| Ticket | Info |
|---|---|
| DE10249 | The year meta attribute has been added to the following strikes: E17-hfcu1, E17-cceq1, E17-nmv01, E17-a8ob1, E17-fdys1, E18-5jiq1. |
| DE10267 | Added "TLS Close Notify" actions to the Citrix superflows in order to mitigate the high memory utilization in Traffic Rewind tests. |
| DE10268 | Attachment Transfer Encoding options have been added for "SMTP" , "POP3-Advanced", and "IMAPv4-Advanced" flows. |
| DE10273 | The destination ports of the encrypted flows in 'ActiveSync Encrypted' and 'HTTP Live Streaming' SuperFlows were changed to 443. |
| DE10284 | The parameters Username and password under the action Send CONNECT have now been exposed in the UI. |
| Ticket | Info |
|---|---|
| US93330 | Ouch 4.1 protocol implementation, and superflow "OUCH41" were updated according to the latest NASDAQ Ouch 4.1 release 12/07/2018 available athttp://nasdaqtrader.com/content/technicalsupport/specifications/TradingProducts/ouch4.1.pdf |
| Name | Info |
|---|---|
| Enterprise 2018 | Proxy-enabled traffic demonstrating the bandwidth consumption reported in an undisclosed enterprise application usage report. |
| Enterprise Datacenter Proxy-Enabled | Proxy-enabled traffic whose distribution is representative of an enterprise datacenter network. The traffic mix includes Oracle, Citrix, e-mail and HTTP. |
| Enterprise Proxy-Enabled | Proxy-enabled traffic whose distribution is representative of an enterprise network. |
| IPS - Enterprise Traffic Proxy-Enabled | Proxy-enabled traffic comprised of protocols such as SSH, RTSP, and BitTorrent. Designed to test an IPS. |
| Industrial Enterprise Traffic Mix Proxy-Enabled | Proxy-enabled traffic simulating the mix of applications measured in a typical industrial enterprise. |
| FW - Enterprise Traffic Proxy-Enabled | Proxy-enabled traffic comprised of protocols such as SSH, RTSP, and BitTorrent. Designed to test a firewall. |
| NGFW Enterprise Perimeter Traffic Mix Proxy-Enabled | Proxy-enabled traffic simulating the enterprise perimeter protocol mix described in a Next Generation Firewall Test Methodology report. |
| NGFW European Mobile Carrier Traffic Mix Proxy-Enabled | Proxy-enabled traffic simulating the European mobile carrier protocol mix described in a Next Generation Firewall Test Methodology report. |
| NGFW Financial Traffic Mix Proxy-Enabled | Proxy-enabled traffic simulating the financial protocol mix described in a Next Generation Firewall Test Methodology report. |
| NGFW Internal Segmentation Traffic Mix Proxy-Enabled | Proxy-enabled traffic simulating the internal segmentation protocol mix described in a Next Generation Firewall Test Methodology report. |
| NGFW US Mobile Carrier Traffic Mix Proxy-Enabled | Proxy-enabled traffic simulating the US mobile carrier protocol mix described in a Next Generation Firewall Test Methodology report. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E19-5oxq1 |
CVE-2018-19518 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a remote code execution vulnerability in the PHP imap_open function on Ubuntu or Debian. This vulnerability is due to improper handling of the -oProxyCommand values when a client sends http traffic to the server which has some imap functionality. A remote attacker can exploit this vulnerability by sending crafted http requests to the target server. Successful exploitation results in remote code execution. *Note: Actual exploit depends on server config and other parameters, this exploit demonstrate an server with username, password and hostname parameters. Exploit is under hostname parameter. |
| 10.0 | E19-5ouj1 |
CVE-2018-19403 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a remote code execution in Zoho ManageEngine OpManager. The vulnerability is due to deserialization of untrusted data by the DataMigrationServlet component. A remote attacker can exploit this vulnerability by sending crafted HTTP requests to the target server. Successful exploitation results in remote code execution. |
| 10.0 | E19-0jvs1 |
BID-106301 CVE-2018-1160 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-46034 EXPLOITDB-46048 |
Exploits | This strike exploits an out-of-bounds write in Netatalk package. The vulnerability is due to a missing bounds check in the handling of the DSI Opensession command. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target application. Successful exploitation could lead to arbitrary code execution with privileges of the root user. |
| 9.3 | E19-0ply1 |
CVE-2018-8582 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) SECURITYTRACKER-1042110 URL |
Exploits | This strike exploits a buffer overflow vulnerability in Microsoft Outlook client. The vulnerability is due to insufficient input validation of an unknown header field of Outlook Rules (RWZ) files. A remote attacker could exploit this vulnerability by enticing a user to import a maliciously crafted file. Successful exploitation could lead to arbitrary code execution in the context of the user. |
| 9.3 | E19-mbv51 |
APSB-18-30 BID-105432 CVE-2018-15982 CVSS-9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C) SECURITYTRACKER-1041809 |
Exploits | This strike exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a use after free in com.adobe.tvsdk.mediacore.metadata. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process. |
| 7.6 | E19-0mez1 |
CVE-2018-4443 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-46071 |
Exploits | This strike exploits a vulnerability in Apple WebKit. Specifically, the vulnerability exists in the AbstractValue Set method. Javascript can be crafted in such a way that the attacker can write into the immutable butterfly of a Copy on Write array. This can lead to a use after free condition causing a denial of service or potentially lead to remote code execution. |
