Name | Info |
---|---|
Keysight Enterprise Datacenter | Test profile that simulates Keysight Data Center traffic distribution as described in a 2018 Firewall Test report. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
9.3 | E18-ww891 |
CVE-2018-14847 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a vulnerability found in WinBox tool for MikroTik RouterOS. The vulnerability is due to improper verification of session ID field in the authentication step. By successfully exploiting this vulnerability, an attacker can obtain the admin credentials of the device. |
9.3 | E18-0pg51 |
CVE-2018-8373 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a vulnerability in Microsoft VBScript Engine. Specifically the vulnerability fakes and overrides the array object to perform arbitrary address reading and writing. In the end, it releases code to execute after constructing an object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. |
9.0 | E18-0gl01 |
CVE-2018-1000019 CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C) EXPLOITDB-45161 URL |
Exploits | This strike exploits a command injection vulnerability in OpenEMR. The vulnerability is due to improper validation of input passed to 'edit_globals.php' script. By exploiting this vulnerability, a remote authenticated attacker can execute arbitrary OS commands on the target router. |
9.0 | E18-5l9r1 |
CVE-2018-14767 CVSS-9.0 (AV:N/AC:L/AU:N/C:P/I:P/A:C) URL |
Exploits | This strike exploits an out of bounds read vulnerability in Kamailio SIP server. The vulnerability is due to missing input validation in the "build_res_buf_from_sip_req" core function, when processing the "To" header. An attacker can exploit this vulnerability by sending a specially crafted SIP REGISTER request containing a header with two "To" headers, first of them having an empty "tag" value. Successful exploitation renders the resource completely unavailable and may lead further to arbitrary code execution. |
7.5 | E17-cceq1 |
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a file upload vulnerability present in Joomla com_media plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the Xattacker tool. |
7.5 | E17-nmv01 |
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a file upload vulnerability present in Joomla com_jce plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool. |
7.5 | E18-01ir1 |
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a file upload vulnerability present in Joomla com_jbcatalog plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker Tool. |
7.5 | E17-a8ob1 |
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a file upload vulnerability present in Joomla com_fabrik plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool. |
7.5 | E18-5lk31 |
CVE-2018-15139 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | A file upload vulnerability was found in the OpenEMR. The vulnerability is caused by the lack of proper input sanitisation passed to the manage_site_files Web PHP form. Successful exploitation can result in arbitrary code execution in the context of the user running OpenEMR. |
7.5 | E18-ua3d1 |
CVE-2018-1999001 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | The strike exploits a policy bypass vulnerability in Jenkins CI Server. This vulnerability is due to insufficient validation of login requests by the "getOrCreate" function. By abusing this flaw, an attacker could trigger the removal of the config.xml file from the Jenkins' root directory which results in granting administrator access to anonymous users. |
7.5 | E18-0jgg1 |
CVE-2018-0608 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a heap buffer overflow vulnerability in H2O Webserver. H2O Webserver has a function to allocate sufficient memory for large HTTP headers, however, in certain cases the buffer position pointer may become negative or overly large. In this case, the buffer will not be reallocated, leading to a buffer overflow. An attacker can exploit this vulnerability by sending a specially crafted HTTP message. Successful exploitation may result in arbitrary code execution or abnormal termination of the H2O Webserver, leading to a denial of service condition. |
6.8 | E18-0m0k1 |
CVE-2018-3924 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a use-after-free vulnerability in the JavaScript engine of Foxit PDF Reader. This vulnerability is due to improper handling of an annotation object while invoking the 'mailForm' method of the active document. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code. |
6.8 | E18-0f7v1 |
BID-100610 CVE-2017-5115 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a vulnerability in Google Chrome. Specifically, the vulnerability exists in the v8 Javascript engine. It is possible to craft Javascript in such a way that will allow for out of bounds memory to be accessed. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
6.8 | E18-0f7e1 |
BID-99950 CVE-2017-5098 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a vulnerability in Google Chrome. Specifically, the vulnerability exists in the v8 Javascript engine. It is possible to craft Javascript in such a way that will allow for a use after free condition to occur. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
6.8 | E18-0f741 |
BID-99096 CVE-2017-5088 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a vulnerability in the Google Chrome. Specifically, the vulnerability exists in the V8 Javascript engine. It is possible to craft Javascript in such a way that will allow for values on the heap to be leaked to the user. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
6.5 | E18-0q4i1 |
CVE-2018-9250 CVSS-6.5 (AV:N/AC:L/AU:S/C:P/I:P/A:P) URL |
Exploits | This strike exploits a SQL injection in OpenEMR open-source project. The vulnerability is due to insufficient user input sanitization passed through the URI, addressing various PHP scripts. A specially crafted HTTP GET request can cause a SQLi in the context of the database user. |
6.3 | E18-ua3e1 |
CVE-2018-1999002 CVSS-6.3 (AV:N/AC:M/AU:S/C:C/I:N/A:N) URL |
Exploits | The strike exploits an authenticated directory traversal vulnerability in Jenkins CI Server. The vulnerable code resides within Stapler web framework used by Jenkins, and lacks input validation when processing the "Accept-Language" header. The header will be further used to include a language-specific resource by concatenating the header's content to the resource's path. By exploiting the vulnerability, an attacker could read arbitrary sensitive files from the file system. |
5.0 | E18-4ahl1 |
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) URL |
Exploits | This strike exploits a reflected cross site scripting vulnerability in Atmosphere Java Framework. The vulnerability resides in the JSONP transport method supported by the framework and is due to insufficient sanitization. By exploiting this flaw, an attacker obtains client-side Javascript code execution within victim's browser which can lead to information disclosure and credentials theft. |
5.0 | D18-0n5a1 |
BID-104976 CVE-2018-5390 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Denial | This strike exploits a denial of service vulnerability in Linux Kernel TCP segments. The vulnerability is caused by the way how out-of-order TCP segments are stored and handled from the function tcp_collapse_ofo_queue() and tcp_prune_ofo_queue(). A remote attacker could exploit this vulnerability by keep sending crafted TCP segments packet to the target server. Successful exploitation is able to exhaust target server's resource and lead to denial-of-service. |