Ticket | Info |
---|---|
DE8911 (1464239) | This defect fixes the behavior of the A and AAAA type resource records in the pack answer action of the mDNS application. After the fix the value given in the RR Name Field parameter will be used as the hostname overriding the value provided in the host parameter in the action. |
DE9167 | Fixed an issue in which the delimiter "|0A|" was used in the chunk-size for strike referenced by CVE 2017-16943. |
DE9168 | Fixed an issue for strike E13-21t01 in the "NT Trans Request" packet. The two bytes of "Byte Count" were missing, which made the first two bytes of subsequent “NT CREATE Parameters” (10 00) use as BCC by mistake. This caused both “NT CREATE Parameters” and “NT CREATE Data” to not be dissected properly by Wireshark. |
Ticket | Info |
---|---|
US79190 | The DNAME resource record has been added to the DNS application. The record can be set using the "Type" parameter in the Query and Response actions. Another new parameter "Alias Name" has been added to the DNS Response action. This parameter can be used to specify the alias names for the CNAME and DNAME resource records. |
US81772 | Deprecated Application Protocol 'Office 365 Outlook Calendar Jul 15'. |
Name | Category | Info |
---|---|---|
Office 365 Outlook Tasks Jan18 | Email/WebMail | The use of the Office365 Outlook Calendar Feb18 website as of February 2018. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Name | Category | Info |
---|---|---|
NFS Retries | Data Transfer/File Sharing | Simulates a NFSv3 session in which the client connects to a remote server in order to have access to data as if it were stored locally [RFC 1094]. The NFS client attempts three retries in case of application failure. |
SIP/RTP Direct Voice Call Retries | Voice/Video/Media | Simulates a SIP voice call between two endpoints. The call setup occurs directly between the two endpoints using UDP transport. Furthermore, simulates three UAC INVITE retransmission in case of failure. |
Office 365 Outlook Tasks Jan 18 | Email/WebMail | Simulating the use of the Office365 Outlook Calendar website as of February 2018. All of the available actions for this flow are exercised. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E14-zv2t1 |
BID-73328 CVE-2014-9013 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-36490 |
Exploits | This strike exploits a RCE vulnerability existent in the WordPress Marketplace plugin. This vulnerability is due to the lack of proper input sanitization while processing data from a POST request. An unauthenticated user could exploit this vulnerability by specially crafting a HTTP POST request with a call to wpmp_pp_ajax_call() method, which can lead to arbitrary code execution in the context of the vulnerable WP plugin. |
10.0 | E18-0jvu2 |
CVE-2018-1161 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL ZDI-18-004 |
Exploits | A stack buffer overflow has been identified in Quest NetVault Backup appliance. The vulnerability is caused by the lack of proper input sanitisation in the context of multipart HTTP requests processing. The vulnerability can be exploited by accessing the Web Interface of the NetVault server via a specially-crafted HTTP POST request, allowing the attacker arbitrary code execution with SYSTEM privileges. |
9.4 | E18-0jvu1 |
CVE-2018-1162 CVSS-9.4 (AV:N/AC:L/AU:N/C:N/I:C/A:C) URL ZDI-18-005 |
Exploits | An arbitrary file overwrite vulnerabilty has been identified in Quest NetVault Backup appliance. The vulnerability is caused by the lack of user input sanitisation in the context of log exportation. The vulnerability can be exploited by accessing the Web Interface of the NetVault server via a specially-crafted HTTP POST request, allowing the attacker to overwrite any file with SYSTEM privileges. |
9.3 | E17-3i591 |
BID-102204 CVE-2017-17405 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) EXPLOITDB-43381 URL |
Exploits | This strike exploits a remote command injection vulnerability in Ruby before 2.4.3. The vulnerability is due to ruby NEt::FTP, which will execute any command after the "|" pipe character in the localfile argument. This vulnerability could allow an unauthorized user to execute arbitrary code on the server. |
9.3 | E17-0hzy1 |
BID-101162 CVE-2017-8718 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) URL ZDI-17-839 |
Exploits | This strike exploits a heap based buffer overflow vulnerability in the JET database engine component of Microsoft Office (msexcl40.dll). The vulnerability is due to an erroneous validation of RecordDataLength in BIFF substreams. An attacker could execute arbitrary code by enticing a user to open a maliciously crafted document. |
9.3 | E18-0j2d1 |
BID-102845 CVE-2018-0101 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) EXPLOITDB-43986 SCIP-112635 URL |
Exploits | This strike exploits a double-free memory corruption vulnerability in Cisco ASA. The vulnerability is due to failure to parse invalid XML data. By sending a crafted SSL packet containing invalid XML, a remote, unauthenticated attacker could execute arbitrary code on the targeted device. |
7.6 | E17-0i0z2 |
BID-100778 CVE-2017-8755 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-42766 GOOGLE-1327 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows for an exception to be thrown when re-parsing asmjs modules. By exhausting the stack we can cause an exception to occur. This may cause a denial of service condition in the browser, or potentially lead to remote code execution. |
7.6 | E17-3dw58 |
