Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Displaying 541 - 560 of 148036

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

An insecure deserialization vulnerability was found in Oracle WebLogic Server due to insufficient validation of serialized data. Vulnerability can be exploited by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the context of the user running WebLogic.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a remote file execution vulnerability in AMD Raptr. HTTP POST requests to the execute_installer URI are intended to execute the installer file with path stored in the data parameter. However, any arbitrary executable path stored in the data parameter will be executed. An attacker can send a specially crafted HTTP POST request to cause arbitrary file execution on the target system...

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits a XML external entity vulnerability in Subsonic media server. The vulnerability is due improper parsing of input file when user imports a new playlist. By enticing a user to import a specially crafted .xsfp file, an attacker could evade firewalls and perform server-side request forgery attacks.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a denial of service vulnerability in MXview Industrial Network Management Software. The vulnerability is due to improper handling of supplied credentials when users try to login. Successful exploitation will cause the unavailability of MXview server.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a remote command injection vulnerability in the Pivotal Spring Web framework. The vulnerability exists due to insufficient validation of user-supplied input to a STOMP broker in the spring-messaging module. The vulnerability can be exploited by sending a specially crafted request to a STOMP broker, allowing arbitrary command execution in the context of the running service. NOTE:...

CVSS: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)

This strike exploits a command injection vulnerability in the Roundcube Webmail. This vulnerability is due to improper handling of the HTTP parameter when a client sends http traffic to the server. A remote attacker can trigger this vulnerability by enticing an authenticated user to visit a crafted page, which sends a request to the target server. This results in arbitrary IMAP injection on the...

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Internet Explorer browser. The vulnerability lies within jscript.dll. A HTML page containing Javascript can be crafted in such a way that allows for a heap buffer overflow. Successful exploitation may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits an information disclosure vulnerability in MXview Industrial Network Management Software. The vulnerability is due to lack of access controls and improper handling of HTTP requests. Successful exploitation will allow an attacker to obtain sensitive information from the server, including SSL private key.

CVSS: 6.1 (AV:L/AC:L/Au:N/C:P/I:P/A:C)

This strike exploits a stack buffer overflow vulnerability in Zortam MP3 Media Studio desktop application. The vulnerability is due to improper parsing of user-supplied input in a search form. Successful exploitation results in the execution of arbitrary code within the context of the user running the vulnerable application. NOTE: To test this exploit, after running the test, copy the content of the...

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

An out of bounds memory access vulnerability has been reported in Oracle Java SE. The vulnerability is due to insufficient validation of an index value prior to array access. A remote unauthenticated attacker can exploit this vulnerability by persuading users to load a malicious web page containing a Java applet. Successful exploitation could cause memory corruption that may lead to arbitrary code...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

An SQL injection vulnerability exists in Cobub Razor mobile analytics appliance. The vulnerability is due to insufficient user-supplied input validation within channel.php script. The successful exploitation of this vulnerability can result in database information disclosure without authentication via a specially crafted HTTP POST request.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a denial of service vulnerability in Apache HTTP Server configured with mod_cache_socache. An error in handling empty HTTP headers may lead to abnormal termination of the httpd process, resulting in a denial of service condition. An attacker can send specially crafted HTTP messaged with empty HTTP header to trigger the vulnerability.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a cross-site scripting vulnerability in WSO2 Identity Server. This vulnerability is due to improper sanitization of user input when adding a new workflow engine profile. By enticing an authenticated user to visit an attacker controlled webpage or click a malicious link, an attacker could access any cookies, session tokens, or other sensitive information retained by the browser...

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. Javascript can be crafted in such a way that allows for the function argument object to be uninitialized. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a remote code execution vulnerability in Pivotal Spring Data Commons. The vulnerability is due to a SPEL injection in SimpleEvaluationContext method. Successful exploitation can result in arbitrary code execution in the context of Spring Data Commons.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a cross-site scripting vulnerability in Subsonic media server. This vulnerability is due to improper sanitization of user controlled parameters to different HTTP GET and POST requests. By enticing an authenticated user to visit an attacker controlled webpage or click a malicious link, an attacker could access any cookies, session tokens, or other sensitive information retained by...

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

This strike exploits a cross-site scripting vulnerability in Kodi Media Player software. This vulnerability is due to inadequate input filtering in the web interface, while creating a new playlist. By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target user's browser.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows for type confusion to occur when MinInAnArray or MaxInAnArray methods are called to return the largest or smallest of a series of numbers. The functions fail to properly validate the input and can instead change...

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a remote command injection vulnerability in GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier. The vulnerability is due to insufficient validation of whether additional command line arguments were specified via the URI. This vulnerability could allow an unauthorized user to execute arbitrary code on the server.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a remote command injection vulnerability in Ruby before 2.4.3. The vulnerability is due to ruby NEt::FTP, which will execute any command after the "|" pipe character in the localfile argument. This vulnerability could allow an unauthorized user to execute arbitrary code on the server.

Pages