Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 121 - 140 of 58316
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike identifies a vulnerability in an Indusoft ThinClient ActiveX control. The Initialize2 method does not properly validate its arguments. If a malicious or overly large string size is used and exceeds the limit of the buffer, an overflow will occur allowing for remote code to be executed.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a Java code execution vulnerability in Apache Camel. An attacker can make an HTTP request with a CamelXsltResourceUri pointing to a malicious XSL file containing arbitrary Java code. The server will download the XSL file and execute the code.
CVSS: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
This strike emulates a large number of requests for pingback calls through the xmlrpc service available by default on wordpress servers. This kind of requests are used as part of a distributed denial of service scenario. The requests generated by this strike are identical to what an attacker would send to reflector and amplificator wordpress servers in order to disrupt service on other servers....
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits buffer overflow vulnerability within Mitsubishi EZPcAut220.dll ActiveX Control. This vulnerability is due to lack of boundary checking in the attribute HostAddress in Mitsubishi EZPcAut220.dll ActiveX Control. Remote unauthenticated attackers could exploit this vulnerability to execute arbitrary code on the target system.
CVSS: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
This strike exploits a stack buffer overflow vulnerability in PostgreSQL. If IntervalStyle is set to postgres verbose, a fixed buffer is used when processing the output string. A specially crafted SQL INTERVAL command can be used to overflow this buffer. Successful exploitation may result in execution of arbitrary code or abnormal termination of PostgreSQL, leading to a denial of service condition...
CVSS: 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
This strike exploits a vulnerability in the Linux kernel. The target network interface card must support UDP Fragmentation offload to be vulnerable to this attack. By issuing a TFTP request over IPv6 with a blocksize larger than the MTU, the TFTP daemon on the vulnerable server will send a large packet resulting in a kernel panic, causing a denial of service condition.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits buffer overflow vulnerability within Mitsubishi EZPcAut260.dll ActiveX Control. This vulnerability is due to lack of boundary checking in the function ESOpen in Mitsubishi EZPcAut260.dll ActiveX Control. Remote unauthenticated attackers could exploit this vulnerability to execute arbitrary code on the target system.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability within Googles Chrome Browser. Googles URL component does not properly validate URLs that use escape characters, and these characters can allow for insertion of javascript code. In this attack the referenced pages cookie is returned via a javascript alert. With an additional alert from within a body onload event handler the application terminates abruptly.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Microsoft Internet Explorer. If a DOMNodeRemoved event is triggered and all the objects that belong to the current HTMLSelection object are removed inside the event handler for DOMNodeRemoved, a Use-After-Free condition can occur.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits an information disclosure vulnerability in Apache Camel. XML entities with PUBLIC or SYSTEM identifiers are processed and returned. An attacker can craft a SYSTEM entity to return information on system information or a PUBLIC entity to send requests from the Camel server, possibly allowing for policy bypass.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike identifies a vulnerability in Mitusbishis MX Component ActiveX control. This attack is against a vulnerable WzTitle function that takes a string as an argument. If this string size exceeds the limit of the buffer an overflow will occur allowing for remote code to be executed.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
This strike exploits a resource exhaustion vulnerability in Novell Open Enterprise. When a TCP connection to the HTTPSTK service is terminated using a FIN packet, SSL free is not called, causing the connection to remain in the CLOSE WAIT state. An attacker can connect and terminate many connections, eventually exhausting the system resources, resulting in a denial of service condition.
CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
A denial-of-service vulnerability exists in VxWorks TCP stack, for Wind River VxWorks versions 6.6 through vx7. Whenever a TCP packet with malformed options is received, the SEQ and ACK numbers are not being checked, and a RST on the connection is immediately issued. By spoofing the source IP address and bruteforcing the source port number space 1024 through 65535, an attacker may send packets to a...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike replicates a remote code execution attack on Elastic Kibana, through a JavaScript prototype pollution vector. The vulnerability is due to lack of sanitization for user supplied data when parsing Timelion component requests. By exploiting this flaw, a remote unauthenticated attacker might execute arbitrary code on the target system.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a command injection vulnerability in the Exhibitor Web UI. The vulnerability is due to improper parsing of parameters passed to the config editor web form. A malicious attacker can exploit this by performing a specially-crafted HTTP request. Successful exploitation leads to arbitrary commands being run in the context of the user running the Exhibitor server.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits an Use-After-Free vulnerability in the Excel component of Microsoft Office. The vulnerability is due to improper handling of XML elements by the MSO.DLL library. The vulnerability can be exploited by crafting a malicious XML file and enticing a user to download and open it. Successful exploitation may result in execution of arbitrary code with user privileges.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
This strike exploits a reflected cross-site scripting vulnerability found in OpenProject Web interface. This vulnerability is due to inadequate input filtering in the web interface, while parsing input passed to sortBy parameter within projects page. By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target users browser.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a remote code execution in Apache Solr via Velocity template in the VelocityResponseWriter plugin. When params resource loader is set to true, the user will be allowed to specify the loading of related resources by setting the parameters in the request, this allows the attacker to construct a threatening request on the server. Successful exploitation will result in code execution...
CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in the Google Chrome browser. Specifically the vulnerability exists within the Javascript V8 engine. An attacker can craft Javascript in such a way that the AwaitedPromise method can be replaced with user Javascript through the use of a then getter. This may lead to an incorrect state in the generator, which can lead to a denial of service condition in the browser...
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a Use-After-Free vulnerability in the Microsoft Windows Imaging API component of Microsoft Windows. The vulnerability is due to improper handling of WIM records in memory by the wimgapi.dll library. The vulnerability can be exploited by crafting a malicious WIM image file and enticing a user to download and mount it. Successful exploitation may result in execution of arbitrary...
