Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Displaying 561 - 580 of 58316

CVSS: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution vulnerability in EmbedThis GoAhead Web Server. The vulnerability is due to insufficient validation of CGI variables. To exploit the vulnerability, an attacker would create a HTTP CGI request that uses sets LD PRELOAD=/proc/self/fd/0 in the query string and sets the POST data of the request to be in the form of a malicious shared library for the...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a parameter injection vulnerability found in klaussilveira GitList. The vulnerability is due to insufficient validation of input supplied to php function escapeshellarg within searchTree form. Remote attackers can exploit this vulnerability by crafting a malicious HTTP POST request, ultimately gaining code execution on the target system.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a management interface authentication bypass vulnerability in Palo Alto Networks PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, and PAN-OS 7.1.13 and earlier. Note: A remote user can exploit a combination of vulnerabilities in the management interface to execute arbitrary commands on the target system. The code will run with root privileges. This strike simulates...

CVSS: 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)

This strike exploits a cross-site scripting vulnerability in Artica Web Proxy. This vulnerability is due to improper sanitization of user input sent as username-form-id field to freeradius.users.php script. By exploiting this vulnerability an attacker could execute arbitrary operating system commands as root.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits a cross-site scripting vulnerability in Epsons web configuration page for AirPrint in certain Epson printer products. This vulnerability is due to inadequate input filtering in INPUTT GEOLOCATION parameter. By exploiting this vulnerability an attacker could execute arbitrary scripts on the target Machine.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits an Time-Based SQL injection vulnerability in iCMS v7.0.8. The vulnerability is caused by insufficient validation of user input on HTTP requests which are used to create SQL queries. Successful exploitation could allow an attacker to trigger a denial-of-service on the target server for a short period.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a remote code execution vulnerability in Microsoft Malware Protection Engine. The vulnerability is due to how the engine handles specially crafted RAR files during scanning. By exploiting this vulnerability, an attacker could execute arbitrary code in the security context of the LocalSystem account and take control of the system.

CVSS: 3.6 (AV:L/AC:L/Au:N/C:N/I:P/A:P)

This strike exploits a tamper-protection bypass vulnerability in Symantec Endpoint Protection. The vulnerability is due to lack of User Interface Privilege Isolation for source validation of Windows API messages. By exploiting this vulnerability, an attacker could alter Symantec Endpoint Protection user interface that could result in denying end user ability to use the antivirus or displaying to the...

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

An arbitrary file overwrite vulnerability has been identified in Advantech WebAccess SCADA web platform. The vulnerability is caused by the lack of proper input sanitisation of the gmicons.asp picfile parameter. The vulnerability can be exploited by sending a specially-crafted request, allowing the attacker to execute code on the remote Machine with the privileges of the application process.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. If the Javascript engine cannot link the asmjs module it gets treated as a normal function, however, when this code is reparsed certain cases are not correctly handled, which can result in binding incorrect information to the constructor. This may lead to a...

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a SQL injection vulnerability in the Redaxo CMS Addon MyEvents. This vulnerability is due to improper sanitization for the parameter myevents id. A remote attacker can access backend contents with successful exploitation.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

An SQL injection vulnerability exists in Quest NetVault Backup appliance. The vulnerability is due to insufficient user-supplied input validation within Server Process Manager Service. The successful exploitation of this vulnerability can result in database information disclosure without authentication via a specially crafted HTTP GET request.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows for type confusion to occur when setting the value of an object property, and then changing its internal type during optimization. This may cause a denial of service condition in the browser, or potentially lead...

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a file download vulnerability in Joomla! Component Proclaim The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could download sql files under backup folder via direct requests.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a buffer overflow vulnerability in Network Time Protocol. The variables filtdelay, filtoffset, filtdisp, and filterror are copied to a finite length buffer without validation. A sufficiently large content length will overflow the buffer. Successful exploitation may result in arbitrary code execution or abnormal termination of the ntpd process, resulting in a denial of service...

CVSS: 4.7 (AV:L/AC:M/Au:N/C:C/I:N/A:N)

This strike exploits the Spectre vulnerability identified in modern Intel CPUs by leveraging a side-channel attack through the Javascript engine within a browser. This vulnerability is due to incomplete clearance of CPU cache memory after invalidation of a speculative execution result. By exploiting this vulnerability, an attacker can obtain sensitive data, like stored passwords or session IDs, from...

CVSS: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

This strike exploits an SQL injection vulnerability in Trend Micro Email Encryption Gateway. The vulnerability is due to the improper sanitization of searching string sent to searchEmail.jsp script. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure, database corruption, denial of...

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to create Javascript in such a way that allows for the RemoveEmptyLoopAfterMemOp function to remove empty function loops. However, when this is called it may not take all branches into consideration and can potentially break the control flow. This...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a heap overflow vulnerability found in the base64 decode function of Exim SMTP listener. The vulnerability is due to improper handling of malformed base64 strings. A remote attacker can connect to the SMTP service and send a specially crafted SMTP authentication messages.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

An SQL injection vulnerability exists in Quest NetVault Backup appliance. The vulnerability is due to insufficient user-supplied input validation within Server Process Manager Service. The successful exploitation of this vulnerability can result in database information disclosure without authentication via a specially crafted HTTP request.

Pages