*** NK8 RELS 3500 Release *** Total number of signatures: 3038 Description ================================================================== In this signature, we addressed the exploits/vulnerabilities and applications as below: Added 23 rule(s): --------------- 1137514 EXPLOIT Veeam ONE Reporter Reporter_ImportLicense Page_Load XML External Entity Injection -1 (CVE-2020-15419) 1137599 EXPLOIT NIPrint LPD-LPR Print Server String Handling Remote Overflow -1 (CVE-2003-1141) 1137600 EXPLOIT NIPrint LPD-LPR Print Server String Handling Remote Overflow -2 (CVE-2003-1141) 1137601 WEB Cacti Group Cacti color.php SQL Injection (CVE-2020-14295) 1137602 LDAP Samba AD DC Nested Filter Denial of Service (CVE-2020-10704) 1137604 WEB Apache OFBiz XMLRPC Insecure Deserialization -1 (CVE-2020-9496) 1137605 WEB Apache OFBiz XMLRPC Insecure Deserialization -2 (CVE-2020-9496) 1137606 WEB Seowon SlC 130 Router Remote Code Execution (CVE-2020-17456) 1137607 WEB Cisco Adaptive Security Appliance Path Traversal -1.2 (CVE-2018-0296) 1137608 EXPLOIT Sonatype Nexus Repository Manager CVE-2019-7238 Expression Language Injection -2 1137609 WEB Artica Proxy cyrus.php Command Injection -1.1 (CVE-2020-17505) 1137610 FILE Windows StructuredQuery Remote Code Execution (CVE-2018-0825) 1137611 SNMP Microsoft Windows SNMP CVE-2018-0967 Denial of Service -2.1 1137612 SNMP Microsoft Windows SNMP CVE-2018-0967 Denial of Service -2.2 1137613 SNMP Microsoft Windows SNMP CVE-2018-0967 Denial of Service -2.3 1137614 SNMP Microsoft Windows SNMP CVE-2018-0967 Denial of Service -2.4 1137619 WEB Mida Solutions eFramework Remote Code Execution (CVE-2020-15920) 1137620 RPC Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472) 1137622 WEB Artica Proxy cyrus.php Command Injection -1.2 (CVE-2020-17505) 1137623 WEB Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 Remote Code Execution -4 (CVE-2019-2725) 1137624 WEB Palo Alto GlobalProtect PreAuth RCE Vulnerability -2 (CVE-2019-1579) 1137625 WEB Palo Alto GlobalProtect PreAuth RCE Vulnerability -3 (CVE-2019-1579) 1137626 WEB Palo Alto GlobalProtect PreAuth RCE Vulnerability -4 (CVE-2019-1579) Modified 6 rule(s): --------------- 1068665 MEDIA YouTube access via UDP -3 1135577 WEB Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 Remote Code Execution -3 (CVE-2019-2725) 1160201 MEDIA YouTube access via UDP -4 1160636 MEDIA YouTube access via UDP -5 1160909 WEB Google access via UDP -1 1161153 MEDIA YouTube access via UDP -2 Deleted 38 rule(s): --------------- 1131272 EXPLOIT Angler Exploit Kit Adobe Flash Encoded Shellcod Activity (old rule) 1131349 EXPLOIT Suspicious User-Agent Exploit Kit Activity (old rule) 1131351 WEB-CLIENT Javascript Obfuscation in Exploit Kits - 30 (Ransomware Attack Vector) (old rule) 1134338 FILE GraphicsMagic PNG Use After Free (CVE-2017-14103) (old rule) 1134342 FILE Adobe Acrobat ImageConversion EMF EmfPlus Heap-based Buffer Overflow (CVE-2017-16416) (old rule) 1134352 WEB-CLIENT Microsoft Edge Chakra OP_Memset Type Confusion -1 (CVE-2017-11873) (old rule) 1134394 FILE Adobe Acrobat and Reader JPEG2000 Parsing Out of Bounds Read (CVE-2017-16374) (old rule) 1134395 WEB Sonos Speaker Request Header Denial of Service (old rule) 1134397 WEB Kaltura Remote PHP Code Execution over Cookie (CVE-2017-14143) (old rule) 1134400 FILE Adobe Acrobat and Reader CoolType.dll Stack Buffer Overflow -5 (CVE-2010-2883) (old rule) 1134415 WEB HPE Moonshot Provisioning Manager Appliance server_response Directory Traversal -1.a (CVE-2017-8977) (old rule) 1134420 WEB Trend Micro Mobile Security Enterprise get_dep_profile id SQL Injection -1.u (CVE-2017-14078) (old rule) 1134425 WEB Node.js Foundation Node.js zlib windowBits Denial of Service -1.1 (CVE-2017-14919) (old rule) 1134456 SHELLCODE Mainz/Bielefeld (old rule) 1134457 SHELLCODE Rothenburg (old rule) 1134603 WEB QNAP VioStor NVR firmware version 4.0.3 and QNAP NAS multiple vulnerabilities (old rule) 1134677 WEB D-Link DSL-2750B OS Command Injection (old rule) 1134687 WEB Netgear DGN1000 And Netgear DGN2200 Unauthenticated Command Execution (old rule) 1134688 WEB Netgear WNR2000 Information Disclosure -1 (old rule) 1134689 WEB Netgear WNR2000 Information Disclosure -2 (old rule) 1134690 WEB Netgear WNR2000 Information Disclosure -3 (old rule) 1134691 WEB Joomla restore.php PHP Code Injection (CVE-2014-7228) (old rule) 1134695 WEB NETGEAR DGN2200B Cross Site Scripting -1 (old rule) 1134696 WEB NETGEAR DGN2200B Cross Site Scripting -2 (old rule) 1134700 EXPLOIT Mikrotik RouterOS Denial of Service (CVE-2012-6050) (old rule) 1134701 EXPLOIT Mikrotik RouterOS CSRF Vulnerability (CVE-2015-2350) (old rule) 1134702 WEB Akeeba Kickstart restoration.php Information Disclosure (CVE-2014-7229) (old rule) 1134703 WEB Akeeba Kickstart restoration.php CSRF Vulnerability (CVE-2014-7229) (old rule) 1134814 WEB XAttacker Tool Prestashop Addons Arbitrary File Upload (old rule) 1134968 WEB Moxa MXview Private Key Disclosure Vulnerability -2 (CVE-2017-7455) (old rule) 1135046 ICS Schneider Electric Interactive Graphical SCADA System Buffer Overflow -2 (CVE-2013-0657) (old rule) 1135211 EXPLOIT Network Printers File System Access Attempt -1 (old rule) 1135213 EXPLOIT Network Printers Factory Defaults Attempt -1 (old rule) 1135218 EXPLOIT Network Printers Memory Access Attempt (old rule) 1135493 EXPLOIT HPE Intelligent Management Center dbman RestartDB Command Injection -1.2 (CVE-2017-5816) (old rule) 1135501 WEB-CLIENT Mozilla Firefox http-index-format File Out-Of-Bounds Read -2 (CVE-2017-5444) (old rule) 1135639 WEB D-Link DIR-816L Information Disclosure (CVE-2020-15894) (old rule) 1136024 WEB Dell EMC Storage Manager EmConfigMigration Servlet Directory Traversal (CVE-2017-14384) (old rule)