Protections for Web Application Firewall
Learn how to add and manage protections for web application firewall policies.
Web Application Firewall protects your web applications against threats. Web Application Firewall is a regional-based service that is attached to an enforcement point. Use Web Application Firewall protection capabilities to protect your critical web applications against malicious cyberattacks. You can use the protection capabilities to set up rules that are compared against incoming requests to determine if the request contains an attack payload. If it is determined that a request is an attack, Web Application Firewall blocks or alerts you to that request. These attacks are varied and include threats such as SQL injection, cross-site scripting, and HTML injection—all of which the Web Application Firewall protection capabilities can detect and block.
Web Application Firewall protection is a toolkit designed for web application monitoring, logging, and access control. The toolkit lets you decide how to take advantage of all the protection capabilities available. This flexibility is a core element of Web Application Firewall protection, as OCI is constantly pushing updates to increase the security scope of protection capabilities.
The core principles of Web Application Firewall protection capabilities are:
-
Passiveness: You decide which capabilities are required, therefore you have full control.
-
Flexibility: The Oracle Web Application Firewall security team has curated a list of protection capabilities that address both Open Web Application Security Project (OWASP) top 10 and critical CVE's for popular web applications.
-
Quality not quantity: Web Application Firewall protection rules is a dedicated module designed to inspect HTTP traffic that works with the other WAF features (for example, access control).
-
Predictability: Having full control of the Web Application Firewall protection capabilities allows you to control the results expected. You can define and tune your protection rules and leave the setup unattended, knowing that it keeps working as it was configured.
Protection rules match web traffic to rule conditions and determine the action to be taken when the conditions are met.
We continuously update and optimize existing rules, in addition to creating rules. Because of vulnerability concerns, we can't provide the mitigation pattern for rules.
Custom protection rules aren't available for the Web Application Firewall policy.
You can perform the following protections tasks:
For more information, see:
Exclusions
Sometimes a protection rule can trigger a false positive. You can configure an exception if the request(s) generating the false positive have a particular argument or cookie that can be used to identify that request be excluded from the action normally taken on the rule. You can create exclusions using the OCI Console or through the API. Use the following exclusion parameters:
Name | Value |
---|---|
REQUEST_COOKIES | Cookie Value |
ARGS | Argument (Query Parameter or POST/PUT data) |
Protection Capabilities Tuning
This basic WAF tuning information outlines the fundamentals of rule tuning, log inspection, and setting up capability exclusions. Tuning can be beneficial for the following reasons:
-
Reduces the chance of blocking a legitimate request.
-
Protects against standard web application attacks.
-
Protects against specific web application attacks.
-
Reduces the amount of scanning, which leads to better performance.
The following table shows protection capabilities terms and definitions.
Term |
Definition |
---|---|
Tuning |
The process in which the customer's engineer or analyst modifies protection capabilities and actions to allow the application server to be protected but remain functional. There exists a balance between locking down the application server and allowing the application server to perform its duties. The best tuning takes an intimate knowledge of the application server being protected and protection capabilities available to protect that application server. |
False positive |
A false positive occurs when a protection capability is matched against an HTTP transaction and the HTTP transaction is a legitimate (non-malicious) transaction. |
Exclusion |
A modification to a protection capability that allows the value or value name of a cookie or HTTP argument to be ignored. |
Collaborative Protection Capabilities
You can use special protection capabilities tagged as "collaborative" to limit false positives. The collaborative capabilities operate differently from the other protection capabilities.
Collaborative protection capabilities use a scoring and threshold system to evaluate traffic. Individual capabilities work by matching elements of the HTTP transaction and the capability signature. If a match is made, the rule performs its action (for example, detecting or blocking).
Each of the collaborative capabilities uses a group of individual capabilities. The collaborative protection capabilities require multiple matches of elements of the HTTP transaction with individual rules to perform their actions.
For collaborative capabilities to perform their actions, elements of the HTTP transaction must match the individual capabilities in the collaborative group, related to the weight versus thresholds being set on the collaborative capabilities, as follows:
-
Weight: A number representing how much an individual capability contributes toward the collaborative capability threshold.
- Threshold: The minimum sum of weights from individual capabilities that the collaborative capability matches.
You can change the weight and threshold values as needed.
When an exclusion is added within the collaborative protection capability, the exclusion applies to all individual capabilities within the collaborative capability.
Example
A collaborative capability key with ID 9420000 - SQL Injection (SQLi) Collaborative Group - SQLi Filters Categories checks the incoming HTTP request for certain types of SLQ injections. This collaborative capability is made up of several capabilities, such as 9421000, 9421400, 9421600, each with a default weight value of 4.
If this collaborative capability is enabled (9420000), for every incoming HTTP request, WAF runs each individual capability (9421000, 9421400, 9421600) that makes up the collaborative capability separately, to find matched capabilities.
After the rules are processed, the matched capabilities are used, their weights are added (in this case is 4+4+4 = 12), and the sum is checked against the threshold (10). Because the HTTP request matched the individual capabilities that make up the collaborative capability (9420000), the collaborative capability is marked as triggered. If logging is configured, the matched capability is logged. Depending on how the capability is configured, an HTTP response is returned.
For more information, see Protection Capabilities Reference.Collaborative Protection Capability Keys
The following list provides collaborative protection capability keys:
-
9300000 - Local File Inclusion (LFI) Collaborative Group - LFI Filter Categories
-
9320000 - Remote Code Execution (RCE) Collaborative Group - UNIX RCE Filter Categories
-
9320001 - Remote Code Execution (RCE) Collaborative Group - Windows RCE Filter Categories
-
9330000 - PHP Injection Attacks Collaborative Group - PHP Filters Categories
-
9410000 - Cross-Site Scripting (XSS) Collaborative Group - XSS Filters Categories
-
9420000 - SQL Injection (SQLi) Collaborative Group - SQLi Filters Categories
Other Protection Capabilities
The following list provides protection capabilities that are "noisy," with some descriptions and recommendations to help you understand what the capability is trying to match. Exclusions cannot be applied to some of these keys.
Capability Key | Capability Name | Notes |
---|---|---|
920310 920311 |
Missing Accept Header |
Even when requests without accept headers do not mean a violation of the HTTP protocol, requests without accept headers are most often not genuine requests. The rule might be alerting for API or custom application requests. To avoid scanning API or custom application requests, collect a list of the well-known applications that send traffic through and request custom rules. For more information, see RFC 7231, section-5.3.2. |
920280 |
Missing Host Header | As described in RFC 7230, section-5.4 "A server must respond with a 400 (Bad Request) status code to any HTTP/1.1 request message that lacks a Host header field and to any request message that contains more than one Host header field or a Host header field with an invalid field-value." This is an essential method of protection and at the same time ensures that WAF servers properly identify which WAF policy the request is intended for. Since WAF requires a host header to pass traffic to the proper origin, this rule might cause a high rate of false positives. |
920320 920330 |
Missing User-Agent Header |
This rule prevents unidentified users from accessing your web application. User-Agent is one of the request headers defined in various RFCs that provides user information. Even when a request contains a user agent, it does not imply it comes from a real human. This rule works as a first level of mitigation for "dummy" attacks that originate from possible bots or "non-RFC compliant" applications. Note: Some APIs might not include the User-Agent header. If API requests are expected, ensure you add the API IP address to the allowlist or have a custom WAF rule that excludes this traffic from being inspected. For more information, see RFC 7231, section-5.5.3. This rule is an indicator of bad or malicious traffic, but it is possible legitimate applications do not have a User-Agent. Ask application owners to use User-Agents when applicable. |
920170 920171 |
GET/HEAD Requests Validation |
As described in RFC 7231, section-4.3.1 and section-4.3.2, HEAD and GET are HTTP methods intended to retrieve information from the origin server. Even when not forbidden by the RFC, sending body or payload through these types of methods is not a common practice. Usually it is caused by improperly defined applications not following the best practices of the RFC and can be used by malicious users as a bypass technique. It is also defined in RFC 2616, section-4.3 "if the request method does not include defined semantics for an entity-body, then the message-body should be ignored when handling the request." |
920180 |
Missing Content-Type Header | As defined under RFC 2616, section-7.2.1, "Any HTTP/1.1 message containing an entity-body should include a Content-Type header field defining the media type of that body." If this best practice is not followed, it could lead to MIME-type sniffing attacks. |
911100 |
Allowed HTTP methods |
The default allowed HTTP methods are GET, HEAD, POST, and OPTIONS. OPTIONS is known as an insecure method because it is highly used by attackers to gather up information from the origin server. This method is also required by some applications to work properly. If this method is not required, create a service request with My Oracle Support to disable it. Other methods can also be added as required with a service request. |
920380 |
Max amount of arguments |
RFC does not enforce the number of arguments that a request must have, but using many arguments could be a method used by malicious users attempting to overflow a web application. To protect against these types of attacks, we recommend limiting the maximum number of ARGs allowed per request. The default value is 255. |
920370 |
Max length of an argument |
RFC does not enforce the length per argument that a request must have, but using large argument length could be a method used by malicious users attempting to overflow a web application. To protect against these types of attacks, we recommend limiting the maximum length of ARGs allowed per request. The default value is 400. |
920390 |
Max total argument length | RFC does not enforce the total (combined) argument size that a request must have, but large combined argument values could be a method used by malicious users attempting to overflow a web application. To protect against these types of attacks, we recommend limiting the maximum combined argument value allowed per request.The default value is 64000. |
920350 |
Host Header Is IP Address | This rule does not usually trigger, as WAF needs a host header to send traffic to the origin. |
941120 | Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 2 |
This rule takes a long time to process if there is a large payload. For example, a payload with 64,005 bytes takes around 32 seconds to process. |
Protection Rules
Protection rules match web traffic to rule conditions and determine the action to be taken when the conditions are met.
We continuously update and optimize existing rules, in addition to creating rules. Because of vulnerability concerns, we can't provide the mitigation pattern for rules.
Custom protection rules aren't available for WAF policy.
You can perform the following protections tasks:
For more information, see:
Protection Capabilities
The following table lists protection capabilities supported by WAF. For the most up-to-date listing, view the Web Application Firewall protection capabilities in the OCI Console. See Listing Web Application Firewall Protection Capabilities.
