| Name | Category | Info |
|---|---|---|
| OPC Classic | SCADA | OPC Classic is a communication protocol used in industrial automation to enable data exchange between different devices and software systems. It supports real-time access to process control data, enabling interoperability across diverse platforms and manufacturers. |
| Name | Category | Tags | Info |
|---|---|---|---|
| AI21 Labs Jamba 1.5 Mini API Call | Social Networking/Search | LLM AI |
This simulates the scenario of making an API request to the Amazon Bedrock API server using the AI21 Labs's Jamba 1.5 Mini large language model to get the completion of a user prompt. Here, the client sends a POST request to the Amazon Bedrock API server with the specified system and user prompts, and the server responds with the completion of the user prompt using the specified language model. Here the HTTP transaction is encrypted using TLS1.2. |
| Cohere Command R+ API Call | Social Networking/Search | LLM AI |
This simulates the scenario of making an API request to the Amazon Bedrock API server using the Cohere's Command R+ large language model to get the completion of a user prompt. Here, the client sends a POST request to the Amazon Bedrock API server with the specified system and user prompts, and the server responds with the completion of the user prompt using the specified language model. Here the HTTP transaction is encrypted using TLS1.2. |
| MGCP Residential Gateway Connection Creation V2 | Voice/Video/Media | This simulates the traffic of message sequences, including the delays between each request and response, that occur when a user makes a call through a residential gateway using MGCP. | |
| Mistral AI 7B Instruct API Call | Social Networking/Search | LLM AI |
This simulates the scenario of making an API request to the Amazon Bedrock API server using the Mistral AI's 7B Instruct large language model to get the completion of a user prompt. Here, the client sends a POST request to the Amazon Bedrock API server with the specified system and user prompts, and the server responds with the completion of the user prompt using the specified language model. Here the HTTP transaction is encrypted using TLS1.2. |
| Mistral AI 8x7B Instruct API Call | Social Networking/Search | LLM AI |
This simulates the scenario of making an API request to the Amazon Bedrock API server using the Mistral AI's 8x7B Instruct large language model to get the completion of a user prompt. Here, the client sends a POST request to the Amazon Bedrock API server with the specified system and user prompts, and the server responds with the completion of the user prompt using the specified language model. Here the HTTP transaction is encrypted using TLS1.2. |
| Mistral AI Small (24.02) API Call | Social Networking/Search | LLM AI |
This simulates the scenario of making an API request to the Amazon Bedrock API server using the Mistral AI's Small (24.02) large language model to get the completion of a user prompt. Here, the client sends a POST request to the Amazon Bedrock API server with the specified system and user prompts, and the server responds with the completion of the user prompt using the specified language model. Here the HTTP transaction is encrypted using TLS1.2. |
| Mistral AI Large (24.02) API Call | Social Networking/Search | LLM AI |
This simulates the scenario of making an API request to the Amazon Bedrock API server using the Mistral AI's Large (24.02) large language model to get the completion of a user prompt. Here, the client sends a POST request to the Amazon Bedrock API server with the specified system and user prompts, and the server responds with the completion of the user prompt using the specified language model. Here the HTTP transaction is encrypted using TLS1.2. |
| OPC Classic Remote Release | SCADA | ICS IoT Remote Access |
This scenario simulates a request from an OPC Classic client to an OPC Classic server, where the client sends a RemRelease request to release a remote server object. The server responds with a RemRelease response to acknowledge the successful release of the object. |
| OPC Classic Remote Release over TLS | SCADA | ICS IoT Remote Access |
This scenario simulates a request from an OPC Classic client to an OPC Classic server, where the client sends a RemRelease request to release a remote server object and the server responds with a RemRelease response to acknowledge the successful release of the object over TLS 1.2. |
| Name | Info | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Redline Stealer Nov 2024 Campaign | This strike list contains 2 strikes simulating the 'Redline Stealer Nov 2024 Campaign'. 1. This first strike simulates the network transfer of the Redline Stealer Nov 2024 Campaign malware module. Once executed, this malware will begin sending outgoing HTTP requests to the attacker C2 server. 2. The second strike simulates the post infection HTTP traffic in the Redline Stealer November 2024 Campaign. After Redline Stealer executes, it sends HTTP POST requests to the attacker C2 server containing the target system data. It contains the following sequence of strikes: 1. /strikes/malware/apt/redline_nov_2024_campaign/malware_e061144954393a303338a2f55f46da5c.xml 2. /strikes/botnets/apt/redline_nov_2024_campaign/redline_nov_2024_campaign_c2.xml
