CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Apple WebKit. Specifically, an attacker can craft JavaScript in such a way that when reconstructing arguments objects type confusion can occur leading to a denial of service in the browser.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
An OS Command Injection exists in rConfig 3.9.3 and prior versions as a result of no sanitization of user supplied data. The parameter processed in ajaxArchiveFiles.php is then used as a command line argument within a privileged command. By sending a crafted path parameter to /lib/ajaxHandlers/ajaxArchiveFiles.php path, a remote authenticated attacker may execute arbitrary OS commands as a superuser...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Apple Webkit JavaScriptCore. Specifically, a Use-After-Free occurs when the jsElementScrollHeightGetter function is invoked in a specific manner. When this happens a denial of service condition, or potentially remote code execution, may occur.
CVSS: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
This strike exploits an information disclosure vulnerability in Microsoft SharePoint. This vulnerability is due to insufficient validation of uploaded files. A remote, authenticated attacker could exploit this vulnerability by uploading a maliciously crafted file to a target SharePoint server. Successful exploitation of this vulnerability allows the attacker to disclose NTLM hashes, which in turn...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
An OS command injection vulnerability exists in Citrix Application Delivery Controller ADC and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. The command injection is possible using a directory traversal flaw, due to improper sanitization of multiple fields in HTTP requests. The flaw may be exploited by an unauthenticated attacker to execute arbitrary commands on the target server.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Apple Webkit. Specifically, an attacker can cause an integer overflow in NodeRareData::m connectedFrameCount by inserting a large number of iframe elements into a DOM node that already has cached subframes. Doing this can cause type confusion to occur leading to a denial of service in the browser, and it can also lead to a UXSS attack.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
A denial-of-service flaw exists in Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4. An authenticated attacker may crash the service by sending a crafted X-Reason HTTP header containing an Erlang format string which causes the server to allocate a massive memory region....
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
An integer overflow vulnerability exists in parse mqtt mongoose.c in Cesanta Mongoose 6.16. By sending a crafted packet, a remote unauthenticated attacker may lead the server into a infinite loop, causing DoS conditions.
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a heap double free vulnerability found in Adobe Acrobat and Reader. The vulnerability is due to improper input validation while parsing specific header fields of a PDF document. An attacker could exploit this vulnerability by creating a specially crafted PDF file and entice an user to open it. Successful exploitation could lead to arbitrary code execution on the target Machine...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Spidermonkey, the Javascript engine of Mozilla Firefox. The issue is caused by incorrect alias information for Array.prototype.slice method within IonMonkey JIT compiler component. This can lead to a denial of service or potentially allow for remote code execution to occur.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits an Out of Bounds Write vulnerability in Microsoft Jet Database Engine. The vulnerability is due to improper handling of objects in memory. The user would be enticed to visit a site or open a web page, causing arbitrary code to be executed.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Internet Explorer scripting engine. Specifically, an attacker can craft an HTML page containing a Javascript script in such a way that a call to jscript!JSONStringifyObject frees an object that is later going to be referred by jscript!PrepareInvoke, resulting in a Use-After-Free condition. A remote attacker could exploit this vulnerability by...
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
A SQL injection vulnerability exists in the General Ledger component of Oracle E-Business Suite. A SQL query may be sent via the Thin Client Framework protocol over HTTP, which is later processed in the DataManagerServer.readSynch method located in oracle/apps/gl/jahe/tcf/server/DataManagerServer.java. The string is then used as a base string for a database query. By exploiting this flaw, a remote...
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
A SQL injection vulnerability exists in the Work in Progress component of Oracle E-Business Suite. A SQL query may be bundled in a FndMessageRequest object sent via the Thin Client Framework protocol over HTTP, which is later processed in the public Vector fetchMessages method located in oracle/apps/wip/gantt/components/server/database/MessageFetcher.class. By exploiting this flaw, a remote...
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
This strike exploits a heap buffer overflow vulnerability in MF3216 component of Microsoft Windows. The vulnerability is due to improper handling of EMF records. An attacker could gain arbitrary code execution by enticing the user to open and save a malicious EMF or RTF file.
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
An insecure deserialization vulnerability was found in Oracle WebLogic Server. The vulnerability is due to insufficient validation of serialized data within T3 requests. The vulnerability can be exploited by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution within the context of the user running WebLogic.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
A command injection vulnerability exists in OpenEMR 5.0.1 and earlier, within scanned notes/new.php form file, as a result of weak user input sanitization. By sending a crafted id parameter in a HTTP request, a remote authenticated attacker might execute arbitrary system commands.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike identifies a vulnerability in Samsung DVR Firmware v1.10. An authentication bypass is possible because of improper validation of CGI page requests. If an HTTP request is made to one of many URI paths with a malicious cookie value set, then access will be given to the attacker with the ability to perform many functions such as read usernames and passwords, create users, and read and modify...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a Use-After-Free vulnerability on Adobe Flash Player. The vulnerability can be triggered due to inadequate memory management when using a SharedObject entities. A user could be manipulated into accessing a web page that downloads and executes a malicious file that can lead to arbitrary code execution with local user privileges. All versions of flash player below 12.0.0.44 and 11....
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a remote code-execution vulnerability in SIEMENS Solid Edge. The vulnerability is due to the use of OpenInEditor method within the WebPartHelper ActiveX Control. By enticing a user to open a crafted web page an attacker could remotely execute arbitrary code.
Pages