| Ticket | Info |
|---|---|
| DE10540 | Fixed missing escape character for CVE-2018-1111 strike. |
| DE10545 | Add target IPv4 to Strike for CVE-2019-0697 |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 7.6 | E19-0xcj1 |
CVE-2019-8611 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) GOOGLE-1788 |
Exploits | This strike exploits a vulnerability in Apple Safari Webkit. Specifically after optimizations are performed on AIR code, a register gets marked as late use and ultimately is determined to be a dead register and discarded. It may be possible for an attacker to construct Javascript in such a way that it is possible to control the data in this dangling register. This can cause a denial of service condition in the browser or potentially allow for remote code execution to occur. |
| 7.5 | E19-7q0q1 |
CVE-2019-14234 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) |
Exploits | This strike exploits a SQL injection vulnerability in the Django server. The vulnerability is caused by insufficient validation of user input on HTTP requests, which are used to create SQL queries. Successful exploitation could allow an attacker to execute SQL command on the target server. |
| 7.5 | E19-0wws1 |
CVE-2019-8044 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-47279 URL |
Exploits | This strike exploits a heap double free vulnerability found in Adobe Acrobat and Reader. The vulnerability is due to improper input validation while parsing specific header fields of a PDF document. An attacker could exploit this vulnerability by creating a specially crafted PDF file and entice an user to open it. Successful exploitation could lead to arbitrary code execution on the target machine. |
| 7.5 | E19-0wwq1 |
CVE-2019-8042 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) EXPLOITDB-47276 URL |
Exploits | This strike exploits a heap double free vulnerability found in Adobe Acrobat and Reader. The vulnerability is due to improper input validation while parsing specific header fields of a PDF document. An attacker could exploit this vulnerability by creating a specially crafted PDF file and entice an user to open it. Successful exploitation could lead to arbitrary code execution on the target machine. |
| 4.3 | E19-7q7a2 |
CVE-2019-14470 CVSS-4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N) EXPLOITDB-47304 |
Exploits | This strike exploits a cross-site scripting vulnerability in Wordpress Plugin UserPro. This vulnerability is due to inadequate input filtering of "error_description" in the web interface. An attacker could exploit this vulnerability by enticing a user to visit an attacker controlled webpage or click a malicious link. By exploiting this vulnerability an attacker could trigger reflected cross site scripting on the victim's browser. |