Ticket | Info |
---|---|
DE8360 | Strikes using SSL now close correctly with a four way FIN in back to back. |
DE8582 | Stopped duplicate addition of sockets into session tracking array, which prevented some strikes from running correctly with SSL evasions enabled. |
DE8920 | Fixed a defect causing duplication of "Content-Type" header in SMTP and HTTP multipart-mime messages. |
Ticket | Info |
---|---|
US80591 | Two extra superflows were added that make use of TLS actions and implement the encrypted variant or RTMP called RTMPS. - BreakingPoint RTMPS Audio Data 1K - BreakingPoint RTMPS Audio Data 127K |
US83160 | Add tag 'Proxy' to superflow Facebook. |
US83536 | 'Youtube September 2016' superflows were changed to support Proxy scenarios and SNI field in TLS handshakes. |
US83543 | 'Google Map' superflows were changed to support Proxy scenarios and SNI field in TLS handshakes. |
Name | Category | Info |
---|---|---|
HTTPS Simulated Vine with Client and Server Exchange Application Data | Social Networking/Search | Simulates the HTTPS sessions of Vine, a short-form video sharing service, with the client exchanging TLS application data with the server. |
RTMPS Audio Data 127K | Voice/Video/Media | A server sends 127kb of audio stream data to the client. The stream is TLS encrypted. |
RTMPS Audio Data 1K | Voice/Video/Media | A server sends 926 bytes of audio stream data to the client. The stream is TLS encrypted. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E12-zaxd1 |
BID-56457 CVE-2012-2897 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) |
Exploits | This strike exploits a vulnerability in the Windows Kernel-Mode driver caused by improper handling of memory objects while parsing TrueType fonts. A remote attacker could exploit the vulnerability to execute arbitrary code or cause a denial of service by enticing a user to open a specially crafted TrueType file. |
10.0 | E18-0mrp1 |
BID-102994 CVE-2018-4901 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) SECURITYTRACKER-1040364 URL |
Exploits | This strike exploits a stack overflow vulnerability in Adobe Acrobat Reader and Adobe Reader. The vulnerability is due to the computation that writes data past the end of the intended buffer. Successful exploitation may potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. |
9.3 | E18-0oj71 |
CVE-2018-7187 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) |
Exploits | This strike exploits a command execution vulnerability in Google Golang client. The vulnerability is due to insufficient sanitization of user input by the go get command. An authenticated attacker can entice the client to use "go get" on a malicious URL, a successful exploitation could results in a command injection on the target user. |
9.3 | E17-3hd91 |
BID-102140 CVE-2017-16397 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) URL ZDI-18-177 |
Exploits | This strike exploits an integer overflow vulnerability in Adobe Acrobat Reader ImageConversion component. The vulnerability is due to improper parsing of EMR_STRETCHDIBITS data records in an EMF file. Successful exploitation may result in execution of arbitrary code with user privileges. Failure to exploit will not typically result in a crash. |
7.8 | E18-0owa1 |
CVE-2018-7658 CVSS-7.8 (AV:N/AC:L/AU:N/C:N/I:N/A:C) URL |
Exploits | This strike exploits a denial of service vulnerability in Softros Network Time System service. The vulnerability is due to improper length validation of user input on port 7001. By exploiting this vulnerability, a remote, unauthenticated attacker could cause a Denial of Service against the target process. |
7.8 | E18-0ou71 |
CVE-2018-7583 CVSS-7.8 (AV:N/AC:L/AU:N/C:N/I:N/A:C) EXPLOITDB-44222 |
Exploits | This strike exploits a buffer-overflow vulnerability in DualDesk Proxy component. The vulnerability is due to improper length validation of user input on port 5500. By exploiting this vulnerability, a remote, unauthenticated attacker could cause a Denial of Service against the target process. |
7.6 | E18-3dwu3 |
BID-102089 CVE-2017-11918 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-43469 GOOGLE-1396 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. It is possible to create javascript in such a way that allows for created variables to escape analysis and get allocated to the stack. This can then allow for the dereference of uninitialized stack values. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
7.6 | E18-3dwq1 |
BID-102088 CVE-2017-11914 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-43713 GOOGLE-1403 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. It is possible to create javascript in such a way that allows for the scriptFunction to be exposed to the user as 'this' when getting the length property. When this happens type confusion occurs. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
