| Ticket | Info |
|---|---|
| DE9413 | Removed Microsoft Tuesday strikelists with zero strikes. No new Microsoft Tuesday strikelists will be generated. |
| DE9729 | "Yahoo Mail" SuperFlow has been deprecated and superseded by "Yahoo Mail May18". |
| DE9712 | Strikes with over 5000 variants were slow to load and failed to run on some older systems. Thirteen strikes have had their variant counts reduced to under 5000: E15-4cg01, E13-40001, E14-4dp01, E14-38j01, E13-30r01, E14-92f01, E15-4ab01, E13-32g01, E15-5ju01, E14-5pn01, E09-4iy01, E12-4k302, E14-64i01. |
| DE9728 | Facebook superflows: "Facebook", "Facebook iOS", "Facebook Japanese" did not have the server responses actions after client sent "UpdateStatus" request. This caused issues with Proxy support functionalities."UpdateStatusResponse" action was added to these superflows. |
| Ticket | Info |
|---|---|
| US83041 | Two new actions "CANCEL" and "487 RequestTerminated" have been added to SIP. The two actions were included in a new super flow called "SIP CANCEL Call Flow". |
| US83540 | Added 'Proxy' support to protocol "Pinterest Jun17" |
| US87509 | Added proxy support for HTTP flows within 'Skype V5' super flows. |
| US87510 | The Superflow "BitTorrent Enterprise" has been modified such that only the HTTP part of the superflow is proxy compliant. |
| US87511 | "WindowsLiveMail" Application Protocol has been deprecated and superseded by "WindowsLiveMail May18". |
| US87771 | Ports were made unique per superflow to avoid same ip/port combination for distinct flows. The range of ports used was increased from 50000-50100 to 50000-55000. |
| Name | Category | Info |
|---|---|---|
| WindowsLiveMail May18 | Email/WebMail | Simulates the use of the WindowsLiveMail website as of May 2018. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Yahoo Mail May18 | Email/WebMail | Simulates the use of the Yahoo Mail website as of May 2018. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Category | Info |
|---|---|---|
| WindowsLiveMail May 18 | Email/WebMail | Simulates the use of the WindowsLiveMail website as of May 2018. All of the available actions for this flow are exercised. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| WindowsLiveMail May 18 Send Message | Email/WebMail | Simulates the use of the WindowsLiveMail website as of May 2018. The user accesses the sign in page, signs in, views the inbox, sends a message then logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| WindowsLiveMail May 18 Send Message with Attachment | Email/WebMail | Simulates the use of the WindowsLiveMail website as of May 2018. The user accesses the sign in page, signs in, views the inbox, sends a message with attachment then logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| WindowsLiveMail May 18 View Message | Email/WebMail | Simulates the use of the WindowsLiveMail website as of May 2018. The user accesses the sign in page, signs in, views the inbox, views a message then logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| WindowsLiveMail May 18 View Message with Attachment | Email/WebMail | Simulates the use of the WindowsLiveMail website as of May 2018. The user accesses the sign in page, signs in, views the inbox, views a message that contains an attachment then logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Yahoo Mail May18 | Email/WebMail | Simulates the use of the Yahoo Mail website as of May 2018. All of the available actions for this flow are exercised. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| SIP CANCEL Call Flow | Voice/Video/Media | A series of actions here simulate the SIP cancel call flow. Initially the caller places a call (INVITE) to the recipient and then sends the CANCEL to the recipient. The recipient stops ringing and returns a 487 Request Terminated to the caller. The 487 is the final response for the INVITE sent initially by the caller. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E18-0p2q1 |
BID-103358 CVE-2018-7890 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a remote code execution on Zoho ManageEngine Applications Manager 13.5. This vulnerability is due to improper handling of the UserName values under HTTP parameter when a client sends http traffic to the server. A remote attacker can exploit this vulnerability by sending crafted http requests to the target server. Successful exploitation results in remote code execution. |
| 10.0 | B17-exl51 |
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Backdoors | This strike simulates a user mode doublepulsar backdoor. The actual doublepulsar loading of the DLL occurs in usermode. This is 64-bit version of the shellcode. Note: This backdoor uses the usermode shellcode from the DOUBLEPULSAR payload to reflectively load an arbitrary DLL into another process. |