BID-102081 CVE-2017-11893 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-43466 GOOGLE-1379 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. Javascript can be crafted in such a way that allows for type confusion to occur when MinInAnArray or MaxInAnArray methods are called to return the largest or smallest of a series of numbers. The functions fail to properly validate the input and can instead change the type from a JavascriptNativeArray to a VarArray causing type confusion to occur. This may cause a denial of service condition in the browser, or potentially lead to remote code execution. |
7.5 | E17-3g3e1 |
BID-101907 CVE-2017-14746 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits an use-after-free vulnerability in Samba Team SMBv1 server. The vulnerability is due to incorrect handling of objects in memory. By sending a crafted request to target server, a remote attacker with permissions to connect to a share could execute arbitrary code in the context of smbd process. NOTE: When run in OneArm mode, the strike requires a SMB share named "myshare" with anonymous access enabled. |
7.5 | E17-m90q1 |
BID-96872 CVE-2017-6950 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) SECURITYTRACKER-1038122 URL |
Exploits | A security policy bypass vulnerability has been found in SAP GUI. The vulnerability is due to improper implementation of client side security policies regarding the Windows application regsvr32.exe. A remote attacker could exploit this vulnerability by enticing user to connect to SAP server controlled by attacker, then executing arbitrary code on the target via a crafted ABAP code. |
6.8 | E18-8v9i1 |
BID-102796 CVE-2018-1000006 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) EXPLOITDB-43899 URL |
Exploits | This strike exploits a remote command injection vulnerability in GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier. The vulnerability is due to insufficient validation of whether additional command line arguments were specified via the URI. This vulnerability could allow an unauthorized user to execute arbitrary code on the server. |
6.8 | E18-0mr21 |
BID-102893 CVE-2018-4878 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free found in vulnerable methods inside object DRMManager. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
5.0 | E17-jp331 |
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) URL |
Exploits | This strike emulates a scanner running multiple TLS handshakes using an RSA Encrypted PreMaster Secret, which may be vulnerable to the Return Of Bleichenbacher's Oracle Threat (ROBOT) decryption attack. Due to incorrect handling of improperly padded or invalid RSA Encrypted PreMaster Secrets, information which may be used to decrypt or decipher the server's private key is leaked. Successful exploitation may result in decryption of encrypted communications or may allow the attacker to sign cryptographically sign messages with the server's private key. This strike emulates both client and server side of the scanner. A properly responding server should send one generic TLS alert message. This strike emulates multiple known incorrect responses which either leak information or indicate a vulnerable server. |
5.0 | E17-3gi31 |
BID-101908 CVE-2017-15275 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) URL |
Exploits | This strike exploits a memory leak vulnerability in Samba Team SMBv1 server. The vulnerability is due to incorrect management of heap memory. By sending a craftet request to target server, a remote attacker with permissions to connect to a share may potentially obtain password hashes or other high-value data. NOTE: When run in OneArm mode, the strike requires a SMB share named "myshare" with anonymous access enabled. |
5.0 | D17-3g871 |
BID-101881 CVE-2017-14919 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) |
Denial | This strike identifies a vulnerability in the Node.js zlib library. zlib has issues when trying to deflate an 8 bit windowBit value and will throw a z_stream_error when encountered. Node.js does not properly handle this exception, and this vulnerability can be demonstrated using the WebSocket extension for Node because it allows for the windowBit value to be set in the headers. |
4.3 | E17-3icg1 |
BID-102201 CVE-2017-17664 CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:N/A:P) SCIP-110667 URL |
Exploits | This strike exploits an out of bounds write vulnerability in Digium Asterisk. Asterisk allocates memory for RTCP Sender and Receiver Reports based on the message's Reception Report Count field. The number of reports received is tracked by Asterisk. If Asterisk receives a new Sender or Receiver Report with a Reception Report Count that is less than the number of reports received, an out of bounds write will occur. Successful exploitation may result in arbitrary code execution or abnormal program termination. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
7.5 | E17-madc1 |
CVE-2017-16943 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) SECURITYTRACKER-1039872 URL |
Exploits | Fixed an issue in which the delimiter "|0A|" was used in the chunk-size. |
5.0 | E13-21t01 |
CVE-2013-4124 CVSS-5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) URL |
Exploits | Fixed an issue for strike E13-21t01 in the "NT Trans Request" packet. The two bytes of "Byte Count" were missing, which made the first two bytes of subsequent “NT CREATE Parameters” (10 00) use as BCC by mistake. This caused both “NT CREATE Parameters” and “NT CREATE Data” to not be dissected properly by Wireshark. |