Capability Key | Version | Name | Description |
---|---|---|---|
944300 | 1 | Java attack Attempt: Interesting keywords for possibly RCE on vulnerable classes and methods base64 encoded | Java attack Attempt: Interesting keywords for possibly RCE on vulnerable classes and methods base64 encoded |
944260 | 1 | Java attack Attempt | Java attack Attempt: Malicious class-loading payload |
944250 | 1 | Java attack Attempt: SAP CRM Java vulnerability CVE-2018-2380 | Java attack Attempt: SAP CRM Java vulnerability CVE-2018-2380 |
944240 | 1 | Java attack Attempt: Remote Command Execution: Java serialization | Java attack Attempt: Remote Command Execution: Java serialization |
944210 | 1 | Java attack Attempt: Detecting possible base64 text to match encoded magic bytes \xac\xed\x00\x05 with padding encoded in base64 strings are rO0ABQ KztAAU Cs7QAF | Java attack Attempt: Detecting possible base64 text to match encoded magic bytes \xac\xed\x00\x05 with padding encoded in base64 strings are rO0ABQ KztAAU Cs7QAF |
944200 | 1 | Java attack Attempt: Detect exploitation of "Java deserialization" Apache Commons | Java attack Attempt: Detect exploitation of "Java deserialization" Apache Commons |
944152 | 1 | Log4J / Log4Shell Defense | This rule addresses exploits against the Log4J library described in several CVEs. It checks for existence of `${`. |
944151 | 1 | Log4J / Log4Shell Defense | Log4J / Log4Shell Defense: This rule addresses exploits against the Log4J library described in several CVEs. |
944150 | 1 | Log4J / Log4Shell Defense | This rule addresses exploits against the Log4J library described in several CVEs. It detects Nested use of ${, use of ${jndi:... without the closing bracket. |
944140 | 1 | Java Script Uploads: Block file uploads with filenames ending in Java scripts | Java Script Uploads: Block file uploads with filenames ending in Java scripts (.jsp, .jspx), scan nonstandard request headers |
944130 | 2 | Java attack Attempt: Apache Struts and Oracle WebLogic vulnerabilities | Java attack Attempt: Apache Struts and Oracle WebLogic vulnerabilities |
944110 944120 |
1 | Java attack Attempt: Apache Struts and Oracle WebLogic vulnerabilities and detect processbuilder or runtime calls | Java attack Attempt: Apache Struts and Oracle WebLogic vulnerabilities, Java deserialization |
944100 | 1 | Java attack Attempt: Apache Struts and Oracle WebLogic vulnerabilities | Java attack Attempt: Apache Struts and Oracle WebLogic vulnerabilities |
943120 | 1 | Session Fixation No Referer in SessionID | Detects SessionID Parameter Name with No Referer |
943110 | 1 | Session Fixation Off-Domain Referer in SessionID | Detects SessionID Parameter Name with Off-Domain Referer |
943100 | 1 | Session Fixation cookie in HTML | Detects Cookie Values in HTML which could be a session fixation attack |
942511 | 2 | SQL Injection (SQLi) SQLi bypass: quotes | SQL Injection (SQLi) Attempt: Detects quotes and backticks which can be used to bypass filters. |
942510 | 2 | SQL Injection (SQLi) SQLi bypass: backticks | SQL Injection (SQLi) Attempt: Detects quotes and backticks can be used to bypass SQLi detection. |
942500 | 1 | SQL Injection (SQLi) In-line comments | SQL Injection (SQLi) Attempt: In-line comments detection |
942490 | 1 | SQL Injection (SQLi) classic SQL injection probings | SQL Injection (SQLi) Attempt: Detects classic SQL injection probings |
942480 | 2 | SQL Injection (SQLi) SQL injection | SQL Injection (SQLi) Attempt: SQL injection detection |
942470 | 2 | SQL Injection (SQLi) SQL injection | SQL Injection (SQLi) Attempt: SQL injection detection |
942460 | 1 | SQL Injection (SQLi) Repetitive Non-Word Characters | SQL Injection (SQLi) Attempt: Detects when multiple (4 or more) non-word characters are repeated in sequence. |
942450 | 2 | SQL Injection (SQLi) SQL Hex Evasion Methods | SQL Injection (SQLi) Attempt: Detects SQL Hex Evasion Methods |
942440 | 2 | SQL Injection (SQLi) SQL Comment Sequence | SQL Injection (SQLi) Attempt: Detects SQL Comment Sequence |
942432 | 1 | SQL Injection (SQLi) Restricted SQL Character Anomaly Detection | SQL Injection (SQLi) Attempt: Restricted SQL Character Anomaly Detection also detects CVE-2018-2380 |
942431 | 1 | SQL Injection (SQLi) Restricted SQL Character Anomaly Detection | SQL Injection (SQLi) Attempt: Restricted SQL Character Anomaly Detection also detects CVE-2018-2380 |
942430 | 1 | SQL Injection (SQLi) Restricted SQL Character Anomaly Detection | SQL Injection (SQLi) Attempt: This rules attempts to gauge when there is an excessive use of meta-characters within a single parameter payload. Also detects CVE-2018-2380 |
942421 | 1 | SQL Injection (SQLi) SQL Injection Character Anomaly Usage | SQL Injection (SQLi) Attempt: Detects SQL Injection Character Anomaly Usage |
942420 | 1 | SQL Injection (SQLi) SQL Injection Character Anomaly Usage | SQL Injection (SQLi) Attempt: Detects when there is an excessive use of meta-characters within a single parameter payload. |
942410 | 2 | SQL Injection (SQLi) SQL injection | SQL Injection (SQLi) Attempt: SQL injection detection also detects CVE-2018-2380 |
942400 | 2 | SQL Injection (SQLi) SQL injection | SQL Injection (SQLi) Attempt: SQL injection detection |
942390 | 2 | SQL Injection (SQLi) SQL injection | SQL Injection (SQLi) Attempt: SQL injection detection |
942380 | 2 | SQL Injection (SQLi) SQL injection | SQL Injection (SQLi) Attempt: SQL injection detection |
942370 | 2 | SQL Injection (SQLi) classic SQL injection probings | SQL Injection (SQLi) Attempt: classic SQL injection probings detection, also detects SAP CRM Java vulnerability CVE-2018-2380 |
942362 | 1 | SQL Injection (SQLi) Concatenated SQLi and SQLLFI | SQL Injection (SQLi) Attempt: Concatenated SQLi and SQLLF detection |
942361 | 1 | SQL Injection (SQLi) basic SQL injection based on keyword alter or union | SQL Injection (SQLi) Attempt: basic SQL injection based on keyword alter or union detection |
942360 | 3 | SQL Injection (SQLi) Concatenated SQLi and SQLLFI | SQL Injection (SQLi) Attempt: Concatenated SQLi and SQLLF detection |
942350 | 3 | SQL Injection (SQLi) MYSQL UDF/ data structure manipulation | SQL Injection (SQLi) Attempt: MYSQL UDF/ data structure manipulation detection |
942340 | 2 | SQL Injection (SQLi) basic SQL auth bypass attempts | SQL Injection (SQLi) Attempt: basic SQL authentication bypass attempts detection |
942330 | 3 | SQL Injection (SQLi) classic SQL injection probings | SQL Injection (SQLi) Attempt: classic SQL injection probings detection |
942320 | 2 | SQL Injection (SQLi) MYSQL/ PostgreSQL stored procedure and function injection | SQL Injection (SQLi) Attempt: MYSQL/ PostgreSQL stored procedure and function injection detection |
942310 | 2 | SQL Injection (SQLi) chained SQL injection | SQL Injection (SQLi) Attempt: chained SQL injection detection |
942300 | 2 | SQL Injection (SQLi) MySQL comments, conditions and ch(a)r injections | SQL Injection (SQLi) Attempt: MySQL comments, conditions and ch(a)r injections detection |
942290 | 1 | SQL Injection (SQLi) MongoDB SQLi | SQL Injection (SQLi) Attempt: MongoDB SQL injection detection |
942280 | 2 | SQL Injection (SQLi) pg_sleep injection/ waitfor delay/ database shutdown | SQL Injection (SQLi) Attempt: pg_sleep injection/ waitfor delay attack/ database shutdown detection |
942270 | 1 | SQL Injection (SQLi) Common SQLi attacks for various dbs | SQL Injection (SQLi) Attempt: Common attacks against msql, oracle, and other dbs detection |
942260 | 3 | SQL Injection (SQLi) basic SQL auth bypass | SQL Injection (SQLi) Attempt: basic SQL authentication bypass detection |
942251 | 2 | SQL Injection (SQLi) SQL HAVING queries | SQL Injection (SQLi) Attempt: Detects SQL HAVING queries |
942250 | 2 | SQL Injection (SQLi) Merge / Execute / Immediate injections | SQL Injection (SQLi) Attempt: MERGE / EXECUTE / IMMEDIATE injections detection |
942240 | 2 | SQL Injection (SQLi) MYSQL charset/ MSSQL DOS | SQL Injection (SQLi) Attempt: MYSQL charset/ MSSQL DOS detection |
942230 | 2 | SQL Injection (SQLi) Conditional SQL injections | SQL Injection (SQLi) Attempt: Conditional SQL injection detection |
942220 | 2 | SQL Injection (SQLi) Integer overflow attacks | SQL Injection (SQLi) Attempt: Integer Overflow attack detection |
942210 | 3 | SQL Injection (SQLi) chained SQL injection attempts | SQL Injection (SQLi) Attempt: chained SQL injection attempts detection, also triggers SAP CRM Java vulnerability CVE-2018-2380 |
942200 | 2 | SQL Injection (SQLi) MySQL comment-/space-obfuscated injections and backtick termination | SQL Injection (SQLi) Attempt: MySQL comment-/space-obfuscated injections and backtick termination detection and also triggers SAP CRM Java vulnerability CVE-2018-2380 |
942190 | 2 | SQL Injection (SQLi) MSSQL code execution and info gathering | SQL Injection (SQLi) Attempt: MSSQL code execution and info gathering detection |
942180 | 2 | SQL Injection (SQLi) Basic SQL auth bypass | SQL Injection (SQLi) Attempt: Basic SQL authentication bypass detection |
942170 | 2 | SQL Injection (SQLi) SQL benchmark and sleep injections | SQL Injection (SQLi) Attempt: SQL benchmark and sleep injection detection |
942160 | 2 | SQL Injection (SQLi) PHPIDS SQLi Filters | SQL Injection (SQLi) Attempt: SQLi Filters via PHPIDS |
942151 | 1 | SQL Injection (SQLi) SQL Function Names | SQL Injection (SQLi) Attempt: SQL Function Names detection also detects CVE-2018-2380 |
942150 | 2 | SQL Injection (SQLi) SQL Function Names | SQL Injection (SQLi) Attempt: SQL Function Names detection also detects SAP CRM Java vulnerability CVE-2018-2380 |
942140 | 3 | SQL Injection (SQLi) Detect DB Names | SQL Injection (SQLi) Attempt: SQLi Filters via DB Names |
942131 | 1 | SQL Injection (SQLi) SQL Tautologies | SQL Injection (SQLi) Attempt: Boolean-based SQL injection detection or SQL Tautologies detection using inequalities |
942130 | 3 | SQL Injection (SQLi) SQL Tautologies | SQL Injection (SQLi) Attempt: SQL Tautologies detection using equalities or Boolean-based SQL injection detection |
942120 | 2 | SQL Injection (SQLi) SQL operators | SQL Injection (SQLi) Attempt: SQL operators detection also detects CVE-2018-2380 |
942110 | 1 | SQL Injection (SQLi) String termination/ Statment ending injection | SQL Injection (SQLi) Attempt: String termination/ Statment ending injection detection also detects CVE-2018-2380 |
942101 | 1 | SQL Injection (SQLi) Libinjection | SQL Injection (SQLi) Attempt: Detects SQLi using libinjection |
942100 | 1 | SQL Injection (SQLi) Libinjection Detection | SQL Injection (SQLi) Attempt: SQLi Filters via libinjection |
9420000 | 2 | SQL Injection (SQLi) Collaborative Group - SQLi Filters Categories | SQL Injection (SQLi) Attempt: SQLi Filters via libinjection - Detect Database names - PHPIDS - Converted SQLI Filters. |
941380 | 1 | Cross-Site Scripting (XSS) Attempt: Defend against AngularJS client side template injection | Cross-Site Scripting (XSS) Attempt: Defend against AngularJS client side template injection |
941370 | 1 | Cross-Site Scripting (XSS) Attempt: Prevent 94118032 bypass by using JavaScript global variables | Cross-Site Scripting (XSS) Attempt: Prevent 94118032 bypass by using JavaScript global variables |
941360 | 1 | Cross-Site Scripting (XSS) Attempt: Defend against JSFuck and Hieroglyphy obfuscation of Javascript code. | Cross-Site Scripting (XSS) Attempt: Defend against JSFuck and Hieroglyphy obfuscation of Javascript code. |
941350 | 3 | Cross-Site Scripting (XSS) Attempt: UTF-7 encoding XSS filter evasion for IE | Cross-Site Scripting (XSS) Attempt: UTF-7 encoding XSS filter evasion for IE |
941340 | 2 | Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer | Cross-Site Scripting (XSS) Attempt: XSS Filters from IE |
941330 | 3 | Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer | Cross-Site Scripting (XSS) Attempt: XSS Filters from IE |
941320 | 2 | Cross-Site Scripting (XSS) Attempt: HTML Tag Handler | Cross-Site Scripting (XSS) Attempt: HTML Tag Handler |
941310 | 3 | Cross-Site Scripting (XSS) Attempt: US-ASCII encoding bypass listed on XSS filter evasion | Cross-Site Scripting (XSS) Attempt: US-ASCII encoding bypass listed on XSS filter evasion |
941300 | 2 | Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer | Cross-Site Scripting (XSS) Attempt: XSS Filters from IE |
941290 | 2 | Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer | Cross-Site Scripting (XSS) Attempt: XSS Filters from IE |
941280 | 2 | Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer | Cross-Site Scripting (XSS) Attempt: XSS Filters from IE |
941270 | 2 | Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer | Cross-Site Scripting (XSS) Attempt: XSS Filters from IE |
941260 | 2 | Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer | Cross-Site Scripting (XSS) Attempt: XSS Filters from IE |
941250 | 2 | Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer | Cross-Site Scripting (XSS) Attempt: XSS Filters from IE |
941240 | 3 | Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer | Cross-Site Scripting (XSS) Attempt: XSS Filters from IE |
941230 | 2 | Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer | Cross-Site Scripting (XSS) Attempt: XSS Filters from IE |
941220 | 2 | Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer | Cross-Site Scripting (XSS) Attempt: XSS Filters from IE |
941210 | 2 | Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer | Cross-Site Scripting (XSS) Attempt: XSS Filters from IE |
941200 | 2 | Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer | Cross-Site Scripting (XSS) Attempt: XSS Filters from IE |
941190 | 3 | Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer | Cross-Site Scripting (XSS) Attempt: XSS Filters from IE |
941180 | 3 | Cross-Site Scripting (XSS) Attempt: Blacklist Keywords from Node-Validator | Cross-Site Scripting (XSS) Attempt: Blacklist Keywords from Node-Validator |
941170 | 3 | Cross-Site Scripting (XSS) Attempt: NoScript XSS Filters | Cross-Site Scripting (XSS) Attempt: NoScript XSS Filters, NoScript InjectionChecker - Attributes injection |
