Deep Security Center
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
OpenSSL
1011590* - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3602) - Server
OpenSSL Client
1011591* - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3602) - Client
Web Application PHP Based
1011613 - WordPress 'Absolutely Glamorous Custom Admin' Plugin Cross-Site Scripting Vulnerability (CVE-2021-36823)
1011611 - WordPress 'Display Users' Plugin SQL Injection Vulnerability (CVE-2021-24400)
1011604 - WordPress 'Elementor Website Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2020-8426)
1011605 - WordPress 'EventON Calendar' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2020-29395)
1011601* - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011617 - WordPress 'IgniteUp' Plugin Unauthenticated Arbitrary File Deletion Vulnerability (CVE-2019-17234)
1011602* - WordPress 'MicroCopy' Plugin SQL Injection Vulnerability (CVE-2021-24397)
1011603* - WordPress 'OMGF' Plugin Directory Traversal Vulnerability (CVE-2021-24638)
1011615 - WordPress 'Page Contact' Plugin SQL Injection Vulnerability (CVE-2021-24403)
1011609 - WordPress 'Product Feed on WooCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24511)
1011606 - WordPress 'Recipe Card Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24632)
1011612 - WordPress 'The Sorter' Plugin SQL Injection Vulnerability (CVE-2021-24399)
1011610 - WordPress 'WP Domain Redirect' Plugin SQL Injection Vulnerability (CVE-2021-24401)
1011600* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2021-24340)
1011607 - WordPress 'WP iCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24402)
Web Server Common
1011575* - Apache Commons Text Remote Code Execution Vulnerability (CVE-2022-42889)
1011466* - Apache HTTP Server 'mod_sed' Denial Of Service Vulnerability (CVE-2022-30522)
Web Server HTTPS
1011548* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2022-41082)
Windows SMB Server
1011593 - Identified Executable File Upload On Network Share (ATT&CK T1570)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
OpenSSL
1011590* - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3602) - Server
OpenSSL Client
1011591* - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3602) - Client
Web Application PHP Based
1011613 - WordPress 'Absolutely Glamorous Custom Admin' Plugin Cross-Site Scripting Vulnerability (CVE-2021-36823)
1011611 - WordPress 'Display Users' Plugin SQL Injection Vulnerability (CVE-2021-24400)
1011604 - WordPress 'Elementor Website Builder' Plugin Cross-Site Scripting Vulnerability (CVE-2020-8426)
1011605 - WordPress 'EventON Calendar' Plugin Reflected Cross-Site Scripting Vulnerability (CVE-2020-29395)
1011601* - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011617 - WordPress 'IgniteUp' Plugin Unauthenticated Arbitrary File Deletion Vulnerability (CVE-2019-17234)
1011602* - WordPress 'MicroCopy' Plugin SQL Injection Vulnerability (CVE-2021-24397)
1011603* - WordPress 'OMGF' Plugin Directory Traversal Vulnerability (CVE-2021-24638)
1011615 - WordPress 'Page Contact' Plugin SQL Injection Vulnerability (CVE-2021-24403)
1011609 - WordPress 'Product Feed on WooCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24511)
1011606 - WordPress 'Recipe Card Blocks' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24632)
1011612 - WordPress 'The Sorter' Plugin SQL Injection Vulnerability (CVE-2021-24399)
1011610 - WordPress 'WP Domain Redirect' Plugin SQL Injection Vulnerability (CVE-2021-24401)
1011600* - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2021-24340)
1011607 - WordPress 'WP iCommerce' Plugin SQL Injection Vulnerability (CVE-2021-24402)
Web Server Common
1011575* - Apache Commons Text Remote Code Execution Vulnerability (CVE-2022-42889)
1011466* - Apache HTTP Server 'mod_sed' Denial Of Service Vulnerability (CVE-2022-30522)
Web Server HTTPS
1011548* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2022-41082)
Windows SMB Server
