Rule Update
22-058 (November 29, 2022)
Publish date: November 29, 2022
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Apache Kylin
1011623 - Apache Kylin Command Injection Vulnerability (CVE-2022-24697)
OpenSSL
1011597* - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3786) - Server
OpenSSL Client
1011596* - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3786) - Client
Web Application Common
1011619 - XStream Library Remote Command Execution Vulnerability (CVE-2021-39144)
Web Application PHP Based
1011613* - WordPress 'Absolutely Glamorous Custom Admin' Plugin Cross-Site Scripting Vulnerability (CVE-2021-36823)
1011611* - WordPress 'Display Users' Plugin SQL Injection Vulnerability (CVE-2021-24400)
1011604* - WordPress 'Elementor Website Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2020-8426)
1011601* - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011617* - WordPress 'IgniteUp' Plugin Unauthenticated Arbitrary File Deletion Vulnerability (CVE-2019-17234)
1011599* - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
1011615* - WordPress 'Page Contact' Plugin SQL Injection Vulnerability (CVE-2021-24403)
1011609* - WordPress 'Product Feed on WooCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24511)
1011606* - WordPress 'Recipe Card Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24632)
1011621 - WordPress 'Snap Creek Duplicator' Plugin Directory Traversal Vulnerability (CVE-2020-11738)
1011618 - WordPress 'Support Board' Plugin SQL Injection Vulnerability (CVE-2021-24741)
1011612* - WordPress 'The Sorter' Plugin SQL Injection Vulnerability (CVE-2021-24399)
1011622 - WordPress 'WP Dialog' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24600)
1011610* - WordPress 'WP Domain Redirect' Plugin SQL Injection Vulnerability (CVE-2021-24401)
1011607* - WordPress 'WP iCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24402)
1011620 - WordPress Directory Traversal Vulnerability (CVE-2019-8943)
Web Server HTTPS
1011571* - Centreon 'Poller Broker' SQL Injection Vulnerability (CVE-2022-42426)
1011567* - Centreon 'Poller Broker' SQL Injection Vulnerability (CVE-2022-42428)
Windows SMB Server
1011593* - Identified Executable File Upload On Network Share (ATT&CK T1570)
Zoho ManageEngine
1011626 - Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability (CVE-2022-40770)
Integrity Monitoring Rules:
1002778* - Microsoft Windows - System .dll or .exe files modified (ATT&CK T1036.003, T1222.001)
Log Inspection Rules:
1003447* - Web Server - Apache
Deep Packet Inspection Rules:
Apache Kylin
1011623 - Apache Kylin Command Injection Vulnerability (CVE-2022-24697)
OpenSSL
1011597* - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3786) - Server
OpenSSL Client
1011596* - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3786) - Client
Web Application Common
1011619 - XStream Library Remote Command Execution Vulnerability (CVE-2021-39144)
Web Application PHP Based
1011613* - WordPress 'Absolutely Glamorous Custom Admin' Plugin Cross-Site Scripting Vulnerability (CVE-2021-36823)
1011611* - WordPress 'Display Users' Plugin SQL Injection Vulnerability (CVE-2021-24400)
1011604* - WordPress 'Elementor Website Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2020-8426)
1011601* - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011617* - WordPress 'IgniteUp' Plugin Unauthenticated Arbitrary File Deletion Vulnerability (CVE-2019-17234)
1011599* - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
1011615* - WordPress 'Page Contact' Plugin SQL Injection Vulnerability (CVE-2021-24403)
1011609* - WordPress 'Product Feed on WooCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24511)
1011606* - WordPress 'Recipe Card Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24632)
1011621 - WordPress 'Snap Creek Duplicator' Plugin Directory Traversal Vulnerability (CVE-2020-11738)
1011618 - WordPress 'Support Board' Plugin SQL Injection Vulnerability (CVE-2021-24741)
1011612* - WordPress 'The Sorter' Plugin SQL Injection Vulnerability (CVE-2021-24399)
1011622 - WordPress 'WP Dialog' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24600)
1011610* - WordPress 'WP Domain Redirect' Plugin SQL Injection Vulnerability (CVE-2021-24401)
1011607* - WordPress 'WP iCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24402)
1011620 - WordPress Directory Traversal Vulnerability (CVE-2019-8943)
Web Server HTTPS
1011571* - Centreon 'Poller Broker' SQL Injection Vulnerability (CVE-2022-42426)
1011567* - Centreon 'Poller Broker' SQL Injection Vulnerability (CVE-2022-42428)
Windows SMB Server
1011593* - Identified Executable File Upload On Network Share (ATT&CK T1570)
Zoho ManageEngine
1011626 - Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability (CVE-2022-40770)
Integrity Monitoring Rules:
1002778* - Microsoft Windows - System .dll or .exe files modified (ATT&CK T1036.003, T1222.001)
Log Inspection Rules:
1003447* - Web Server - Apache
Featured Stories
Abusing Argo CD, Helm, and Artifact Hub: An Analysis of Supply Chain Attacks in Cloud-Native ApplicationsWe provide an overview of cloud-native tools and examine how cybercriminals can exploit their vulnerabilities to launch supply chain attacks.Read more
Trends and Shifts in the Underground N-Day Exploit MarketOur two-year research provides insights into the life cycle of exploits, the types of exploit buyers and sellers, and the business models that are reshaping the underground exploit market.Read more
The Nightmares of Patch Management: The Status Quo and BeyondWe discuss the challenges that organizations face in managing endpoint and server patches.Read more
Identifying Weak Parts of a Supply ChainMalicious attacks have consistently been launched on weak points in the supply chain. Like all attacks, these will evolve into more advanced forms. Software development, with multiple phases that could be placed at risk, is particularly vulnerable.Read more