| 7.6 | D18-0pnb1 |
CVE-2018-8631 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) EXPLOITDB-46001 |
Denial | This strike exploits a vulnerability in the Microsoft Internet Explorer Out-Of-Bound write. Specifically, the vulnerability exists in the Javascript JsArrayFunctionHeapSort. It is possible to craft Javascript in such a way that will cause a denial of service condition in the browser. |
| 7.5 | E19-5ljr1 |
CVE-2018-15127 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a heap buffer overflow vulnerability in libVNC LibVNCServer. The vulnerability is due to improper validation of the file transfer request size by the File Transfer extension. Successful exploitation may result in remote code execution on the target server. |
| 7.5 | E19-0di61 |
CVE-2017-2894 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | A stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose. The vulnerability is due to insufficient input validation when processing MQTT 'SUBSCRIBE' messages within mg_mqtt_broker_handle_subscribe method. To trigger this vulnerability, an attacker must send a specially crafted MQTT packet over the network. Successful exploitation results in remote code execution or denial of service conditions of the application. |
| 6.8 | E19-5oj51 |
BID-106106 CVE-2018-18993 CVSS-6.8 (AV:N/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a buffer overflow vulnerability in OMRON CX-One CX-Position. When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application. Successful exploitation could lead to arbitrary code execution. |
| 5.5 | E19-0zkf1 |
CVSS-5.5 (AV:N/AC:L/AU:S/C:P/I:P/A:N) EXPLOITDB-46095 URL |
Exploits | This strike exploits an SQL injection vulnerability in Dolibarr ERP-CRM. The vulnerability is due to the improper sanitization of requests sent to the application. An attacker could exploit. this by sending a specifically crafted 'rowid' parameter, potentially resulting in the execution of SQL commands which may lead to information disclosure. |
| 5.4 | E19-5ngu1 |
CVE-2018-17614 CVSS-5.4 (AV:A/AC:M/AU:N/C:P/I:P/A:P) URL |
Exploits | An exploitable stack-based buffer overflow exists in Losant Arduino MQTT client library. The vulnerability is a result of improper checks when a MQTT PUBLISH packet is received by the client which leads to certain memory areas from the stack to be overwritten. By controlling a rogue server, an attacker may be able to obtain code execution on connected MQTT peers. |
| 5.0 | E19-5lb91 |
CVE-2018-14821 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Exploits | A heap buffer overflow exists in Rockwell Automation RSLinx Classic. The vulnerability is due to a flaw in the module that processes EtherNet/IP SendRRData messages. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed packet to the target service. Successful exploitation could lead to arbitrary code execution or crash of the vulnerable application. |
| 5.0 | E19-0oh71 |
BID-106211 CVE-2018-7115 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) SECURITYTRACKER-1042182 |
Exploits | This strike exploits a stack buffer overflow in Hewlett Packard Enterprise (HPE) Intelligent Management Center (IMC). An overly long user supplied curDir parameter sent to the dbman service gets written to a stack-based buffer with a fixed size causing a buffer overflow to occur. This can cause a denial of service condition to occur or potentially allow for remote code execution. |
| 5.0 | E19-5jjz1 |
CVE-2018-12543 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Exploits | A denial of service vulnerability exists in Eclipse Mosquitto broker. The vulnerability is due to a flaw in the module that handles 'Publish' messages. A remote unauthenticated attacker can exploit this vulnerability by sending a malformed message to the target service. Successful exploitation could crash the vulnerable application. |
| 5.0 | E19-0di51 |
CVE-2017-2893 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Exploits | An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose. To trigger this vulnerability, an attacker must send a specially crafted MQTT SUBSCRIBE packet over the network, without a preliminary CONNECT packet. Successful exploitation results in remote code execution or denial of service conditions of the application. |
| 5.0 | E19-0zjy1 |
CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) EXPLOITDB-46078 URL |
Exploits | This strike exploits a null pointer dereference vulnerability in Microsoft Edge browser. The vulnerability resides in the way the browser's engine handles dynamically created namespacesURI elements. By exploiting the vulnerability an attacker is able to cause denial of service conditions on target's browser. |
| 5.0 | D18-5mvr1 |
BID-101085 CVE-2018-16855 CVSS-5.0 (AV:N/AC:L/AU:N/C:N/I:N/A:P) URL |
Denial | This strike exploits a denial of service vulnerability in PowerDNS. In a normal DNS message, the minimum number of bytes in the Additional Section is 16. If this section contains less than 11 bytes, an error in validation will lead to a buffer overread, which then causes the pdns_recursor service to terminate abnormally, leading to a denial of service condition |
| 4.3 | E18-5iw94 |
CVE-2018-11689 CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N) URL |
Exploits | This strike exploits a reflected XSS vulnerability inside the Samsung DVR Web Viewer. Web Viewer is vulnerable to a cross-site scripting attack that will allow remote attackers to inject code. |