Ticket | Info |
---|---|
DE9971 | Strike E15-36j02 for CVE-2015-0235 was incorrectly classified as "smtp" instead of "http." This has been corrected. |
DE9973 | Strike E15-72301 was moved from Category Exploits: Apache to Exploits: MiscellaneousStrike E14-35f01 was moved from Category Exploits: Exec to Exploits: SSL |
DE9979 | Added missing functionality to the HTTPTransportMethods evasion. |
DE9980 | Added missing smart strike lists Strike Level 1-3 for 2018. |
DE9982 | The Superflows "BreakingPoint HTTP/2 GET Request Response 304" and "BreakingPoint HTTP/2 POST Response 200" both set the ACK flag wrong in action "settings_frame_client". |
DE9983 | DNS "Resolve" action is now using the specified "Type". |
DE9991 | Both Exchange Directory RFR flows in the 'DCE RPC MAPI Session' and 'DCE RPC MAPI with File Attachment' Super Flows now have the same destination port because they are mapped to the same RPC interface. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E18-5lvj1 |
CVE-2018-15551 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a command injection vulnerability in Supervene RazDC. The vulnerability is due to the lack of user-supplied input sanitization while parsing input passed to 'password' (Password) and 'password2' (Confirm Password) HTTP parameters within 'create_user.cgi' form. By exploiting this vulnerability, a remote, unauthenticated attacker can execute arbitrary OS commands on the target server. |
10.0 | E18-5lvh1 |
CVE-2018-15549 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a command injection vulnerability in Supervene RazDC. The vulnerability is due to improper validation of input passed to 'User Reset Password' CGI script. By exploiting this vulnerability, a remote, unauthenticated attacker can execute arbitrary OS commands on the target server. |
9.3 | E18-0jlu1 |
BID-102347 CVE-2018-0802 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a stack buffer overflow vulnerability in EQNEDT component of Microsoft Office. The vulnerability is due to an invalidation of font name field length in an OLE object. An attacker could execute arbitrary code by enticing a user to open a maliciously crafted document using the vulnerable software. |
8.5 | E18-5mm51 |
CVE-2018-16509 CVSS-8.5 (AV:N/AC:L/AU:N/C:C/I:P/A:N) URL |
Exploits | The strike exploits a vulnerability present in Artifex Ghostscript interpreter for Postscript files. The interpreter is commonly used by various Linux command line utilities such as "ImageMagick" and "convert" when processing documents and images. The vulnerability is due to the lack of file type validation by the interpreter. Successful exploitation results in arbitrary OS commands execution. |
7.6 | E18-mar21 |
BID-102920 CVE-2018-0825 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) SECURITYTRACKER-1040366 URL |
Exploits | This strike exploits a remote code execution vulnerability in Windows dynamic library StructuredQuery.dll. The vulnerability is due to insufficient validation of length parameter in function ReadPWSTR. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. |
7.5 | E18-5jtk1 |
CVE-2018-12888 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) |
Exploits | This strike exploits a Time-Based SQL injection vulnerability in iCMS v7.0.8. The vulnerability is caused by insufficient validation of user input, app=article, on HTTP requests, which are used to create SQL queries. Successful exploitation could allow an attacker to trigger a denial-of-service on the target server for a short period. |
6.8 | E18-mboq1 |
BID-105153 CVE-2018-8440 CVSS-6.8 (AV:L/AC:L/AU:S/C:C/I:C/A:C) SECURITYTRACKER-1041578 |
Exploits | This strike exploits a privilege escalation flaw in Microsoft Windows Task Scheduler ALPC endpoint. The vulnerability consists in the fact that the Task Scheduler's ALPC endpoint doesn't impersonate the user that initiates the calls. This allows a low privilege user to change the access control lists of an arbitrary file using the endpoint's "SchRpcSetSecurity" method. Successful exploitation may lead from arbitrary read/writes to code execution under SYSTEM privileges. |
6.8 | E18-0pgt1 |
BID-104994 CVE-2018-8397 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a remote code execution vulnerability in the GDI (Graphics Device Interface) components of Microsoft Windows. The vulnerability is due to improper handling of EMF records in memory by the 'GDIPLUS.DLL' library. The vulnerability can be exploited by crafting a malicious EMF file and enticing a user to download and open it. Successful exploitation may result in execution of arbitrary code with user privileges. |
6.8 | E18-0f6n3 |
BID-98861 CVE-2017-5071 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) GOOGLE-715582 |
Exploits | This strike exploits a vulnerability in the Google Chrome Browser. Specifically, the vulnerability exists in the Javascript V8 engine. It is possible to craft Javascript in such a way that an out of bounds read will occur in FindSharedFunctionInfo. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
6.8 | E18-0f652 |
BID-97220 CVE-2017-5053 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) GOOGLE-702058 |
Exploits | This strike exploits a vulnerability in the Google Chrome Browser. Specifically, the vulnerability exists in the Javascript V8 engine. It is possible to craft Javascript in such a way that an out of bounds read of memory can occur. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
5.0 | E18-5lds1 |
CVE-2018-14912 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) EXPLOITDB-45148 |
Exploits | This strike exploits a directory traversal vulnerability in cgit web server. The vulnerability is caused by insufficient validation of user input, path, on HTTP requests. Successful exploitation could allow an attacker to have arbitrary file accessible on target system. |
5.0 | E18-0kcc1 |
CVE-2018-1756 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) EXPLOITDB-45392 URL |
Exploits | This strike exploits a SQL injection vulnerability in IBM Security Identity Governance Virtual Appliance. The vulnerability is caused by insufficient validation of user input on HTTP requests which are used to create SQL queries. Successful exploitation could allow an attacker to have access of back-end database. |
4.3 | R18-mbm71 |
BID-105140 CVE-2018-15473 CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N) EXPLOITDB-45210 SECURITYTRACKER-1041487 URL |
Recon | This strike exploits a user enumeration vulnerability in OpenSSH. When processing a specially malformed authentication message, OpenSSH will crash, leading to a denial of service condition. This exploit only works if the malicious message is sent using a valid user name. If the username is invalid, OpenSSH will not crash and will send back an authentication failure message. However if it does crash no message will be received and the connection will be closed. An attacker can send specially crafted authentication messages and monitor for closed connections with no error message to verify if usernames exist. Note: this strike does not send actual encrypted messages. Detection would be based on whether or a second encrypted server reply occurs before the session is terminated. |
4.3 | E18-0yyj1 |
CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N) EXPLOITDB-45307 URL |
Exploits | This strike exploits a reflected cross-site scripting vulnerability found in Quizlord WordPress plugin. This vulnerability is due to inadequate input filtering in the web interface, while parsing input passed to quiz title parameter. By exploiting this vulnerability an attacker could cause arbitrary HTML/script code to be executed by the target user's browser. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E15-36j02 |
BID-72325 CVE-2015-0235 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | Strike E15-36j02 for CVE-2015-0235 was incorrectly classified as "smtp" instead of "http." This has been corrected. |