SSL/TLS Server 1010258 - Microsoft Windows Transport Layer Security Denial of Service Vulnerability (CVE-2020-1118) - Server
Web Application Common 1000552* - Generic Cross Site Scripting(XSS) Prevention
Web Application PHP Based 1010247 - PHP 'simplestring_addn' Function Out Of Bounds Write Vulnerability (CVE-2016-6296) 1010250 - PHP 'spl_ptr_heap_insert' Function Use After Free Vulnerability (CVE-2015-4116)
Web Client Common 1010261 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-24) - 1 1010262 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-24) - 2 1010263 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB20-24) - 3 1010239 - Microsoft Media Foundation Information Disclosure Vulnerability (CVE-2020-0939) 1010259 - Microsoft Windows Graphics Components Remote Code Execution Vulnerability (CVE-2020-1153)
Web Client Internet Explorer/Edge 1010254 - Microsoft Internet Explorer JScript Remote Code Execution Vulnerability (CVE-2020-1062) 1010257 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1035) 1010256 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1058) 1010255 - Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-1060)
Web Server Common 1010235 - Cisco Data Center Network Manager 'createLanFabric' Command Injection Vulnerability (CVE-2019-15978) 1010243 - Cisco Data Center Network Manager 'importTS' Command Injection Vulnerability (CVE-2019-15979)
Web Server HTTPS 1004351* - Detected Malicious HTTP Requests
ZeroMQ Message Transport Protocol (ZMTP) 1010265 - SaltStack Salt Authorization Weakness Vulnerability (CVE-2020-11651) 1010267 - SaltStack Salt Directory Traversal Vulnerability (CVE-2020-11652)
Our two-year research provides insights into the life cycle of exploits, the types of exploit buyers and sellers, and the business models that are reshaping the underground exploit market.
Malicious attacks have consistently been launched on weak points in the supply chain. Like all attacks, these will evolve into more advanced forms. Software development, with multiple phases that could be placed at risk, is particularly vulnerable.