941160 | 3 | Cross-Site Scripting (XSS) Attempt: NoScript XSS Filters | Cross-Site Scripting (XSS) Attempt: NoScript XSS Filters, NoScript InjectionChecker - HTML injection |
941150 | 2 | Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 5 | Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 5. HTML attributes - src, style and href |
941140 | 3 | Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 4 | Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 4. XSS vectors making use of javascript URI and tags, e.g., <p style="background:url(javascript:alert(1))"> |
941130 | 4 | Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 3 | Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 3. XSS vectors making use of Attribute Vectors |
941120 | 4 | Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 2 | Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 2. XSS vectors making use of event handlers like onerror, onload, etc., e.g., <body onload="alert(1)"> |
941181 | 1 | Cross-Site Scripting (XSS) Attempt: Blacklist Keywords from Node-Validator | Cross-Site Scripting (XSS) Attempt: Blacklist Keywords from Node-Validator |
941110 | 2 | Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 1 | Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 1. Script tag based XSS vectors, e.g., <script> alert(1)</script> |
941101 | 3 | Cross-Site Scripting (XSS) Attempt: Referer Header Attack Detected via libinjection | Cross-Site Scripting (XSS) Attempt: On Referer Header XSS Attack Detected via libinjection |
941100 | 2 | Cross-Site Scripting (XSS) Attempt: Libinjection - XSS Detection | Cross-Site Scripting (XSS) Attempt: Detects XSS Libinjection |
9410000 | 3 | Cross-Site Scripting (XSS) Collaborative Group - XSS Filters Categories | Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 1. |
934131 | 1 | JavaScript Prototype Pollution | Detects JavaScript Prototype Pollution |
934130 | 1 | JavaScript prototype pollution injection attempts | Detects JavaScript prototype pollution injection attempts. |
934120 | 1 | Server-Side Request Forgery Attack | PL2 rules adds SSRF capture for common evasion techniques |
934110 | 1 | Server-Side Request Forgery Attack | Detects generic Server-Side Request Forgery Attacks. |
934100 | 2 | Insecure unserialization Remote Code Execution | Detects generic Remote Code Executions on Insecure unserialiazation. Detects CVE-2017-5941 |
933210 | 2 | PHP Injection Attacks: PHP Functions - Variable Function Prevent Bypass | PHP Injection Attacks: PHP Functions - Variable Function Calls, This rule blocks bypass filter payloads. |
933200 | 1 | PHP Injection Attacks: PHP Wrappers | PHP Injection Attacks: PHP Wrappers, PHP comes with many built-in wrappers for various URL-style protocols for use with the filesystem functions such as fopen(), copy(), file_exists() and filesize(). Abusing of PHP wrappers like phar://, zlib://, glob://, rar://, zip://, etc... could lead to LFI and expect:// to RCE. |
933190 | 1 | PHP Injection Attacks: PHP Closing Tag Found | PHP Injection Attacks: PHP Closing Tag Found. |
933180 | 2 | PHP Injection Attacks: PHP Functions - Variable Function Calls | PHP Injection Attacks: PHP Functions - Variable Function Calls, PHP 'variable functions' provide an alternate syntax for calling PHP functions. An attacker may use variable function syntax to evade detection of function names during the exploitation of a remote code execution vulnerability. |
933170 | 2 | PHP Injection Attacks: PHP Object Injection | PHP Injection Attacks: PHP Object Injection, is an application-level vulnerability that could allow an attacker to perform different kinds of malicious attacks, such as Code Injection, SQL Injection, Path Traversal and Application Denial of Service, depending on the context. The vulnerability occurs when user-supplied input is not properly sanitized before being passed to the unserialize() PHP function. |
933161 | 2 | PHP Injection Attacks: PHP Functions - Low-Value PHP Function Calls | PHP Injection Attacks: PHP Functions - Low-Value PHP Function Calls. Most of these function names are likely to cause false positives in natural text or common parameter values, such as 'abs', 'copy', 'date', 'key', 'max', 'min'. Therefore, these function names are not scanned in lower paranoia levels or if high false positives are expected. |
933160 | 2 | PHP Injection Attacks: High-Risk PHP Function Calls | PHP Injection Attacks: High-Risk PHP Function Calls, some PHP function names have a certain risk of false positives, due to short names, full or partial overlap with common natural language terms, uses in other contexts, et cetera. Some examples are 'eval', 'exec', 'system'. |
933151 | 3 | PHP Injection Attacks: Medium-Risk PHP Function Names | PHP Injection Attacks: Medium-Risk PHP Function Names, Medium-Risk PHP injection payloads, and extremely rare in natural language or other contexts. This includes most PHP functions and keywords. |
933150 | 3 | PHP Injection Attacks: High-Risk PHP Function Names | PHP Injection Attacks: High-Risk PHP Function Names, Approx. 40 words highly common to PHP injection payloads and extremely rare in natural language or other contexts. Examples: 'base64_decode', 'file_get_contents'. |
933140 | 2 | PHP Injection Attacks: PHP I/O Streams | PHP Injection Attacks: Variables Found. The "php://" syntax can be used to refer to various objects, such as local files (for LFI), remote urls (for RFI), or standard input/request body. Its occurrence indicates a possible attempt to either inject PHP code or exploit a file inclusion vulnerability in a PHP web app. |
933131 | 2 | PHP Injection Attacks: PHP Variables - Common Variable Indexes | PHP Injection Attacks: Common Variable Indexes |
933130 | 3 | PHP Injection Attacks: PHP Variables | PHP Injection Attacks: Variables Found |
933120 | 3 | PHP Injection Attacks: PHP Configuration Directives | PHP Injection Attacks: Configuration Directive Found |
933111 | 2 | PHP Injection Attacks: PHP Script Uploads - Superfluous extension | PHP Injection Attacks: PHP Script Uploads - Superfluous extension. Block file uploads with PHP extensions (.php, .php5, .phtml etc) anywhere in the name, followed by a dot. |
933110 | 2 | PHP Injection Attacks: PHP Script Uploads |
PHP Injection Attacks: Block file uploads with PHP extensions (.php, .php5, .phtml etc), also block files with just dot (.) characters after the extension. Many applications contain Unrestricted File Upload vulnerabilities. Attackers may use such a vulnerability to achieve remote code execution by uploading a .php file. Some AJAX uploaders use the nonstandard request headers X-Filename, X_Filename, or X-File-Name to transmit the file name to the server scan these request headers as well as multipart/form-data file names. |
933100 | 3 | PHP Injection Attacks: PHP Open Tag Found | PHP Injection Attacks: Detects PHP open tags "<?" and "<?php". Also detects "[php]", "[/php]" and "[\php]" tags used by some applications to indicate PHP dynamic content. |
9330000 | 2 | PHP Injection Attacks Collaborative Group - PHP Filters Categories | PHP Injection Attempt: PHP Filters - Detects PHP open tags "<?", "<?php", "[php]", "[/php]" and "[\php]" - PHP Script Uploads, PHP Config Directives, PHP Functions, PHP Object Injection. |
932321 | 1 | Remote Command Execution: POP3 Command Execution | This rule prevents execution of POP3 related system commands. |
932320 | 1 | Remote Command Execution: POP3 Command Execution | This rule prevents execution of POP3 related system commands. |
932311 | 1 | Remote Command Execution: IMAP4 Command Execution. | This rule prevents execution of IMAP4 related system commands. |
932310 | 1 | Remote Command Execution: IMAP Command Execution | This rule prevents execution of IMAP4 related system commands. |
932301 | 1 | Remote Command Execution: SMTP Command Execution | This rule prevents execution of SMTP related system commands. |
932300 | 1 | Remote Command Execution: SMTP Command Execution | This rule prevents execution of SMTP related system commands. |
932210 | 1 | Remote Command Execution: Blocks SQLite System Command Execution like .system and .shell | This rule prevents execution of SQLite CLI commands like .system and .shell. |
932200 | 2 | Block Remote Code Execution Bypass Attacks | Blocks Remote Code Execution Bypass Attacks using different Techniques as uninitialized variables, string concatenations, and globbing patterns. |
932190 | 2 | Remote Command Execution - OS File Access Attempt Wildcard bypass attempt | A Remote Command Execution (RCE) could be exploited bypassing rule 930120 (OS File Access Attempt) by using wildcard characters. Consider this rule could lead to many false positives. |
932180 | 2 | Restricted File Upload | Detects attempts to upload a file with a forbidden filename. Many applications contain Unrestricted File Upload vulnerabilities. These might be abused to upload configuration files or other files that affect the behavior of the web server, possibly causing remote code execution. |
932170 932171 |
2 | GNU Bash RCE Shellshock Vulnerability (CVE-2014-6271 and CVE-2014-7169) | Detect exploitation of "Shellshock" GNU Bash RCE vulnerability. Based on ModSecurity rules created by Red Hat. |
932160 | 3 | Unix Shell Snippets Injection | Detects some common sequences found in shell commands and scripts. This rule is also triggered by an Apache Struts Remote Code Execution CVE-2017-9805, and Oracle WebLogic Remote Command Execution exploits CVE-2017-10271. |
932150 | 3 | Unix Direct Remote Command Execution | Detects Unix commands at the start of a parameter (direct RCE). Example: foo=wget%20www.example.com. This case is different from command injection (rule 93210032), where a command string is appended (injected) to a regular parameter, and then passed to a shell unescaped. This rule is also triggered by an Oracle WebLogic Remote Command Execution exploit CVE-2017-10271. |
932140 | 2 | Windows Command Shell Injection - FOR and IF commands | This rule detects Windows command shell FOR and IF commands. |
932131 | 1 | Unix Shell Script Expressions and Oneliners | Detects common Unix Shell Expressions used in Shell Scripts and Oneliners, such as "$(foo), ${foo}, <(foo), >(foo), $((foo)), among others" |
932130 | 3 | Unix Shell Script Expressions and Oneliners. | Detects common Unix Shell Expressions used in Shell Scripts and Oneliners, such as "$(foo), ${foo}, <(foo), >(foo), $((foo)), among others" |
932120 | 3 | Windows PowerShell Injection - cmdlets and options | Detect some common PowerShell commands, cmdlets, and options. These commands should be relatively uncommon in normal text, but potentially useful for code injection. |
932115 | 3 | Windows Command Injection | This rule detects Windows shell command injections (and its attempts of obfuscation and evasion). The vulnerability exists when an application executes a shell command without proper input escaping/validation. This rule is also triggered by an Oracle WebLogic Remote Command Execution exploit CVE-2017-10271. |
932110 | 3 | Windows Command Injection | This rule detects Windows shell command injections (and its attempts of obfuscation and evasion). The vulnerability exists when an application executes a shell command without proper input escaping/validation. |
932106 | 2 | Unix Command Injection | Detects several Unix command injections (and its attempts of obfuscation and evasion). The vulnerability exists when an application executes a shell command without proper input escaping/validation. |
932105 | 3 | Unix Command Injection | Detects several Unix command injections (and its attempts of obfuscation and evasion). The vulnerability exists when an application executes a shell command without proper input escaping/validation. |
932101 | 1 | Command Injection Attack | Detects Command Injection Attempts. |
932100 | 3 | Unix Command Injection | Detects several Unix command injections (and its attempts of obfuscation and evasion). The vulnerability exists when an application executes a shell command without proper input escaping/validation. This rule is also triggered by an Oracle WebLogic Remote Command Execution exploit CVE-2017-10271. |
9320001 | 2 | Remote Code Execution (RCE) Collaborative Group - Windows RCE Filter Categories | Remote Code Execution (RCE) Attempt: RCE Filters for Windows. |
9320000 | 2 | Remote Code Execution (RCE) Collaborative Group - Unix RCE Filter Categories | Remote Code Execution (RCE) Attempt: RCE Filters for Unix. |
931130 | 3 | Remote File Inclusion (RFI) Attempt: RFI Attack: Off-Domain Reference/Link | Remote File Inclusion (RFI). These rules look for common types of Remote File Inclusion (RFI) attack methods. Possible RFI Attack: Off-Domain Reference/Link |
931120 | 2 | Remote File Inclusion (RFI) Attempt: RFI Attack: URL Payload Used w/Trailing Question Mark Character (?) | Remote File Inclusion (RFI). These rules look for common types of Remote File Inclusion (RFI) attack methods. Possible RFI Attack: URL Payload Used w/Trailing Question Mark Character (?) |
931110 | 3 | Remote File Inclusion (RFI) Attempt: RFI Attack: Common RFI Vulnerable Parameter Name used w/URL Payload | Remote File Inclusion (RFI). These rules look for common types of Remote File Inclusion (RFI) attack methods. Possible RFI Attack: Common RFI Vulnerable Parameter Name used w/URL Payload |
931100 | 3 | Remote File Inclusion (RFI) Attempt: RFI Attack URL Parameter using IP Address | Remote File Inclusion (RFI). These rules look for common types of Remote File Inclusion (RFI) attack methods. Possible RFI Attack: URL Parameter using IP Address |
930130 | 2 | Local File Inclusion (LFI) - Restricted File Access | Local File Inclusion (LFI) Attempt: Restricted File Access |
930120 | 2 | Local File Inclusion (LFI) - OS File Access | Local File Inclusion (LFI) Attempt: OS File Access |
930110 | 3 | Local File Inclusion (LFI) - Directory Traversal - Decoded Payloads | Local File Inclusion (LFI) Attempt: Directory Traversal Attacks - Decoded Payloads |
930100 | 3 | Local File Inclusion (LFI) - Directory Traversal - Encoded Payloads | Local File Inclusion (LFI) Attempt: Directory Traversal Attacks - Encoded Payloads |
