| Ticket | Info |
|---|---|
| DE9305 | Added non-standard STUN packets that contain no padding to Whatsapp Audio/Video superflows. |
| DE9376 | Altered the session insertion routine to first remove sockets already closed. This was causing an unhandled exception in the session closing routing when SSL was enabled in a strike. |
| Ticket | Info |
|---|---|
| US83164 | Proxy support was added for Superflow "Gmailclassic_130508" |
| US83165 | HTTP Proxy support was added for all iTunes Mobile superflows: iTunes Mobile Music , iTunes Mobile Music TLS Encrypted, iTunes Mobile App Store, iTunes Mobile iBookstore. |
| US83167 | Add tag 'Proxy' to superflow Google Play Sandvine Bandwidth |
| US84062 | The following superflows now contain just one DNS action and the settings applied to it propagate to all subsequent DNS resolves which are not explicitly exposed:1. Baidu Access Network of Web Portals Feb 182. Baidu Browse Web Pages Feb 183. eBay Browse and Buy Items Feb 184. eBay Manage Personal Account Feb 185. GoogleEarthPro Access Google Account Feb 186. GoogleEarthPro Navigate the Globe Bandwidth Feb 187. GoogleEarthPro Navigate the Globe Feb 188. iTunes Desktop App Store Feb189. Reddit Account Management Feb 1810. Reddit Browse Content Feb 18 |
| Name | Category | Info |
|---|---|---|
| AOL Mail Mar18 | Email/WebMail | Emulates the use of the AOL Mail website as of March 2018. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. |
| Name | Category | Info |
|---|---|---|
| AOL Mail Mar 18 | Email/WebMail | Emulates the use of the AOL Mail website as of March 2018. All of the available actions for this flow are exercised. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. |
| AOL Mail Mar 18 Send Message | Email/WebMail | Emulates the use of the AOL Mail website as of March 2018. The user accesses the sign in page, signs in, views the inbox, sends a message then logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. |
| AOL Mail Mar 18 Send Message with Attachment | Email/WebMail | Emulates the use of the AOL Mail website as of March 2018. The user accesses the sign in page, signs in, views the inbox, sends a message with attachment then logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. |
| AOL Mail Mar 18 View Message | Email/WebMail | Emulates the use of the AOL Mail website as of March 2018. The user accesses the sign in page, signs in, views the inbox, views a message then logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. |
| AOL Mail Mar 18 View Message with Attachment | Email/WebMail | Emulates the use of the AOL Mail website as of March 2018. The user accesses the sign in page, signs in, views the inbox, views a message that contains an attachment then logs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. |
| MPEG-TS TLS Encrypted | Voice/Video/Media | An encrypted sample simulation of the MPEG transport stream running over TCP. MPEG-TS is a standard container format defined in ISO/IEC 13818-1, ITU-T Recommendation H.222.0 |
| iTunes Mobile Music TLS Encrypted | Voice/Video/Media | A mobile device purchasing and downloading music from the Apple iTunes store. This uses the ITunes (ITMS) protocol. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 9.3 | E18-0oqd1 |
BID-103427 CVE-2018-7445 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) EXPLOITDB-44290 URL |
Exploits | This strike exploits a remote command execution vulnerability in MikroTik RouterOS. The vulnerability is due to insufficient validation of NetBIOS session request messages within SMB service. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. |
| 8.5 | E17-3hvj1 |
CVE-2017-17055 CVSS-8.5 (AV:N/AC:M/AU:S/C:C/I:C/A:C) EXPLOITDB-43206 URL |
Exploits | This strike exploits a cross-site scripting vulnerability in Artica Web Proxy. This vulnerability is due to improper sanitization of user input sent as "username-form-id" field to "freeradius.users.php" script. By exploiting this vulnerability an attacker could execute arbitrary operating system commands as root. |
| 7.6 | E18-0hxx1 |
BID-100052 CVE-2017-8645 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-42469 GOOGLE-1271 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. If the Javascript engine cannot link the asmjs module it gets treated as a normal function, however, when this code is reparsed certain cases are not correctly handled, which can result in binding incorrect information to the constructor. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
| 7.6 | E18-3dvi1 |
BID-101731 CVE-2017-11870 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-43182 GOOGLE-1367 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to incorrectly optimize arguments in Javascript, which may cause type confusion to occur. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
| 7.6 | E18-3dv31 |
BID-101751 CVE-2017-11855 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-43371 GOOGLE-1378 |
Exploits | This strike exploits a vulnerability in the Microsoft Internet Explorer browser. Specifically, the vulnerability exists in jscript.dll. It is possible to create an uninitialized type variable when making a call to JsArraySlice. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
| 7.5 | E18-0omp1 |
CVE-2018-7313 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-44158 |
Exploits | This strike exploits an SQL injection vulnerability in the CW Tags for Joomla! The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit this by sending specifically crafted packets, potentially resulting in the execution of SQL commands which may lead to information disclosure. |
| 7.5 | E17-3i5o1 |
BID-102252 CVE-2017-17420 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) ZDI-17-985 |
Exploits | An SQL injection vulnerability exists in Quest NetVault Backup appliance. The vulnerability is due to insufficient user-supplied input validation within Server Process Manager Service. The successful exploitation of this vulnerability can result in database information disclosure without authentication via a specially crafted HTTP request. |
| 7.5 | E17-3i5g1 |
BID-102252 CVE-2017-17412 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) ZDI-17-974 |
Exploits | An SQL injection vulnerability exists in Quest NetVault Backup appliance. The vulnerability is due to insufficient user-supplied input validation within Server Process Manager Service. The successful exploitation of this vulnerability can result in database information disclosure without authentication via a specially crafted HTTP request. |
