Threat Intelligence Report - February 25 - March 3 2019

Trends

• The top attacker country was United States with 2239 unique attackers (25.71%)
• The top Exploit event was Command Execution with 73% of occurrences

Top Attacker by Country

Threat Geo-location

Top Attacking Hosts

Top Network Attackers

Exploit Event Types and Top Event NIDS

Top Alarms

Comparison from Last Week

CVE

This is a list of recent vulnerabilities for which exploits are available.

CVE-2019-9549 — An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=user&act=addnew URI, as demonstrated by adding a level=1 account, a similar issue to CVE-2018-18935.
Published: March 03, 2019; 02:29:00 PM -05:00

CVE-2019-8279 — Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum.
Published: March 01, 2019; 08:29:00 PM -05:00

CVE-2019-8942 — WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can exe... read

CVE-2019-8942
Published: February 19, 2019; 10:29:00 PM -05:00

CVE-2019-9191 — The ETSI Enterprise Transport Security (ETS, formerly known as eTLS) protocol does not provide per-session forward secrecy.
Published: February 26, 2019; 01:29:00 PM -05:00

CVE-2019-9210 — In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)
Published: February 27, 2019; 09:29:00 AM -05:00

CVE-2019-3598 — Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a denial of service via specifically crafted UDP packets.
Published: February 28, 2019; 10:29:00 AM -05:00

CVE-2018-10875 — A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.
Published: July 13, 2018; 06:29:00 PM -04:00

CVE-2018-20721 — URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.
Published: January 16, 2019; 09:29:00 AM -05:00

Vulnerabilities

Juniper Junos CVE-2017-2303 Denial of Service Vulnerability
securityfocus.com/bid/95408

Mozilla Firefox CVE-2018-18511 Information Disclosure Vulnerability
securityfocus.com/bid/107009

Apache Qpid Broker-J CVE-2019-0200 Denial of Service Vulnerability
securityfocus.com/bid/107215

Google Chrome CVE-2019-5786 'FileReader' Use After Free Arbitrary Code Execution Vulnerability
securityfocus.com/bid/107213

Adobe ColdFusion CVE-2019-7816 Arbitrary File Upload Vulnerability
securityfocus.com/bid/107211

Palo Alto Networks Expedition Migration Tool CVE-2019-1567 HTML Injection Vulnerability
securityfocus.com/bid/107216

RSA Archer GRC Platform Multiple Information Disclosure Vulnerabilites
securityfocus.com/bid/107209

Multiple PSI GridConnect GmbH Products CVE-2019-6528 Cross Site Scripting Vulnerability
securityfocus.com/bid/107201

Google Chrome PDF File Handling Information Disclosure Vulnerability
securityfocus.com/bid/107182

GNU wget CVE-2018-20483 Local Information Disclosure Vulnerability
securityfocus.com/bid/106358

Tcpdump CVE-2018-19519 Stack Based Buffer Overflow Vulnerability
securityfocus.com/bid/106098