Ixia ATI Update 2018-18 (339978)

New Protocols & Applications (2)

Name Category Info
Sina Weibo Aug18 Social Networking/Search Sina Weibo is a Chinese microblogging website. As one of the most popular social media platforms in China, it offers many features similar to twitter, such as blogging with photo or video; following; re-posting, etc. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
MTConnect Testing and Measurement MTConnect is an open, royalty free standard designed for the exchange of data between shop floor equipment and software applications used for monitoring and data analysis. Data from devices is presented in XML format, and is retrieved from information providers, called Agents, using HTTP as the underlying transport protocol.

New Super Flows (3)

Name Category Info
Sina Weibo Sign in and Sign Out Aug18 Social Networking/Search The user performs the following actions - loads and signs in to Sina Weibo with user's email and a password; then signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
Sina Weibo Social Media Operations Aug18 Social Networking/Search The user performs the following actions - Sign in to Sina Weibo with an email and password; publishes 3 blogs - one with text only; one with text and photo; and one with text and video; then user gives thumb up to one of the post, and writes a comment. In the end user signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature.
MTConnect Probe and Retrieve Samples Testing and Measurement Simulates a standard conversation between an application and an MTConnect Agent. The client first issues a Probe request to determine the capabilities of a device, its component structure and all the available data items for each component. Then a Current request is issued to acquire the latest values of all the data items, followed by a sequence of Sample requests.

New Strikes (18)

CVSS ID References Category Info
10.0 E18-mble1 BID-105016
CVE-2018-8414
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
SECURITYTRACKER-1041458
URL
Exploits This strike exploits a remote code execution vulnerability in Windows Shell. The vulnerability is due to improper paths parsing in SettingContent-ms files. An attacker can entice a target to open a specially crafted settingcontent-ms file to trigger the vulnerability. Successful exploitation will result in execution of arbitrary code.
9.0 E18-1uzs1 CVE-2018-15839
CVSS-9.0 (AV:N/AC:L/AU:N/C:P/I:P/A:C)
URL
Exploits This strike exploits a buffer overflow vulnerability inside D-Link DIR-615 devices. The vulnerability is due do insufficient user input validation passed to SessionID parameter. By crafting a malicious HTTP request, an attacker can cause DoS conditions or achieve code execution on the target device.
7.6 E18-0p9h1 BID-103982
CVE-2018-8133
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
EXPLOITDB-44817
GOOGLE-1542
Exploits This strike exploits a vulnerability in Microsoft Edge. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that will allow for type confusion to occur when a call to the EntrySimpleObjectSlotGetter method is made. This may lead to a denial of service condition in the browser, or potentially remote code execution.
7.6 E18-mauz2 BID-103288
CVE-2018-0893
CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C)
SECURITYTRACKER-1040507
URL
Exploits This strike exploits a vulnerability in Microsoft Edge. Specifically, the vulnerability exists in the Javascript Chakra engine. It is possible to craft Javascript in such a way that an object is passed to the InstanceOf method to dereference a pointer value of an assumed type, which can be changed causing type confusion to occur. This may lead to a denial of service condition in the browser, or potentially remote code execution.
7.5 E17-hfcu1 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a file upload vulnerability present in Joomla mod_simplefileupload plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool.
7.5 E18-wn9b1 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a file upload vulnerability present in Joomla com_sexycontactform plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker Tool.
7.5 E18-mygl1 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a file upload vulnerability present in Joomla com_rokdownloads plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and executing them. Note: This vulnerability was disclosed by the XAttacker Tool.
7.5 E18-5ng21 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a file upload vulnerability present in Joomla com_jwallpapers plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: The vulnerability was found by analyzing the XAtacker tool.
7.5 E18-i8051 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a file upload vulnerability present in Joomla com_facileforms plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: The vulnerability was found by analyzing the XAtacker tool.
7.5 E18-pjc91 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a file upload vulnerability present in Joomla com_extplorer plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and executing them. Note: This vulnerability was disclosed by the XAttacker Tool.
7.5 E17-fdys1 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a file upload vulnerability present in Joomla com_adsmanager plugin. By exploiting this vulnerability, an unauthenticated attacker can run arbitrary code by uploading files on the server and execute them. Note: This vulnerability was disclosed by the XAttacker tool.
7.1 D18-0nf01 CVE-2018-5740
CVSS-7.1 (AV:N/AC:M/AU:N/C:N/I:N/A:C)
URL
Denial This strike exploits a vulnerability in ISC's BIND DNS Server. The vulnerability is due to improper handling of certain responses when BIND is configured to use the deny-answer-aliases feature. A remote attacker could exploit this vulnerability by providing a specific response to a DNAME or ANY query to a vulnerable BIND server. Successful exploitation leads to denial-of-service conditions.
6.8 E18-mb191 BID-103942
CVE-2018-3850
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
SECURITYTRACKER-1040733
URL
Exploits This strike exploits a use-after-free vulnerability in the JavaScript engine of Foxit PDF Reader. This vulnerability is triggered when trying to access a XFS object properties after closing the Doc object related to a document. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code.
6.8 E18-5kww1 CVE-2018-14304
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
ZDI-18-764
Exploits This strike exploits a use-after-free vulnerability in the JavaScript engine of Foxit PDF Reader. This vulnerability is triggered when accessing an annotation's noteIcon property while the annotation object is being destroyed. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PDF file, resulting in possible execution of arbitrary code.
6.8 E18-5iyo1 CVE-2018-11776
CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P)
URL
Exploits This strike exploits a remote code execution vulnerability found in Apache Struts2 Core. The vulnerability is due to the lack of sanitization while parsing input passed to 'namespace' parameter within conditionalParse() method. The vulnerability can be exploited by crafting a malicious HTTP GET request, which contains within the URL an OGNL expression which will be evaluated and executed serverside. Successful exploitation may result in executing arbitrarily code within the context of the user running the webservice.
5.0 E18-0p5y1 CVE-2018-8006
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)
URL
Exploits A reflected cross side scripting vulnerability is present in Apache ActiveMQ. The vulnerability takes advantage of "QueueFilter" parameter that is transmitted when performing searches for queues. By exploiting this flaw, an attacker obtains client-side Javascript code execution within victim's browser which can lead to information disclosure and credentials theft.
5.0 E18-5m0x1 CVE-2018-15745
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)
EXPLOITDB-45296
Exploits This strike exploits a directory traversal found in Argus Surveillance DVR. The vulnerability is due to insufficient user input sanitization passed to the 'RESULTPAGE' parameter. A specially crafted HTTP request could allow an attacker to read arbitrary files from the file system.
5.0 E18-aj8c1 CVE-2017-1000028
CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)
EXPLOITDB-39441
URL
Exploits This strike exploits a directory traversal found in GlassFish open source Java EE project. The vulnerability is due to insufficient user input sanitization passed through the URI, addressing various resources. A specially crafted HTTP GET request could allow an attacker to read arbitrary files from the file system.