1011593 - Identified Executable File Upload On Network Share (ATT&CK T1570)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1011037* - Identified Remote System Discovery Over SMB - 1 (ATT&CK T1018)
1011027* - Identified Session Enumeration Request Over SMB (ATT&CK T1049)
Directory Server LDAP
1004656* - IBM Tivoli Directory Server Remote Code Execution Vulnerability (CVE-2011-1206)
Web Application PHP Based
1011601 - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011602 - WordPress 'MicroCopy' Plugin SQL Injection Vulnerability (CVE-2021-24397)
1011599 - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
1011603 - WordPress 'OMGF' Plugin Directory Traversal Vulnerability (CVE-2021-24638)
1011600 - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2021-24340)
Web Server Common
1011466* - Apache HTTP Server 'mod_sed' Denial Of Service Vulnerability (CVE-2022-30522)
Web Server HTTPS
1011550* - Centreon 'Poller Resource' SQL Injection Vulnerability (CVE-2022-41142)
1011519* - Node.js HTTP Request Smuggling Attack (CVE-2022-32214)
Web Server IIS
1000101* - Microsoft IIS Malformed HTTP Request DoS Vulnerability
Web Server Miscellaneous
1011598 - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36097)
Web Server SharePoint
1011541* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-35823)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1002835* - Web Server - Web Access Events
Deep Packet Inspection Rules:
DCERPC Services
1011037* - Identified Remote System Discovery Over SMB - 1 (ATT&CK T1018)
1011027* - Identified Session Enumeration Request Over SMB (ATT&CK T1049)
Directory Server LDAP
1004656* - IBM Tivoli Directory Server Remote Code Execution Vulnerability (CVE-2011-1206)
Web Application PHP Based
1011601 - WordPress 'GSEOR' Plugin SQL Injection Vulnerability (CVE-2021-24396)
1011602 - WordPress 'MicroCopy' Plugin SQL Injection Vulnerability (CVE-2021-24397)
1011599 - WordPress 'Nevma Adaptive Images' Plugin Directory Traversal Vulnerability (CVE-2019-14205)
1011603 - WordPress 'OMGF' Plugin Directory Traversal Vulnerability (CVE-2021-24638)
1011600 - WordPress 'WP Statistics' Plugin SQL Injection Vulnerability (CVE-2021-24340)
Web Server Common
1011466* - Apache HTTP Server 'mod_sed' Denial Of Service Vulnerability (CVE-2022-30522)
Web Server HTTPS
1011550* - Centreon 'Poller Resource' SQL Injection Vulnerability (CVE-2022-41142)
1011519* - Node.js HTTP Request Smuggling Attack (CVE-2022-32214)
Web Server IIS
1000101* - Microsoft IIS Malformed HTTP Request DoS Vulnerability
Web Server Miscellaneous
1011598 - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36097)
Web Server SharePoint
1011541* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-35823)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1002835* - Web Server - Web Access Events
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Advanced Message Queuing Protocol (AMQP)
1011585 - SolarWinds Network Performance Monitor Insecure Deserialization Vulnerabilities (CVE-2022-36957 and CVE-2022-38108)
DCERPC Services
1011587* - Microsoft Windows Server Service Tampering Vulnerability (CVE-2022-30216)
OpenSSL
1011597 - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3786) - Server
OpenSSL Client
1011596 - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3786) - Client
SolarWinds Information Service
1011586* - SolarWinds Network Performance Monitor 'DeserializeFromStrippedXml' Insecure Deserialization Vulnerability (CVE-2022-36958)
Web Application Common
1011588* - Dolibarr ERP And CRM Code Injection Vulnerability (CVE-2022-40871)
Web Application PHP Based
1011584* - WordPress 'WP Super Cache' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24329)
1011582* - WordPress 'WPvivid Backup' Plugin Directory Traversal Vulnerability (CVE-2022-2863)
Web Client Common
1011594 - Foxit Reader Remote Code Execution Vulnerability (CVE-2018-17658)
Web Server Miscellaneous
1011592 - XWiki Code Injection Vulnerability (CVE-2022-36099)
1011583* - XWiki Code Injection Vulnerability (CVE-2022-36100)
1011569* - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36094)