9300000 | 2 | Local File Inclusion (LFI) Collaborative Group - LFI Filter Categories | Local File Inclusion (LFI) Attempt: Directory Traversal Attacks - OS File Access. |
921200 | 1 | LDAP Injection | This is a rule trying to prevent LDAP injection. |
921190 | 1 | HTTP Splitting | This rule detect \n or \r in the REQUEST FILENAME. |
921151 | 1 | Newline in GET Args | Detect newlines in GET arguments which may point to HTTP header injection attacks. |
921150 921160 |
2 | Argument Newline Detection | Detect newlines in argument names. |
921140 | 1 | HTTP Header Injection | These rules look for Carriage Return (CR) %0d and Linefeed (LF) %0a characters, on their own or in combination with header field names. These characters may cause problems if the data is returned in a response header and interpreted by the client. |
921120 921130 |
2 | HTTP Response Splitting | Looks for CR/LF characters, may cause problems if the data is returned in a response header and may be interpreted by an intermediary proxy server and treated as two separate responses. |
921110 | 3 | HTTP Request Smuggling | Looks for CR/LF characters in combination with HTTP / WEBDAV |
920521 | 1 | Invalid Accept-Encoding Header | Detects invalid Accept-Encoding Headers |
920520 | 1 | Accept-Encoding Header Longer than 50 Characters | This rule matches against requests that have more than 50 characters in the Accept-Encoding header value. |
920510 | 1 | Invalid Cache-Control Value | Description: Rule detects invalid values in the cache-control header |
920500 | 1 | Detect backup or working files | Detect backup or working files. |
920490 | 1 | Bypass Content-Type Header with x-up-devcap-post-charset | Detection of Content-Type bypass with x-up-devcap-post-charset header |
920480 | 1 | Charset restriction in content-type | Restrict charset in Content Types by checking the variable allowed_request_content_type_charset. |
920470 | 3 | Restrict Content-Type | Restrict Content Types by checking the content-type header |
920450 | 2 | Restricted HTTP headers | The use of certain headers is restricted. They are listed in the variable restricted_headers. |
920440 | 1 | Restriction by file extension | Restrict file extensions using the variable restricted_extensions. |
920430 | 1 | Request protocol version restriction | Restrict protocol versions by using the variable allowed_http_versions. |
920420 | 2 | Check content-type header against allow list | Restrict Content Types by checking the variable allowed_request_content_type. |
920410 | 1 | Limit combined file size | Limits the size of combined files by checking Content-Length Header for a variable combined_file_sizes |
920400 | 1 | Limit file size | Limits the size of a file by checking Content-Length Header for a variable max_file_size |
920390 | 1 | Limit arguments total length | detects HTTP requests argument length exceeding the configurable "Max argument length" parameter |
920380 | 1 | Number of Arguments Limits | detects HTTP requests with a number of arguments exceeding the configurable "Max amount of arguments" value |
920370 | 1 | Limit argument value length | detects HTTP requests argument values exceeding the configurable "Max argument value length" parameter |
920360 | 1 | Limit length of argument names | detects HTTP requests argument name length exceeding the configurable "Max length of argument name" value |
920350 | 3 | Host Header Is IP Address | Detects if the host header is a numeric IP address as it could be indicative of automated client access |
920341 | 1 | Missing Content-Type Header in request body | Detects requests that have content but no Content-Type header |
920340 | 1 | Empty Content-Type Header with Request Body | Checks if the Content-Type header is present on a request that has a Content-Length Value |
920330 | 1 | Empty User-Agent Header | detects empty request user-agent header |
920320 | 1 | Missing User-Agent header | Detection of missing user-agent header |
920310 920311 |
1 | Empty Accept Header | Checks if an Accept header exists, but has an empty value. Also, detect an empty Accept header if there is no user agent. |
920300 | 2 | Missing Accept Header | Detection of missing accept header. |
920290 | 1 | Missing Host Header | This rule checks for the presence of a host header or an empty host header. |
920280 | 1 | Missing/Empty Host Header | Missing/Empty Host Header |
920272 | 1 | Low Range Printable Characters | Detects requests that contain printable characters in the low range |
920271 | 1 | Nonprinting characters in request | This rule checks for nonprinting characters in the request |
920270 | 1 | Restrict type of characters sent | This rule uses the @validateByteRange operator to restrict the request payloads. |
920260 | 1 | Disallow use of full-width unicode as decoding evasions may be possible. | This rule looks for full-width encoding by looking for %u followed by 2 'f' characters and then 2 hex characters. It is a vulnerability that affected IIS circa 2007. |
920230 | 1 | Detect multiple url encoding | Detection of multiple URL encodings. |
920220 920240 |
1 | Check URL encodings | There are two different chained rules. We need to separate them as we are inspecting two different variables - REQUEST_URI and REQUEST_BODY. For REQUEST_BODY, we only want to run the @validateUrlEncoding operator if the content-type is application/x-www-form-urlencoding. |
920210 | 1 | Check duplicate or conflicting headers. | This rule inspects the Connection header and looks for duplicates of the keep-alive and close options. |
920200 920201 |
1 | Range Header Validation | This rule inspects the Range request header to see if it starts with 0. |
920190 | 2 | Range Header Validation | This rule inspects the Range request header to see if it starts with 0. |
920181 | 1 | Transfer Encoding Validation | Detects if content-length and Transfer-Encoding headers are present which breaks RFC |
920180 | 2 | Content-Length Header Validation | Detects if content-length and Transfer-Encoding headers are provided with every POST request |
920171 | 1 | GET/HEAD Requests Validation | detects if GET/HEAD requests contain request body by checking for Transfer-Encoding header since it is not a common practice |
920170 | 1 | GET/HEAD Requests Validation | detects if GET/HEAD requests contain request body by checking for content-length header since it is not a common practice |
920160 | 1 | Content-Length Header Validation | Detects if content-length HTTP header is not numeric |
920120 | 2 | File Name Validation | Detects multipart/form-data file name evasion attempts |
920100 | 3 | Request Line Format Validation against the HTTP RFC | Uses rule negation against the regex for positive security. The regex specifies the proper construction of URI request lines such as: "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]. It also outlines proper construction for CONNECT, OPTIONS and GET requests. |
9200024 | 2 | Limit length of request header size | detects size of http request header length |
9200024 | 1 | Limit length of request header size | detects size of http request header length |
9200014 | 2 | Limit Number of Request Headers | detects if there are more headers then the desired amount |
9200014 | 1 | Limit Number of Request Headers | detects if there are more headers then the desired amount |
913120 | 1 | Check URL args and filenames for Vulnerability Scanners | This rule inspects the URL arguments/ filenames for vulnerability scanner identifiers. |
913110 | 1 | Check HTTP Headers for Vulnerability Scanners | This rule inspects HTTP headers for vulnerability scanner identifiers. |
913102 | 1 | Check User-Agent for Web Crawlers/Bots | This rule inspects the User-Agent header for Web Crawlers/ Bots identifiers. |
913101 | 1 | Check User-Agent for Generic/Scripting | This rule inspects the User-Agent header for generic/ scripting identifiers. |
913100 | 1 | Check User-Agent for Vulnerability Scanners | This rule inspects the User-Agent header for vulnerability scanner identifiers. |
911100 | 1 | Restrict HTTP Request Methods | allows only request methods specified by the configurable "Allowed http methods" parameter |
46451 | 1 | CVE-2018-7600, CVE-2018-7602, Drupal unsafe internal attribute remote code execution attempt | Drupal unsafe internal attribute remote code execution attempt |
46316 | 1 | CVE-2018-7600, CVE-2018-7602, Drupal 8 remote code execution attempt | Drupal 8 remote code execution attempt |
43813 | 1 | CVE-2017-9813, Kaspersky Linux File Server WMC cross site scripting attempt | Kaspersky Linux File Server WMC cross site scripting attempt |
43812 | 1 | CVE-2017-9812, Kaspersky Linux File Server WMC directory traversal attempt | Kaspersky Linux File Server WMC directory traversal attempt |
43811 | 1 | CVE-2017-9812, Kaspersky Linux File Server WMC directory traversal attempt | Kaspersky Linux File Server WMC directory traversal attempt |
41409 | 1 | CVE-2017-3823, CVE-2017-6753, Cisco WebEx explicit use of web plugin | Cisco WebEx explicit use of web plugin |
202260581 |
1 |
GitLab project import vulnerability allows remote code execution attacks |
GitLab project import vulnerability allows remote code execution attacks. |
202260329 |
1 |
Atlassian Jira Seraph vulnerability exploited auth bypass attempt via specially crafted HTTP request |
Atlassian Jira Seraph vulnerability exploited auth bypass attempt via specially crafted HTTP request. |
202260328 |
1 |
Atlassian Jira Seraph vulnerability exploited auth bypass attempt via specially crafted HTTP request |
Atlassian Jira Seraph vulnerability exploited auth bypass attempt via specially crafted HTTP request. |
202258721 | 1 | Grafana Directory Traversal Vulnerability | Grafana Directory Traversal Vulnerability |
202258715 | 1 | Zoho ManageEngine ServiceDesk Plus remote code execution (RCE) vulnerability | Zoho ManageEngine ServiceDesk Plus remote code execution (RCE) vulnerability |
202258714 | 1 | Zoho ManageEngine ServiceDesk Plus Remote Code Execution (RCE) Vulnerability | Zoho ManageEngine ServiceDesk Plus remote code execution (RCE) vulnerability |
202258696 | 1 | Zoho ManageEngine ServiceDesk Plus arbitrary file upload vulnerability | Zoho ManageEngine ServiceDesk Plus arbitrary file upload vulnerability |
202258638 | 1 | Microsoft Exchange Server remote code execution attack | Microsoft Exchange Server remote code execution attack |
202258637 | 1 | Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability | Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability |
202258447 | 1 | Apache Druid Remote Code Execution (RCE) Vulnerability | Apache Druid Remote Code Execution (RCE) Vulnerability |
202258422 | 1 | BQE BillQuick Web Suite SQL Injection Vulnerability | BQE BillQuick Web Suite SQL injection vulnerability |
202258421 | 1 | BQE BillQuick Web Suite SQL Injection Vulnerability | BQE BillQuick Web Suite SQL injection vulnerability |
202259388 |
1 | Spring Cloud Function Remote Code Execution (RCE) Vulnerability | Spring Cloud Function Remote Code Execution (RCE) Vulnerability. |
202257983 | 1 | Microsoft Exchange autodiscover server side request forgery attempt | Microsoft Exchange autodiscover server side request forgery attempt. |
202257907 |
1 |
Microsoft Exchange autodiscover server side request forgery attempt |
Microsoft Exchange autodiscover server side request forgery attempt. |
202257906 |
1 |
Microsoft Exchange autodiscover server side request forgery attempt |
Microsoft Exchange autodiscover server side request forgery attempt. |
20224794 | 1 | The AAWP WordPress plugin can be used to abuse trusted domains to load malware or other files through it to bypass firewall rules in companies | The AAWP WordPress plugin can be used to abuse trusted domains to load malware or other files through it to bypass firewall rules in companies |
20224230 | 1 | SQLi vulnerabilities for WordPress plugins (WP-Statistics, SiteGround Security, Prestashop totadministrativemandate) | SQLi vulnerabilities for WordPress plugins |
202237042 |
1 |
Zimbra mboximport functionality vulnerable to directory traversal and remote code execution via extracted files from ZIP archive |
Zimbra mboximport functionality vulnerable to directory traversal and remote code execution via extracted files from ZIP archive. |
202235405 |
1 |
Zoho ManageEngine Password Manager Pro vulnerable to unauthenticated remote code execution |
Zoho ManageEngine Password Manager Pro vulnerable to unauthenticated remote code execution. |
202234265 |
1 |
Django Trunc() and Extract() database functions subject to SQL injection if untrusted data is used as a kind/lookup_name value |
Django Trunc() and Extract() database functions subject to SQL injection if untrusted data is used as a kind/lookup_name value. |
202229105 | 1 | Zoho ManageEngine Desktop Central directory traversal vulnerability | Zoho ManageEngine Desktop Central directory traversal vulnerability |
202224112 | 1 | Apache APISIX Remote Code Execution (RCE) Vulnerability | This vulnerability allows an attacker to abuse the batch-requests plugin sending requests to bypass the IP restriction of Admin API |
202223944 | 1 | Apache ShenYu Authentication Bypass Vulnerability | This vulnerability allows users to access /plugin api without authentication. |
202222965 | 1 | Spring MVC or Spring WebFlux Application Remote Code Execution (RCE) Vulnerability | A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. |
202222963 | 1 | Spring Cloud Function Remote Code Execution (RCE) Vulnerability | This vulnerability allows malicious users to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources |
202222947 | 1 | Spring Cloud Gateway Spring Code Injection Vulnerability | This vulnerability allows remote attackers to make a maliciously crafted request that could allow arbitrary remote execution on the remote host where the Gateway Actuator endpoint is enabled |
202222930 | 1 | Mingsoft MCMS Remote Code Execution (RCE) Vulnerability | Mingsoft MCMS Remote Code Execution (RCE) Vulnerability |
202222536 | 1 | SAP Internet Communication Manager Request Smuggling and Request Concatenation Vulnerability | SAP Internet Communication Manager Request Smuggling and Request Concatenation Vulnerability |
