Displaying 161 - 180 of 38219

CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

This strike exploits a directory traversal vulnerability in GrandNode Ecommerce platform. The vulnerability is due to improper sanitization of parameters passed to the LetsEncryptController module. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server.

CVSS: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)

This strike simulates a stored XSS attack on Symantec DLP 15.5 MP1. The flaw exists in /ProtectManager/enforce/admin/senderrecipientpatterns/list endpoint due to lack of sanitization for the name parameter. A successful authenticated attacker is thus able gain control of victims browser.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

An OS command injection exists in Centreon 19.04.0 due to lack of sanitization when the nagios binary path is set. By exploiting this flaw, an authenticated remote attacker can run arbitrary OS commands on the target system.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Mozilla Firefox. Specifically, the vulnerability exists in the Javascript engine Spidermonkey. It is possible to craft Javascript in such a way that in IonMonkey an unexpected ObjectGroup in an ObjectGroupDispatch operation might allow for unsafe code to execute. This could cause type confusion to occur causing a denial of service condition in the browser or...

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a path traversal vulnerability found in Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-...

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a file upload vulnerability in Adobe Coldfusion. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending crafted HTTP traffic to the target server. Successful exploitation could lead to file upload and code execution on the target server.

CVSS: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

This strike exploits an authentication bypass on the Wordpress Plugin Like Button. The vulnerability is due to not properly checking if the request is sent by an authorized user. A remote unauthorized attacker can exploit this vulnerability by sending a crafted HTTP POST request to the system. Successful exploitation results in changing the configuration of the plugin setting.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

A code execution vulnerability has been reported in Microsoft Windows ActiveX Data Objects ADO. The vulnerability is due to improper handling of an object. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted file. Successful exploitation could result in the execution of arbitrary code with the victims privileges.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits an information disclosure vulnerability in Microsoft Windows GDI component. The flaw is located in bHandleCreateDIBPatternBrush function and exists due to lack of checks when parsing an EMF files BITMAPINFOHEADER fields. In order to exploit this vulnerability an attacker must entice the victim to open a malicious emf file.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Mozilla Firefox. Specifically, the vulnerability exists in the Javascript engine Spidermonkey. It is possible to craft Javascript in such a way that IonMonkey incorrectly predicts the return type of Array.Prototype.pop. This causes type confusion to occur which can result in remote code execution.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Apple Webkit JavaScriptCore. Specifically, the vulnerability exists during JIT compilation in FTL. It occurs when a loop-invariant code motion moves access to an array before a bounds check occurs. When this happens a denial of service condition, or potentially remote code execution, may occur.

CVSS: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

This strike exploits a directory traversal vulnerability in Cisco Prime Infrastructure EPNM. The vulnerability is due to improper sanitization of the downloadDirectory parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Apple Webkit JavaScriptCore. Specifically, the vulnerability exists when a Watchpoint jettisons code that has already been freed. This causes a Use-After-Free condition to occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

A remote command execution exists in Exim versions 4.87 to 4.91, due to lack of user input sanitization when processing RCPT TO and MAIL FROM commands. Successful attack results in remote command execution with root privileges.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a remote code execution vulnerability found in Cisco Prime Infrastructure Web server. The vulnerability is due to improper directory permissions. An unauthenticated attacker could exploit this vulnerability by crafting a special HTTP POST request. A successful exploit could allow the attacker to execute arbitrary commands on the underlying system.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits a information disclosure vulnerability in the GDI+ Graphics Device Interface module of Microsoft Windows. The vulnerability is due to improper handling of EMF records in memory. The vulnerability can be exploited by crafting a malicious EMF file and enticing a user to download and open it. Successful exploitation could result in an information leak which could be used to further...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

An OS command injection exists in Schneider Electric U.Motion Builder. The flaw, located in track import export.php, is a result of lack of user-supplied data sanitization and may be exploited via the object id parameter. A remote unauthenticated attack may lead to arbitrary OS commands being issued on the host system.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike simulates a remote code execution attack on Oracle Weblogic Server. The flaw is due to lack of authentication and input sanitization when the server receives SOAP calls. By exploiting a vulnerable system, a remote unauthenticated attacker is able to execute arbitrary commands on the target system.

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a directory traversal vulnerability in Joomla Core 1.5.0 - 3.9.4. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending crafted HTTP traffic to the target server. Successful exploitation could lead to file access outside the media manager root directory.

CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

This strike exploits an integer overflow vulnerability in Microsoft Windows SMB Server. The vulnerability is due to improper handling of SMBv2 requests. A remote, authenticated attacker could exploit this vulnerability to execute arbitrary code on the target system.

Pages