Rule Update
22-058 (November 29, 2022)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache Kylin
1011623 - Apache Kylin Command Injection Vulnerability (CVE-2022-24697)
OpenSSL
1011597* - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3786) - Server
OpenSSL Client
1011596* - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3786) - Client
Web Application Common
1011619 - XStream Library Remote Command Execution Vulnerability (CVE-2021-39144)
Web Application PHP Based
1011613* - WordPress 'Absolutely Glamorous Custom Admin' Plugin Cross-Site Scripting Vulnerability (CVE-2021-36823)
1011611* - WordPress 'Display Users' Plugin SQL Injection Vulnerability (CVE-2021-24400)
1011604* - WordPress 'Elementor Website Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2020-8426)
1011601* - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011617* - WordPress 'IgniteUp' Plugin Unauthenticated Arbitrary File Deletion Vulnerability (CVE-2019-17234)
1011599* - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
1011615* - WordPress 'Page Contact' Plugin SQL Injection Vulnerability (CVE-2021-24403)
1011609* - WordPress 'Product Feed on WooCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24511)
1011606* - WordPress 'Recipe Card Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24632)
1011621 - WordPress 'Snap Creek Duplicator' Plugin Directory Traversal Vulnerability (CVE-2020-11738)
1011618 - WordPress 'Support Board' Plugin SQL Injection Vulnerability (CVE-2021-24741)
1011612* - WordPress 'The Sorter' Plugin SQL Injection Vulnerability (CVE-2021-24399)
1011622 - WordPress 'WP Dialog' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24600)
1011610* - WordPress 'WP Domain Redirect' Plugin SQL Injection Vulnerability (CVE-2021-24401)
1011607* - WordPress 'WP iCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24402)
1011620 - WordPress Directory Traversal Vulnerability (CVE-2019-8943)
Web Server HTTPS
1011571* - Centreon 'Poller Broker' SQL Injection Vulnerability (CVE-2022-42426)
1011567* - Centreon 'Poller Broker' SQL Injection Vulnerability (CVE-2022-42428)
Windows SMB Server
1011593* - Identified Executable File Upload On Network Share (ATT&CK T1570)
Zoho ManageEngine
1011626 - Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability (CVE-2022-40770)
Integrity Monitoring Rules:
1002778* - Microsoft Windows - System .dll or .exe files modified (ATT&CK T1036.003, T1222.001)
Log Inspection Rules:
1003447* - Web Server - Apache
Deep Packet Inspection Rules:
Apache Kylin
1011623 - Apache Kylin Command Injection Vulnerability (CVE-2022-24697)
OpenSSL
1011597* - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3786) - Server
OpenSSL Client
1011596* - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3786) - Client
Web Application Common
1011619 - XStream Library Remote Command Execution Vulnerability (CVE-2021-39144)
Web Application PHP Based
1011613* - WordPress 'Absolutely Glamorous Custom Admin' Plugin Cross-Site Scripting Vulnerability (CVE-2021-36823)
1011611* - WordPress 'Display Users' Plugin SQL Injection Vulnerability (CVE-2021-24400)
1011604* - WordPress 'Elementor Website Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2020-8426)
1011601* - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011617* - WordPress 'IgniteUp' Plugin Unauthenticated Arbitrary File Deletion Vulnerability (CVE-2019-17234)
1011599* - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
1011615* - WordPress 'Page Contact' Plugin SQL Injection Vulnerability (CVE-2021-24403)
1011609* - WordPress 'Product Feed on WooCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24511)
1011606* - WordPress 'Recipe Card Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24632)
1011621 - WordPress 'Snap Creek Duplicator' Plugin Directory Traversal Vulnerability (CVE-2020-11738)
1011618 - WordPress 'Support Board' Plugin SQL Injection Vulnerability (CVE-2021-24741)
1011612* - WordPress 'The Sorter' Plugin SQL Injection Vulnerability (CVE-2021-24399)
1011622 - WordPress 'WP Dialog' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24600)
1011610* - WordPress 'WP Domain Redirect' Plugin SQL Injection Vulnerability (CVE-2021-24401)
1011607* - WordPress 'WP iCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24402)
1011620 - WordPress Directory Traversal Vulnerability (CVE-2019-8943)
Web Server HTTPS
1011571* - Centreon 'Poller Broker' SQL Injection Vulnerability (CVE-2022-42426)
1011567* - Centreon 'Poller Broker' SQL Injection Vulnerability (CVE-2022-42428)
Windows SMB Server
1011593* - Identified Executable File Upload On Network Share (ATT&CK T1570)
Zoho ManageEngine
1011626 - Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability (CVE-2022-40770)
Integrity Monitoring Rules:
1002778* - Microsoft Windows - System .dll or .exe files modified (ATT&CK T1036.003, T1222.001)
Log Inspection Rules:
1003447* - Web Server - Apache
Featured Stories
Beware of MCP Hardcoded Credentials: A Perfect Target for Threat ActorsPoor secret management in MCP servers can lead to serious consequences, including data breaches and supply chain attacks. This article examines the reality of these unsecure configurations and offers practical recommendations that minimize the chances of exposure.Read more
Lessons in Resilience from the Race to Patch SharePoint VulnerabilitiesIn this article, Trend Micro discusses how the fast-moving attacks using CVE-2025-53770 and CVE-2025-53771 have underscored the essential role of virtual patching and reliable intelligence in protecting organizations against evolving threats.Read more
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more