Ticket | Info |
---|---|
ATIBPS-16090 | Fixed header type in the server response for CVE-2018-2615. |
ATIBPS-16086 | Fixed the payload in the command packet sent to the vulnerable server related for CVE-2008-3175. (BUG1520432) |
ATIBPS-16085 | Fixed the DHCP Options header payload length for CVE-2019-0697. (BUG1520037) |
ATIBPS-16080 | Fix SQL Injection query for CVE-2006-0065. (INF1520823) |
ATIBPS-16078 | Fix strike for CVE-2016-8704: Set 'extlen' value to 0 in 'memchached' protocol packets so the vulnerable code branch is reached. (BUG1519232) |
ATIBPS-16077 | Fix strike for CVE-2018-18557 (race condition when generating dblocks). (INF1519677) |
ATIBPS-16054 | The strike ms10_024_smtp_dns_transaction_id.xml has been modified to now include the question and answer to more appropriately look like a DNS response. (BUG1520434) |
Ticket | Info |
---|---|
ATIBPS-10138 | Added the NAT tag to 'Spotify Login', 'Spotify Login and Logout' and 'Spotify Login and Play Music' SuperFlows. |
ATIBPS-10054 | The original DoH superflows are now splited based on the API type - RFC8484 vs JSON API. DNS over HTTPS -- based on RFC8484 DNS over HTTPS(JSONAPI) -- based on dns.google JSON API new superflow DNS over HTTP2 -- based on RFC8484 DNS over HTTP2(JSONAPI) -- based on dns.google JSON API new superflow |
ATIBPS-9807 | Added a new client profile "All Mix" that will simulate all the supported BreakingPoint User-Agent values. |
Name | Category | Info |
---|---|---|
DNS over HTTP2(JSONAPI) | System/Network Admin | The client sends a DNS query over HTTP2 to the server.The server replies with HTTP response which contains a DNS message with a single resolved IP address. The communication is over HTTP2 and TLS using JSONAPI. |
DNS over HTTPS(JSONAPI) | System/Network Admin | The client sends two DNS queries over HTTPS to the server.The server replies to each query with JSON response. The first reply has a single item in the "Answer" block which means the URL has a single resolved IP address. The second reply contains multiple blocks. The communication is over HTTP 1.1 and TLS. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E19-5pn61 |
CVE-2018-20434 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) EXPLOITDB-47044 |
Exploits | A remote code execution vulnerability exists in LibreNMS versions prior to 1.46. The vulnerability is a result of improper sanitization when parsing the 'community' HTTP request parameter within 'addhost.inc.php' A successful attacker is thus able to send specially crafted HTTP requests that could lead to execution of arbitrary commands on the target server. |
9.0 | E19-0uuy1 |
CVE-2019-5386 CVSS-9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C) URL |
Exploits | This strike exploits a remote code execution in the HPE Intelligent Management Center. The vulnerability is due to improper sanitization of user input "beanName" which is passed to the application via the IccSelectDevTypeBean class. A remote authorized attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in remote code execution on the target server with SYSTEM privilege. |
9.0 | E19-7qmt1 |
CVE-2019-15029 CVSS-9.0 (AV:N/AC:L/AU:S/C:C/I:C/A:C) URL |
Exploits | An OS command injection exists in FusionPBX 4.4.8 due to lack of parameter sanitization while parsing requests to 'service_edit.php'. By exploiting this flaw, an authenticated remote attacker can run arbitrary OS commands on the target system. |
7.6 | E19-0xep1 |
CVE-2019-8689 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) GOOGLE-1876 |
Exploits | This strike exploits a vulnerability in Apple Safari Webkit. Specifically when trying to inline GetByVal operations on stack-allocated arguments the code fails to properly check whether index is lower than numberOfArgumentsToSkip. This can potentially lead to uninitialized variable access which can cause a denial of service condition in the browser or allow for remote code execution to occur. |
7.6 | E19-0pds1 |
CVE-2018-8288 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) GOOGLE-1565 |
Exploits | This strike exploits a vulnerability in the Microsoft Edge browser. Specifically an attacker can craft javascript in such a way that allows for the initialization process to run without caring about the ImplicitCallFlags. This can cause a denial of service condition in the browser or potentially allow for remote code execution to occur. |
7.5 | E19-7rh31 |
CVE-2019-16119 CVSS-7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) URL |
Exploits | This strike exploits a sql injection vulnerability in WordPress Plugin Photo Gallery. The vulnerability is due to improper sanitization of the album_id parameter. By successfully exploiting this vulnerability, an authenticated attacker could perform sql injection on the target server. |
6.5 | E19-7nxv1 |
BID-108073 CVE-2019-11539 CVSS-6.5 (AV:N/AC:L/AU:S/C:P/I:P/A:P) URL |
Exploits | A command injection vulnerability exists in Pulse Connect Secure due to insufficient parameter sanitization. The vulnerability resides in the '/dana-admin/diag/diag.cgi' endpoint and can be exploited by crafting the 'options' parameter in order to create a template file which contains Perl directives. By exploiting the flaw, a remote authenticated attacker may execute arbitrary commands on the target system. |
5.8 | E19-7p0a1 |
CVE-2019-12922 CVSS-5.8 (AV:N/AC:M/AU:N/C:N/I:P/A:P) URL |
Exploits | This strike simulates a CSRF attack on phpMyAdmin. The flaw is a result of no anti-CSRF technique being employed in the setup page. A remote attacker may entice a phpMyAdmin user to make a request to a crefted URL, leading to removal of arbitray servers from the phpMyAdmin configuration. |
4.3 | E19-0w6u1 |
CVE-2019-7110 CVSS-4.3 (AV:N/AC:M/AU:N/C:P/I:N/A:N) URL |
Exploits | An out of bounds read vulnerability been reported in Adobe Acrobat due to improper handling of JOBOPTIONS files. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted one-byte JOBOPTIONS file. Successful exploitation could lead to information disclosure. |
4.0 | E19-0trj1 |
CVE-2019-3967 CVSS-4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N) URL |
Exploits | This strike exploits a directory traversal vulnerability in OpenEMR. The vulnerability is due to improper sanitization of the "form_filename" parameter. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could retrieve arbitrary files from the target server. |