Displaying 141 - 160 of 38219

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike replicates a directory traversal attack on Fortinet FortiOS. The vulnerability resides in the /remote/fgt lang endpoint and affects product versions 5.6.3 to 5.6.7 and 6.0.0 to 6.0.4. By exploiting this flaw, a remote unauthenticated attacker may take over the device and perform attacks such as DNS hijacks.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a format string vulnerability on Palo Alto GlobalProtect server. The flaw resides in the sslmgr endpoint due to lack of user input validation. A remote unauthenticated attacker may thus crash a vulnerable instance or even execute arbitrary code.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a command execution vulnerability in Netgear R7000 Router Web Interface. The vulnerability is due to improper access checks of the web platform resources. Successful exploitation can result in arbitrary commands via shell metacharacters in the path info to cgi-bin.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

This strike exploits a denial of service vulnerability in HAProxy server. The vulnerability is due to incorrect handling of the cookie header under HTTP traffic. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in denial-of-service on the target server.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a code execution vulnerability in LibreOffice. The vulnerability is due to unrestricted use of document event function to trigger LibreLogo to execute python contained within a document. An attacker could entice the victim to open the crafted odt file. Successful exploitation could lead to code execution on the victims Machine.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a command execution vulnerability in ZTE F460/F660 cable modem Web Interface. The vulnerability is due to improper access checks of the web platform resources. Successful exploitation can result in arbitrary commands on the target system.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits an arbitrary file copy vulnerability in the ProFTPd. The vulnerability is due to a design flaw within the mod copy module. Successful exploitation can lead to remote code execution and information disclosure without authentication. NOTE: This issue is related to CVE-2015-3306.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Apple Safari Webkit. Specifically the vulnerability exists in the WebCore::RenderMultiColumnSet::updateMinimumColumnHeight method. It is possible to craft Javascript in such a way that allows for a Use-After-Free condition to occur when invoking the updateMinimumColumnHeight method. This can lead to a denial of service in the browser application or potentially...

CVSS: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

This strike emulates a DOS attack on HPE Intelligent Management Center. The vulnerability is due to no authentication being performed when the opcode 10014/kill is being processed. A remote unauthenticated attacker may create denial-of-service conditions by crashing the target server.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution vulnerability present in Adobe ColdFusion platform. This vulnerability is due to the JNBridge binary protocol port being exposed without any authentication. By exploiting an unpatched version of the application, an attacker is thus able to remotely execute arbitrary code as the root or SYSTEM privileges.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

A stack-based buffer overflow exists in ZeroMQ libzmq due to improper validation of the INITIATE command in curve server.cpp. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to the vulnerable service. Successful exploitation could result in denial of service conditions, or execution of arbitrary code.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits an authentication bypass on the Redis Server. The vulnerability is due to allowing attacker load a dynamic module and execute it remotely without authentication. A remote unauthorized attacker can exploit this vulnerability by sending a crafted TCP request to the system. Successful exploitation results in remote code execution on the target server.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

This strike exploits a cross-site scripting vulnerability in Squid Proxy. This vulnerability is due to inadequate input filtering of user name in the web interface. An attacker could exploit this vulnerability by enticing a user to visit an attacker controlled webpage or click a malicious link. By exploiting this vulnerability an attacker could trigger reflected cross site scripting on the victims...

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution on the Viber Desktop. The vulnerability is due to improper sanitization of user input which is passed to the application via the DLL loading path. A remote unauthorized attacker can exploit this vulnerability by enticing the victim to open a crafted web page. Successful exploitation results in remote code execution on the victims application.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

This strike exploits a stack buffer overflow in iptables-restore v1.8.2. The flaw resides in the add param to argv function that handles argument parsing, due to a fixed-size buffer of 1024 bytes. A remote attacker can exploit it by enticing a privileged user to call iptables-restore using the malicious file, resulting in arbitrary code execution.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Apple Safari Webkit. Specifically the vulnerability exists in the ByteCodeParser::handleIntrinsicCall method. It is possible to craft Javascript in such a way that will cause type confusion to occur. This can lead to a denial of service or potentially allow for remote code execution to occur.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a vulnerability in Apple Safari Webkit. Specifically the vulnerability exists in the BytecodeGenerator::hoistSloppyModeFunctionIfNecessary method. It is possible to craft Javascript in such a way that allows for an object to be passed as the property variable directly as a string to the op get direct pname handler without being properly validated. This can lead to a denial of...

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike replicates a stack-based buffer overflow attack on a PostgreSQL database server. The flaw is a consequence of no string size checking when base64-decoding a stored hashed password. Successful exploitation by a remote authenticated attacker may result in arbitrary code execution or crashing the server.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

A heap-based buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose. The vulnerability is due to insufficient input validation when processing MQTT messages within the parse mqtt method. To trigger this vulnerability, an attacker must send a specially crafted MQTT packet over the network. Successful exploitation results in remote code execution or denial of...

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a path traversal vulnerability found in Cisco Data Center Network Manager DCNM. The vulnerability is due to incorrect permission settings in affected DCNM software. An unauthenticated attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to write arbitrary files on the filesystem...

Pages