Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 161 - 180 of 58316
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
An OS command injection exists in Jenkins Git Client plugin. The vulnerability is due to lack of parameter sanitization while parsing parameters set to configure a Jenkins job. By exploiting this flaw, an authenticated remote attacker can run arbitrary OS commands on the target system. Note: All versions of Jenkins Git Client below 2.8.2 are affected by this vulnerability.
CVSS: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
A stack based buffer overflow exists in Eclipse Mosquitto 1.5 to 1.6.5 due to stack area being overrun by the recursive function retain search. A remote attacker may crash the server by sending a SUBSCRIBE packet with a topic name of variable length consisting of / characters. The exact number of characters depends on the stack size and how much of the stack space is filled at runtime.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Google Chrome. Specifically the vulnerability lies with how the v8 Javascript engine handles Object.seal/freeze on maps and element storage of objects, and how incorrect map transitions are followed by v8 without properly updating the element backing store. This can cause a denial of service condition in the browser but also leads to remote code execution....
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An OS command injection vulnerability exists in D-Link DNS-320 ShareCenter versions <= 2.05.B10. The flaw is a result of no input sanitization on the port parameter login mgr.cgi cgi requests. A remote unauthenticated attacker may issue system commands with root privileges.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike simulates an attack on Pulse Connect Secure versions prior to 8.1 R15.1, 8.2 before 8.2 R12.1, 8.3 before 8.3 R7.1, and 9.0 before 9.0 R3.4. The flaw takes advantage of a directory traversal vulnerability and allows remote unauthenticated attackers to read arbitrary files residing on the host system.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a memory corruption vulnerability in Internet Explorer. The vulnerability is due to improper handling of memory objects. By enticing a user to access a specially crafted page, an attacker could exploit this vulnerability to corrupt memory and remotely execute malicious code in the context of the current user.
CVSS: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
This strike exploits a directory traversal vulnerability in OpenEMR. The vulnerability is due to improper sanitization of the form filename parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server.
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
A remote code execution vulnerability exists in LibreNMS versions prior to 1.46. The vulnerability is a result of improper sanitization when parsing the community HTTP request parameter within addhost.inc.php A successful attacker is thus able to send specially crafted HTTP requests that could lead to execution of arbitrary commands on the target server.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a sql injection vulnerability in WordPress Plugin Photo Gallery. The vulnerability is due to improper sanitization of the album id parameter. By successfully exploiting this vulnerability, an authenticated attacker could perform sql injection on the target server.
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
A command injection vulnerability exists in Pulse Connect Secure due to insufficient parameter sanitization. The vulnerability resides in the /dana-admin/diag/diag.cgi endpoint and can be exploited by crafting the options parameter in order to create a template file which contains Perl directives. By exploiting the flaw, a remote authenticated attacker may execute arbitrary commands on the target...
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
An out of bounds read vulnerability been reported in Adobe Acrobat due to improper handling of JOBOPTIONS files. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted one-byte JOBOPTIONS file. Successful exploitation could lead to information disclosure.
CVSS: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
This strike simulates a CSRF attack on phpMyAdmin. The flaw is a result of no anti-CSRF technique being employed in the setup page. A remote attacker may entice a phpMyAdmin user to make a request to a crefted URL, leading to removal of arbitray servers from the phpMyAdmin configuration.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically an attacker can craft javascript in such a way that allows for the initialization process to run without caring about the ImplicitCallFlags. This can cause a denial of service condition in the browser or potentially allow for remote code execution to occur.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
An OS command injection exists in FusionPBX 4.4.8 due to lack of parameter sanitization while parsing requests to service edit.php. By exploiting this flaw, an authenticated remote attacker can run arbitrary OS commands on the target system.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Apple Safari Webkit. Specifically when trying to inline GetByVal operations on stack-allocated arguments the code fails to properly check whether index is lower than numberOfArgumentsToSkip. This can potentially lead to uninitialized variable access which can cause a denial of service condition in the browser or allow for remote code execution to occur.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a remote code execution in the HPE Intelligent Management Center. The vulnerability is due to improper sanitization of user input beanName which is passed to the application via the IccSelectDevTypeBean class. A remote authorized attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in remote code execution on...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a heap double free vulnerability found in Adobe Acrobat and Reader. The vulnerability is due to improper input validation while parsing specific header fields of a PDF document. An attacker could exploit this vulnerability by creating a specially crafted PDF file and entice an user to open it. Successful exploitation could lead to arbitrary code execution on the target Machine...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a heap double free vulnerability found in Adobe Acrobat and Reader. The vulnerability is due to improper input validation while parsing specific header fields of a PDF document. An attacker could exploit this vulnerability by creating a specially crafted PDF file and entice an user to open it. Successful exploitation could lead to arbitrary code execution on the target Machine...
CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
This strike exploits a cross-site scripting vulnerability in Wordpress Plugin UserPro. This vulnerability is due to inadequate input filtering of error description in the web interface. An attacker could exploit this vulnerability by enticing a user to visit an attacker controlled webpage or click a malicious link. By exploiting this vulnerability an attacker could trigger reflected cross site...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a SQL injection vulnerability in the Django server. The vulnerability is caused by insufficient validation of user input on HTTP requests, which are used to create SQL queries. Successful exploitation could allow an attacker to execute SQL command on the target server.