|
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E24-h3zv2 | CVE-2023-52251CVSSCVSSv3CWE-94URL | Exploits | This strike exploits a command injection vulnerability in the web component of Apache Kafka. The vulnerability is due to unrestricted Groovy script execution within the smart filter functionality. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request and might result in arbitrary command execution under the security context of the kafkaui user. |
| 10.0 | E24-zsz31 | CVE-2014-6287CVSSCVSSv3CWE-94URL | Exploits | This strike exploits a design weakness vulnerability in Rejetto HTTP FileServer. The vulnerability is due to improper validation of user supplied input. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a null byte sequence in a search action. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the file server and might result in remote code execution. |
| 10.0 | E24-gzdk1 | CVE-2023-46264CVSSCVSSv3CWE-434 | Exploits | This strike exploits an arbitary file upload vulnerability in Ivanti Avalanche Central FileStore in versions prior to 6.4.2. This vulnerability is due to insufficient sanitization of HTTP body parameter txtUncPath field, allowing the use of "8.3 Filenames", bypassing the disallowed path checks. Successful exploitation results in arbitary file uploads, which can lead to remote code execution on the server with SYSTEM privileges. |
| 10.0 | E24-1u7w1 | CVE-2024-1212CVSSCVSSv3CWE-78 | Exploits | This strike exploits an Improper Input Validation Vulnerability against Progress Kemp LoadMaster. This vulnerability is due to improper user input validation when processing REST API requests. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to a target server. Successful exploitation can lead to arbitrary command execution. |
| 10.0 | E24-gs3x1 | CVE-2023-36845CVSSCVSSv3CWE-77URL | Exploits | This strike exploits a PHP environment variable manipulation vulnerability in Juniper SRX firewalls and EX switches. This vulnerability is due to improper handling of PHP's auto_prepend_file and allow_url_include configurations. By enabling both, an attacker could inject malicious code through URL-based data wrappers, such as data://. A remote, unauthenticated attacker can send specially crafted HTTP requests, setting PHPRC to /dev/fd/0 to include arbitrary PHP code directly from the request body. Successful exploitation can lead to remote code execution with root privileges, potentially resulting in full system compromise. |
| 10.0 | E24-gfsn1 | CVE-2023-20887CVSSCVSSv3CWE-77URL | Exploits | This strike exploits a command injection vulnerability in Vmware Aria Operations for Networks. The vulnerability is due to improper input handling in API requests and an Nginx misconfiguration that allows access to the restricted internal API endpoint /resttosaasservlet. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted requests, bypassing the Nginx reverse proxy configuration. Successful exploitation can lead to the execution of arbitrary commands on the underlying operating system with root privileges, potentially resulting in full system compromise. |
| 9.0 | E24-gzdj1 | CVE-2023-46263CVSSCVSSv3CWE-434URL | Exploits | This strike exploits an arbitrary file upload vulnerability in Ivanti Avalanche. The vulnerability is due to inadequate validation of the txtUncPath field in the Central FileStore configuration settings. A remote authenticated attacker can exploit this by setting the file storage path to target unauthorized directories, specifically the RemoteControl server's webroot. The insufficient checks allow the attacker to bypass blacklist restrictions, enabling malicious files to be uploaded and executed as SYSTEM on the server. Successful exploitation of this vulnerability could lead to remote code execution in the context of the user using the vulnerable server. |
| 7.8 | E24-gzdi1 | CVE-2023-46262CVSSCVSSv3CWE-918 | Exploits | This strike exploits a server site request forgery vulnerability in Ivanti Avalanche in versions prior to 6.4.2. This vulnerability is due to insufficient validation of parameter port, which is parsed as string, where request could potentially be made to a attacker controlled location and path. Successful exploitation could result in information disclosure or spoofing conditions. |
| 7.5 | E24-18jt1 | CVE-2021-3129CVSSCVSSv3CWE-94URL | Exploits | This strike exploits a file upload vulnerability in Laravel Ignition. The issue arises because of the insecure usage of file_get_contents() and file_put_contents() present in the Ignition module. This allows an attacker to inject malicious scripts in the viewFile parameter of the solutions present in the Ignition module. A remote, unauthenticated attacker could exploit this vulnerability by sending a specially crafted request to the target server. Successful exploitation can lead to arbitrary code execution. |