202221907 | 1 | CVE-2022-21907 HTTP Protocol Stack Remote Code Execution Vulnerability | CVE-2022-21907 HTTP Protocol Stack Remote Code Execution Vulnerability |
202221661 | 1 | CVE-2022-21661 WordPress Core SQL injection Vulnerability | This vulnerability allows remote attackers to disclose sensitive information on affected installations of WordPress Core (older versions than 5.8.3) |
202201388 | 1 | CVE-2022-1388 F5 BIG-IP iControl REST Authentication Vulnerability | This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands |
202158301 | 1 | Alibaba Nacos AuthFilter servlet filter backdoor potential authentication bypass | Alibaba Nacos potential authentication bypass attempt exploiting backdoor on AuthFilter servlet |
202158300 | 1 | Alibaba Nacos AuthFilter servlet filter backdoor potential authentication bypass | Alibaba Nacos potential authentication bypass attempt exploiting backdoor on AuthFilter servlet |
202158273 | 1 | QNAP HBS 3 vulnerability authorization bypass attempt | QNAP HBS 3 vulnerability authorization bypass attempt |
202158217 | 1 | VMware vCenter Server file upload vulnerability remote code execution | VMware vCenter Server file upload vulnerability remote code execution |
202158201 | 1 | Zoho ManageEngine ADSelfService Plus REST API authentication bypass | Zoho ManageEngine ADSelfService Plus REST API authentication bypass |
202158169 | 1 | Microsoft Windows Open Management Infrastructure remote code execution | Microsoft Windows Open Management Infrastructure remote code execution |
202158112 | 1 | Microsoft SharePoint vulnerability exploited remote code execution | Microsoft SharePoint vulnerability exploited remote code execution |
202158111 | 1 | Microsoft SharePoint vulnerability exploited remote code execution | Microsoft SharePoint vulnerability exploited remote code execution |
202158094 | 1 | Atlassian Confluence OGNL injection vulnerability exploited remote code execution | Atlassian Confluence OGNL injection vulnerability exploited remote code execution |
202158093 | 1 | Atlassian Confluence OGNL injection vulnerability exploited remote code execution | Atlassian Confluence OGNL injection vulnerability exploited remote code execution |
202158066 | 1 | Nagios XI vulnerability exploited command injection attack | Nagios XI vulnerability exploited command injection attack |
202158065 | 1 | Nagios XI vulnerability exploited command injection attack | Nagios XI vulnerability exploited command injection attack |
202158058 | 1 | Realtek Jungle SDK vulnerability exploited command injection attack | Realtek Jungle SDK vulnerability exploited command injection attack |
202158057 | 1 | Realtek Jungle SDK vulnerability exploited command injection attack | Realtek Jungle SDK vulnerability exploited command injection attack |
202158056 | 1 | Realtek Jungle SDK vulnerability exploited command injection attack | Realtek Jungle SDK vulnerability exploited command injection attack |
202158054 | 1 | Realtek Jungle SDK vulnerability exploited command injection attack | Realtek Jungle SDK vulnerability exploited command injection attack |
202158053 | 1 | Realtek Jungle SDK vulnerability exploited command injection attack | Realtek Jungle SDK vulnerability exploited command injection attack |
202158052 | 1 | Realtek Jungle SDK vulnerability exploited command injection attack | Realtek Jungle SDK vulnerability exploited command injection attack |
202157983 | 1 | Microsoft Exchange Elevation of Privilege Vulnerability autodiscover server side request forgery | Microsoft Exchange Elevation of Privilege Vulnerability autodiscover server side request forgery |
202157932 | 1 | ExifTool DjVu file format improper neutralization command injection attack | ExifTool DjVu file format improper neutralization command injection attack |
202157931 | 1 | ExifTool DjVu file format improper neutralization command injection attack | ExifTool DjVu file format improper neutralization command injection attack |
202157921 | 1 | Apache OFBiz XMLRPC unsafe deserialization RCE attack | Apache OFBiz XMLRPC unsafe deserialization RCE attack |
202157913 | 1 | ForgeRock AM server deserialization vulnerability remote code execution | ForgeRock AM server deserialization vulnerability remote code execution |
202157912 | 1 | ForgeRock AM server deserialization vulnerability remote code execution | ForgeRock AM server deserialization vulnerability remote code execution |
202157910 | 1 | Microsoft SharePoint Server RCE vulnerability remote code execution attack | Microsoft SharePoint Server RCE vulnerability remote code execution attack |
202157909 | 1 | Microsoft Exchange Elevation of Privilege Vulnerability autodiscover server side request forgery | Microsoft Exchange Elevation of Privilege Vulnerability autodiscover server side request forgery |
202157908 | 1 | Microsoft Exchange Elevation of Privilege Vulnerability autodiscover server side request forgery | Microsoft Exchange Elevation of Privilege Vulnerability autodiscover server side request forgery |
202157907 | 1 | Microsoft Exchange Elevation of Privilege Vulnerability autodiscover server side request forgery | Microsoft Exchange Elevation of Privilege Vulnerability autodiscover server side request forgery |
202157906 | 1 | Microsoft Exchange Elevation of Privilege Vulnerability server side request forgery | Microsoft Exchange Elevation of Privilege Vulnerability server side request forgery |
202157898 | 1 | SolarWinds Network Performance Monitor insecure deserialization | SolarWinds Network Performance Monitor insecure deserialization |
202157872 | 1 | Facade Ignition remote code execution attack | Facade Ignition remote code execution attack |
202157836 | 1 | Nagios XI vulnerability exploited command injection attack | Nagios XI vulnerability exploited command injection attack |
202157835 | 1 | Nagios XI vulnerability exploited command injection attack | Nagios XI vulnerability exploited command injection attack |
202157720 | 1 | VMWare vSphere Client insufficient input validation remote code execution | VMWare vSphere Client insufficient input validation remote code execution |
202157549 | 1 | Microsoft Windows HTTP protocol stack remote code execution attack | Microsoft Windows HTTP protocol stack remote code execution attack |
202157548 | 1 | Microsoft SharePoint remote code execution attack | Microsoft SharePoint remote code execution attack |
202157487 | 1 | Microsoft Exchange MeetingHandler remote code execution attack | Microsoft Exchange MeetingHandler remote code execution attack |
202157482 | 1 | ManageEngine OpManager vulnerable to Directory Traversal attacks | ManageEngine OpManager vulnerable to Directory Traversal attacks |
202157481 | 1 | ManageEngine OpManager vulnerable to Directory Traversal attacks | ManageEngine OpManager vulnerable to Directory Traversal attacks |
202157454 | 1 | Exploiting Pulse Connect Secure vulnerability, URI access attempt | Exploiting Pulse Connect Secure vulnerability, URI access attempt |
202157450 | 1 | F5 WAF/BIG-IP ASM virtual server crafted http response trigger buffer overflow | F5 WAF/BIG-IP ASM virtual server crafted http response trigger buffer overflow |
202157449 | 1 | F5 TMM crafted IPv6 URI normalization buffer overflow attack | F5 TMM crafted IPv6 URI normalization buffer overflow attack |
202157439 | 1 | VMware View Planner arbitrary file upload attempt to logupload Application | VMware View Planner arbitrary file upload attempt to logupload Application |
202157438 | 1 | VMware View Planner arbitrary file upload attempt to logupload Application | VMware View Planner arbitrary file upload attempt to logupload Application |
202157437 | 1 | VMware View Planner logupload vulnerability exploited Remote Code Execution attack | VMware View Planner logupload vulnerability exploited Remote Code Execution attack |
202157436 | 1 | VMware View Planner logupload vulnerability exploited Remote Code Execution attack | VMware View Planner logupload vulnerability exploited Remote Code Execution attack |
202157433 | 1 | VMware vRealize Operations Manager API vulnerability exploited to steal admin credentials | VMware vRealize Operations Manager API vulnerability exploited to steal admin credentials |
202157426 | 1 | Zend and laminas-http frameworks deserialization vulnerability streamName PHP object injection | Zend and laminas-http frameworks deserialization vulnerability streamName PHP object injection |
202157337 | 1 | F5 iControl REST interface unauthenticated RCE vulnerability exploited ssrf attempt | F5 iControl REST interface unauthenticated RCE vulnerability exploited ssrf attempt |
202157298 | 1 | F5 iControl REST interface unauthenticated remote command execution vulnerability | F5 iControl REST interface unauthenticated remote command execution vulnerability |
202157276 | 1 | Microsoft SharePoint Server RCE Vulnerability exploited potential deserialization | Microsoft SharePoint Server RCE Vulnerability exploited potential deserialization |
202157275 | 1 | Microsoft SharePoint Server RCE Vulnerability attachment upload deserialization | Microsoft SharePoint Server RCE Vulnerability attachment upload deserialization |
202157252 | 1 | Microsoft Exchange Server vulnerability exploited arbitrary file write | Microsoft Exchange Server vulnerability exploited arbitrary file write |
202157246 | 1 | Microsoft Exchange Server RCE vulnerability arbitrary file write attempt | Microsoft Exchange Server RCE vulnerability arbitrary file write attempt |
202157245 | 1 | Microsoft Exchange Server vulnerability exploited arbitrary file write | Microsoft Exchange Server vulnerability exploited arbitrary file write |
202157243 | 1 | Microsoft Exchange Server vulnerability exploited server side request forgery | Microsoft Exchange Server vulnerability exploited server side request forgery |
202157241 | 1 | Microsoft Exchange Server vulnerability exploited server side request forgery | Microsoft Exchange Server vulnerability exploited server side request forgery |
202157229 | 1 | Remote code execution vulnerability in VMware vSphere Client's vCenter Server plugin | Remote code execution vulnerability in VMware vSphere Client's vCenter Server plugin |
202157108 | 1 | Microsoft SharePoint Server RCE vulnerability exploited XML external entity injection | Microsoft SharePoint Server RCE vulnerability exploited XML external entity injection |
202157097 | 1 | Cisco RV Series Routers vulnerability exploited stack buffer overflow attack | Cisco RV Series Routers vulnerability exploited stack buffer overflow attack |
202157094 | 1 | Cisco RV Series Routers vulnerable to command injection attacks | Cisco RV Series Routers vulnerable to command injection attacks |
202157092 | 1 | Cisco RV Series Routers vulnerability exploited Remote code Execution | Cisco RV Series Routers vulnerability exploited Remote code Execution |
202157091 | 1 | Cisco RV Series Routers vulnerable to command injection attacks | Cisco RV Series Routers vulnerable to command injection attacks |
202157088 | 1 | Cisco RV Series Routers vulnerable to command injection attacks | Cisco RV Series Routers vulnerable to command injection attacks |
202157087 | 1 | Cisco RV Series Routers vulnerable to command injection attacks | Cisco RV Series Routers vulnerable to command injection attacks |
202157076 | 1 | Cisco RV Series Routers vulnerability exploited Remote code Execution | Cisco RV Series Routers vulnerability exploited Remote code Execution |
202157074 | 1 | Cisco RV Series Routers vulnerability exploited Directory Traversal attack | Cisco RV Series Routers vulnerability exploited Directory Traversal attack |
202157072 | 1 | Cisco RV Series Routers directory traversal attack to modify sensitive files | Cisco RV Series Routers directory traversal attack to modify sensitive files |
202156990 | 1 | Apache Unomi OGNL MVEL malicious scripts remote command execution via /context.json endpoint | Apache Unomi OGNL MVEL malicious scripts remote command execution via /context.json endpoint |
202156989 | 1 | Apache OpenMeetings NetTest service exploited to craft DOS attacks | Apache OpenMeetings NetTest service exploited to craft DOS attacks |
202156936 | 1 | Nagios XI ajaxhelper allows malicious command injection via cmdsubsys | Nagios XI ajaxhelper allows malicious command injection via cmdsubsys |
202156934 | 1 | Nagios XI ajaxhelper allows malicious command injection via cmdsubsys | Nagios XI ajaxhelper allows malicious command injection via cmdsubsys |
202156905 | 1 | WordPress Easy WP SMTP plugin debug log file access attempt | WordPress Easy WP SMTP plugin debug log file access attempt |
202156865 | 1 | Microsoft Sharepoint Server remote code execution | Microsoft Sharepoint Server remote code execution |
202156846 | 1 | Cisco Jabber protocol vulnerable to cross-site scripting | Cisco Jabber protocol vulnerable to cross-site scripting |
202156845 | 1 | Cisco Jabber protocol vulnerable to cross-site scripting | Cisco Jabber protocol vulnerable to cross-site scripting |
202156825 | 1 | SolarWinds Orion API vulnerable to authentication bypass attacks | SolarWinds Orion API vulnerable to authentication bypass attacks |
202156824 | 1 | Citrix SD-WAN Unauthenticated remote code execution with root privileges | Citrix SD-WAN Unauthenticated remote code execution with root privileges |
202156823 | 1 | Citrix SD-WAN Unauthenticated remote code execution with root privileges | Citrix SD-WAN Unauthenticated remote code execution with root privileges |
202156800 | 1 | LifeRay deserialization of untrusted data allows remote code execution via JSON web services (JSONWS) | LifeRay deserialization of untrusted data allows remote code execution via JSON web services (JSONWS) |
202156799 | 1 | LifeRay deserialization of untrusted data allows remote code execution via JSON web services (JSONWS) | LifeRay deserialization of untrusted data allows remote code execution via JSON web services (JSONWS) |
202156626 | 1 | rConfig vulnerable to command injection via lib/crud/search.crud.php nodeId parameter | rConfig vulnerable to command injection via lib/crud/search.crud.php nodeId parameter |
