Ticket | Info |
---|---|
ATIBPS-16130 | Fixed an issue for BPS VE in which security tests would be stuck at 0% initialization. |
ATIBPS-16116 | Fixed the XBM file structure for E18-5mgz1 in order to pass XMB header integrity checks. |
ATIBPS-16113 | Removed variants for E18-0ouo1 (Drupalgeddon 2) that are not triggering remote code execution against Drupal 8.5.0. |
ATIBPS-16110 | Updated strike E10-05100 to produce correctly malformed HTTP server response. |
ATIBPS-16109 | Updated /strikes/exploits/office/cve_2015_1649_ms_word_smartTag.xml: marked as deprecated, changed the Strike ID to E15-49t02. Added /strikes/exploits/office/cve_2015_1641_ms_word_smartTag.xml as strikeId E15-49t01 |
ATIBPS-16071 | Fixed the exploit ASCII number in "malicious_opcode" for E16-9pt01. |
Name | Category | Info |
---|---|---|
Simulated IPSec over UDP | Remote Access | Simulates IPSec VPN traffic encapsulated in UDP packets |
Name | Category | Info |
---|---|---|
Simulated L2TP/IPSec VPN for Windows (Download Traffic) | Remote Access | Simulates L2TP/IPSec VPN traffic from a MS Windows client downloading data. The client negotiates the IKEv1 parameters with the VPN server over UDP port 500 using pre-shared key and NAT-Traversal. Then it establishes L2TP/IPSec tunnel over UDP port 4500 and streams ESP packets. The ESP payload-sizes and the distribution follows a file download pattern. |
Simulated L2TP/IPSec VPN for Windows (Upload Traffic) | Remote Access | Simulates L2TP/IPSec VPN traffic from a MS Windows client uploading data. The client negotiates the IKEv1 parameters with the VPN server over UDP port 500 using pre-shared key and NAT-Traversal. Then it establishes L2TP/IPSec tunnel over UDP port 4500 and streams ESP packets. The ESP payload-sizes and the distribution follows a file upload pattern. |
CVSS | ID | References | Category | Info |
---|---|---|---|---|
10.0 | E19-7rfd1 |
CVE-2019-16057 CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) URL |
Exploits | An OS command injection vulnerability exists in D-Link DNS-320 ShareCenter versions <= 2.05.B10. The flaw is a result of no input sanitization on the 'port' parameter 'login_mgr.cgi' cgi requests. A remote unauthenticated attacker may issue system commands with 'root' privileges. |
10.0 | E19-l1nd1 |
CVSS-10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C) GOOGLE-1923 URL |
Exploits | This strike exploits a vulnerability in Google Chrome. Specifically the vulnerability lies with how the v8 Javascript engine handles Object.seal/freeze on maps and element storage of objects, and how incorrect map transitions are followed by v8 without properly updating the element backing store. This can cause a denial of service condition in the browser but also leads to remote code execution. |
7.6 | E19-0rn91 |
CVE-2019-1221 CVSS-7.6 (AV:N/AC:H/AU:N/C:C/I:C/A:C) URL |
Exploits | This strike exploits a memory corruption vulnerability in Internet Explorer. The vulnerability is due to improper handling of memory objects. By enticing a user to access a specially crafted page, an attacker could exploit this vulnerability to corrupt memory and remotely execute malicious code in the context of the current user. |
7.5 | E19-7nx21 |
BID-108073 CVE-2019-11510 CVSS-7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) URL |
Exploits | This strike simulates an attack on Pulse Connect Secure versions prior to 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4. The flaw takes advantage of a directory traversal vulnerability and allows remote unauthenticated attackers to read arbitrary files residing on the host system. |
6.5 | E19-7n201 |
CVE-2019-10392 CVSS-6.5 (AV:N/AC:L/AU:S/C:P/I:P/A:P) URL |
Exploits | An OS command injection exists in Jenkins Git Client plugin. The vulnerability is due to lack of parameter sanitization while parsing parameters set to configure a Jenkins job. By exploiting this flaw, an authenticated remote attacker can run arbitrary OS commands on the target system. Note: All versions of Jenkins Git Client below 2.8.2 are affected by this vulnerability. |
4.0 | E19-7o4j1 |
CVE-2019-11779 CVSS-4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P) URL |
Exploits | A stack based buffer overflow exists in Eclipse Mosquitto 1.5 to 1.6.5 due to stack area being overrun by the recursive function 'retain__search'. A remote attacker may crash the server by sending a 'SUBSCRIBE' packet with a topic name of variable length consisting of '/' characters. The exact number of characters depends on the stack size and how much of the stack space is filled at runtime.. |