Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 661 - 680 of 58316
CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
This strike exploits a buffer-overflow vulnerability in DualDesk Proxy component. The vulnerability is due to improper length validation of user input on port 5500. By exploiting this vulnerability, a remote, unauthenticated attacker could cause a Denial of Service against the target process.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a command execution vulnerability in Google Golang client. The vulnerability is due to insufficient sanitization of user input by the go get command. An authenticated attacker can entice the client to use go get on a malicious URL, a successful exploitation could results in a command injection on the target user.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to create Javascript in such a way that when a call is made to an Inlinee method the returned method is incorrect and it will potentially skip returning the proper instruction. This may lead to a denial of service condition in the browser, or...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
A file upload vulnerability was found in the Oracle WebLogic Server component of Oracle Fusion Middleware. The vulnerability is caused by the lack of proper input sanitisation of the Weblogic Web Service Test Page. Successful exploitation can result in arbitrary code execution in the context of the user running WebLogic.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits a file disclosure vulnerability in LibreOffice up to 6.0.1. The vulnerability is due to unrestricted use of WEBSERVICE function in LibreOffice Calc files. An attacker could obtain the content of any local file by enticing a user to open a maliciously crafted document. Note: This strike is sending over the network a file which if run on a vulnerable target would dump contents of /...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Internet Explorer browser. Specifically, the vulnerability exists in jscript.dll. It is possible to craft Javascript in such a way that will allow for a heap overflow to occur when making calls to the JsArrayStringHeapSort or JsArrayFunctionHeapSort functions. This may lead to a denial of service condition in the browser, or potentially remote...
CVSS: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
This strike exploits a directory traversal vulnerability in Cisco Prime Network Analysis Module. The sfile parameter of HTTP requests to /capture/graph.php is intended to read and delete a specified graph file. It is not sanitized for directory traversal characters. An attacker can send specially crafted HTTP requests to delete arbitrary files.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
This strike exploits a reflected cross-site scripting vulnerability found in MyBB open source PHP forum platform. This vulnerability is due to inadequate input filtering in the web interface, while parsing input passed to subject parameter within newthread.php. By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target users browser.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
The vulnerability allows attackers read access to arbitrary file contents accessible in the Micro Focus NetIQ Access Manager server by insufficient validation of user input on requests sent to the OspUIBasicSSODownload servlet.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a remote code execution vulnerability in Apache CouchDB. CouchDB administrative users can configure the database server via HTTP. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. Successful exploitation will allow a CouchDB admin user to execute arbitrary shell commands as the CouchDB user.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a buffer overflow vulnerability in JET database engine component of Microsoft Office. The vulnerability is due to an invalidation of cch field of some BIFF substreams. An attacker could execute arbitrary code by enticing a user to open a maliciously crafted document.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits an SQL injection vulnerability in the CheckList component for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike exploits a directory traversal vulnerability in ManageEngine ServiceDesk. HTTP GET requests to the /fosagent/repl/download-file are intended to download files from a specific directory. However, the filepath parameter is not sanitized for directory traversal characters. An attacker can send an HTTP GET request with a specially crafted filepath parameter to download arbitrary files from...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a code execution vulnerability in osCommerce 2.3.4.1. This vulnerability is due to improper sanitization of the HTTP data when the client sends http traffic to the server. A remote attacker can trigger this vulnerability by sending a malicious request to the web interface. This results in the ability to execute system commands on the target device.
CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
This strike exploits a denial of service vulnerability in Softros Network Time System service. The vulnerability is due to improper length validation of user input on port 7001. By exploiting this vulnerability, a remote, unauthenticated attacker could cause a Denial of Service against the target process.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
An insecure deserialization vulnerability was found in Oracle WebLogic Server due to insufficient validation of serialized XML data. Vulnerability can be exploited by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the context of the user running WebLogic.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows for type confusion to occur when OP memset is called to change the type of a float array. This may cause a denial of service condition in the browser, or potentially lead to remote code execution.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote internal command access vulnerability in DEWESoft X3. The vulnerability is due to lack of authentication for sessions on TCP port 1999. By exploiting this vulnerability, a remote attacker could run internal commands, including executing arbitrary programs or disabling security features on target system. Note: When run in one-arm mode, this test will launch calc.exe on...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Drupal Core open-source CMS. The vulnerability is due to improper validation of user-supplied data while performing server-side deserialization of PHP objects. A malicious user can exploit this vulnerability by sending multiple HTTP POST requests including serialized PHP objects. When successfuly exploited, the vulnerability results in complete compromise of...
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a buffer overflow vulnerability in EQNEDT component of Microsoft Office. The vulnerability is due to an invalidation of font name field length in an OLE object. An attacker could execute arbitrary code by enticing a user to open a maliciously crafted document using the vulnerable software.
