Strike Database
Important Information
On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.
CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.
For details, click here.
Displaying 181 - 200 of 59925
CVSS: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
A command injection vulnerability exists in Pulse Connect Secure due to insufficient parameter sanitization. The vulnerability resides in the '/dana-admin/diag/diag.cgi' endpoint and can be exploited by crafting the 'options' parameter in order to create a template file which contains Perl directives. By exploiting the flaw, a remote authenticated attacker may execute arbitrary...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Apple Safari Webkit. Specifically when trying to inline GetByVal operations on stack-allocated arguments the code fails to properly check whether index is lower than numberOfArgumentsToSkip. This can potentially lead to uninitialized variable access which can cause a denial of service condition in the browser or allow for remote code execution to occur.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
An out of bounds read vulnerability been reported in Adobe Acrobat due to improper handling of JOBOPTIONS files. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted one-byte JOBOPTIONS file. Successful exploitation could lead to information disclosure.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in the Microsoft Edge browser. Specifically an attacker can craft javascript in such a way that allows for the initialization process to run without caring about the ImplicitCallFlags. This can cause a denial of service condition in the browser or potentially allow for remote code execution to occur.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a sql injection vulnerability in WordPress Plugin Photo Gallery. The vulnerability is due to improper sanitization of the album_id parameter. By successfully exploiting this vulnerability, an authenticated attacker could perform sql injection on the target server.
CVSS: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
This strike simulates a CSRF attack on phpMyAdmin. The flaw is a result of no anti-CSRF technique being employed in the setup page. A remote attacker may entice a phpMyAdmin user to make a request to a crefted URL, leading to removal of arbitray servers from the phpMyAdmin configuration.
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a remote code execution in the HPE Intelligent Management Center. The vulnerability is due to improper sanitization of user input "beanName" which is passed to the application via the IccSelectDevTypeBean class. A remote authorized attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in remote code...
CVSS: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
A remote code execution vulnerability exists in LibreNMS versions prior to 1.46. The vulnerability is a result of improper sanitization when parsing the 'community' HTTP request parameter within 'addhost.inc.php' A successful attacker is thus able to send specially crafted HTTP requests that could lead to execution of arbitrary commands on the target server.
CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
This strike exploits a cross-site scripting vulnerability in Wordpress Plugin UserPro. This vulnerability is due to inadequate input filtering of "error_description" in the web interface. An attacker could exploit this vulnerability by enticing a user to visit an attacker controlled webpage or click a malicious link. By exploiting this vulnerability an attacker could trigger reflected cross...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a SQL injection vulnerability in the Django server. The vulnerability is caused by insufficient validation of user input on HTTP requests, which are used to create SQL queries. Successful exploitation could allow an attacker to execute SQL command on the target server.
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Apple Safari Webkit. Specifically after optimizations are performed on AIR code, a register gets marked as late use and ultimately is determined to be a dead register and discarded. It may be possible for an attacker to construct Javascript in such a way that it is possible to control the data in this dangling register. This can cause a denial of service...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a heap double free vulnerability found in Adobe Acrobat and Reader. The vulnerability is due to improper input validation while parsing specific header fields of a PDF document. An attacker could exploit this vulnerability by creating a specially crafted PDF file and entice a user to open it. Successful exploitation could lead to arbitrary code execution on the target machine...
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This strike exploits a heap double free vulnerability found in Adobe Acrobat and Reader. The vulnerability is due to improper input validation while parsing specific header fields of a PDF document. An attacker could exploit this vulnerability by creating a specially crafted PDF file and entice a user to open it. Successful exploitation could lead to arbitrary code execution on the target machine...
CVSS: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
This strike exploits a remote code execution in the HPE Intelligent Management. The vulnerability is due to improper sanitization of user input "beanName" which is passed to the application via the IccSelectDevTypeBean class. A remote authorized attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in remote code execution...
CVSS: 9.0 (AV:N/AC:L/Au:N/C:P/I:P/A:C)
An OS command injection vulnerability exists in Webmin 1.920 and prior versions. The flaw exists in the password change functionality and is reachable via the '/password_change.cgi' endopint. By exploiting this vulnerability, a remote unauthenticated attacker may execute arbitrary OS commands on the target system.
CVSS: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
This strike exploits a remote code execution in the JIRA Template. The vulnerability is due to improper sanitization of user input which is passed to the application via the ContactAdministrators and SendBulkMail actions. A remote authorized attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in remote code execution on the target...
CVSS: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
This strike exploits a vulnerability in Apple Safari Webkit. It is possible for an attacker to construct Javascript in such a way that when the emitEqualityOpImpl method is called it will incorrectly replace the typeof instruction with the is_cell_with_type instruction. This can cause a denial of service condition in the browser or potentially allow for remote code execution to occur.
CVSS: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
An integer underflow vulnerability exists in VxWorks 6.8 TCP stack. This strike simulates a denial of service attack by setting the URGENT TCP pointer to 0 (zero) when communicating with any network service. By exploiting this flaw, a remote attacker can cause denial of service by crashing the target network stack.
CVSS: 4.0 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
This strike exploits a vulnerability in Apple Safari Webkit. Specifically a JSValue ValueProfile pointing to a previously freed chunk of memory which will have its JSCell header overwritten. When this gets accessed out of bounds a crash will occur. An attacker can craft javascript in such a manner that will cause memory corruption to occur, causing a denial of service in the browser and potentially...
CVSS: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
This strike replicates a directory traversal attack on Fortinet FortiOS. The vulnerability resides in the '/remote/fgt_lang' endpoint and affects product versions 5.6.3 to 5.6.7 and 6.0.0 to 6.0.4. By exploiting this flaw, a remote unauthenticated attacker may take over the device and perform attacks such as DNS hijacks.