1011578* - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36096)
Web Server Oracle
1003413* - Oracle WebLogic Connector JSESSIONID Remote Overflow
Web Server SharePoint
1011478* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-30157)
Zoho ManageEngine
1011526* - Zoho ManageEngine Multiple Products 'getNmapInitialOption' Command Injection Vulnerability (CVE-2022-38772)
Zoho ManageEngine ServiceDesk Plus_MSP
1011595 - Zoho ManageEngine Multiple Products Privilege Escalation Vulnerability (CVE-2022-40773)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Advanced Message Queuing Protocol (AMQP)
1011585 - SolarWinds Network Performance Monitor Insecure Deserialization Vulnerabilities (CVE-2022-36957 and CVE-2022-38108)
DCERPC Services
1011587* - Microsoft Windows Server Service Tampering Vulnerability (CVE-2022-30216)
OpenSSL
1011597 - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3786) - Server
OpenSSL Client
1011596 - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3786) - Client
SolarWinds Information Service
1011586* - SolarWinds Network Performance Monitor 'DeserializeFromStrippedXml' Insecure Deserialization Vulnerability (CVE-2022-36958)
Web Application Common
1011588* - Dolibarr ERP And CRM Code Injection Vulnerability (CVE-2022-40871)
Web Application PHP Based
1011584* - WordPress 'WP Super Cache' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24329)
1011582* - WordPress 'WPvivid Backup' Plugin Directory Traversal Vulnerability (CVE-2022-2863)
Web Client Common
1011594 - Foxit Reader Remote Code Execution Vulnerability (CVE-2018-17658)
Web Server Miscellaneous
1011592 - XWiki Code Injection Vulnerability (CVE-2022-36099)
1011583* - XWiki Code Injection Vulnerability (CVE-2022-36100)
1011569* - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36094)
1011578* - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36096)
Web Server Oracle
1003413* - Oracle WebLogic Connector JSESSIONID Remote Overflow
Web Server SharePoint
1011478* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-30157)
Zoho ManageEngine
1011526* - Zoho ManageEngine Multiple Products 'getNmapInitialOption' Command Injection Vulnerability (CVE-2022-38772)
Zoho ManageEngine ServiceDesk Plus_MSP
1011595 - Zoho ManageEngine Multiple Products Privilege Escalation Vulnerability (CVE-2022-40773)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
OpenSSL
1011590 - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3602) - Server
OpenSSL Client
1011591 - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3602) - Client
Web Application Common
1011589 - ZK Framework 'AuUploader' Information Disclosure Vulnerability (CVE-2022-36537)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
OpenSSL
1011590 - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3602) - Server
OpenSSL Client
1011591 - OpenSSL 'ossl_punycode_decode' Buffer Overflow Vulnerability (CVE-2022-3602) - Client
Web Application Common
1011589 - ZK Framework 'AuUploader' Information Disclosure Vulnerability (CVE-2022-36537)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1011587 - Microsoft Windows Server Service Tampering Vulnerability (CVE-2022-30216)
JBoss Remoting Connector Unified Invoker
1011570* - Red Hat JBoss Enterprise Application Platform Remote Code Execution Vulnerability
SolarWinds Information Service
1011586 - SolarWinds Network Performance Monitor 'DeserializeFromStrippedXml' Insecure Deserialization Vulnerability (CVE-2022-36958)
WSO2 Enterprise Integrator
1011580* - WSO2 Enterprise Integrator Cross-Site Scripting Vulnerability (CVE-2022-39810)
Web Application Common
1011588 - Dolibarr ERP And CRM Code Injection Vulnerability (CVE-2022-40871)
1011577* - Fastify Denial Of Service Vulnerability (CVE-2022-39288)
1007170* - Identified Suspicious China Chopper Webshell Communication (ATT&CK T1505.003)
Web Application PHP Based
1011574* - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
1011579* - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
1011584 - WordPress 'WP Super Cache' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24329)