| 7.5 | E24-eb2d2 | CVE-2022-21445CVSSCVSSv3CWE-502URL | Exploits | This strike exploits an insecure deserialization vulnerability in Oracle JDeveloper ADF Faces. The vulnerability is due to insufficient validation of HTTP request. A remote unauthenticated attacker can exploit this vulnerability by sending crafted HTTP request to the vulnerable server. Successful exploitation of this vulnerability could lead to remote code execution in the context of the user using the vulnerable server. |
| 7.5 | E24-cnbu1 | CVE-2021-44026CVSSCVSSv3CWE-89URL | Exploits | This strike exploits an SQL injection vulnerability in Roundcube. The vulnerability is due to insufficient validation of user-provided search_params data.To execute the attack, the malicious actor must first authenticate within a Roundcube session. Upon successful exploitation,the attacker could read sensitive information, modify database content, or escalate privileges based on the permissions granted to the database account that Roundcube utilizes. |
| 7.5 | E24-9ty91 | CVE-2020-12641CVSSCVSSv3CWE-78URL | Exploits | This strike exploits remote code execution vulnerability in Roundcube webmail. The vulnerability is due to the im_convert_path configuration setting, which allows a remote, unauthenticated attacker with access to the Roundcube installer to inject system commands. These commands execute whenever a user opens an email containing a "non-standard" image. Successful exploitation could lead to arbitrary command execution. |
| 6.8 | E24-0z7g1 | CVE-2020-1020CVSSCVSSv3CWE-787 | Exploits | This strike exploits a Buffer Overflow vulnerability in the Microsoft Adobe Font Manager Library. The vulnerability is due to improper handling of VToHOrigin records in multiple master Type 1 fonts. An unauthenticated attacker can exploit the vulnerability by convincing a user to use a specially crafted font. Successful exploitation could result in arbitrary code execution with kernel or UMFD permissions or denial of service condition. |
| 6.4 | E24-ixon1 | CVE-2024-37383CVSSCVSSv3CWE-79URL | Exploits | This strike exploits reflected cross-site scripting vulnerability in Roundcube webmail. The vulnerability is due to improper validation and sanitisation of the incoming email messages containing an html code with svg animate attributes. A remote attacker could exploit this vulnerability by enticing the target to open a malicious email. Successful exploitation would result in execution of script code in the security context of the target user's browser |
| 5.0 | E24-044w1 | CVE-2016-0752CVSSCVSSv3CWE-22URL | Exploits | This strike exploits a Directory Traversal vulnerability in the web component of Ruby Rails. The vulnerability is due to unrestricted use of the render method. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request. Successful exploitation could result in unauthorized file access and leakage of sensitive data. |
| 5.0 | E24-ehx91 | CVE-2022-30333CVSSCVSSv3CWE-22URL | Exploits | This strike exploits a Directory Traversal vulnerability in the RARLAB UnRAR. The vulnerability is due to improper handling of relative file paths when extracting RAR archives containing symbolic links. An remote attacker can exploit the vulnerability by convincing a user to extract a maliciously crafted rar file . Successful exploitation could result in a file being created outside of the expected location and may result in arbitrary code execution. |
| 4.6 | E24-3hkb1 | CVE-2017-16651CVSSCVSSv3CWE-552URL | Exploits | This strike exploits Local File Inclusion vulnerability in Roundcube webmail. The vulnerability occurs due insufficient input validation in conjuction with the file-based attachment plugins. An authenticated remote attacker with an active session can exploit this vulnerability by sending crafted request to the server. Successful exploitaion of this vulnerability leads to information disclosure by accessing arbitrary files |
| 4.3 | E24-zi9z1 | CVE-2013-2423CVSSCVSSv3CWE-265URL | Exploits | This strike exploits a design weakness vulnerability in Oracle Java JRE/JDK. This vulnerability is due to improper validation of user supplied input. A remote attacker could exploit this vulnerability by enticing a user to open a crafted webpage and can result in remote code execution in the context of the user running the browser. |
| 2.1 | E24-0zjs1 | CVE-2020-1464CVSSCVSSv3CWE-347URL | Exploits | This strike exploits a signature spoofing vulnerability in the Microsoft Windows MSI file verification. This vulnerability is due to the MsiSIPVerifyIndirectData() function ignoring appended data during digital signature verification. Successful exploitation leads to remote code execution in the context of the user running the malicious file. |
| Component | Info |
|---|---|
| Apps | Updated the MongoDB Demo Super Flow. |
| Apps | Fixed nil error from uninitialized sequence number in SMBv2. |
| Security | Fixed missing new line in strike targeting CVE-2018-8096. |