Ticket | Info |
---|---|
DE10303 | Every strike has a name attribute defined in its metadata section. Strikes having identical metadata names have been adjusted to bear unique name attributes. |
DE10305 | Fixed typo in login command packet of Strike D14-37301. |
DE10334 | When the destination port is changed on a GmailClassic Flow, all the connections simulated under that Flow will get updated with that port value and no additional empty connection will be created |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E19-0wae1 |
CVE-2019-7238 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a remote code execution on Nexus Repository Manager 3. This vulnerability is due to improper handling of the "value" parameter under HTTP parameter when a client sends http traffic to the server. A remote unauthenticated attacker can exploit this vulnerability by sending crafted http requests to the target server. Successful exploitation results in remote code execution. |
10.0 | E19-5or01 |
CVE-2018-19276 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-46327 |
Exploits | This strike exploits an insecure deserialization via XML payload in OpenMRS's Webservices API module. By exploiting the vulnerability, an unauthenticated attacker might be able to execute system commands in the context of the user running the webserver process. |
9.3 | E19-0pm31 |
BID-106097 CVE-2018-8587 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) |
Exploits | This strike exploits a buffer overflow vulnerability in Microsoft Outlook client. The vulnerability is due to insufficient validation of the countOfFormNameStringObjects field in an RWZ file. A remote attacker could exploit this vulnerability by enticing a user to import a maliciously crafted file. Successful exploitation could lead to arbitrary code execution in the context of the user. |
7.6 | E19-0mey3 |
CVE-2018-4442 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) GOOGLE-1699 |
Exploits | This strike exploits a vulnerability in Apple Webkit. Specifically, an attacker can craft javascript that takes advantage of a vulnerability that exists in how the GetIndexedPropertyStorage can cause garbage collection via rope strings, which can lead to a use after free condition. This can cause a denial of service in the browser or potentially allow for remote code execution to occur. |
7.5 | E19-5n6m1 |
BID-106285 CVE-2018-17246 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a remote file inclusion vulnerability in Elasticsearch Kibana. The vulnerability is due to improper sanitization of the "apis" parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve javascript files from the target server. The other file format can be found in a log file on the target server. |
7.5 | E19-5oj81 |
BID-106634 CVE-2018-18996 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) ZDI-19-066 |
Exploits | This strike exploits a command injection vulnerability in LAquis SCADA. The NOME parameter in HTTP requests to relatorionome.lhtml is not sanatized for command injection characters. An attacker can send a specially crafted HTTP GET or POST request to achieve command execution on the target machine. |
6.8 | E19-0vlg1 |
BID-107106 CVE-2019-6340 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | A remote code execution vulnerability exists in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. The vulnerability is due to the lack of data sanitization originating from non-form sources in the REST module. A remote attacker can exploit this vulnerability by sending a crafted HTTP packet to the target service. Successful exploitation could lead to arbitrary code execution or crash of the vulnerable application. |
6.8 | E19-5oj41 |
BID-106634 CVE-2018-18992 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) ZDI-19-061 |
Exploits | This strike exploits a command injection vulnerability in LAquis SCADA. The PAGINA parameter in HTTP requests to acompanhamentotela.lhtml and the TITULO parameter in requests to relatorioindividual.lhtml are not sanatized for command injection characters. An attacker can send a specially crafted HTTP GET or POST request to achieve command execution on the target machine. |
6.8 | E19-5pi21 |
BID-106948 CVE-2018-20250 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits an input validation vulnerability found in WinRAR. The vulnerability is due to improper input validation while parsing specific header fields from an ACE archive. An attacker could exploit this vulnerability by crafting a special ACE file. A successful exploit could allow the attacker to execute arbitrary commands on the target system. |
6.5 | E19-0xlq1 |
BID-107088 CVE-2019-8942 CVSS-6.5 (AV:N/AC:L/AU:S/C:P/I:P/A:P) EXPLOITDB-46511 URL |
Exploits | The strike exploits a local file inclusion vulnerability in WordPress platform, leveraged beforehand by a path traversal via the '_wp_attached_file' parameter. By supplying a '_wp_page_template' metadata parameter, the attacker determines the theme engine to include a malicious uploaded file. By exploiting this vulnerability an authenticated attacker gains remote code execution on the target host system. |
6.5 | E19-5pqk1 |
CVE-2018-20556 CVSS-6.5 (AV:N/AC:L/AU:S/C:P/I:P/A:P) EXPLOITDB-46377 |
Exploits | This strike exploits a sql injection vulnerability in WordPress Plugin Booking Calendar 8.4.3. The vulnerability is due to improper sanitization of the booking_id parameter. By successfully exploiting this vulnerability, an authenticated attacker could perform sql injection on the target server. |
4.3 | E19-0r6g2 |
BID-106867 CVE-2019-0616 CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N) URL ZDI-19-191 |
Exploits | This strike exploits a information disclosure vulnerability in the GDI (Graphics Device Interface) components of Microsoft Windows. The vulnerability is due to improper handling of EMF records in memory by the 'gdiplus.dll' library. The vulnerability can be exploited by crafting a malicious EMF file and enticing a user to download and open it. Successful exploitation may result in execution of arbitrary code with user privileges. |
4.0 | E19-0zvz1 |
BID-107089 CVE-2019-8943 CVSS-4.0 (AV:N/AC:L/AU:S/C:N/I:P/A:N) EXPLOITDB-46511 URL |
Exploits | The strikes emulates a path traversal attack on WordPress CMS platform. The attack can be carried by a low privileged user by providing a '_wp_attached_file' parameter when editing media files, thus modifying post metadata. By leveraging this vulnerability with a local file inclusion exploit, an attacker may gain code execution on the host system. |
4.0 | E19-5pa81 |
CVE-2018-19968 CVSS-4.0 (AV:N/AC:L/AU:S/C:P/I:N/A:N) |
Exploits | This strike exploits a remote file inclusion vulnerability in phpMyAdmin. The vulnerability is due to an improper filter, and the ability to execute a SQL sentence. By successfully exploiting this vulnerability, a remote, authenticated attacker could retrieve arbitrary files from the target server. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
7.5 | E18-0jyu1 |
CVE-2018-1270 CVSS-7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) BID-103696 URL |
Exploits | Removed the variant which exemplifies the RCE by starting a 'nc' listener on the remote vulnerable server, since that usually requires some privileges. |
7.5 | E18-8vo51 |
CVE-2018-1000533 CVSS-7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) EXPLOITDB-44993 URL |
Exploits | Fixed duplicate HTTP 'Connection: keep-alive' header. |
5.0 | D14-37301 |
CVE-2014-0255 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) BID-67280 |
Exploits | Fixed typo in login command packet of Strike D14-37301. |
5.0 | E02-09101 |
CVE-2002-0325 CVSS-5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) BID-4179 URL |
Exploits | Strike E02-09101 was modified to add a forward slash to the URI. |