1011582 - WordPress 'WPvivid Backup' Plugin Directory Traversal Vulnerability (CVE-2022-2863)
Web Server Miscellaneous
1011581* - Apache JSPWiki 'UserPreferences.jsp' Cross-Site Request Forgery Vulnerability (CVE-2022-28731)
1011572* - Vm2 Sandbox Remote Code Execution Vulnerability (CVE-2021-23449)
1011583 - XWiki Code Injection Vulnerability (CVE-2022-36100)
1011569 - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36094)
1011578 - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36096)
Zoho ManageEngine
1011549* - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2022-40300)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
1011453* - Microsoft Windows WMI Events - 1
Deep Packet Inspection Rules:
DCERPC Services
1011587 - Microsoft Windows Server Service Tampering Vulnerability (CVE-2022-30216)
JBoss Remoting Connector Unified Invoker
1011570* - Red Hat JBoss Enterprise Application Platform Remote Code Execution Vulnerability
SolarWinds Information Service
1011586 - SolarWinds Network Performance Monitor 'DeserializeFromStrippedXml' Insecure Deserialization Vulnerability (CVE-2022-36958)
WSO2 Enterprise Integrator
1011580* - WSO2 Enterprise Integrator Cross-Site Scripting Vulnerability (CVE-2022-39810)
Web Application Common
1011588 - Dolibarr ERP And CRM Code Injection Vulnerability (CVE-2022-40871)
1011577* - Fastify Denial Of Service Vulnerability (CVE-2022-39288)
1007170* - Identified Suspicious China Chopper Webshell Communication (ATT&CK T1505.003)
Web Application PHP Based
1011574* - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
1011579* - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
1011584 - WordPress 'WP Super Cache' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24329)
1011582 - WordPress 'WPvivid Backup' Plugin Directory Traversal Vulnerability (CVE-2022-2863)
Web Server Miscellaneous
1011581* - Apache JSPWiki 'UserPreferences.jsp' Cross-Site Request Forgery Vulnerability (CVE-2022-28731)
1011572* - Vm2 Sandbox Remote Code Execution Vulnerability (CVE-2021-23449)
1011583 - XWiki Code Injection Vulnerability (CVE-2022-36100)
1011569 - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36094)
1011578 - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36096)
Zoho ManageEngine
1011549* - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2022-40300)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
1011453* - Microsoft Windows WMI Events - 1
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Directory Server LDAP
1011531* - Microsoft Windows Active Directory Certificate Services Privilege Escalation Vulnerability (CVE-2022-34691)
JBoss Remoting Connector Unified Invoker
1011570 - Red Hat JBoss Enterprise Application Platform Remote Code Execution Vulnerability
WSO2 Enterprise Integrator
1011580 - WSO2 Enterprise Integrator Cross-Site Scripting Vulnerability (CVE-2022-39810)
Web Application Common
1011577 - Fastify Denial Of Service Vulnerability (CVE-2022-39288)
Web Application PHP Based
1011574 - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
1011561* - WordPress 'Ketchup Restaurant Reservations' Plugin SQL Injection Vulnerability (CVE-2022-2754)
1011579 - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
Web Client Common
1011576 - Chromium Based Browsers Use After Free Vulnerability (CVE-2022-3038)
Web Server Common
1011575 - Apache Commons Text Remote Code Execution Vulnerability (CVE-2022-42889)
Web Server Miscellaneous
1011581 - Apache JSPWiki 'UserPreferences.jsp' Cross-Site Request Forgery Vulnerability (CVE-2022-28731)
1011572 - Vm2 Sandbox Remote Code Execution Vulnerability (CVE-2021-23449)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Directory Server LDAP
1011531* - Microsoft Windows Active Directory Certificate Services Privilege Escalation Vulnerability (CVE-2022-34691)
JBoss Remoting Connector Unified Invoker
1011570 - Red Hat JBoss Enterprise Application Platform Remote Code Execution Vulnerability
WSO2 Enterprise Integrator
