Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 521 - 540 of 58316
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a path traversal vulnerability in NetGain Systems Enterprise Manager. The vulnerability is due to insufficient validation of Filename parameter sent in WRQ requests processed in netgain.protocols.TFtpServer Java class. Remote attackers can exploit this vulnerability by crafting a malicious login request, ultimately gaining code execution on the target system with elevated...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Internet Explorer browser. Specifically, the vulnerability exists in the Javascript Jscript DLL. The NameTbl object is not tracked by the Garbage collector, so if toString deletes its this object a Use-After-Free condition can occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. Javascript can be crafted in such a way that allows for the function PushPopFrameHelper to be used incorrectly. This results in a denial of service condition in the browser.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a cross-site scripting vulnerability in Subsonic media server. This vulnerability is due to improper sanitization of user controlled parameters to different HTTP GET and POST requests. By enticing an authenticated user to visit an attacker controlled webpage or click a malicious link, an attacker could access any cookies, session tokens, or other sensitive information retained by...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote file execution vulnerability in AMD Raptr. HTTP POST requests to the execute installer URI are intended to execute the installer file with path stored in the data parameter. However, any arbitrary executable path stored in the data parameter will be executed. An attacker can send a specially crafted HTTP POST request to cause arbitrary file execution on the target system...
CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
This strike exploits a XML external entity vulnerability in Subsonic media server. The vulnerability is due improper parsing of input file when user imports a new playlist. By enticing a user to import a specially crafted .xsfp file, an attacker could evade firewalls and perform server-side request forgery attacks.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This strike exploits a denial of service vulnerability in Apache HTTP Server configured with mod cache socache. An error in handling empty HTTP headers may lead to abnormal termination of the httpd process, resulting in a denial of service condition. An attacker can send specially crafted HTTP messaged with empty HTTP header to trigger the vulnerability.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An out of bounds memory access vulnerability has been reported in Oracle Java SE. The vulnerability is due to insufficient validation of an index value prior to array access. A remote unauthenticated attacker can exploit this vulnerability by persuading users to load a malicious web page containing a Java applet. Successful exploitation could cause memory corruption that may lead to arbitrary code...
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This strike exploits a denial of service vulnerability in MXview Industrial Network Management Software. The vulnerability is due to improper handling of supplied credentials when users try to login. Successful exploitation will cause the unavailability of MXview server.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
This strike exploits a cross-site scripting vulnerability in Kodi Media Player software. This vulnerability is due to inadequate input filtering in the web interface, while creating a new playlist. By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target users browser.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. Javascript can be crafted in such a way that allows for type confusion to occur when a call to Array.prototype.reverse is made. This can allow for a denial of service to occur or potentially remote code execution.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a cross-site scripting vulnerability in WSO2 Identity Server. This vulnerability is due to improper sanitization of user input when adding a new workflow engine profile. By enticing an authenticated user to visit an attacker controlled webpage or click a malicious link, an attacker could access any cookies, session tokens, or other sensitive information retained by the browser...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
An insecure deserialization vulnerability was found in Oracle WebLogic Server due to insufficient validation of serialized data. Vulnerability can be exploited by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the context of the user running WebLogic.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Internet Explorer browser. The vulnerability lies within jscript.dll. A HTML page containing Javascript can be crafted in such a way that allows for a heap buffer overflow. Successful exploitation may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. Javascript can be crafted in such a way that allows for the function argument object to be uninitialized. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
This strike exploits a command injection vulnerability in the Roundcube Webmail. This vulnerability is due to improper handling of the HTTP parameter when a client sends http traffic to the server. A remote attacker can trigger this vulnerability by enticing an authenticated user to visit a crafted page, which sends a request to the target server. This results in arbitrary IMAP injection on the...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a stack based buffer overflow vulnerability in VX Search 10.6.18. If a directory parameter is imported with an overly large amount of data, the stack can overflow allowing for remote code execution.
CVSS: 6.1 (AV:L/AC:L/Au:N/C:P/I:P/A:C)
This strike exploits a stack buffer overflow vulnerability in Zortam MP3 Media Studio desktop application. The vulnerability is due to improper parsing of user-supplied input in a search form. Successful exploitation results in the execution of arbitrary code within the context of the user running the vulnerable application. NOTE: To test this exploit, after running the test, copy the content of the...
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits an information disclosure vulnerability in MXview Industrial Network Management Software. The vulnerability is due to lack of access controls and improper handling of HTTP requests. Successful exploitation will allow an attacker to obtain sensitive information from the server, including SSL private key.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a remote code execution vulnerability in Pivotal Spring Data Commons. The vulnerability is due to a SPEL injection in SimpleEvaluationContext method. Successful exploitation can result in arbitrary code execution in the context of Spring Data Commons.
