Displaying 161 - 180 of 38146
Last import : Jun 17 17:00

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Internet Explorer browser. Specifically, the vulnerability exists in the VBScript engine. It is possible to create VBScript in such a way that can allow for a use-after-free condition to occur when a pointer to a SafeArray object is created and stored and the object is then destroyed. This may lead to a denial of service condition in the browser,...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a remote file inclusion vulnerability in WordPress Plugin Grace. The vulnerability is due to improper sanitization of the cfg parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server.

CVSS: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

This strike exploits a remote file inclusion vulnerability in phpMyAdmin. The vulnerability is due to an improper filter, and the ability to execute a SQL sentence. By successfully exploiting this vulnerability, a remote, authenticated attacker could retrieve arbitrary files from the target server.

CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

The strike exploits a local file inclusion vulnerability in WordPress platform, leveraged beforehand by a path traversal via the wp attached file parameter. By supplying a wp page template metadata parameter, the attacker determines the theme engine to include a malicious uploaded file. By exploiting this vulnerability an authenticated attacker gains remote code execution on the target host system...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a command injection vulnerability in LAquis SCADA. The NOME parameter in HTTP requests to relatorionome.lhtml is not sanatized for command injection characters. An attacker can send a specially crafted HTTP GET or POST request to achieve command execution on the target Machine.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits an insecure deserialization via XML payload in OpenMRSs Webservices API module. By exploiting the vulnerability, an unauthenticated attacker might be able to execute system commands in the context of the user running the webserver process.

CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

This strike exploits a buffer overflow vulnerability in Microsoft Outlook client. The vulnerability is due to insufficient validation of the countOfFormNameStringObjects field in an RWZ file. A remote attacker could exploit this vulnerability by enticing a user to import a maliciously crafted file. Successful exploitation could lead to arbitrary code execution in the context of the user.

CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

This strike exploits a remote code execution on Nexus Repository Manager 3. This vulnerability is due to improper handling of the value parameter under HTTP parameter when a client sends http traffic to the server. A remote unauthenticated attacker can exploit this vulnerability by sending crafted http requests to the target server. Successful exploitation results in remote code execution.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

A remote code execution vulnerability exists in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. The vulnerability is due to the lack of data sanitization originating from non-form sources in the REST module. A remote attacker can exploit this vulnerability by sending a crafted HTTP packet to the target service. Successful exploitation could lead to arbitrary code execution or crash of the...

CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

This strike exploits a remote file inclusion vulnerability in Elasticsearch Kibana. The vulnerability is due to improper sanitization of the "apis" parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve javascript files from the target server. The other file format can be found in a log file on the target server.

CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

This strike exploits a information disclosure vulnerability in the GDI Graphics Device Interface components of Microsoft Windows. The vulnerability is due to improper handling of EMF records in memory by the gdiplus.dll library. The vulnerability can be exploited by crafting a malicious EMF file and enticing a user to download and open it. Successful exploitation may result in execution of arbitrary...

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits an input validation vulnerability found in WinRAR. The vulnerability is due to improper input validation while parsing specific header fields from an ACE archive. An attacker could exploit this vulnerability by crafting a special ACE file. A successful exploit could allow the attacker to execute arbitrary commands on the target system.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in Apple Webkit. Specifically, an attacker can craft javascript that takes advantage of a vulnerability that exists in how the GetIndexedPropertyStorage can cause garbage collection via rope strings, which can lead to a use after free condition. This can cause a denial of service in the browser or potentially allow for remote code execution to occur.

CVSS: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)

The strikes emulates a path traversal attack on WordPress CMS platform. The attack can be carried by a low privileged user by providing a wp attached file parameter when editing media files, thus modifying post metadata. By leveraging this vulnerability with a local file inclusion exploit, an attacker may gain code execution on the host system.

CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

This strike exploits a sql injection vulnerability in WordPress Plugin Booking Calendar 8.4.3. The vulnerability is due to improper sanitization of the booking id parameter. By successfully exploiting this vulnerability, an authenticated attacker could perform sql injection on the target server.

CVSS: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

This strike exploits a command injection vulnerability in LAquis SCADA. The PAGINA parameter in HTTP requests to acompanhamentotela.lhtml and the TITULO parameter in requests to relatorioindividual.lhtml are not sanatized for command injection characters. An attacker can send a specially crafted HTTP GET or POST request to achieve command execution on the target Machine.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that when using the InjectJsBuiltInLibraryCode method an attacker can clear the disable-implicit-call flag can lead to a stack based use after free condition. This may lead to a denial of service condition in the...

CVSS: 6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)

This strike exploits an out of bounds vulnerability in NTPsec ntpd. This vulnerability is due to insufficient validation of a parsed field from a NTP packet. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted NTP packet to the target server. Successful exploitation could lead to information disclosure of sensitive information.

CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

This strike exploits a remote command execution vulnerability in Script Security Plugin pertaining to Jenkins master. The vulnerability is due to improper validation of data passed to the Jenkins master sandbox. A specially crafted HTTP POST request containing a sandbox script leads to remote code execution conditions on the vulnerable server.

CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)

This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that when using the NewScObjectNoCtor or InitProto methods with the SetIsPrototype method of the type handler, a transition to a new type can cause type confusion to occur. This can lead to a denial of service in...

Pages