| Name | Category | Info |
|---|---|---|
| Apple Filing Protocol (AFP) | Data Transfer/File Sharing | Apple Filling Protocol (AFP) is Apple's proprietary network protocol for Mac OSX servers offering file services. |
| Facebook Marketplace Sep21 | Social Networking/Search | Facebook Marketplace is a destination for people to discover, buy and sell items. There people can find what they are looking for by filtering their results by location, category and price. |
| MOXA Nport | SCADA | MOXA Nport serial device servers are designed to connect RS-xx serial devices to an IP-based Ethernet LAN or the internet. |
| Name | Category | Tags | Info |
|---|---|---|---|
| Apple Filing Protocol (AFP) | Data Transfer/File Sharing | This scenario continues as : the AFP Client sends GetStatus command to get information about the AFP Server, DSIOpenSession command to open a Data Stream Interface (DSI) session with the AFP Server, FPLogin command to establish an AFP session, FPLoginCont command for authentication, FPGetSrvrParms command to get different server parameters and FPLogout command to terminates the session with the AFP Server. | |
| Apple Filing Protocol (AFP) Open DSI Session | Data Transfer/File Sharing | Simulates a scenario where the AFP Client first sends GetStatus command to the AFP Server to get information about the server and then sends DSIOpenSession command to open a Data Stream Interface (DSI) session with the AFP Server. | |
| Facebook Marketplace Sep21 | Social Networking/Search | Simulates the use of the Facebook Marketplace application as of September 2021 where a user visits the login page, logs into the Facebook application, goes to the marketplace section, views the marketplace feed (page), searches for an item there, filters the results by their prices, clicks on an item, sends a message to the seller for that item and logs out. | |
| Facebook Marketplace Sep21 Filter Items by Price | Social Networking/Search | Simulates the use of the Facebook Marketplace application as of September 2021 where a user visits the login page, logs into the Facebook application, goes to the marketplace section, views the marketplace feed (page), searches for an item there, filters the results by their prices, clicks on an item and logs out. | |
| Facebook Marketplace Sep21 Send Seller A Message | Social Networking/Search | Simulates the use of the Facebook Marketplace application as of September 2021 where a user visits the login page, logs into the Facebook application, goes to the marketplace section, searches for an item there, clicks on an item, sends a message to the seller for that item and logs out. | |
| Facebook Marketplace Sep21 Visit Marketplace | Social Networking/Search | Simulates the use of the Facebook Marketplace application as of September 2021 where a user visits the login page, logs into the Facebook application goes to the marketplace section, views the marketplace feed (page), and logs out. | |
| MOXA Nport | SCADA | ICS ChinaApp |
Simulates a scenario where MOXA Nport parameters are set with NPort administration suite utility, transmission parameters of COM port1 are set and data transferred via COM port1. |
| MOXA Nport Bandwidth | SCADA | ICS ChinaApp |
Simulates a scenario where data transferred via MOXA Nport COM ports. |
| CVSS | ID | References | Category | Info |
|---|---|---|---|---|
| 10.0 | E21-053p1 | CVE-2016-2005CVSSCVSSv3CWE-121URLZDI-16-245 | Exploits | This strike exploits a buffer overflow vulnerability in HP Data Protector's Backup Client Service (OmniInet.exe). The vulnerability is due to improper checks on an EXEC_BAR request message. A message with an overly long username parameter will overflow a stack buffer which can result in remote code execution. |
| 10.0 | E21-ztnl1 | CVE-2014-7169CVSSCVSSv3CWE-78URL | Exploits | This strike exploits a vulnerability in the GNU Bash also known as ShellShock which allows an attacker to execute arbitrary commands by providing them as functions to an environment variable. This strike exploits this vulnerability through Apache's mod_cgi module. If exploited the vulnerability results in remote code execution in the context of the user running the Apache process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. |
| 10.0 | E21-09vw1 | CVE-2016-8204CVSSCVSSv3CWE-22ZDI-17-049 | Exploits | This strike exploits a directory-traversal vulnerability in Brocade Network Advisor. The vulnerability is due to lack of input-validation on the filename paramater for FileReceiveServlet. A remote attacker could exploit this vulnerability to upload arbitrary files and result in arbitrary code execution with privileges of the SYSTEM. |
| 9.0 | E21-abo61 | CVE-2020-35606CVSSCVSSv3CWE-78URLURLURL | Exploits | This strike exploits a command injection vulnerability in Webmin. The vulnerability is due to the insufficient validation of input in the Package Updates module. A remote attacker could exploit this vulnerability by sending a crafted request to the target system. Successful exploitation of this vulnerability could result in arbitrary command execution on the target system. |
| 9.0 | E21-c95a1 | CVE-2021-25646CVSSCVSSv3CWE-502URL | Exploits | This strike exploits a deserialization vulnerability in Apache Druid. The vulnerability is due to improper deserialization of a JSON data into Java objects. A remote, unauthenticated attacker could exploit this vulnerability by submitting a specially crafted JSON file which could result in arbitrary command execution. |
| 6.8 | E21-c5kp1 | CVE-2021-21017CVSSCVSSv3CWE-122URL | Exploits | This strike exploits a memory corruption vulnerability in Adobe Acrobat Reader DC. The vulnerability occurs due to incorrect handling of JavaScript prototype chain. This leads to a heap buffer overflow. An attacker could exploit this vulnerability by enticing a user to open a maliciously crafted PDF document with the vulnerable software, potentially executing arbitrary code. |
| 6.5 | E21-17rh1 | CVE-2021-2109CVSSCVSSv3CWE-610URLURL | Exploits | This strike exploits a JNDI injection vulnerability in Oracle Weblogic Server. This vulnerability is due to improper handling user supplied data. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to a vulnerable server. Successful exploitation results in the target server retrieving a potentially malicious serialized object from an attacker controlled server which may lead to the execution of arbitrary code under the security context of the affected server. *NOTE: When running this strike in OneArm mode, the oracle weblogic server will attempt to make a ldap request to a ldap listener(JNDI server) running on localhost to retrieve the serialzed object. |
| Component | Info |
|---|---|
| StrikeList | New Strike List "NetSecOPEN Vulnerability Set".
This strike list contains NetSecOPEN Vulnerability Set strikes. |