Ticket | Info |
---|---|
US90310 | This is feature for RFC3128 functionality as requested, the step to turn on the function is as follows:1. Login to the UI2. Under security components -> parameter -> "Evasion Profile", choose Create New/Edit Current Evasion Profile3. Under IP field, there are two options "RFC3128" and "RFC3128FakePort, click "Allow Overwrite" on both options.4. On option RFC3128, click the option, on option RFC3128FakePort, enter the port number you wanted to send the evasion traffic.5. Save the profile and run the test.On the pcap, a fragment packet should able to found on TCP 3 way handshake's first SYN packet with the port number just entered in evasion profile, following with two fragmented packet go to the original port. |
US94846 | This test demonstrates the evasion tenchnique as described in RFC3128 using CVE-2018-1303. It sends a TCP SYN packet fragmented in three pieces, overlapping the destination port. The intent of this evasion is to bypass port filtering mechanisms present on firewalls and other similar devices. |
Name | Category | Info |
---|---|---|
OUCH 4.2 | Financial | OUCH 4.2 (over TCP). This is a protocol used by the NASDAQ stock exchange. |
FacebookLive Dec18 | Social Networking/Search | Simulates Facebook Live Streaming as of December 2018. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Name | Category | Info |
---|---|---|
OUCH42 | Financial | Simulates an OUCH 4.2 transaction. |
Facebooklive Dec18 | Social Networking/Search | Simulates the sequence of events where the user logs in starts live streaming and logs out. Note that this does not include the traffic between the streaming software and the Facebook Server. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E19-max02 |
BID-103538 CVE-2018-0171 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) SECURITYTRACKER-1040580 URL |
Exploits | A remote code execution vulnerability exists in the Cisco IOS Software and Cisco IOS XE Software. The vulnerability is due to improper validation of packet data in the Smart Install feature. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed packet to the target service. Successful exploitation could lead to arbitrary code execution or denial of service (DoS) conditions of the vulnerable device. |
9.3 | E19-yfsn1 |
BID-29519 CVE-2008-2551 CVSS-9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) SCIP-42664 |
Exploits | This strike executes a vulnerability in Icona SpA C6 Messenger. When the DownloaderActiveX Control propPostDownloadAction parameter is set to run, a remote attacker can download and execute a file via a URL in propDownloadUrl parameter. This strike sends the initial html that contains these parameters before they make an outbound request to receive a malicious file via the propDownloadUrl parameter. |
9.0 | E19-0viy1 |
CVE-2019-6250 CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C) URL |
Exploits | An integer overflow vulnerability has been discovered in ZeroMQ libzmq library. The vulnerability is due to improper sanitization of user-supplied data passed to zmq::v2_decoder_t::size_ready function when handling ZMTP messages. A remote attacker could exploit this vulnerability by sending a specially crafted packet to the vulnerable service. Successful exploitation could result in the execution of arbitrary code in the security context of the service implementing the vulnerable library. |
8.0 | E19-3unu1 |
CVSS-8.0 (AV:N/AC:L/AU:S/C:C/I:P/A:P) URL |
Exploits | An OS command injection vulnerability exists in LibreOffice via path traversal in event listeners functionality. The vulnerability is due to missing string sanitization when parsing event listener script sources. By enticing an user to open a crafted "fodt" document, an attacker may achieve remote code execution on the target system. |
7.6 | E19-0zny1 |
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-46222 |
Exploits | This strike executes a vulnerability in a Microsoft Windows Contact file. Specifically a remote attacker can execute arbitrary code on Microsoft Windows by performing code injection in the email field of a Windows Contact file. |
7.6 | E19-0r4b1 |
BID-106401 CVE-2019-0539 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-46203 GOOGLE-1703 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically a type confusion vulnerability exists inside the Chakra Javascript engine InitClass. It is possible for an attacker to craft javascript code in such a way that type confusion will cause a memory access violation to occur. This may lead to remote code execution or a denial of service condition in the browser. |
7.5 | E19-0zfu1 |
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-45930 |
Exploits | This strike exploits a SQL injection vulnerability in the JE Photo Gallery component 1.1 for Joomla!. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this vulnerability by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure. |
7.5 | E19-0zh61 |
CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-45978 URL |
Exploits | This strike exploits a remote code execution in ThinkPHP framework. The flaw is rooted within the 'invokefunction' method as a consequence of no parameter validation. A remote, unauthenticated attacker may thus be able to execute code on the vulnerable machine with the permissions of the user running the web server. |
7.5 | E19-0r4j1 |
BID-106394 CVE-2019-0547 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | A heap overflow vulnerability exists in the 'dhcpcore.dll' component of Windows DHCP Client. The vulnerability is triggered by two subsequent null bytes in a Domain Search DHCP Option within a DHCP Offer packet, followed by an arbitrary number of bytes, causing a zero-length buffer to be written, thus overwriting a invalid memory space. By exploiting the vulnerability, an attacker may be able to execute arbitrary code with SYSTEM privileges. |
6.1 | E19-7uqi1 |
BID-106323 CVE-2018-20346 CVSS-6.1 (AV:L/AC:L/AU:N/C:P/I:P/A:C) URL |
Exploits | This strike exploits a integer overflow vulnerability found in SQLite with the FTS3 extension enabled. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by crafting special FTS3 shadow tables. A successful exploit could allow the attacker to execute arbitrary SQL statements. |
4.0 | D19-0h6a1 |
BID-98741 CVE-2017-7650 CVSS-4.0 (AV:N/AC:L/AU:S/C:P/I:N/A:N) SCIP-106414 URL |
Exploits | This strike exploits an ACL bypass vulnerability in Mosquitto. If the username or client ID field is set to "#" or "+", ACLs will be completely bypassed. An attacker can send a crafted mqtt message to access mqtt topics without proper ACL rights. |