Ticket | Info |
---|---|
US83163 | Proxy support was added for super flow "Amazon S3 Retrieve Objects". |
Name | Category | Info |
---|---|---|
Instagram Apr18 | Social Networking/Search | Instagram is a photo and video-sharing social networking service owned by Facebook, Inc. The service also adds messaging features, the ability to include multiple images or videos in a single post, as well as "Stories" - similar to its main competitor Snapchat - which allows users to post photos and videos to a sequential feed. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Zoosk Apr18 | Social Networking/Search | Zoosk is an online dating service available in 25 languages and in more than 80 countries. Zoosk users are aged 18 and older. It uses gamification and popularity rankings to encourage participation. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Name | Category | Info |
---|---|---|
Instagram Apr 18 | Social Networking/Search | Instagram simulation of signing in, photo viewing and commenting, as well as sharing a photo before logging out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Instagram Bandwidth | Social Networking/Search | Instagram emulation showing login, photo viewing and commenting as well as sharing a photo before logging out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Zoosk Apr 18 | Social Networking/Search | Simulates a typical use case of the Zoosk website. The user signs in, uploads a photo, reads received messages and browses profiles. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E05-zw791 |
BID-74072 CVE-2015-0469 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) |
Exploits | An out of bounds memory access vulnerability has been reported in Oracle Java SE. The vulnerability is due to insufficient validation of an index value prior to array access. A remote unauthenticated attacker can exploit this vulnerability by persuading users to load a malicious web page containing a Java applet. Successful exploitation could cause memory corruption that may lead to arbitrary code execution in the security context of the logged in user, or terminate the application resulting in a denial of service condition. |
7.6 | E18-0jpj1 |
BID-103298 CVE-2018-0935 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-44404 |
Exploits | This strike exploits a vulnerability in the Microsoft Internet Explorer browser. The vulnerability lies within jscript.dll. A HTML page containing Javascript can be crafted in such a way that allows for a heap buffer overflow. Successful exploitation may lead to a denial of service condition in the browser, or potentially remote code execution. |
7.6 | E18-0jmr1 |
BID-102874 CVE-2018-0835 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-44079 GOOGLE-1459 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. Javascript can be crafted in such a way that allows for type confusion to occur when a call to Array.prototype.reverse is made. This can allow for a denial of service to occur or potentially remote code execution. |
7.6 | E18-0hxs1 |
BID-100051 CVE-2017-8640 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-42476 GOOGLE-1297 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. Javascript can be crafted in such a way that allows for the function argument object to be uninitialized. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
7.6 | D18-0hxy2 |
BID-100053 CVE-2017-8646 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-42470 GOOGLE-1277 |
Denial | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. Javascript can be crafted in such a way that allows for the function PushPopFrameHelper to be used incorrectly. This results in a denial of service condition in the browser. |
7.5 | E18-0p7d1 |
CVE-2018-8057 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-44454 |
Exploits | An SQL injection vulnerability exists in Cobub Razor mobile analytics appliance. The vulnerability is due to insufficient user-supplied input validation within channel.php script. The successful exploitation of this vulnerability can result in database information disclosure without authentication via a specially crafted HTTP POST request. |
7.5 | E18-mb081 |
BID-103776 CVE-2018-2628 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) SECURITYTRACKER-1040696 URL |
Exploits | An insecure deserialization vulnerability was found in Oracle WebLogic Server due to insufficient validation of serialized data. Vulnerability can be exploited by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the context of the user running WebLogic. |
7.5 | E18-0jyu1 |
BID-103696 CVE-2018-1270 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a remote command injection vulnerability in the Pivotal Spring Web framework. The vulnerability exists due to insufficient validation of user-supplied input to a STOMP broker in the spring-messaging module. The vulnerability can be exploited by sending a specially crafted request to a STOMP broker, allowing arbitrary command execution in the context of the running service. |
7.5 | E18-0jto2 |
BID-103758 CVE-2018-1084 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) |
Exploits | This strike exploits an integer overflow flaw in Corosync Cluster Engine. The vulnerability is due to improper length checking on received input UDP data. A remote attacker can trigger this vulnerability by sending a crafted UDP request to target server. This results in Denial-of-Service on the target device. |