| 7.5 | E17-3gkn1 |
CVE-2017-15367 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) ZDI-17-984 |
Exploits | An SQL injection vulnerability exists in Bacula Web appliance. The vulnerability is due to insufficient user-supplied input validation within job.php script. The successful exploitation of this vulnerability can result in database information disclosure without authentication via a specially crafted HTTP GET request. |
| 7.5 | E18-0oz01 |
CVE-2018-7756 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-44275 URL |
Exploits | This strike exploits a remote internal command access vulnerability in DEWESoft X3. The vulnerability is due to lack of authentication for sessions on TCP port 1999. By exploiting this vulnerability, a remote attacker could run internal commands, including executing arbitrary programs or disabling security features on target system. Note: When run in one-arm mode, this test will launch calc.exe on the target system. |
| 7.5 | E18-m9c11 |
CVE-2018-8828 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a heap overflow vulnerability within tmx_check_pretran function of modules/tmx/tmx_pretran.c, pertaining to the Kamailio SIP server. This vulnerability is due to insufficient sanitization of the input passed to the "From" tag. An attacker can exploit this vulnerability by sending a specially crafted SIP REGISTER request containing a header with a "From" tag. Successful exploitation may result in arbitrary code execution or denial of service. |
| 7.5 | E18-0ou82 |
CVE-2018-7584 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a buffer overflow vulnerability in the PHP command line interface. This vulnerability is due to improper sanitization for the HTTP header when server send http traffic back to client. A remote attacker can trigger buffer overflow result in Denial-of-Service by sending malicious response. |
| 7.5 | E18-0oj31 |
BID-103351 CVE-2018-7183 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a buffer overflow vulnerability in Network Time Protocol. The variables filtdelay, filtoffset, filtdisp, and filterror are copied to a finite length buffer without validation. A sufficiently large content length will overflow the buffer. Successful exploitation may result in arbitrary code execution or abnormal termination of the ntpd process, resulting in a denial of service condition. |
| 6.8 | E18-mar01 |
BID-102992 CVE-2018-4910 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) SECURITYTRACKER-1040364 URL ZDI-18-173 |
Exploits | This strike exploits a stack overflow vulnerability in Adobe Acrobat Reader and Adobe Reader. The vulnerability is due to the computation that writes data past the end of the intended buffer. Successful exploitation may potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. |
| 5.0 | E18-0omt1 |
CVE-2018-7317 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) EXPLOITDB-44159 |
Exploits | This strike exploits a file download vulnerability in Joomla! Component Proclaim The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could download sql files under backup folder via direct requests. |
| 5.0 | E18-0y5h1 |
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) EXPLOITDB-44261 URL |
Exploits | This strike exploits a SQL injection vulnerability in the Redaxo CMS Addon MyEvents. This vulnerability is due to improper sanitization for the parameter "myevents_id". A remote attacker can access backend contents with successful exploitation. |
| 5.0 | E18-0opq1 |
CVE-2018-7422 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) EXPLOITDB-44340 URL |
Exploits | This strike exploits a local file inclusion vulnerability in Site Editor WordPress plugin. The vulnerability is due to improper sanitization of "ajax_path" parameter in requests to ajax_shortcode_pattern.php script. By exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server. Note: When run in one-arm mode, this strike will retrieve the content of /etc/passwd file. The vulnerable ajax_shortcode_pattern.php script must be available at default location (http://[server]/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php). |
| 5.0 | E18-0ou61 |
CVE-2018-7582 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) EXPLOITDB-44271 URL |
Exploits | This strike exploits a remote denial of service vulnerability in WebLog Expert Web Server Enterprise. The vulnerability is due to improper header parsing in HTTP requests on port 9991. By exploiting this vulnerability, a remote, unauthenticated attacker could cause a denial of service against the target process. |
| 5.0 | E18-0olw1 |
CVE-2018-7284 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Exploits | This strike exploits a stack corruption vulnerability in Digium Asterisk. SIP SUBSCRIBE messages with multiple malformed Accept headers will cause stack corruption. Successful exploitation may result in arbitrary code execution or abnormal termination of the Asterisk service. |
| 5.0 | E18-0oey1 |
CVE-2018-7034 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) URL |
Exploits | This strike exploits an information disclosure vulnerability in TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices. An attacker can use global variable $AUTHORIZED_GROUP to bypass security checks and use it to read arbitrary files. |
| 5.0 | D18-8vc31 |
CVE-2018-1000099 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Denial | This strike exploits a denial of service vulnerability in Digium Asterisk. A SIP message with an invalid fmtp field will cause a segmentation fault. Successful exploitation may result in a segmentation fault leading to abnormal program termination. |
| 3.6 | E17-0g5n1 |
BID-101502 CVE-2017-6331 CVSS-3.6 (AV:L/AC:L/AU:N/C:N/I:P/A:P) SECURITY_TRACKER-1039775 URL |
Exploits | This strike exploits a tamper-protection bypass vulnerability in Symantec Endpoint Protection. The vulnerability is due to lack of User Interface Privilege Isolation for source validation of Windows API messages. By exploiting this vulnerability, an attacker could alter Symantec Endpoint Protection user interface that could result in denying end user ability to use the antivirus or displaying to the end user erroneous information about antivirus activity. |