and handling of user-controlled values passed for TestLink DB login parameter in installNewDB.php script. By exploiting this vulnerability, a remote, unauthenticated attacker can inject and execute arbitrary PHP code on the target server. NOTE: When run in one...
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Microsoft VBScript Engine. Specifically the vulnerability fakes and overrides the array object to perform arbitrary address reading and writing. In the end, it releases code to execute after constructing an object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote code execution vulnerability in GitStack. The vulnerability is due to lack of authentication check when users send a HTTP create user request and improper validation of user-supplied input. By exploiting this vulnerability, a remote, unauthenticated attacker can execute arbitrary PHP code on the target server. NOTE: When run in one-arm mode, this strike creates a...
CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
This vulnerability in IceWarp Mail Server under version 11.1.1 allows attackers read access to arbitrary file content by directory traversal due to insufficient validation of http parameter script.
CVSS: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a buffer overflow vulnerability in DeviceLock Plug and Play Auditor. The vulnerability is due to improper parsing of the file used to import hosts to be scanned. By enticing a user to import a specially crafted file, an attacker could potentially run arbitrary code on the target system.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a heap buffer overflow vulnerability in Foxit Reader up version 9.0.1.1049. The vulnerability is due to invalidation of biWidth field when processing BMP file. An attacker could potentially run arbitrary code on the target system by enticing a user to open a maliciously crafted BMP file.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a Schneider Electric InduSoft Web Studio and InTouch Machine Edition buffer overflow vulnerability. A specially crafted user supplied data causes a stack buffer overflow. Remote attackers may do arbitrary code execution on the target system.