1011580 - WSO2 Enterprise Integrator Cross-Site Scripting Vulnerability (CVE-2022-39810)
Web Application Common
1011577 - Fastify Denial Of Service Vulnerability (CVE-2022-39288)
Web Application PHP Based
1011574 - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
1011561* - WordPress 'Ketchup Restaurant Reservations' Plugin SQL Injection Vulnerability (CVE-2022-2754)
1011579 - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
Web Client Common
1011576 - Chromium Based Browsers Use After Free Vulnerability (CVE-2022-3038)
Web Server Common
1011575 - Apache Commons Text Remote Code Execution Vulnerability (CVE-2022-42889)
Web Server Miscellaneous
1011581 - Apache JSPWiki 'UserPreferences.jsp' Cross-Site Request Forgery Vulnerability (CVE-2022-28731)
1011572 - Vm2 Sandbox Remote Code Execution Vulnerability (CVE-2021-23449)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Directory Server LDAP
1011039 - Identified Domain Trust Discovery Request Over LDAP (ATT&CK T1482)
Redis Server
1011555 - Redis Integer Overflow Vulnerability (CVE-2022-35951)
Web Server Common
1011562 - Disallow Upload Of DLL File
1011553* - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2020-4464)
Web Server HTTPS
1011566 - Centreon 'Contact Group' SQL Injection Vulnerability (CVE-2022-42427)
1011565 - Centreon 'Poller Broker' SQL Injection Vulnerabilities (CVE-2022-42424 and CVE-2022-42425)
1011571 - Centreon 'Poller Broker' SQL Injection Vulnerability (CVE-2022-42426)
1011567 - Centreon 'Poller Broker' SQL Injection Vulnerability (CVE-2022-42428)
1011573 - Centreon 'Poller Broker' SQL Injection Vulnerability (CVE-2022-42429)
Web Server Miscellaneous
1011568 - Vm2 Sandbox Remote Code Execution Vulnerability (CVE-2022-36067)
Windows Services RPC Server DCERPC
1009892* - Identified Domain-Level Information Dumping Over DCERPC (ATT&CK T1003.006, T1018)
Zoho ManageEngine
1011527* - Zoho ManageEngine Multiple Products 'getDNSResolveOption' Command Injection Vulnerability (CVE-2022-37024)
1011549* - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2022-40300)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Directory Server LDAP
1011039 - Identified Domain Trust Discovery Request Over LDAP (ATT&CK T1482)
Redis Server
1011555 - Redis Integer Overflow Vulnerability (CVE-2022-35951)
Web Server Common
1011562 - Disallow Upload Of DLL File
1011553* - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2020-4464)
Web Server HTTPS
1011566 - Centreon 'Contact Group' SQL Injection Vulnerability (CVE-2022-42427)
1011565 - Centreon 'Poller Broker' SQL Injection Vulnerabilities (CVE-2022-42424 and CVE-2022-42425)
1011571 - Centreon 'Poller Broker' SQL Injection Vulnerability (CVE-2022-42426)
1011567 - Centreon 'Poller Broker' SQL Injection Vulnerability (CVE-2022-42428)
1011573 - Centreon 'Poller Broker' SQL Injection Vulnerability (CVE-2022-42429)
Web Server Miscellaneous
1011568 - Vm2 Sandbox Remote Code Execution Vulnerability (CVE-2022-36067)
Windows Services RPC Server DCERPC
1009892* - Identified Domain-Level Information Dumping Over DCERPC (ATT&CK T1003.006, T1018)
Zoho ManageEngine
1011527* - Zoho ManageEngine Multiple Products 'getDNSResolveOption' Command Injection Vulnerability (CVE-2022-37024)
1011549* - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2022-40300)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
SolarWinds Information Service
1011552 - SolarWinds Network Performance Monitor 'UpdateActionsDescriptions' SQL Injection Vulnerability (CVE-2022-36961)
Web Application PHP Based
1011561 - WordPress 'Ketchup Restaurant Reservations' Plugin SQL Injection Vulnerability (CVE-2022-2754)
Web Client HTTPS
1010132* - Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) - 1
Web Server Adobe ColdFusion
1011558 - Adobe ColdFusion Directory Traversal Vulnerability (CVE-2022-38418)
1011557 - Adobe ColdFusion Directory Traversal Vulnerability (CVE-2022-38421)
1011556 - Adobe ColdFusion Directory Traversal Vulnerability (CVE-2022-38423)
1011563 - Adobe ColdFusion Information Disclosure Vulnerability (CVE-2022-38422)