202156624 | 1 | rConfig vulnerable to command injection via lib/crud/search.crud.php nodeId parameter | rConfig vulnerable to command injection via lib/crud/search.crud.php nodeId parameter |
202156604 | 1 | Microsoft Dynamics NAV vulnerable to Remote Code Execution | Microsoft Dynamics NAV vulnerable to Remote Code Execution |
202156560 | 1 | Microsoft SharePoint Remote Code Execution Vulnerability external ImportWeb | Microsoft SharePoint Remote Code Execution Vulnerability external ImportWeb |
202156558 | 1 | Microsoft Dynamics 365 for Finance and Operations vulnerable to Remote Code Execution | Microsoft Dynamics 365 for Finance and Operations vulnerable to Remote Code Execution |
202156557 | 1 | Microsoft Dynamics 365 for Finance and Operations vulnerable to Remote Code Execution | Microsoft Dynamics 365 for Finance and Operations vulnerable to Remote Code Execution |
202156554 | 1 | Microsoft Exchange Remote Code Execution Vulnerability exploited deserialization attempt | Microsoft Exchange Remote Code Execution Vulnerability exploited deserialization attempt |
202156551 | 1 | Ruckus vulnerable to remote command injection via /service/v1/createUser | Ruckus vulnerable to remote command injection via /service/v1/createUser |
202156550 | 1 | Ruckus vRioT authentication bypass exploiting API backdoor hardcoded into validate_token.py | Ruckus vRioT authentication bypass exploiting API backdoor hardcoded into validate_token.py |
202156545 | 1 | rConfig SQL injection attack via commands.inc.php searchColumn parameter | rConfig SQL injection attack via commands.inc.php searchColumn parameter |
202156533 | 1 | Advantech WebAccess/NMS Directory Traversal Attack CVE-2020-10619 | Advantech WebAccess/NMS Directory Traversal Attack CVE-2020-10619 |
202156532 | 1 | Advantech WebAccess/NMS Directory Traversal Attack CVE-2020-10619 | Advantech WebAccess/NMS Directory Traversal Attack CVE-2020-10619 |
202156524 | 1 | Joomla Core Featured Article vulnerable to SQL injection attacks | Joomla Core Featured Article vulnerable to SQL injection attacks |
202156523 | 1 | Joomla Core Featured Article vulnerable to SQL injection attacks | Joomla Core Featured Article vulnerable to SQL injection attacks |
202156434 | 1 | IBM Spectrum Protect Plus and IBM Spectrum Scale vulnerable to remote command injection | IBM Spectrum Protect Plus and IBM Spectrum Scale vulnerable to remote command injection |
202156428 | 1 | IBM Spectrum Protect Plus vulnerable to remote command injection attacks | IBM Spectrum Protect Plus vulnerable to remote command injection attacks |
202156427 | 1 | IBM Spectrum Protect Plus vulnerable to remote command injection attacks | IBM Spectrum Protect Plus vulnerable to remote command injection attacks |
202156423 | 1 | Cisco Security Manager xdmProxy Directory Traversal attack | Cisco Security Manager xdmProxy Directory Traversal attack |
202156421 | 1 | Cisco Security Manager resultsFrame Directory Traversal attack | Cisco Security Manager resultsFrame Directory Traversal attack |
202156420 | 1 | Cisco Security Manager resultsFrame Directory Traversal attack | Cisco Security Manager resultsFrame Directory Traversal attack |
202156419 | 1 | Cisco Security Manager SampleFileDownloadServlet Directory Traversal attack | Cisco Security Manager SampleFileDownloadServlet Directory Traversal attack |
202156417 | 1 | Cisco Security Manager SampleFileDownloadServlet Directory Traversal attack | Cisco Security Manager SampleFileDownloadServlet Directory Traversal attack |
202156415 | 1 | Cisco Security Manager XmpFileDownloadServlet Directory Traversal attack | Cisco Security Manager XmpFileDownloadServlet Directory Traversal attack |
202156414 | 1 | Cisco Security Manager XmpFileDownloadServlet Directory Traversal attack | Cisco Security Manager XmpFileDownloadServlet Directory Traversal attack |
202156408 | 1 | Cisco Security Manager vulnerable CsJaasServiceServlet access detected | Cisco Security Manager vulnerable CsJaasServiceServlet access detected |
202156405 | 1 | Cisco Security Manager XmpFileUploadServlet Directory Traversal attack | Cisco Security Manager XmpFileUploadServlet Directory Traversal attack |
202156404 | 1 | Cisco Security Manager vulnerability exploited XmpFileUploadServlet arbitrary file upload | Cisco Security Manager vulnerability exploited XmpFileUploadServlet arbitrary file upload |
202156321 | 1 | IBM Spectrum Protect Plus credentials reset CVE-2020-4208 | IBM Spectrum Protect Plus credentials reset CVE-2020-4208 |
202156305 | 1 | Microsoft SharePoint Remote Code Execution Vulnerability | Microsoft SharePoint Remote Code Execution Vulnerability |
202156304 | 1 | Microsoft SharePoint Remote Code Execution Vulnerability | Microsoft SharePoint Remote Code Execution Vulnerability |
202156303 | 1 | Microsoft Sharepoint machineKey information disclosure | Microsoft Sharepoint machineKey information disclosure |
202156201 | 1 | Oracle WebLogic Server vulnerablity exploited command injection attack | Oracle WebLogic Server vulnerability exploited command injection attack |
202156200 | 1 | Oracle WebLogic Server vulnerablity exploited command injection attack | Oracle WebLogic Server vulnerability exploited command injection attack |
202156188 | 1 | Citrix Gateway plug-in vulnerability allows attacker to modify arbitrary files | Citrix Gateway plug-in vulnerability allows attacker to modify arbitrary files |
202156186 | 1 | Citrix Gateway plug-in vulnerability allows attacker to modify arbitrary files | Citrix Gateway plug-in vulnerability allows attacker to modify arbitrary files |
202156155 | 1 | MobileIron Core & Connector vulnerable to remote code execution | MobileIron Core & Connector vulnerable to remote code execution |
202156154 | 1 | MobileIron Core & Connector vulnerable to remote code execution | MobileIron Core & Connector vulnerable to remote code execution |
202156134 | 1 | Microsoft SharePoint Remote Code Execution Vulnerability | Microsoft SharePoint Remote Code Execution Vulnerability |
202156070 | 1 | Microsoft SharePoint Remote Code Execution Vulnerability | Microsoft SharePoint Remote Code Execution Vulnerability |
202155918 | 1 | IBM Spectrum Protect Plus vulnerable to remote code execution | IBM Spectrum Protect Plus vulnerable to remote code execution |
202155838 | 1 | Wordpress Nexos theme vulnerable to SQL injection via 'side-map/?search_order= SQL Injection' | Wordpress Nexos theme vulnerable to SQL injection via 'side-map/?search_order= SQL Injection' |
202155836 | 1 | Wordpress Nexos theme vulnerable to SQL injection via 'side-map/?search_order= SQL Injection' | Wordpress Nexos theme vulnerable to SQL injection via 'side-map/?search_order= SQL Injection' |
202155821 | 1 | Ruby on Rails command injection vulnerability exploited | Ruby on Rails command injection vulnerability exploited |
202155797 | 1 | Wordpress plugin WP Database Reset allows malicious user to reset any table to initial set-up state | Wordpress plugin WP Database Reset allows malicious user to reset any table to initial set-up state |
202155778 | 1 | Wordpress File Manager plugin elFinder allows to upload and execute malicious arbitrary PHP code | Wordpress File Manager plugin elFinder allows to upload and execute malicious arbitrary PHP code |
202155743 | 1 | Rockwell Automation FactoryTalk Diagnostics remote code execution | Rockwell Automation FactoryTalk Diagnostics remote code execution |
202154824 | 1 | Intellian Aptus Web OS command Injection via cgi-bin/libagent.cgi | Intellian Aptus Web OS command Injection via cgi-bin/libagent.cgi |
202154675 | 1 | Rockwell FactoryTalk View SE project directory Directory Traversal Attack | Rockwell FactoryTalk View SE project directory Directory Traversal Attack |
202154672 | 1 | Rockwell FactoryTalk View SEA vulnerable to Remote Code Execution attacks | Rockwell FactoryTalk View SEA vulnerable to Remote Code Execution attacks |
202154649 | 1 | Apache Kylin vulnerable to OS command injection via REST API | Apache Kylin vulnerable to OS command injection via REST API |
202154617 | 1 | GeoVision Door Access Control devices hardcoded root password, adopting identical passwords in all devices | GeoVision Door Access Control devices hardcoded root password, adopting identical passwords in all devices |
202154596 | 1 | WordPress unauthenticated privilege-escalation vulnerability in bbPress plugin | WordPress unauthenticated privilege-escalation vulnerability in bbPress plugin |
202154574 | 1 | SAP NetWeaver AS LM Configuration Wizard auth bypass | SAP NetWeaver AS LM Configuration Wizard auth bypass |
202154573 | 1 | SAP NetWeaver AS LM Configuration Wizard authentication bypass | SAP NetWeaver AS LM Configuration Wizard authentication bypass |
202154511 | 1 | Remote Code Execution vulnerability in .NET Framework, Microsoft SharePoint, and Visual Studio | Remote Code Execution vulnerability in .NET Framework, Microsoft SharePoint, and Visual Studio |
202154484 | 1 | F5 BIG-IP Traffic Management User Interface Remote Code Execution (RCE) vulnerability in undisclosed pages | F5 BIG-IP Traffic Management User Interface Remote Code Execution (RCE) vulnerability in undisclosed pages |
202154319 | 1 | VMWare Cloud Director vulnerable to malicious code Injection | VMWare Cloud Director vulnerable to malicious code Injection |
202154273 | 1 | Centreon tool 19.10 OS command injection attack | Centreon tool 19.10 OS command injection attack |
202154272 | 1 | Centreon tool 19.10 OS command injection attack | Centreon tool 19.10 OS command injection attack |
202154197 | 1 | TP-Link devices vulnerable to Command Injection attacks | TP-Link devices vulnerable to Command Injection attacks |
202154196 | 1 | TP-Link devices vulnerable to Command Injection attacks | TP-Link devices vulnerable to Command Injection attacks |
202153885 | 1 | Grandstream UCM6200 series vulnerable to unauthenticated SQL injection attack | Grandstream UCM6200 series vulnerable to unauthenticated SQL injection attack |
202153866 | 1 | Microsoft SharePoint Remote Code Execution Vulnerability | Microsoft SharePoint Remote Code Execution Vulnerability |
202153592 | 1 | DrayTek multiple products command injection attack via cgi-bin/mainfunction.cgi URI | DrayTek multiple products command injection attack via cgi-bin/mainfunction.cgi URI |
202153591 | 1 | DrayTek multiple products command injection attack via cgi-bin/mainfunction.cgi URI | DrayTek multiple products command injection attack via cgi-bin/mainfunction.cgi URI |
202153567 | 1 | WordPress ThemeREX Addons plugin malicious PHP code injection attempt | WordPress ThemeREX Addons plugin malicious PHP code injection attempt |
202153566 | 1 | WordPress ThemeREX Addons plugin malicious PHP code injection attempt | WordPress ThemeREX Addons plugin malicious PHP code injection attempt |
202153558 | 1 | Codesys V3 web server before 3.5.15.40 vulnerable to buffer overflow | Codesys V3 web server before 3.5.15.40 vulnerable to buffer overflow |
202153547 | 1 | TP LINK TL-WR849N remote command execution vulnerability exploited | TP LINK TL-WR849N remote command execution vulnerability exploited |
202153509 | 1 | Zyxel NAS devices command injection vulnerability exploited | Zyxel NAS devices command injection vulnerability exploited |
202153507 | 1 | Zyxel NAS devices command injection vulnerability exploited | Zyxel NAS devices command injection vulnerability exploited |
202153506 | 1 | Horde Groupware Webmail data import remote code execution via CSV data | Horde Groupware Webmail data import remote code execution via CSV data |
202153505 | 1 | Horde Groupware Webmail data import remote code execution via CSV data | Horde Groupware Webmail data import remote code execution via CSV data |
202153435 | 1 | Zoho ManageEngine Desktop Central Directory Traversal Attack | Zoho ManageEngine Desktop Central Directory Traversal Attack |
202153433 | 1 | Zoho ManageEngine Desktop Central Directory Traversal Attack | Zoho ManageEngine Desktop Central Directory Traversal Attack |
202153347 | 1 | Microsoft Exchange Memory Corruption Vulnerability exploited remote code execution attack | Microsoft Exchange Memory Corruption Vulnerability exploited remote code execution attack |
202153346 | 1 | Microsoft Exchange Memory Corruption Vulnerability exploited remote code execution attack | Microsoft Exchange Memory Corruption Vulnerability exploited remote code execution attack |
202153256 | 1 | Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability | Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability |
202153063 | 1 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Microsoft Exchange Server Elevation of Privilege Vulnerability |
202151833 | 1 | vBulletin remote command injection via crafted subWidgets in ajax/render/widget_tabbedcontainer_tab_panel | vBulletin remote command injection via crafted subWidgets in ajax/render/widget_tabbedcontainer_tab_panel |
202151620 | 1 | vBulletin remote command injection via crafted subWidgets in ajax/render/widget_tabbedcontainer_tab_panel | vBulletin remote command injection via crafted subWidgets in ajax/render/widget_tabbedcontainer_tab_panel |
202151586 | 1 | Docker daemon API vulnerability exploited arbitrary code execution | Docker daemon API vulnerability exploited arbitrary code execution |
202144228 | 1 | CVE-2021-44228 Apache Log4j2 arbitrary code execution attempt | Apache Log4j2 arbitrary code execution attempt |
202142670 | 1 | Sourcecodester Engineers Online Portal vulnerability in php via dashboard_teacher.php unrestricted upload | Sourcecodester Engineers Online Portal vulnerability in php via dashboard_teacher.php unrestricted upload |
202142669 | 1 | Sourcecodester Engineers Online Portal vulnerability in php via dashboard_teacher.php unrestricted upload | Sourcecodester Engineers Online Portal vulnerability in php via dashboard_teacher.php unrestricted upload |
202142321 | 1 | Microsoft Exchange Server Remote Code Execution Vulnerability | Microsoft Exchange Server Remote Code Execution Vulnerability |
202142013 | 1 | Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) | Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) |
