Ticket | Info |
---|---|
DE10101 | Fixed host headers for Strikes E02-09101, E02-09102. |
DE10140 | Strikes that do not specify a HTTP 'Content-Length' header, but send a POST, PUT, or PATCH with no body, now include a default 'Content-Lenght' header with '0' as value, according to RFC7231. |
DE10141 | Strikes that do not specify a HTTP 'Content-Type' header, but send a POST, PUT, or PATCH, now include a default 'Content-Type' header of 'application/octet-stream' according to RFC7231. |
Ticket | Info |
---|---|
US92625 | Changed the last 'delay' action from the superflow 'BreakingPoint SIP/RTP Direct Voice Call (TCP Transport)' to be done on the client size. |
US92626 | Patched the 'BreakingPoint SIP/RTP Direct Voice Call (TCP Transport)' superflow to fill the 'Via' header correctly when using both the proxy and NAT flags. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
7.8 | E18-0m191 |
CVE-2018-3949 CVSS-7.8 (AV:N/AC:L/AU:N/C:C/I:N/A:N) URL |
Exploits | This strike exploits a directory traversal vulnerability in TP-Link TL-R600VPN router. The vulnerability can be exploited by issuing GET requests to the '/help' path. Since the webserver runs with root privileges, an attacker may gain access to the contents of any file residing on the file system. |
7.8 | E18-5lzw1 |
CVE-2018-15708 CVSS-7.8 (AV:N/AC:L/AU:N/C:C/I:N/A:N) URL |
Exploits | This strike exploits a remote code execution vulnerability in Nagios XI Snoopy component. The vulnerability resides in the lack of request sanitization when parsing the 'url' parameter within 'magpie_debug.php' file. By providing the '-o' flag within the parameter's value, an attacker is able to download a Php script from an arbitrary url and dump it to a publicly accessible path in order to execute commands on the target system. |
7.6 | D18-0no12 |
BID-103297 CVE-2018-6065 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-44584 GOOGLE-1526 |
Denial | This strike exploits a vulnerability in the Google Chrome browser. Specifically, the vulnerability exists in the Google Chrome V8 javascript engine. By passing a prototype chain of objects with a large expected_nof_properties the instance_size value can be controlled. An integer overflow results in too small of a value being used causing memory corruption to occur. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
7.6 | D18-0no01 |
BID-103297 CVE-2018-6064 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-44394 GOOGLE-1498 |
Denial | This strike exploits a vulnerability in the Google Chrome browser. Specifically, the vulnerability exists in the Google Chrome V8 javascript engine. It is possible to change the elements kind by getters. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
7.5 | E18-5op31 |
BID-105921 CVE-2018-19207 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a remote code execution existing in the WordPress GDPR Compliance plugin. The vulnerability resides in the lack of requests authorization when performing the AJAX 'wpgdprc_process_action' call as a unauthenticated user, resulting in alteration of database entries. An attacker is thus able to add a privileged user to a WordPress platform and subsequently execute PHP code as the user under which the HTTP server runs. |
7.5 | E18-5lb41 |
BID-105728 CVE-2018-14816 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) SECURITYTRACKER-1041939 URL |
Exploits | This strike exploits a buffer overflow vulnerability in Advantech WebAccess. The vulnerability is due to lack of boundary checks while copying user-supplied data into a stack buffer within BwPSLinkZip.exe. By building a special RPC request, an attacker can cause arbitrary code execution or abnormal termination of the WebAccess process. |
7.5 | E18-0l8h1 |
BID-105651 CVE-2018-2913 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a buffer overflow vulnerability in Oracle GoldenGate Manager. The vulnerability is due to an input validation error when processing malformed command names. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed command to the target application. Successful exploitation could lead to arbitrary code execution. |
5.0 | E18-5m001 |
CVE-2018-15712 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) URL |
Exploits | An unauthenticated stored cross-site scripting vulnerability exists in Nagios XI web interface. The vulnerability resides within 'api_tool.php' and can be exploited by crafting a GET request containing a malicious 'host' parameter. The parameter's value is then stored in bpi.conf and is later included in the web management interface. By exploiting this vulnerability an attacker could execute arbitrary scripts on the target browser. |
5.0 | E18-5oq61 |
CVE-2018-19246 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) EXPLOITDB-45861 |
Exploits | This strike simulates an exploitation of a local file inclusion vulnerability present in PHP Proxy. The vulnerability results from the lack of input sanitization when handling the 'q' parameter. By exploiting this flaw, an attacker could read arbitrary files from the server's file system. |
4.3 | E18-5orb1 |
CVE-2018-19287 CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N) EXPLOITDB-45880 |
Exploits | This strike exploits a command injection vulnerability in WordPress Plugin Plainview Activity Monitor. The vulnerability is due to improper sanitization of the ip parameter under lookup mode. By successfully exploiting this vulnerability, an authenticated attacker could perform remote code execution on the target server. |
4.3 | E18-5mgz1 |
CVE-2018-16323 CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N) URL |
Exploits | This strike exploits an out of bounds array-indexing vulnerability in ImageMagick. The vulnerability is due to uninitialized data when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. By enticing a user to process or upload a specially crafted image to a server which automatically processes images, an attacker could obtain sensitive information from the target system. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
7.5 | E18-8vck1 |
CVE-2018-1000116 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | Remade strike |