Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 641 - 660 of 58316
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a code execution vulnerability in Oracle Tuxedo Jolt Server. The vulnerability is due to a heap buffer overflow exists in the Jolt service. An attacker could send a crafted JOLT message to the target server and achieve remote code execution.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike emulates a TLS handshake using an RSA Encrypted PreMaster Secret, which may be vulnerable to the Return Of Bleichenbachers Oracle Threat ROBOT decryption attack. Due to incorrect handling of improperly padded or invalid RSA Encrypted PreMaster Secrets, information which may be used to decrypt or decipher the servers private key is leaked. Successful exploitation may result in decryption...
CVSS: 6.3 (AV:N/AC:M/Au:S/C:N/I:N/A:C)
A heap corruption vulnerability was discovered in Microsoft Windows SNMP service. The vulnerability is due to insufficient input validation when parsing the SNMP traps. A remote, unauthenticated attacker can take advantage of this flaw by crafting special SNMP traps that will crash the snmpd process.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits an SQL injection vulnerability in the SimpleCalendar component for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows the type JavascriptNativeIntArray to be changed to type JavascriptArray. This later leads to a disclosure of information such as memory addresses and fake object contents.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits an authentication bypass on Dell EMC VMAX Virtual Appliance Manager. This vulnerability is due to improper use of an account smc which is not documented. A remote attacker can exploit this vulnerability by sending hardcoded account and password to the system. Successful exploitation results in authentication bypass on target server.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a Use-After-Free vulnerability in Microsoft Office Outlook. The vulnerability is due to the improper handling of a MIME message with a Content-Type specifying HTML content. A specially crafted email could lead to arbitrary code execution on the target server or abnormal termination within the context of the Outlook process.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
A command execution vulnerability was found in Oracle WebLogic Servers Node Manager. The vulnerability is due to the fact that the resources of Node Manager utility within WebLogic Server can be reached without authentication. Vulnerability can be exploited by sending a specially crafted HTTP request to the process listening on port 5556/TCP. Successful exploitation can result in arbitrary code...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a remote code execution vulnerability in Hewlett Packard Enterprise HPE Intelligent Management Center. The vulnerability is due to insecure deserialization of user input data sent through HTTP. A remote, unauthenticated attacker can run arbitrary commands on the targeted system by sending a crafted HTTP request to the target server.
CVSS: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
This strike exploits a cross-site scripting vulnerability in GOsa, a web-based LDAP administration program. This vulnerability is due to inadequate input filtering in the web interface, while changing the password within password.php form. By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target users browser.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits an SQL injection vulnerability in the Aist component for Joomla! The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits an insecure java deserialization in Hewlett Packard Enterprise HPE Intelligent Management Center IMC. This vulnerability is due to improper validation of Java serialized objects before deserialization . An attacker could send a specially crafted HTTP POST request to achieve arbitrary command execution with either SYSTEM or root privileges.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
This strike exploits a remote code execution vulnerability in Network Weathermap plugin for Cacti. The vulnerability is due to improper input validation of the map title parameter in HTTP requests to editor.php script. By exploiting this vulnerability, a remote, unauthenticated attacker can execute arbitrary PHP code on the target server. NOTE: When run in one-arm mode, Weathermap plugin editor needs...
CVSS: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
This strike exploits a directory traversal vulnerability in Schneider Electric U.motion Builde. The vulnerability is due to improper validation of input of context parameter in HTTP GET request, which could allow the disclosure of sensitive information.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows for a Use-After-Free condition to occur when processing an ArrayBuffer that has previously been freed. This may cause a denial of service condition in the browser, or potentially lead to remote code execution...
CVSS: 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N)
This strike exploits an absolute path traversal vulnerability in the DownloadSnapshotServlet module on the ManageEngine ServiceDesk application. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in the disclosure of arbitrary file contents from the target server.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows for the function argument object to be uninitialized. This may lead to a denial of service condition in the browser, or potentially remote code execution.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits an SQL injection vulnerability in the DT Register 3.2.7 component for Joomla! The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits a local file inclusion vulnerability in Site Editor WordPress plugin. The vulnerability is due to improper sanitization of ajax path parameter in requests to ajax shortcode pattern.php script. By exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server. Note: When run in one-arm mode, this strike will retrieve the...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits an SQL injection vulnerability in the Project Log 1.5.3 for Joomla! The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.
