| Ticket | Info |
|---|---|
| DE10504 | Fixed an issue in which strike for CVE-2017-15715 had an extra "/" in URI. |
| Name | Category | Info |
|---|---|---|
| Adobe Reader Updates Jul19 | AppUpdate | Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage files in Portable Document Format (PDF). This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Category | Info |
|---|---|---|
| Adobe Reader Updates Jul19 | AppUpdate | Simulates the Adobe Reader Updates. It includes check for updates and download updates actions. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E19-0wr31 |
CVE-2019-7839 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a remote code execution vulnerability present in Adobe ColdFusion platform. This vulnerability is due to the JNBridge binary protocol port being exposed without any authentication. By exploiting an unpatched version of the application, an attacker is thus able to remotely execute arbitrary code as the root or SYSTEM privileges. |
| 10.0 | E19-0ryc1 |
BID-108906 CVE-2019-1620 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-47016 URL |
Exploits | This strike exploits a path traversal vulnerability found in Cisco Data Center Network Manager (DCNM). The vulnerability is due to incorrect permission settings in affected DCNM software. An unauthenticated attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to write arbitrary files on the filesystem and execute code with root privileges on the affected device. |
| 9.3 | E19-it9h1 |
CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits an authentication bypass on the Redis Server. The vulnerability is due to allowing attacker load a dynamic module and execute it remotely without authentication. A remote unauthorized attacker can exploit this vulnerability by sending a crafted TCP request to the system. Successful exploitation results in remote code execution on the target server. |
| 9.3 | E19-7oqh1 |
CVE-2019-12569 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) |
Exploits | This strike exploits a remote code execution on the Viber Desktop. The vulnerability is due to improper sanitization of user input which is passed to the application via the DLL loading path. A remote unauthorized attacker can exploit this vulnerability by enticing the victim to open a crafted web page. Successful exploitation results in remote code execution on the victim's application. |
| 9.0 | E19-7mvo1 |
CVE-2019-10164 CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C) URL |
Exploits | This strike replicates a stack-based buffer overflow attack on a PostgreSQL database server. The flaw is a consequence of no string size checking when base64-decoding a stored hashed password. Successful exploitation by a remote authenticated attacker may result in arbitrary code execution or crashing the server. |
| 7.5 | E19-7p131 |
CVE-2019-12951 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | A heap-based buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose. The vulnerability is due to insufficient input validation when processing MQTT messages within the 'parse_mqtt' method. To trigger this vulnerability, an attacker must send a specially crafted MQTT packet over the network. Successful exploitation results in remote code execution or denial of service conditions of the application. |
| 7.5 | E19-7p641 |
BID-109284 CVE-2019-13132 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) |
Exploits | A stack-based buffer overflow exists in ZeroMQ libzmq due to improper validation of the 'INITIATE' command in 'curve_server.cpp'. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to the vulnerable service. Successful exploitation could result in denial of service conditions, or execution of arbitrary code. |
| 6.8 | E19-0mde1 |
CVE-2018-4386 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) GOOGLE-1665 |
Exploits | This strike exploits a vulnerability in Apple Safari Webkit. Specifically the vulnerability exists in the BytecodeGenerator::hoistSloppyModeFunctionIfNecessary method. It is possible to craft Javascript in such a way that allows for an object to be passed as the property variable directly as a string to the op_get_direct_pname handler without being properly validated. This can lead to a denial of service in the browser application or potentially allow for remote code execution to occur. |
| 6.8 | E19-0mda1 |
CVE-2018-4382 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) GOOGLE-1656 |
Exploits | This strike exploits a vulnerability in Apple Safari Webkit. Specifically the vulnerability exists in the ByteCodeParser::handleIntrinsicCall method. It is possible to craft Javascript in such a way that will cause type confusion to occur. This can lead to a denial of service or potentially allow for remote code execution to occur. |
| 4.3 | E19-7pc11 |
BID-109095 CVE-2019-13345 CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N) URL |
Exploits | This strike exploits a cross-site scripting vulnerability in Squid Proxy. This vulnerability is due to inadequate input filtering of "user_name" in the web interface. An attacker could exploit this vulnerability by enticing a user to visit an attacker controlled webpage or click a malicious link. By exploiting this vulnerability an attacker could trigger reflected cross site scripting on the victim's browser. |
| 4.3 | E19-7nsw1 |
CVE-2019-11360 CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:N/A:P) URL |
Exploits | This strike exploits a stack buffer overflow in iptables-restore v1.8.2. The flaw resides in the 'add_param_to_argv' function that handles argument parsing, due to a fixed-size buffer of 1024 bytes. A remote attacker can exploit it by enticing a privileged user to call 'iptables-restore' using the malicious file, resulting in arbitrary code execution. |