23-025 (June 13, 2023)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

NFS Server
1011740* - Microsoft Windows Network File System Remote Code Execution Vulnerability (CVE-2023-24941)


Unix Samba
1011717* - Linux Kernel KSMBD Use After Free Vulnerability (CVE-2022-47939)


Web Application PHP Based
1011765 - Froxlor Unrestricted File Upload Vulnerability (CVE-2023-2034)
1011776 - WordPress 'Advanced Custom Fields' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2023-30777)
1011771 - WordPress 'Limit Login Attempts' Plugin Cross-Site Scripting Vulnerability (CVE-2023-1861)
1011775 - WordPress 'Paid Memberships Pro' Plugin SQL Injection Vulnerability (CVE-2023-0631)
1011777 - WordPress 'Shield Security' Plugin Cross-Site Scripting Vulnerability (CVE-2023-0992)


Web Client Common
1011779 - Adobe Acrobat And Reader Information Disclosure Vulnerability (CVE-2022-44519)
1011780 - Adobe Acrobat And Reader Remote Code Execution Vulnerability (CVE-2022-44520)


Web Server HTTPS
1011769 - Node.js HTTP Request Smuggling Vulnerability (CVE-2022-32215)
1011773 - Trend Micro Apex Central SQL Injection Vulnerability (CVE-2023-32529)


Web Server Miscellaneous
1011677* - Contec CONPROSYS HMI System Command Injection Vulnerability (CVE-2022-44456)
1011778 - Jenkins 'Sidebar Link' Plugin Directory Traversal Vulnerability (CVE-2023-32985)


Web Server Oracle
1011734 - Oracle WebLogic Server Fusion Middleware Deserialization Vulnerability (CVE-2023-21931)


Zoho ManageEngine
1011770 - Zoho ManageEngine ADManager Plus Command Injection Vulnerability (CVE-2023-29084)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.