202137343 | 1 | Nagios XI path traversal vulnerability exploited in AutoDiscovery component below version 5.8.5 | Nagios XI path traversal vulnerability exploited in AutoDiscovery component below version 5.8.5 |
202133044 | 1 | Dahua Authentication Bypass Vulnerability | Dahua Authentication Bypass Vulnerability |
202132305 | 1 | WebSVN Remote Code Execution (RCE) Vulnerability | WebSVN Remote Code Execution (RCE) Vulnerability |
202129592 | 1 | Apache Struts OGNL evaluation vulnerable to remote code execution attacks | Apache Struts OGNL evaluation vulnerable to remote code execution attacks |
202126085 | Atlassian Confluence server- Pre-Authorization Arbitrary File Read | Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3. | |
202125297 | 1 | Nagios XI version xi-5.7.5 vulnerable to OS Command Injection Attacks | Nagios XI version xi-5.7.5 vulnerable to OS Command Injection Attacks |
202125296 | 1 | Nagios XI version xi-5.7.5 vulnerable to OS Command Injection Attacks | Nagios XI version xi-5.7.5 vulnerable to OS Command Injection Attacks |
202125282 | 1 | SaltStack Salt salt.wheel.pillar_roots.write method before 3002.5 vulnerable to directory traversal attack | SaltStack Salt salt.wheel.pillar_roots.write method before 3002.5 vulnerable to directory traversal attack |
202121242 | 1 | OneDev AttachmentUploadServlet Remote Code Execution Attack | OneDev AttachmentUploadServlet Remote Code Execution Attack |
2020590201 2020590202 |
1 | CVE-2020-5902 F5 Big IP Remote Code Execution in versions (15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1) | F5 Big IP remote code execution in versions (15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1) - CVE-2020-5902 |
201950732 | 1 | XML external entity vulnerability in Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault | XML external entity vulnerability in Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault |
201950711 | 1 | WordPress Rencontre plugin SQL Injection attack via rencontre_widget.php | WordPress Rencontre plugin SQL Injection attack via rencontre_widget.php |
201950709 | 1 | WordPress Rencontre plugin SQL Injection attack via rencontre_widget.php | WordPress Rencontre plugin SQL Injection attack via rencontre_widget.php |
201950708 | 1 | WordPress Rencontre plugin allows Cross Site Scripting attack via rencontre_widget.php | WordPress Rencontre plugin allows Cross Site Scripting attack via rencontre_widget.php |
201950324 | 1 | Crestron AM platform vulnerable to command injection via file_transfer.cgi | Crestron AM platform vulnerable to command injection via file_transfer.cgi |
201950323 | 1 | Crestron AM platform vulnerable to command injection via file_transfer.cgi | Crestron AM platform vulnerable to command injection via file_transfer.cgi |
201950275 | 1 | Remote Code Execution in Microsoft SharePoint CVE-2019-0604 | Remote Code Execution in Microsoft SharePoint CVE-2019-0604 |
201950170 | 1 | Atlassian Confluence Data Center and Server vulnerable to Path Traversal attacks | Atlassian Confluence Data Center and Server vulnerable to Path Traversal attacks |
201950168 | 1 | Atlassian Confluence Data Center and Server vulnerable to Path Traversal attacks | Atlassian Confluence Data Center and Server vulnerable to Path Traversal attacks |
201949861 | 1 | Remote Code Execution in Microsoft SharePoint CVE-2019-0604 | Remote Code Execution in Microsoft SharePoint CVE-2019-0604 |
201949714 | 1 | Horde Groupware Webmail Remote code execution via /Form/Type.php malicious image upload | Horde Groupware Webmail Remote code execution via /Form/Type.php malicious image upload |
201949647 | 1 | Wordpress directory traversal attack modifying _wp_attached_file CVE-2019-8942 | Wordpress directory traversal attack modifying _wp_attached_file CVE-2019-8942 |
201949646 | 1 | Wordpress directory traversal attack modifying _wp_attached_file CVE-2019-8942 | Wordpress directory traversal attack modifying _wp_attached_file CVE-2019-8942 |
201949645 | 1 | Wordpress directory traversal attack modifying _wp_attached_file CVE-2019-8942 | Wordpress directory traversal attack modifying _wp_attached_file CVE-2019-8942 |
201949537 | 1 | elFinder before 2.1.48 has command injection vulnerability in PHP connector | elFinder before 2.1.48 has command injection vulnerability in PHP connector |
201949499 | 1 | Remote code execution on the Jenkins master JVM CVE-2019-1003002 | Remote code execution on the Jenkins master JVM CVE-2019-1003002 |
201949498 | 1 | Remote code execution on the Jenkins master JVM CVE-2019-1003002 | Remote code execution on the Jenkins master JVM CVE-2019-1003002 |
201948843 | 1 | Wifi-Soft Unibox Command Injection attack via diagnostic_tools_controller | Wifi-Soft Unibox Command Injection attack via diagnostic_tools_controller |
201948840 | 1 | Wifi-Soft Unibox Command Injection attack via diagnostic_tools_controller | Wifi-Soft Unibox Command Injection attack via diagnostic_tools_controller |
201948839 | 1 | Wifi-Soft Unibox Command Injection attack via diagnostic_tools_controller | Wifi-Soft Unibox Command Injection attack via diagnostic_tools_controller |
201948837 | 1 | ThinkPHP 5.0.23/5.1.31 vulnerable command injection attack | ThinkPHP 5.0.23/5.1.31 vulnerable command injection attack |
201948815 | 1 | Kibana Console plugin vulnerable local file inclusion attack | Kibana Console plugin vulnerable local file inclusion attack |
201948744 | 1 | TRENDnet TEW-673GRU start_arpping vulnerability exploited command injection attack via apply.cgi | TRENDnet TEW-673GRU start_arpping vulnerability exploited command injection attack via apply.cgi |
201948443 | 1 | Nagios XI command injection attack via crafted HTTP request | Nagios XI command injection attack via crafted HTTP request |
201948414 | 1 | ManageEngine Applications Manager SQL injection attack via editDisplaynames.do | ManageEngine Applications Manager SQL injection attack via editDisplaynames.do |
201948413 | 1 | ManageEngine Applications Manager SQL injection attack via editDisplaynames.do | ManageEngine Applications Manager SQL injection attack via editDisplaynames.do |
201948273 | 1 | Cockpit CMS media API directory traversal attack | Cockpit CMS media API directory traversal attack |
201948269 | 1 | OS command injection vulenrability in Teltonika RUT9XX hotspotlogin.cgi | OS command injection vulnerability in Teltonika RUT9XX hotspotlogin.cgi |
201948268 | 1 | OS command injection vulenrability in Teltonika RUT9XX hotspotlogin.cgi | OS command injection vulnerability in Teltonika RUT9XX hotspotlogin.cgi |
201948267 | 1 | OS command injection vulenrability in Teltonika RUT9XX autologin.cgi | OS command injection vulnerability in Teltonika RUT9XX autologin.cgi |
201948266 | 1 | OS command injection vulenrability in Teltonika RUT9XX autologin.cgi | OS command injection vulnerability in Teltonika RUT9XX autologin.cgi |
201948263 | 1 | Blueimp jQuery-File-Upload Unauthenticated arbitrary file upload | Blueimp jQuery-File-Upload Unauthenticated arbitrary file upload |
201948256 | 1 | Rubedo CMS Directory Traversal vulnerability in theme component | Rubedo CMS Directory Traversal vulnerability in theme component |
201948196 | 1 | Joomla component Reverse Auction Factory vulnerable SQL injection attack via filter_order_Dir, cat or filter_letter parameter | Joomla component Reverse Auction Factory vulnerable SQL injection attack via filter_order_Dir, cat or filter_letter parameter |
201948195 | 1 | Joomla Component Collection Factory vulnerable SQL injection attack via filter_order or filter_order_Dir parameter | Joomla Component Collection Factory vulnerable SQL injection attack via filter_order or filter_order_Dir parameter |
201948194 | 1 | Joomla component AlphaIndex Dictionaries vulnerable SQL injection attack via letter parameter | Joomla component AlphaIndex Dictionaries vulnerable SQL injection attack via letter parameter |
201948193 | 1 | Joomla component AlphaIndex Dictionaries vulnerable SQL injection attack via letter parameter | Joomla component AlphaIndex Dictionaries vulnerable SQL injection attack via letter parameter |
201948173 | 1 | D-Link DIR-816 devices command injection attempt via /goform/form2systime.cgi | D-Link DIR-816 devices command injection attempt via /goform/form2systime.cgi |
201948172 | 1 | D-Link DIR-816 devices command injection attempt via /goform/form2systime.cgi | D-Link DIR-816 devices command injection attempt via /goform/form2systime.cgi |
201948165 | 1 | Joomla Component Swap Factory vulnerable SQL injection attack via filter_order_Dir or filter_order parameter | Joomla Component Swap Factory vulnerable SQL injection attack via filter_order_Dir or filter_order parameter |
201948161 | 1 | Joomla component Article Factory Manager vulnerable SQL injection attack via via start_date, m_start_date, or m_end_date parameter | Joomla component Article Factory Manager vulnerable SQL injection attack via via start_date, m_start_date, or m_end_date parameter |
201948143 | 1 | D-Link DIR-816 devices command injection attempt via /goform/Diagnosis | D-Link DIR-816 devices command injection attempt via /goform/Diagnosis |
201948141 | 1 | D-Link DIR-816 devices command injection attempt via /goform/Diagnosis | D-Link DIR-816 devices command injection attempt via /goform/Diagnosis |
201948126 | 1 | Joomla component Timetable Schedule 3.6.8 vulnerable SQL injection attack via eid parameter | Joomla component Timetable Schedule 3.6.8 vulnerable SQL injection attack via eid parameter |
201948098 | 1 | D-Link DIR-816 devices command injection attempt via /goform/sylogapply syslogIp | D-Link DIR-816 devices command injection attempt via /goform/sylogapply syslogIp |
201948097 | 1 | D-Link DIR-816 devices command injection attempt via /goform/sylogapply syslogIp | D-Link DIR-816 devices command injection attempt via /goform/sylogapply syslogIp |
201948071 | 1 | WordPress Wechat Broadcast plugin Directory Traversal via Image.php url parameter | WordPress Wechat Broadcast plugin Directory Traversal via Image.php url parameter |
201948070 | 1 | WordPress Wechat Broadcast plugin Directory Traversal via Image.php url parameter | WordPress Wechat Broadcast plugin Directory Traversal via Image.php url parameter |
201948061 | 1 | pfSense status_interfaces.php command injection attack | pfSense status_interfaces.php command injection attack |
201948004 | 1 | Navigate CMS login.php SQL injection attack to bypass auth via navigate-user cookie | Navigate CMS login.php SQL injection attack to bypass auth via navigate-user cookie |
201947864 | 1 | Command Injection attack via Opsview Monitor Web Management Console test_rancid_connection | Command Injection attack via Opsview Monitor Web Management Console test_rancid_connection |
201947863 | 1 | Command Injection attack via Opsview Monitor Web Management Console test_rancid_connection | Command Injection attack via Opsview Monitor Web Management Console test_rancid_connection |
201947861 | 1 | Opsview Web Management Console testnotification command injection attack | Opsview Web Management Console testnotification command injection attack |
201947859 | 1 | Joomla CW Tags vulnerable SQL injection attack via searchtext array parameter | Joomla CW Tags vulnerable SQL injection attack via searchtext array parameter |
201947858 | 1 | Joomla CW Tags vulnerable SQL injection attack via searchtext array parameter | Joomla CW Tags vulnerable SQL injection attack via searchtext array parameter |
201947818 | 1 | Command Injection vulnerability in SoftNAS StorageCenter snserv.php | Command Injection vulnerability in SoftNAS StorageCenter snserv.php |
201947817 | 1 | Command Injection vulnerability in SoftNAS StorageCenter snserv.php | Command Injection vulnerability in SoftNAS StorageCenter snserv.php |
201947800 | 1 | Trend Micro Email Encryption Gateway SQL injection attack via search script | Trend Micro Email Encryption Gateway SQL injection attack via search script |
201947799 | 1 | Trend Micro Email Encryption Gateway SQL injection attack via search script | Trend Micro Email Encryption Gateway SQL injection attack via search script |
201947797 | 1 | SQL injection attempt exploiting vulnerability in Trend Micro Email Encryption Gateway | SQL injection attempt exploiting vulnerability in Trend Micro Email Encryption Gateway |
201947796 | 1 | SQL injection attempt exploiting vulnerability in Trend Micro Email Encryption Gateway | SQL injection attempt exploiting vulnerability in Trend Micro Email Encryption Gateway |
201947795 | 1 | SQL injection attempt exploiting vulnerability in Trend Micro Email Encryption Gateway | SQL injection attempt exploiting vulnerability in Trend Micro Email Encryption Gateway |
201947794 | 1 | SQL injection attempt exploiting vulnerability in Trend Micro Email Encryption Gateway | SQL injection attempt exploiting vulnerability in Trend Micro Email Encryption Gateway |
201947771 | 1 | ClipBucket SQL injection attack via actions/vote_channel.php or ajax/commonAjax.php | ClipBucket SQL injection attack via actions/vote_channel.php or ajax/commonAjax.php |
201947768 | 1 | Malicious file upload attempt to ClipBucket beats_uploader or photo_uploader or edit_account.php | Malicious file upload attempt to ClipBucket beats_uploader or photo_uploader or edit_account.php |
201947767 | 1 | ClipBucket file_uploader vulnerable to command injection | ClipBucket file_uploader vulnerable to command injection |
201947672 | 1 | Command Injection attack exploiting vulnerability in TerraMaster TOS logtable.php | Command Injection attack exploiting vulnerability in TerraMaster TOS logtable.php |
201947655 | 1 | Joomla SQL injection vulnerability in postinstall message | Joomla SQL injection vulnerability in postinstall message |
201947649 | 1 | Apache Struts vulnerable to Remote Code Execution | Apache Struts vulnerable to Remote Code Execution |
201947583 | 1 | GitStack unauthenticated REST API potential add user | GitStack unauthenticated REST API potential add user |
201947582 | 1 | GitStack unauthenticated REST API potential repository modification | GitStack unauthenticated REST API potential repository modification |
