Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 621 - 640 of 58316
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a buffer overflow vulnerability in CloudMe Sync software. The vulnerability is due to improper length validation of user input on port 8888. A remote, unauthenticated attacker can run arbitrary code on the target system by sending specially crafted payload to the listening port. Note: When run in one-arm mode against a Windows 7 SP1 x86 system, CloundMe Sync process will crash...
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits a information disclosure vulnerability in D-Link DIR-8xx Wired/Wireless Router. This vulnerability is due to improper handling of key-value pairs sent through HTTP POST requests. By exploiting this vulnerability a remote, authenticated attacker can obtain sensitive data, including router credentials.
CVSS: 8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)
This strike exploits a heap buffer overflow vulnerability found in BusyBox wget module. The vulnerability is due to insufficient validation of chunk length while parsing server response. Remote attackers can exploit this vulnerability by crafting a malicious HTTP response packet with chunked transfer encoding. Successful exploitation could lead to code execution on the target system.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a double free vulnerability in Adobe Reader and Acrobat. The vulnerability is due to improper validation of the NPC field of a Palette box. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
This strike exploits a command injection vulnerability in Clipbucket web application. The vulnerability is due to improper input validation of the file name parameter in HTTP requests to file uploader.php script. By exploiting this vulnerability, a remote, unauthenticated attacker can execute arbitrary OS commands on the target server. NOTE: When run in one-arm mode, file uploader.php script needs to...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a buffer overflow vulnerability in Advantech WebAccess software. The vulnerability is due to lack of proper validation of user-supplied pathname before copying it to a stack-based buffer. A specially crafted DCE/RPC request could lead to arbitrary code execution on the target server or abnormal termination within the context of the WebAccess process.
CVSS: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. The ASM EmitCall function does not properly handle invalid function calls and this can lead to an out of bounds read. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Windows Kernel-Mode driver caused by improper handling of memory objects while parsing TrueType fonts. A remote attacker could exploit the vulnerability to execute arbitrary code or cause a denial of service by enticing a user to open a specially crafted TrueType file.
CVSS: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a remote command execution vulnerability in Huawei HG532 Router. The vulnerability is due to insufficient validation of NewDownloadURL and NewStatusURL in SOAP XML. The exploit has been used in okiru/satori, a variant of Mirai.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a file upload vulnerability in Clipbucket web application. The vulnerability is due to improper validation of the user controlled input to the file uploading scripts. By exploiting this vulnerability, a remote, unauthenticated attacker can upload any file including PHP scripts and execute them on the target server. NOTE: When run in one-arm mode, target web application index...
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a remote command execution vulnerability in MikroTik RouterOS. The vulnerability is due to insufficient validation of NetBIOS session request messages within SMB service. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits a directory traversal vulnerability within the fuzzd webserver running the Appear TV Maintenance Centre application. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted HTTP request to the target server. Successful exploitation results in the disclosure of arbitrary file contents from the target server.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a heap corruption vulnerability in Microsoft .NET Framework. The vulnerability is due to an integer underflow occurring while Internationalized Resource Identifier IRI elements are processed. A remote, unauthenticated attacker can execute arbitrary code in the context of .NET web application by sending crafted IRI strings to the vulnerable server.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
This strike exploits a remote denial of service vulnerability in WebLog Expert Web Server Enterprise. The vulnerability is due to improper header parsing in HTTP requests on port 9991. By exploiting this vulnerability, a remote, unauthenticated attacker could cause a denial of service against the target process.
CVSS: 7.9 (AV:A/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a command injection vulnerability in the Red Hat Network Manager. The vulnerability is due to improper validation of DHCP Option Message field within the DHCP Offer packet sent by the DHCP server. A remote attacker could exploit this vulnerability by sending malicious DHCP responses to the target Machine. Successful exploitation could result in arbitrary command execution with...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a input validation error present in Endian Firewall. Vulnerability can be exploited by crafting a special HTTP request to the target. Successful exploitation would result in arbitrary command execution in the security context of Apache httpd server.
CVSS: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
This strike exploits a remote code execution in Mako Server application when default installation including tutorials was performed. The vulnerability is due to improper sanitization of HTTP PUT requests to save.lsp web page. By sending a maliciously crafted HTTP request, a remote, unauthenticated attacker could execute arbitrary operating system commands.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits an SQL injection vulnerability in Joomla! CMS. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure, database corruption, denial of service and others.
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
A command injection vulnerability was found in Oracle WebLogic Remote Diagnosis Assistant web interface. The vulnerability is due to improper user supplied sanitization, when input is supplied to the rda tfa ref date menu command. The vulnerability can be exploited by sending a specially crafted HTTP request to the target server. Successful exploitation can result in arbitrary code execution in the...
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
This strike exploits a vulnerability in Microsoft Internet Explorer. Specifically, the vulnerability exists in the Javascript jscript.dll library. It is possible to craft Javascript in such a way that when making a call to the RegExp.lastMatch function information will be disclosed. In this case memory contents are dumped to the user. It is also possible that this may lead to a denial of service...
