| Ticket | Info |
|---|---|
| DE4797 | Metadata, such as description, keywords, protocol,evasion groups, were updated for the following strikes: denial/misc/cve_2009_4897_ghostscript_pdf_BO.xml, denial/misc/cve_2012_0904_vlc_amr_dos.xml, denial/ftp/cve_2009_3976_proftp_banner_BO.xml, exploits/smtp/thunderbird_idbkeyrange.xml, cve_2010_0270_microsoft_windows_smb_mdl_buffer_overflow.xml, cve_2010_0476_microsoft_windows_smb_trans_response_parsing_memory_corruption.xml, cve_2010_2063_samba_smb1_andxoffset_memory_corruption.xml, cve_2013_4124_samba_smbd_nt_trans_request_nextentryoffset_infinate_memory_allocation_loop_denial_of_service.xml, cve_2014_3560_samba_nmbd_netserverinfo1_server_comment_buffer_overflow.xml, cve_2015_0240_samba_smb_rpc_netrserverpasswordset_memory_corruption.xml |
| DE6465 (1408051) | Corrected an issue with Javascript Obfuscation that caused non-random obfuscation of javascript functions. |
| DE6442 | Fixes an issue whereby the "http_server_reply" and "http_server_download" dblock types available in the Custom Application Toolkit generated no traffic. |
| DE6444 | Fixes an issue in which the Markov text bodies created via the Custom Application Toolkit's "block" dblock type resulted in no data being generated. |
| DE6513 | The "text_static" dblock type available in the Custom Application Toolkit now correctly processes the value provided in the "byte" attribute. Previously, the result of processing ASCII characters that were not numbers (i.e. 0-9) was a null byte (ASCII 0x00). |
| DE6515 | The "to_octal" dblock type available in the Custom Application Toolkit now supports string contents. |
| DE6527 | The "deflate_raw" and "inflate_raw" dblock types available in the Custom Application Toolkit now support elements whose contents are strings. |
| Name | Category | Info |
|---|---|---|
| Google Location Services Aug16 | Social Networking/Search | Google Location Services provides an estimated location of a client based on information about the WiFi routers and cell towers closest to the client, and the strength of their WiFi or cell signals. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Google App Engine Aug16 | System/Network Admin | Google App Engine is a platform for building scalable web applications and mobile backends. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| BFD Control | Enterprise Applications | Bidirectional Forwarding Detection (BFD) is used to detect faults between two forwarding engines connected by a link. BFD Control packets are used in BFD primary mode named 'Asynchronous mode'. |
| Name | Category | Info |
|---|---|---|
| Google Location Services | Social Networking/Search | Provides an estimated location of a client based on information about the WiFi routers and cell towers closest to the client. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Google App Engine | System/Network Admin | Traffic that simulates creating, deploying and testing a Java application, starting from a sample and following the Google tutorial. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Google App Engine Create and Deploy App | System/Network Admin | Traffic that simulates creating and deploying a Java application, starting from a sample and following the Google tutorial. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Google App Engine Test App | System/Network Admin | Traffic that simulates testing a Java application, created from a sample project and following the Google tutorial. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| BFD Simple Password Authentication | Enterprise Applications | BFD packets using simple password authentication. |
| BFD Keyed SHA1 and Meticulous Keyed SHA1 Authentication | Enterprise Applications | BFD packets using SHA1 authentication. |
| BFD Keyed MD5 and Meticulous Keyed MD5 Authentication | Enterprise Applications | BFD packets using md5 authentication. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E16-8bx01 |
BID-92523 CVE-2016-6909 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-40276 URL |
Exploits | This strike exploits a buffer overflow vulnerability in FortiGate firmware (FortiOS). The vulnerability is due to failure to sanitize user-supplied input while parsing an HTTP request. An remote, unauthenticated attacker could exploit this vulnerability to remotely execute arbitrary code on the target system. NOTE: A publicly available exploit for this vulnerability can be found in the reported leak of 0Day exploits from the NSA by a group known as the "Shadow Brokers", identified as EGREGIOUSBLUNDER. |
| 10.0 | E16-69i01 |
APSB-16-25 BID-91719 CVE-2016-4230 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-40311 GOOGLE-844 MS16-093 SECURITYTRACKER-1036280 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in MovieClip Transform getter. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | E16-69h01 |
APSB-16-25 BID-91719 CVE-2016-4229 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-40310 GOOGLE-843 MS16-093 SECURITYTRACKER-1036280 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in BitmapData.copyPixels. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | E16-69g01 |
APSB-16-25 BID-91719 CVE-2016-4228 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-40309 GOOGLE-842 MS16-093 SECURITYTRACKER-1036280 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in in creating objects of rectangle class for return. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | E15-9hz01 |