Web Server Adobe ColdFusion AddOns
1011559 - Adobe ColdFusion Authentication Bypass Vulnerability (CVE-2022-38420)
1011560 - Adobe ColdFusion Information Disclosure Vulnerability (CVE-2022-38419)
Web Server Common
1011553 - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2020-4464)
Web Server HTTPS
1011550* - Centreon 'Poller Resource' SQL Injection Vulnerability (CVE-2022-41142)
Web Server Miscellaneous
1011546* - Apache JSPWiki 'AJAXPreview.jsp' Reflected Cross-Site Scripting (CVE-2022-28730)
1011551* - Apache JSPWiki 'WeblogPlugin' Stored Cross-Site Scripting Vulnerability (CVE-2022-28732)
Web Server SharePoint
1011554 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-38053)
Windows Services RPC Server DCERPC
1009892* - Identified Domain-Level Information Dumping Over DCERPC (ATT&CK T1003.006, T1018)
Zoho ManageEngine
1011549 - Zoho ManageEngine Multiple Products 'DashBoardTableController' SQL Injection Vulnerability (CVE-2022-40300)
Integrity Monitoring Rules:
1003587* - Linux/Unix - Directory attributes of /bin modified (ATT&CK T1222.002)
1002766* - Linux/Unix - Directory attributes of /sbin modified (ATT&CK T1222.002)
1003573* - Linux/Unix - File attributes in the /bin directory modified
1003513* - Linux/Unix - File attributes in the /etc directory modified
1003514* - Linux/Unix - File attributes in the /lib directory modified
1003574* - Linux/Unix - File attributes in the /sbin directory modified
1002770* - Linux/Unix - File attributes in the /usr/bin and /usr/sbin directories modified
1008464* - Linux/Unix - File attributes in the /usr/etc, /usr/lib, /usr/lib64, /usr/libexec And /usr/local directories modified
Log Inspection Rules:
1004057* - Microsoft Windows Security Events - 1
Deep Packet Inspection Rules:
SolarWinds Information Service
1011552 - SolarWinds Network Performance Monitor 'UpdateActionsDescriptions' SQL Injection Vulnerability (CVE-2022-36961)
Web Application PHP Based
1011561 - WordPress 'Ketchup Restaurant Reservations' Plugin SQL Injection Vulnerability (CVE-2022-2754)
Web Client HTTPS
1010132* - Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) - 1
Web Server Adobe ColdFusion
1011558 - Adobe ColdFusion Directory Traversal Vulnerability (CVE-2022-38418)
1011557 - Adobe ColdFusion Directory Traversal Vulnerability (CVE-2022-38421)
1011556 - Adobe ColdFusion Directory Traversal Vulnerability (CVE-2022-38423)
1011563 - Adobe ColdFusion Information Disclosure Vulnerability (CVE-2022-38422)
Web Server Adobe ColdFusion AddOns
1011559 - Adobe ColdFusion Authentication Bypass Vulnerability (CVE-2022-38420)
1011560 - Adobe ColdFusion Information Disclosure Vulnerability (CVE-2022-38419)
Web Server Common
1011553 - IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2020-4464)
Web Server HTTPS
1011550* - Centreon 'Poller Resource' SQL Injection Vulnerability (CVE-2022-41142)
Web Server Miscellaneous
1011546* - Apache JSPWiki 'AJAXPreview.jsp' Reflected Cross-Site Scripting (CVE-2022-28730)
1011551* - Apache JSPWiki 'WeblogPlugin' Stored Cross-Site Scripting Vulnerability (CVE-2022-28732)
Web Server SharePoint
1011554 - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-38053)
Windows Services RPC Server DCERPC
1009892* - Identified Domain-Level Information Dumping Over DCERPC (ATT&CK T1003.006, T1018)
Zoho ManageEngine
1011549 - Zoho ManageEngine Multiple Products 'DashBoardTableController' SQL Injection Vulnerability (CVE-2022-40300)
Integrity Monitoring Rules:
1003587* - Linux/Unix - Directory attributes of /bin modified (ATT&CK T1222.002)
1002766* - Linux/Unix - Directory attributes of /sbin modified (ATT&CK T1222.002)
1003573* - Linux/Unix - File attributes in the /bin directory modified
1003513* - Linux/Unix - File attributes in the /etc directory modified
1003514* - Linux/Unix - File attributes in the /lib directory modified
1003574* - Linux/Unix - File attributes in the /sbin directory modified
1002770* - Linux/Unix - File attributes in the /usr/bin and /usr/sbin directories modified