| 9.3 | E18-maz41 |
BID-103600 CVE-2018-1015 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) SECURITYTRACKER-1040656 URL |
Exploits | This strike exploits a vulnerability in the Windows Font Library. The vulnerability is caused by improper handling of embedded fonts. A remote attacker could exploit the vulnerability to execute arbitrary code or cause a denial of service (BSOD) by enticing a user to open a specially crafted TrueType file. |
| 7.6 | D18-0jl33 |
BID-102400 CVE-2018-0775 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-43717 GOOGLE-1412 |
Denial | This strike exploits a vulnerability in the Microsoft Edge Browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that the DeferParse flag causes an incorrect opcode to be generated, which changes the function expression's scope. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
| 7.6 | D18-0jkx2 |
BID-102396 CVE-2018-0769 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-43710 GOOGLE-1390 |
Denial | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that will allow for an integer overflow to occur because a bounds check is calculated incorrectly when the code is JITed. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
| 7.6 | D18-3dwj1 |
BID-102045 CVE-2017-11907 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-43370 GOOGLE-1383 |
Denial | This strike exploits a vulnerability in the Microsoft Internet Explorer browser. Specifically, the vulnerability exists in jscript.dll. It is possible to craft Javascript in such a way that will allow for a heap overflow to occur when making calls to the JsArrayStringHeapSort or JsArrayFunctionHeapSort functions. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
| 7.5 | E18-5jiq1 |
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-44877 URL |
Exploits | This strike exploits an Error-Based SQL injection vulnerability in Joomla! Component EkRishta 2.10. The vulnerability is caused by insufficient validation of user input on HTTP requests which are used to create SQL queries. Successful exploitation could allow an attacker to see the database information on the target server. |
| 7.5 | E18-0pq62 |
CVE-2018-12498 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) |
Exploits | This strike exploits an Time-Based SQL injection vulnerability in iCMS v7.0.8. The vulnerability is caused by insufficient validation of user input on HTTP requests which are used to create SQL queries. Successful exploitation could allow an attacker to trigger a denial-of-service on the target server for a short period. |
| 6.5 | E18-5ic91 |
CVE-2018-10969 CVSS-6.5 (AV:N/AC:L/AU:S/C:P/I:P/A:P) EXPLOITDB-44867 |
Exploits | This Strike exploits a blind SQL injection in WordPress Pie Register plugin. The vulnerability is due to insufficient user input sanitization passed to order parameter. A specially crafted HTTP GET request can cause a SQLi in the context of the database user. |
| 6.4 | E18-0ozv1 |
BID-104447 CVE-2018-7787 CVSS-6.4 (AV:N/AC:L/AU:N/C:P/I:P/A:N) URL |
Exploits | This strike exploits a directory traversal vulnerability in Schneider Electric U.motion Builde. The vulnerability is due to improper validation of input of context parameter in HTTP GET request, which could allow the disclosure of sensitive information. |
| 6.3 | E18-0jqf1 |
BID-103652 CVE-2018-0967 CVSS-6.3 (AV:N/AC:M/AU:S/C:N/I:N/A:C) URL |
Exploits | A heap corruption vulnerability was discovered in Microsoft Windows SNMP service. The vulnerability is due to insufficient input validation when parsing the SNMP traps. A remote, unauthenticated attacker can take advantage of this flaw by crafting special SNMP traps that will crash the snmpd process. |
| 5.0 | E18-5ibw1 |
CVE-2018-10956 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) EXPLOITDB-44916 URL |
Exploits | This strike exploits a directory traversal vulnerability within the IPConfigure Orchid Core Video Management System. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted HTTP request to the target server. Successful exploitation results in the disclosure of arbitrary file contents from the target server. |
| 5.0 | E18-3hm81 |
BID-102424 CVE-2017-16720 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) EXPLOITDB-44278 ZDI-18-024 |
Exploits | This strike exploits a buffer overflow vulnerability in Advantech WebAccess software. The vulnerability is due to lack of proper validation of user-supplied pathname before copying it to a stack-based buffer. A specially crafted DCE/RPC request could lead to arbitrary code execution on the target server or abnormal termination within the context of the WebAccess process. |