APSB-15-32 BID-78715 CVE-2015-8423 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-39047 GOOGLE-585 SECURITYTRACKER-1034318 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in TextField ReplaceSel. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 10.0 | E15-9hy01 |
APSB-15-32 BID-78715 CVE-2015-8422 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-39046 GOOGLE-586 SECURITYTRACKER-1034318 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in TextField SetFormat. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 9.3 | R16-24401 |
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) EXPLOITDB-40272 |
Recon | This strike emulates a reconnaissance attack against TopSec Firewalls. This attack attempts several command executions to retrieve information from the target system. NOTE: By default the vulnerable services are accessed via SSL connection (port 443). A publicly available exploit for this vulnerability can be found in the reported leak of 0Day exploits from the NSA by a group known as the "Shadow Brokers", identified as ELIGIBLECONTESTANT. |
| 9.3 | E16-r9m01 |
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) EXPLOITDB-40272 |
Exploits | This strike emulates a remote code execution attack against TopSec Firewalls. This attack uploads and executes arbitrary code via an HTTP POST request to /cgi/maincgi.cgi. NOTE: By default the vulnerable services are accessed via SSL connection (port 443). A publicly available exploit for this vulnerability can be found in the reported leak of 0Day exploits from the NSA by a group known as the "Shadow Brokers", identified as ELIGIBLECONTESTANT |
| 6.9 | D16-07401 |
BID-91083 CVE-2016-3220 CVSS-6.9 (AV:L/AC:M/AU:N/C:C/I:C/A:C) MS16-074 |
Denial | This Strike identifies a vulnerability in the way the Adobe Type Manager Font Driver handles PostScript and OpenType font objects in memory. This strike sends an executable and an OpenType font file to the target. When the executable is run, the kernel address space is brute forced to divulge the font file's address. With this information the attacker can overwrite and corrupt memory. When this happens the Windows operating system will crash. Due to the nature of the attack and the memory information that is leaked a privilege escalation attack may also be possible. |
| 6.8 | E16-7wv01 |
BID-92520 CVE-2016-6367 CVSS-6.8 (AV:L/AC:L/AU:S/C:C/I:C/A:C) EXPLOITDB-40271 URL |
Exploits | This strike targets Cisco's Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices. Specifically a vulnerability exists in the command-line interface of the software that allows a local authenticated attacker to cause a denial of service condition or execute code to escalate privileges via CLI commands. NOTE: This strike is an exploit found in a reported leak of 0Days from the NSA by a group known as the “Shadow Brokers”, it is identified as EpicBanana. |
| 5.0 | E16-6hn01 |
BID-91077 CVE-2016-4523 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Exploits | This strike exploits a vulnerability in Trihedral VTScada. Specifically the program does not properly handle HTTP requests made to the target with directory traversal characters. If several of these characters are sent to the target, an out of bounds indexing error occurs. This will crash the vtscada application, and can potentially lead to remote code execution. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E12-3d102 |
BID-53220 CVE-2012-0469 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) |
Exploits | Metadata updated for strike exploits/smtp/thunderbird_idbkeyrange.xml |
| 10.0 | E15-36o01 |
BID-72711 CVE-2015-0240 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | Metadata updated for strike exploits/smb/cve_2015_0240_samba_smb_rpc_netrserverpasswordset_memory_corruption.xml |
| 10.0 | E10-3d801 |
BID-39336 CVE-2010-0476 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) MS10-020 |
Exploits | Metadata updated for strike /exploits/smb/cve_2010_0476_microsoft_windows_smb_trans_response_parsing_memory_corruption.xml |
| 10.0 | E10-37i01 |
BID-39339 CVE-2010-0270 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) MS10-020 |
Exploits | Metadata updated for strike exploits/smb/cve_2010_0270_microsoft_windows_smb_mdl_buffer_overflow.xml |
| 9.3 | D09-62g01 |
BID-36128 CVE-2009-3976 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) |
Denial | Metadata updated for strike denial/ftp/cve_2009_3976_proftp_banner_BO.xml |
| 9.3 | D09-6s101 |
BID-41593 CVE-2009-4897 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) |
Denial | Metadata updated for strike denial/misc/cve_2009_4897_ghostscript_pdf_BO.xml |
| 7.9 | E14-5qw01 |
BID-69021 CVE-2014-3560 CVSS-7.9 (AV:A/AC:M/AU:N/C:C/I:C/A:C) URL |
Exploits | Metadata updated for strike exploits/smb/cve_2014_3560_samba_nmbd_netserverinfo1_server_comment_buffer_overflow.xml |
| 7.5 | E10-ejy01 |
BID-40884 CVE-2010-2063 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) MSF-MODULES/EXPLOITS/LINUX/SAMBA/CHAIN_REPLY.RB |
Exploits | Metadata updated for strike exploits/smb/cve_2010_2063_samba_smb1_andxoffset_memory_corruption.xml |
| 5.0 | E13-21t01 |
BID-61597 CVE-2013-4124 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) MSF-MODULES/AUXILIARY/DOS/SAMBA/READ_NTTRANS_EA_LIST.RB |
Exploits | Metadata updated for strike exploits/smb/cve_2013_4124_samba_smbd_nt_trans_request_nextentryoffset_infinate_memory_allocation_loop_denial_of_service.xml |
| 4.3 | D12-3p401 |
BID-51255 CVE-2012-0904 CVSS-4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) EXPLOITDB-18309 |
Denial | Metadata updated for strike denial/misc/cve_2012_0904_vlc_amr_dos.xml |