1008464* - Linux/Unix - File attributes in the /usr/etc, /usr/lib, /usr/lib64, /usr/libexec And /usr/local directories modified
Log Inspection Rules:
1004057* - Microsoft Windows Security Events - 1
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Atlassian Bitbucket
1011540* - Atlassian Bitbucket Server and Data Center Remote Command Execution Vulnerability (CVE-2022-36804)
IPSec-IKE
1011536* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability (CVE-2022-34721)
Trend Micro OfficeScan
1011539* - Trend Micro Apex One And OfficeScan Authentication Bypass Vulnerability (CVE-2022-40144)
Web Application PHP Based
1011537* - WordPress 'BackupBuddy' Plugin Directory Traversal Vulnerability (CVE-2022-31474)
Web Client Common
1011545 - Microsoft Visual Studio Remote Code Execution Vulnerability (CVE-2022-30129)
1011547 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2022-34728)
Web Server Common
1010175* - Cross-Site Scripting (XSS) Decoder
Web Server HTTPS
1011550 - Centreon 'Poller Resource' SQL Injection Vulnerability (CVE-2022-41142)
1011041* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-34473 and CVE-2022-41040)
1011548* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2022-41082)
1011519* - Node.js HTTP Request Smuggling Attack (CVE-2022-32214)
Web Server Miscellaneous
1011546 - Apache JSPWiki 'AJAXPreview.jsp' Reflected Cross-Site Scripting (CVE-2022-28730)
1011551 - Apache JSPWiki 'WeblogPlugin' Stored Cross-Site Scripting Vulnerability (CVE-2022-28732)
1011538* - Apache JSPWiki 'XHRHtml2Markup.jsp' Reflected Cross-Site Scripting Vulnerability (CVE-2022-27166)
Web Server SharePoint
1011541* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-35823)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1011542 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) - 1
1003447* - Web Server - Apache
1011250* - Web Server - Apache - 2
Deep Packet Inspection Rules:
Atlassian Bitbucket
1011540* - Atlassian Bitbucket Server and Data Center Remote Command Execution Vulnerability (CVE-2022-36804)
IPSec-IKE
1011536* - Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability (CVE-2022-34721)
Trend Micro OfficeScan
1011539* - Trend Micro Apex One And OfficeScan Authentication Bypass Vulnerability (CVE-2022-40144)
Web Application PHP Based
1011537* - WordPress 'BackupBuddy' Plugin Directory Traversal Vulnerability (CVE-2022-31474)
Web Client Common
1011545 - Microsoft Visual Studio Remote Code Execution Vulnerability (CVE-2022-30129)
1011547 - Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2022-34728)
Web Server Common
1010175* - Cross-Site Scripting (XSS) Decoder
Web Server HTTPS
1011550 - Centreon 'Poller Resource' SQL Injection Vulnerability (CVE-2022-41142)
1011041* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-34473 and CVE-2022-41040)
1011548* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2022-41082)
1011519* - Node.js HTTP Request Smuggling Attack (CVE-2022-32214)
Web Server Miscellaneous
1011546 - Apache JSPWiki 'AJAXPreview.jsp' Reflected Cross-Site Scripting (CVE-2022-28730)
1011551 - Apache JSPWiki 'WeblogPlugin' Stored Cross-Site Scripting Vulnerability (CVE-2022-28732)
1011538* - Apache JSPWiki 'XHRHtml2Markup.jsp' Reflected Cross-Site Scripting Vulnerability (CVE-2022-27166)
Web Server SharePoint
1011541* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-35823)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1011542 - Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) - 1
1003447* - Web Server - Apache
1011250* - Web Server - Apache - 2
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Web Server HTTPS
1011041* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-34473 and ZDI-CAN-18802)
1011548 - Microsoft Exchange Server Remote Code Execution Vulnerability (ZDI-CAN-18333)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Web Server HTTPS
1011041* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-34473 and ZDI-CAN-18802)
1011548 - Microsoft Exchange Server Remote Code Execution Vulnerability (ZDI-CAN-18333)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more