Displaying 121 - 140 of 38219

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

A remote code execution vulnerability exists in LibreNMS versions prior to 1.46. The vulnerability is a result of improper sanitization when parsing the community HTTP request parameter within addhost.inc.php A successful attacker is thus able to send specially crafted HTTP requests that could lead to execution of arbitrary commands on the target server.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a sql injection vulnerability in WordPress Plugin Photo Gallery. The vulnerability is due to improper sanitization of the album id parameter. By successfully exploiting this vulnerability, an authenticated attacker could perform sql injection on the target server.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

An out of bounds read vulnerability been reported in Adobe Acrobat due to improper handling of JOBOPTIONS files. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted one-byte JOBOPTIONS file. Successful exploitation could lead to information disclosure.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits a remote code execution in the HPE Intelligent Management Center. The vulnerability is due to improper sanitization of user input beanName which is passed to the application via the IccSelectDevTypeBean class. A remote authorized attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in remote code execution on...

CVSS: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)

This strike simulates a CSRF attack on phpMyAdmin. The flaw is a result of no anti-CSRF technique being employed in the setup page. A remote attacker may entice a phpMyAdmin user to make a request to a crefted URL, leading to removal of arbitray servers from the phpMyAdmin configuration.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically an attacker can craft javascript in such a way that allows for the initialization process to run without caring about the ImplicitCallFlags. This can cause a denial of service condition in the browser or potentially allow for remote code execution to occur.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

An OS command injection exists in FusionPBX 4.4.8 due to lack of parameter sanitization while parsing requests to service edit.php. By exploiting this flaw, an authenticated remote attacker can run arbitrary OS commands on the target system.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Apple Safari Webkit. Specifically when trying to inline GetByVal operations on stack-allocated arguments the code fails to properly check whether index is lower than numberOfArgumentsToSkip. This can potentially lead to uninitialized variable access which can cause a denial of service condition in the browser or allow for remote code execution to occur.

CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

A command injection vulnerability exists in Pulse Connect Secure due to insufficient parameter sanitization. The vulnerability resides in the /dana-admin/diag/diag.cgi endpoint and can be exploited by crafting the options parameter in order to create a template file which contains Perl directives. By exploiting the flaw, a remote authenticated attacker may execute arbitrary commands on the target...

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits a cross-site scripting vulnerability in Wordpress Plugin UserPro. This vulnerability is due to inadequate input filtering of error description in the web interface. An attacker could exploit this vulnerability by enticing a user to visit an attacker controlled webpage or click a malicious link. By exploiting this vulnerability an attacker could trigger reflected cross site...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a SQL injection vulnerability in the Django server. The vulnerability is caused by insufficient validation of user input on HTTP requests, which are used to create SQL queries. Successful exploitation could allow an attacker to execute SQL command on the target server.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a heap double free vulnerability found in Adobe Acrobat and Reader. The vulnerability is due to improper input validation while parsing specific header fields of a PDF document. An attacker could exploit this vulnerability by creating a specially crafted PDF file and entice an user to open it. Successful exploitation could lead to arbitrary code execution on the target Machine...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a heap double free vulnerability found in Adobe Acrobat and Reader. The vulnerability is due to improper input validation while parsing specific header fields of a PDF document. An attacker could exploit this vulnerability by creating a specially crafted PDF file and entice an user to open it. Successful exploitation could lead to arbitrary code execution on the target Machine...

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Apple Safari Webkit. Specifically after optimizations are performed on AIR code, a register gets marked as late use and ultimately is determined to be a dead register and discarded. It may be possible for an attacker to construct Javascript in such a way that it is possible to control the data in this dangling register. This can cause a denial of service...

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution in the JIRA Template. The vulnerability is due to improper sanitization of user input which is passed to the application via the ContactAdministrators and SendBulkMail actions. A remote authorized attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in remote code execution on the target...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

An integer underflow vulnerability exists in VxWorks 6.8 TCP stack. This strike simulates a denial of service attack by setting the URGENT TCP pointer to 0 zero when communicating with any network service. By exploiting this flaw, a remote attacker can cause denial of service by crashing the target network stack.

CVSS: 4.0 (AV:L/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Apple Safari Webkit. Specifically a JSValue ValueProfile pointing to a previously freed chunk of memory which will have its JSCell header overwritten. When this gets accessed out of bounds a crash will occur. An attacker can craft javascript in such a manner that will cause memory corruption to occur, causing a denial of service in the browser and potentially...

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Apple Safari Webkit. It is possible for an attacker to construct Javascript in such a way that when the emitEqualityOpImpl method is called it will incorrectly replace the typeof instruction with the is cell with type instruction. This can cause a denial of service condition in the browser or potentially allow for remote code execution to occur.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits a remote code execution in the HPE Intelligent Management. The vulnerability is due to improper sanitization of user input beanName which is passed to the application via the IccSelectDevTypeBean class. A remote authorized attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in remote code execution on the...

CVSS: 9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)

An OS command injection vulnerability exists in Webmin 1.920 and prior versions. The flaw exists in the password change functionality and is reachable via the /password change.cgi endopint. By exploiting this vulnerability, a remote unauthenticated attacker may execute arbitrary OS commands on the target system.

Pages