| Ticket | Info |
|---|---|
| US66615 | The mobile iOS version of Evernote application has been implemented. The application implements the actions sign in, create a notebook, add a note, add a note with attachment and sign out. |
| US67295 | Explodingcan meta added to strike CVE-2017-7269. |
| Name | Category | Info |
|---|---|---|
| ShareFile Apr17 | Data Transfer/File Sharing | Emulates the use of the ShareFile website as of April 2017. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Evernote Apr17 | Storage | Emulates the use of Evernote Mobile iOS as of April 2017. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Name | Category | Info |
|---|---|---|
| ShareFile Apr 17 | Data Transfer/File Sharing | Emulates the use of the ShareFile website as of April 2017. All of the available actions for this flow are exercised. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| ShareFile Apr 17 Upload/Download File | Data Transfer/File Sharing | Emulates Upload and Download actions of the ShareFile website as of April 2017. All of the available actions for this flow are exercised. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Evernote Mobile iOS Apr 17 | Storage | Emulates the use of the Evernote Mobile iOS as of April 2017. The user accesses the sign in page, signs in, creates a notebook, adds a simple note, adds another note with an attachment and lastly signs out of the app. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Evernote Mobile iOS Apr 17 Add Note | Storage | Emulates the use of the Evernote Mobile iOS as of April 2017. The user accesses the sign in page, signs in, creates a notebook, adds a simple note and lastly signs out of the app. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| Evernote Mobile iOS Apr 17 Add Note with Attachment | Storage | Emulates the use of the Evernote Mobile iOS as of April 2017. The user accesses the sign in page, signs in, creates a notebook, adds a note with an attachment and lastly signs out of the app. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E17-0d4i1 |
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) MS17-010 URL |
Exploits | This strike exploits a buffer overflow vulnerability in Microsoft Windows SMB service. The vulnerability can be triggered when a large amount of data is sent in a Trans2 Secondary request. A remote, unauthenticated attacker could exploit this vulnerability to execute arbitrary code on the target system. This strike simulates the usage of the ShadowBrokers EternalBlue exploit against both a Windows XP system and a Windows 7 system. |
| 9.3 | E17-0bdv2 |
BID-96707 CVE-2017-0146 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) MS17-010 SCIP-98021 |
Exploits | This strike exploits a buffer overflow vulnerability in Microsoft Windows SMB Service. The vulnerability can be triggered by sending an overly large NT Trans request. A remote, unauthenticated attacker could exploit this vulnerability to execute arbitrary code on the target system. NOTE: This vulnerability was targeted with ShadowBrokers EternalChampion exploit |
| 9.0 | E17-0dri1 |
BID-97746 CVE-2017-3230 CVSS-9.0 (AV:N/AC:L/AU:N/C:P/I:C/A:P) URL |
Exploits | This strike exploits a Code Execution vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data. |
| 7.6 | E17-0bcd1 |
BID-97419 CVE-2017-0093 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a vulnerability that exists in the Microsoft Edge Chakra Javascript Engine. Specifically, it is possible for an attacker to craft Javascript in such a way that assigns eval to a function that uses the Javascript experimental "use asm" feature. When eval is called in a specific manner, a type confusion error will occur. This will cause a denial of service condition in the browser, and may allow for remote code execution. |
| 7.6 | E17-0bbq1 |
BID-96690 CVE-2017-0070 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a vulnerability that exists in Microsoft Edge. An attacker can craft Javascript in a way that causes a Use After Free condition to occur when the NativeCodeGenerator::CheckCodeGenThunk function is called on a pointer that has had its memory freed This can cause a denial of service in the browser or potentially allow for remote code execution to occur. |
| 4.3 | E17-0bdv1 |
BID-96709 CVE-2017-0147 CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N) MS17-010 SCIP-98022 |
Exploits | This strike exploits an information disclosure vulnerability in Microsoft Windows SMB Service. The vulnerability can be triggered by sending an SMB request that reads beyond a boundary. A remote, unauthenticated attacker could exploit this vulnerability to reveal memory addresses for use with other exploits. NOTE: This vulnerability was targeted with ShadowBrokers EternalChampion exploit |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E17-0gvp1 |
CVE-2017-7269 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) SCIP-98561 URL |
Exploits | Explodingcan meta added to strike CVE-2017-7269. |