7.6 | E18-3dwn1 |
BID-102087 CVE-2017-11911 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-43468 GOOGLE-1385 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the javascript Chakra engine. It is possible to create javascript in such a way that an out of bounds read can occur in ASM.js. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
7.5 | E18-0nmw1 |
CVE-2018-6024 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-44124 SCIP-113556 |
Exploits | This strike exploits an SQL injection vulnerability in the Project Log 1.5.3 for Joomla! The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure. |
7.5 | E18-0nm11 |
CVE-2018-5993 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-44106 SCIP-113529 |
Exploits | This strike exploits an SQL injection vulnerability in the Aist component for Joomla! The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure. |
7.5 | E17-3i5n1 |
CVE-2017-17419 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) ZDI-17-984 |
Exploits | An SQL injection vulnerability exists in Quest NetVault Backup appliance. The vulnerability is due to insufficient user-supplied input validation within Server Process Manager Service. The successful exploitation of this vulnerability can result in database information disclosure without authentication via a specially crafted HTTP GET request. |
7.5 | E18-0ob01 |
CVE-2018-6892 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-44027 EXPLOITDB-44175 URL |
Exploits | This strike exploits a buffer overflow vulnerability in CloudMe Sync software. The vulnerability is due to improper length validation of user input on port 8888. A remote, unauthenticated attacker can run arbitrary code on the target system by sending specially crafted payload to the listening port. Note: When run in one-arm mode against a Windows 7 SP1 x86 system, CloundMe Sync process will crash and calc.exe will be launched. |
7.5 | E18-matp1 |
BID-103049 CVE-2018-6789 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) SECURITYTRACKER-1040461 URL |
Exploits | This strike exploits a heap overflow vulnerability found in the base64_decode function of Exim SMTP listener. The vulnerability is due to improper handling of malformed base64 strings. A remote attacker can connect to the SMTP service and send a specially crafted SMTP authentication messages. |
7.5 | E17-3h0o1 |
BID-102079 CVE-2017-15944 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-43342 URL |
Exploits | This strike exploits a management interface authentication bypass vulnerability in Palo Alto Networks PAN-OS 6.1.18 and earlier, PAN-OS 7.0.18 and earlier, and PAN-OS 7.1.13 and earlier. Note: A remote user can exploit a combination of vulnerabilities in the management interface to execute arbitrary commands on the target system. The code will run with root privileges. This strike simulates panAuthCheck authentication bypass. |
6.8 | E18-0l0s1 |
BID-102560 CVE-2018-2636 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) EXPLOITDB-43960 URL |
Exploits | This strike exploits a path traversal vulnerability in the ProcessDimeRequest module on the Oracle Hospitality Simphony application. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation results in the disclosure of arbitrary file contents from the target server. |
6.0 | E18-0nsm1 |
CVE-2018-6230 CVSS-6.0 (AV:N/AC:M/AU:S/C:P/I:P/A:P) EXPLOITDB-44166 URL |
Exploits | This strike exploits an SQL injection vulnerability in Trend Micro Email Encryption Gateway. The vulnerability is due to the improper sanitization of searching string sent to searchEmail.jsp script. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure, database corruption, denial of service and others. |
5.0 | E18-08e81 |
CVE-2016-6272 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) EXPLOITDB-44098 |
Exploits | This strike exploits a SQL injection vulnerability in the Epic Systems Corporation MyChart. This vulnerability is due to improper sanitization for the GE parameter "topic". A remote attacker can access contents of an XML document containing static display strings, such as field labels on the target system. |
3.5 | E17-ma191 |
BID-101029 CVE-2017-12544 CVSS-3.5 (AV:N/AC:M/AU:S/C:N/I:P/A:N) SECURITYTRACKER-1039437 URL |
Exploits | This strike exploits a cross-site scripting vulnerability in HPE System Management Homepage. This vulnerability is due to inadequate input filtering in "prod" field. By exploiting this vulnerability an attacker could cause arbitrary scripting code to be executed by the target user's browser. |