201947581 | 1 | GitStack unauthenticated REST API add user via username and password fields to rest/user/ 'URI' | GitStack unauthenticated REST API add user via username and password fields to rest/user/ 'URI' |
201947580 | 1 | Joomla Aist component vulnerable SQL injection attack via id parameter | Joomla Aist component vulnerable SQL injection attack via id parameter |
201947579 | 1 | Joomla Aist component vulnerable SQL injection attack via id parameter | Joomla Aist component vulnerable SQL injection attack via id parameter |
201947577 | 1 | Cobub Razor SQL injection attack via channel_name | Cobub Razor SQL injection attack via channel_name |
201947576 | 1 | Cobub Razor SQL injection attack via channel_name | Cobub Razor SQL injection attack via channel_name |
201947545 | 1 | MicroFocus Secure Messaging Gateway command injection attack | MicroFocus Secure Messaging Gateway command injection attack |
201947544 | 1 | MicroFocus Secure Messaging Gateway vulnerable enginelist.php SQL injection attack | MicroFocus Secure Messaging Gateway vulnerable enginelist.php SQL injection attack |
201947543 | 1 | MicroFocus Secure Messaging Gateway vulnerable enginelist.php SQL injection attack | MicroFocus Secure Messaging Gateway vulnerable enginelist.php SQL injection attack |
201947514 | 1 | Authentication bypass attempt exploiting vulnerability in Quest NetVault Backup Server via checksession parameter | Authentication bypass attempt exploiting vulnerability in Quest NetVault Backup Server via checksession parameter |
201947507 | 1 | Sitecore.NET Log Viewer application vulnerable to directory traversal attacks | Sitecore.NET Log Viewer application vulnerable to directory traversal attacks |
201947506 | 1 | Sitecore.NET 'Log Viewer' application vulnerable to directory traversal attacks | Sitecore.NET 'Log Viewer' application vulnerable to directory traversal attacks |
201947502 | 1 | Joomla ProjectLog component vulnerable SQL injection attack via search parameter | Joomla ProjectLog component vulnerable SQL injection attack via search parameter |
201947501 | 1 | Joomla ProjectLog component vulnerable SQL injection attack via search parameter | Joomla ProjectLog component vulnerable SQL injection attack via search parameter |
201947498 | 1 | Joomla SQL injection attack via title_search, tag_search, name_search, description_search, or filter_order parameter | Joomla SQL injection attack via title_search, tag_search, name_search, description_search, or filter_order parameter |
201947497 | 1 | Joomla SQL injection attack via title_search, tag_search, name_search, description_search, or filter_order parameter. | Joomla SQL injection attack via title_search, tag_search, name_search, description_search, or filter_order parameter. |
201947423 | 1 | QNAP QCenter API command injection attack via date_config | QNAP QCenter API command injection attack via date_config |
201947393 | 1 | QNAP QCenter API command injection attack via date_config | QNAP QCenter API command injection attack via date_config |
201947391 | 1 | Command injection vulnerability in networking of QNAP Q center Virtual Appliance | Command injection vulnerability in networking of QNAP Q center Virtual Appliance |
201947389 | 1 | Oracle WebLogic Server vulnerability exploited arbitrary JSP file upload | Oracle WebLogic Server vulnerability exploited arbitrary JSP file upload |
201947387 | 1 | Oracle WebLogic Server potential unauthenticated reconnaissance attempt | Oracle WebLogic Server potential unauthenticated reconnaissance attempt |
201947386 | 1 | Oracle WebLogic Server vulnerability exploitaion allows unauthenticated attacker to compromise weblogic server | Oracle WebLogic Server vulnerability exploitaion allows unauthenticated attacker to compromise weblogic server |
201947349 | 1 | QNAP QCenter API command injection attack via change password | QNAP QCenter API command injection attack via change password |
201947348 | 1 | QNAP QCenter API command injection attack via change password | QNAP QCenter API command injection attack via change password |
201947041 | 1 | Quest KACE Systems Management Appliance vulnerable to command injection attack via download_agent_installer.php | Quest KACE Systems Management Appliance vulnerable to command injection attack via download_agent_installer.php |
201946997 | 1 | Buffer overflow in XiongMai NVR login.htm | Buffer overflow in XiongMai NVR login.htm |
201946921 | 1 | Quest DR Series Disk Backup vulnerable allows command injection attacks | Quest DR Series Disk Backup vulnerable allows command injection attacks |
201946886 | 1 | Quest KACE Systems Management Appliance ajax_email_connection_test.php command injection attack | Quest KACE Systems Management Appliance ajax_email_connection_test.php command injection attack |
201946852 | 1 | IBM QRadar SIEM forensicsanalysisServlet command injection attack | IBM QRadar SIEM forensicsanalysisServlet command injection attack |
201946851 | 1 | IBM QRadar SIEM forensicsanalysisServlet command injection attack | IBM QRadar SIEM forensicsanalysisServlet command injection attack |
201946850 | 1 | IBM QRadar SIEM forensicsanalysisServlet Authentication bypass attack | IBM QRadar SIEM forensicsanalysisServlet Authentication bypass attack |
201946829 | 1 | D-Link DIR-620 devices command injection attack via index.cgi | D-Link DIR-620 devices command injection attack via index.cgi |
201946828 | 1 | D-Link DIR-620 devices command injection attack via index.cgi | D-Link DIR-620 devices command injection attack via index.cgi |
201946823 | 1 | Spring Security OAuth Remote Code Execution attack | Spring Security OAuth Remote Code Execution attack |
201946779 | 1 | Nagios XI database settings modification | Nagios XI database settings modification |
201946777 | 1 | Nagios XI command injection attack | Nagios XI command injection attack |
201946775 | 1 | Nagios XI command injection attack | Nagios XI command injection attack |
201946774 | 1 | Nagios XI SQL injection attack via selInfoKey1 parameter | Nagios XI SQL injection attack via selInfoKey1 parameter |
201946773 | 1 | Nagios XI SQL injection attack via selInfoKey1 parameter | Nagios XI SQL injection attack via selInfoKey1 parameter |
201946666 | 1 | Digital Guardian Management Console arbitary file upload allows remote code execution | Digital Guardian Management Console arbitary file upload allows remote code execution |
201946665 | 1 | Digital Guardian Management Console arbitary file upload allows remote code execution | Digital Guardian Management Console arbitary file upload allows remote code execution |
201946627 | 1 | GPON Router Command Injection attack via dest_host parameter | GPON Router Command Injection attack via dest_host parameter |
201946626 | 1 | GPON Router Command Injection attack via dest_host parameter | GPON Router Command Injection attack via dest_host parameter |
201946625 | 1 | GPON Router Command Injection attack via dest_host parameter | GPON Router Command Injection attack via dest_host parameter |
201946624 | 1 | GPON Router Command Injection attack via dest_host parameter | GPON Router Command Injection attack via dest_host parameter |
201946516 | 1 | Belkin N750 F9K1103 wireless router command injection attack via proxy.cgi | Belkin N750 F9K1103 wireless router command injection attack via proxy.cgi |
201946514 | 1 | Belkin N750 F9K1103 wireless router command injection attack via proxy.cgi | Belkin N750 F9K1103 wireless router command injection attack via proxy.cgi |
201946512 | 1 | Belkin N750 F9K1103 wireless router command injection attack via twonky_command.cgi | Belkin N750 F9K1103 wireless router command injection attack via twonky_command.cgi |
201946510 | 1 | Belkin N750 F9K1103 wireless router command injection attack via twonky_command.cgi | Belkin N750 F9K1103 wireless router command injection attack via twonky_command.cgi |
201946509 | 1 | Unitrends Enterprise Backup vulnerability exploited command injection attack via /api/hosts parameters using backquotes | Unitrends Enterprise Backup vulnerability exploited command injection attack via /api/hosts parameters using backquotes |
201946451 | 1 | Drupal remote code execution attack exploiting multiple attack vectors on its website | Drupal remote code execution attack exploiting multiple attack vectors on its website |
201946338 | 1 | Joomla Saxum Picker vulnerable SQL injection attack via publicid parameter | Joomla Saxum Picker vulnerable SQL injection attack via publicid parameter |
201946337 | 1 | Joomla Saxum Picker vulnerable SQL injection attack via publicid parameter | Joomla Saxum Picker vulnerable SQL injection attack via publicid parameter |
201946334 | 1 | Joomla DT Register vulnerable SQL injection attack via a task=edit&id= request | Joomla DT Register vulnerable SQL injection attack via a task=edit&id= request |
201946333 | 1 | Joomla DT Register vulnerable SQL injection attack via a task=edit&id= request | Joomla DT Register vulnerable SQL injection attack via a task=edit&id= request |
201946316 | 1 | Drupal 8 allows remote attackers to execute arbitrary code | Drupal 8 allows remote attackers to execute arbitrary code |
201946303 | 1 | Antsle antman Authentication bypass via invalid characters in username and password parameters | Antsle antman Authentication bypass via invalid characters in username and password parameters |
201946088 | 1 | Joomla JEXTN Reverse Auction extension vulnerable SQL injection attack via view=products&uid= '' | Joomla JEXTN Reverse Auction extension vulnerable SQL injection attack via view=products&uid= '' |
201946087 | 1 | Joomla JEXTN Reverse Auction extension vulnerable SQL injection attack via view=products&uid= '' | Joomla JEXTN Reverse Auction extension vulnerable SQL injection attack via view=products&uid= '' |
201946063 | 1 | Joomla JE PayperVideo extension vulnerable SQL injection attack via usr_plan parameter | Joomla JE PayperVideo extension vulnerable SQL injection attack via usr_plan parameter |
201946062 | 1 | Joomla JE PayperVideo extension vulnerable SQL injection attack via usr_plan parameter | Joomla JE PayperVideo extension vulnerable SQL injection attack via usr_plan parameter |
201946042 | 1 | Joomla Component JMS Music 1.1.1 vulnerable SQL injection attack via search with keyword, artist, or username parameter | Joomla Component JMS Music 1.1.1 vulnerable SQL injection attack via search with keyword, artist, or username parameter |
201946041 | 1 | Joomla Component JMS Music 1.1.1 vulnerable SQL injection attack via search with keyword, artist, or username parameter | Joomla Component JMS Music 1.1.1 vulnerable SQL injection attack via search with keyword, artist, or username parameter |
201946030 | 1 | Joomla jextn-classifieds vulnerable SQL injection attack view=boutique&sid= '' | Joomla jextn-classifieds vulnerable SQL injection attack view=boutique&sid= '' |
201946029 | 1 | Joomla jextn-classifieds vulnerable SQL injection attack view=boutique&sid= '' | Joomla jextn-classifieds vulnerable SQL injection attack view=boutique&sid= '' |
201946028 | 1 | Joomla JE PayperVideo extension vulnerable SQL injection attack via usr_plan parameter | Joomla JE PayperVideo extension vulnerable SQL injection attack via usr_plan parameter |
201946025 | 1 | SQL Injection exists in Event Manager 1.0 via event.php id parameter or page.php slug parameter | SQL Injection exists in Event Manager 1.0 via event.php id parameter or page.php slug parameter |
201946024 | 1 | SQL Injection exists in Event Manager 1.0 via event.php id parameter or page.php slug parameter | SQL Injection exists in Event Manager 1.0 via event.php id parameter or page.php slug parameter |
201945984 | 1 | Joomla component Jimtawl 2.2.5 vulnerable arbitrary PHP file upload via view=upload&task=upload&pop=true&tmpl=component | Joomla component Jimtawl 2.2.5 vulnerable arbitrary PHP file upload via view=upload&task=upload&pop=true&tmpl=component |
201945913 | 1 | Zoho ManageEngine Applications Manager public endpoint testCredential.do vulnerable to Remote Code Execution | Zoho ManageEngine Applications Manager public endpoint testCredential.do vulnerable to Remote Code Execution |
201945911 | 1 | Zoho ManageEngine Applications Manager public endpoint testCredential.do vulnerable to Remote Code Execution | Zoho ManageEngine Applications Manager public endpoint testCredential.do testCredential.do vulnerable to Remote Code Execution |
201945526 | 1 | NVRAM configuration modification attempt via AsusWRT vpnupload.cgi | NVRAM configuration modification attempt via AsusWRT vpnupload.cgi |
201945493 | 1 | Seagate Personal Cloud vulnerable to command injection via getLogs.psp uploadtelemetry.psp functions | Seagate Personal Cloud vulnerable to command injection via getLogs.psp uploadtelemetry.psp functions |
201939743 | 1 | SonicWall GMS command injection attack via parameters pass to XML-RPC calls | SonicWall GMS command injection attack via parameters pass to XML-RPC calls |
2019272501 2019272502 2019272503 2019272504 |
1 | CVE-2019-2725 and CVE-2019-2729 Oracle WebLogic Remote Code Execution in versions (10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0) | CVE-2019-2725 and CVE-2019-2729 Oracle WebLogic Remote Code Execution in versions (10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0) |
201919781 | 1 | CVE-2019-19781 Citrix Application Delivery Controller(ADC) Path Traversal Vulnerability | Citrix ADC NSC_USER directory traversal attempt. Versions (10.5, 11.1, 12.0, 12.1, and 13.0) - CVE-2019-19781 |
2018100 | 1 | CVE-2018-6389 WordPress Parameter Resource Consumption Remote DoS | WordPress Parameter Resource Consumption Remote DoS on jquery-ui-core |
2017100 | 1 | Apache Struts 2 Multipart parser CVE-2017-5638 Remote Code Execution Vulnerability Prevention | Detects Apache Jakarta CVE-2017-5638 Remote Code Execution Vulnerability payload |
10271 | 1 | CVE-2017-10271 Oracle WebLogic Remote Code Execution in versions (10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0) | Oracle WebLogic remote code execution in versions (10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0) - CVE-2017-10271 |