7.5 | E18-0o1e1 |
CVE-2018-6546 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-44476 URL |
Exploits | This strike exploits a remote file execution vulnerability in AMD Raptr. HTTP POST requests to the execute_installer URI are intended to execute the installer file with path stored in the data parameter. However, any arbitrary executable path stored in the data parameter will be executed. An attacker can send a specially crafted HTTP POST request to cause arbitrary file execution on the target system. |
6.8 | E18-0ppo1 |
CVE-2018-8716 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) EXPLOITDB-44531 URL |
Exploits | This strike exploits a cross-site scripting vulnerability in WSO2 Identity Server. This vulnerability is due to improper sanitization of user input when adding a new workflow engine profile. By enticing an authenticated user to visit an attacker controlled webpage or click a malicious link, an attacker could access any cookies, session tokens, or other sensitive information retained by the browser. |
6.8 | E18-0ija1 |
CVE-2017-9414 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) EXPLOITDB-42120 URL |
Exploits | This strike exploits a cross-site scripting vulnerability in Subsonic media server. This vulnerability is due to improper sanitization of user controlled parameters to different HTTP GET and POST requests. By enticing an authenticated user to visit an attacker controlled webpage or click a malicious link, an attacker could access any cookies, session tokens, or other sensitive information retained by the browser. |
6.8 | E18-0jyx1 |
BID-100948 CVE-2018-1273 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a remote code execution vulnerability in Pivotal Spring Data Commons. The vulnerability is due to a SPEL injection in SimpleEvaluationContext method. Successful exploitation can result in arbitrary code execution in the context of Spring Data Commons. |
6.8 | E18-0yby1 |
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) EXPLOITDB-44494 |
Exploits | This strike exploits a stack based buffer overflow vulnerability in VX Search 10.6.18. If a directory parameter is imported with an overly large amount of data, the stack can overflow allowing for remote code execution. |
6.1 | E18-0yb81 |
CVSS-6.1 (AV:L/AC:L/AU:N/C:P/I:P/A:C) EXPLOITDB-44468 URL |
Exploits | This strike exploits an integer overflow vulnerability in Zortam MP3 Media Studio desktop Mp3 Library component. The vulnerability is due to improper parsing of user-supplied input in a search form. Successful exploitation may result in a crash of the running application or potentially in an execution of arbitrary code with SYSTEM privileges. |
5.8 | E18-0ql21 |
CVE-2018-9846 CVSS-5.8 (AV:N/AC:M/AU:N/C:P/I:P/A:N) URL |
Exploits | This strike exploits a command injection vulnerability in the Roundcube Webmail. This vulnerability is due to improper handling of the HTTP parameter when a client sends http traffic to the server. A remote attacker can trigger this vulnerability by enticing an authenticated user to visit a crafted page, which sends a request to the target server. This results in arbitrary IMAP injection on the target device. |
5.0 | E18-0psv1 |
CVE-2018-8831 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:P/A:N) EXPLOITDB-44487 URL |
Exploits | This strike exploits a cross-site scripting vulnerability in Kodi Media Player software. This vulnerability is due to inadequate input filtering in the web interface, while creating a new playlist. By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target user's browser. |
5.0 | E18-0h0v1 |
CVE-2017-7455 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) EXPLOITDB-41850 URL |
Exploits | This strike exploits an information disclosure vulnerability in MXview Industrial Network Management Software. The vulnerability is due to lack of access controls and improper handling of HTTP requests. Successful exploitation will allow an attacker to obtain sensitive information from the server, including SSL private key. |
5.0 | D18-0h0w1 |
CVE-2017-7456 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) EXPLOITDB-41851 URL |
Denial | This strike exploits a denial of service vulnerability in MXview Industrial Network Management Software. The vulnerability is due to improper handling of supplied credentials when users try to login. Successful exploitation will cause the unavailability of MXview server. |
5.0 | D18-0jzr1 |
CVE-2018-1303 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Denial | This strike exploits a denial of service vulnerability in Apache HTTP Server configured with mod_cache_socache. An error in handling empty HTTP headers may lead to abnormal termination of the httpd process, resulting in a denial of service condition. An attacker can send specially crafted HTTP messaged with empty HTTP header to trigger the vulnerability. |
4.3 | E18-0ihn1 |
CVE-2017-9355 CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N) EXPLOITDB-42119 SCIP-102086 |
Exploits | This strike exploits a XML external entity vulnerability in Subsonic media server. The vulnerability is due improper parsing of input file when user imports a new playlist. By enticing a user to import a specially crafted .xsfp file, an attacker could evade firewalls and perform server-side request forgery attacks. |