Name | Category | Info |
---|---|---|
Youtube Dec18 | Voice/Video/Media | YouTube is an American video-sharing website. The site allows users to play, upload, share, rate and comment on videos. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Name | Category | Info |
---|---|---|
Youtube Dec18 | Voice/Video/Media | Simulates the use of Youtube site as of December 2018. The user performs the following actions signs in, searches a video, plays the video, pauses it, likes it, unlikes it, adds the video to a playlist, subscribes to a channel, unsubscribes, accesses Subscriptions, accesses Playlists, removes video from the playlist, accesses Trending, accesses History, signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Youtube Dec18 Bandwidth | Voice/Video/Media | Simulates the use of Youtube site as of December 2018. The user performs the following actions signs in, searches a video, plays the video, pauses it, likes it, unlikes it, adds the video to a playlist, subscribes to a channel, unsubscribes, accesses Subscriptions, accesses Playlists, removes video from the playlist, accesses Trending, accesses History, signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The 'Max. Request/Response Pairs per Action' and 'Max. Generated File Size' flow parameters can be used to control the number and size of the interactions performed by the actions. |
Youtube Dec18 Browse Sections | Voice/Video/Media | Simulates the use of Youtube site as of December 2018. The user performs the following actions signs in, accesses Subscriptions, accesses Playlists, accesses Trending, accesses History, signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Youtube Dec18 Play Video | Voice/Video/Media | Simulates the use of Youtube site as of December 2018. The user performs the following actions signs in, searches a video, plays the video, pauses it, likes it, unlikes it, adds the video to a playlist, subscribes to a channel, unsubscribes, signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
Youtube Dec18 Upload Video | Voice/Video/Media | Simulates the use of Youtube site as of December 2018. The user performs the following actions signs in, uploads a video, accesses Subscriptions, accesses Playlists, accesses Trending, accesses History, signs out. This protocol uses dynamically created flows to simulate the various internal actions performed by a modern Web browser. Because these dynamic flows may be large in number and may contain a large amount of generated data, profile creation and test initialization may require a considerable amount of time. The "Max. Request/Response Pairs per Action" and "Max. Generated File Size" flow parameters can be used to control the number and size of the interactions performed by the actions. DNS resolution is always performed for each host. Delete the DNS host from the Super Flow to disable this feature. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
9.0 | E18-0p6d1 |
CVE-2018-8021 CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C) EXPLOITDB-45933 |
Exploits | A remote code execution exists in Apache Superset through the 'Import Dashboards' feature. The vulnerability exists as a result of an insecure 'pickle' deserialization, allowing execution of arbitrary methods from the Python library. An authenticated attacker can therefore execute arbitrary code on the target system under the user that runs the 'gunicorn' webserver. |
7.6 | D18-0pl43 |
BID-105786 CVE-2018-8552 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-45924 GOOGLE-1666 |
Denial | This strike exploits a vulnerability in the Microsoft Internet Explorer Browser. Specifically, the vulnerability exists in the VBScript component. An input array can be resized during an rtFilter call causing an out of bounds memory read to occur. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
7.6 | D18-0pkw1 |
BID-105787 CVE-2018-8544 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-45923 GOOGLE-1659 |
Denial | This strike exploits a vulnerability in the Microsoft Internet Explorer Browser. Specifically, the vulnerability exists in VBScript. If a Variant is an object, the object destructor is going to be called and the variant type will be unset. It is possible for the object destructor to then call the attacker controlled code to free the memory holding the variant, and if called upon later a use after free condition will occur. This may lead to a denial of service condition in the browser, or potentially remote code execution. |
7.5 | E18-mc0z1 |
CVE-2018-18820 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) SECURITYTRACKER-1042019 URL |
Exploits | This strike exploits a buffer overflow vulnerability found in Icecast server. The vulnerability is due do insufficient offset calculations while copying user-supplied data into a stack-based buffer within 'url_add_client' pertaining to 'auth_url.c'. By crafting a malicious HTTP request, an attacker can cause denial of service conditions or achieve code execution on the target device. |
7.5 | E18-5iy71 |
BID-105888 CVE-2018-11759 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) SCIP-126346 URL |
Exploits | This strike exploits an access bypass vulnerability in Apache Tomcat JK Status Manager. By inserting a semicolon after the jkstatus uri, access restrictions are bypassed. An attacker could send specially crafted HTTP GET requests to change ports, resulting in a denial of service condition, or to disclose information about the target server. |
6.8 | E18-5o7s1 |
CVE-2018-18584 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits an off-by-one vulnerability in libmspack library. This vulnerability is due to improper handling of block alignment when processing blocks using quantum compression within 'cabd_sys_read_block' function. The vulnerability can be exploited by crafting a malicious CAB file with an application that uses the vulnerable library. Successful exploitation may result in execution of arbitrary code with user privileges. |
6.8 | E18-5niq1 |
CVE-2018-17682 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) ZDI-18-1151 |
Exploits | A use-after-free vulnerability exists in Foxit Reader. The specific flaw resides within the handling of the delay property for 'Annotation' objects. Successful exploitation may result in execution of arbitrary code with user privileges. Failure to exploit will not typically result in a crash. |
5.0 | E18-5lzv1 |
CVE-2018-15707 CVSS-5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N) URL |
Exploits | An unauthenticated stored cross-site scripting vulnerability exists in Advantech WebAccess. The vulnerability resides within 'bwMainLeft.asp' and can be exploited by crafting a GET request containing a malicious 'pname' parameter. By exploiting this vulnerability an attacker could execute arbitrary scripts on the target browser. |
4.6 | B18-3bm91 |
CVSS-4.6 (AV:L/AC:L/AU:N/C:P/I:P/A:P) URL |
Backdoors | This strike creates an Empire Python launcher backdoor. This backdoor will try to connect to the hacker's server and setup a connection which would allow the hacker to use other modules such as remote code execution in Empire. |
4.3 | E18-5op21 |
CVE-2018-19206 CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N) URL |
Exploits | This strike exploits a cross-site scripting vulnerability in Roundcube Webmail. The vulnerability is due to improper parsing when verifying attached HTML documents for script tags which can be bypassed by using a certain sequence of HTML tags. By exploiting this flaw, an attacker may be able to execute malicious scripts in the victim's browser which may lead to account hijacking. |