16 new signatures:
MEDIUM | HTTP:STC:IE:MSAPP-TASK | msapplication-task vulnerability |
HIGH | HTTP:STC:ADOBE:CONVFILTER-UAF | HTTP: Adobe Flash Player ConvolutionFilter Matrix Array Use After Free |
HIGH | DB:POSTGRESQL:POSTGRE-DBSEC-BP | DB: PostgreSQL Database Security Bypass |
HIGH | HTTP:PHP:FORM-DOS | HTTP: PHP HTTP Multipart Form-Data Denial of Service |
HIGH | HTTP:PFSENSE-ZONE-CSS | HTTP: pfSense WebGUI Zone Parameter Cross-Site Scripting |
HIGH | HTTP:DIR:ORACLE-INFO-DISCOVERY | HTTP: Oracle Endeca Information Discovery Integrator ETL Server RenameFile Directory Traversal |
HIGH | HTTP:SQL:INJ:OPMNGR-AGENT-SQL | HTTP: ManageEngine OpManager AgentDetailsUtil agentKey SQL Injection |
HIGH | HTTP:SQL:INJ:MANAGEENGINER-RCE | HTTP: ManageEngine Multiple Products customerName SQL Injection Remote Code Execution |
HIGH | SSL:OVERFLOW:ELLIPTIC-POLY-DOS | SSL: OpenSSL Elliptic Polynomial Denial-Of-Service |
HIGH | DOS:DELL-NETVAULT-DOS | DOS: Dell NetVault Backup Denial of Service |
HIGH | SMB:MICROSOFT-LIB-LOADING-CE | SMB: Microsoft Windows Media Device Manager Insecure Library Loading |
HIGH | SMTP:IBM-LOTUS-INT-OVERFLOW | SMTP: IBM Lotus Domino BMP Parsing Integer Overflow |
HIGH | HTTP:DIR:ENDECA-ETLSERVER-DT | HTTP: Oracle Endeca Information Discovery Integrator ETL Server MoveFile Directory Traversal |
HIGH | HTTP:FOXIT-PNG-PDF-BO | HTTP: Foxit Multiple Products PNG To PDF Conversion Heap Buffer Overflow |
MEDIUM | HTTP:NOVELL:GROUPWISE-CSS | HTTP: Novell GroupWise WebAccess Cross-Site Scripting |
HIGH | SMTP:VULN:NOVELL-GROUPWISE-XSS | SMTP: Novell GroupWise WebAccess Cross-Site Scripting |
2 updated signatures:
HIGH | DOS:LINUX-COOKIE-ECHO-DOS | DOS: Linux Kernel COOKIE ECHO Denial-of-Service |
MEDIUM | HTTP:MISC:WP-IMG-UPLOAD | HTTP: WordPress Plugin Arbitrary Image Upload |
This signature detects attempts to exploit a known vulnerability against Microsoft IE msapplication-task. A successful attack can lead to memory corruption and possibly arbitrary code execution. The msapplication-task meta name can be used to add static tasks for a Jump List in IE.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, isg-3.5.141332
This signature detects attempts to exploit a known vulnerability against Linux Kernel. A successful exploit can lead to remote denial of service.
srx-branch-11.4, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, idp-5.0.110130325, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-10.0, srx-branch-10.0, mx-11.4, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, idp-4.1.110110609, srx-11.4
This signature detects an attempt to exploit a known vulnerability in WordPress Plugin base. Successful exploitation could allow an attacker to execute arbitrary files and launch further RFI based attacks into the context of the web application.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, isg-3.5.141332
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, isg-3.5.141332
This signature detects attempts to exploit a known vulnerability against PostgreSQL. A successful attack can lead to security bypass into the context of the running service.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, isg-3.5.141332
This signature detects an attempt to exploit a denial-of-server in PHP form data. Successful exploitation could allow an attacker to create a DOS condition and could lead to further attacks.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, isg-3.5.141332
A cross-site scripting vulnerability has been reported in pfSense. The vulnerability is due to services_captiveportal_zones.php not validating the zone parameter when the act parameter is set to del. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted link. Successful exploitation will result in the attacker-controlled script code being executed in the target user's browser in the context of the affected site.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, isg-3.5.141332
This signature detects attempts to exploit a known flaw in Oracle Endeca Information Discovery Integrator ETL Server.. A successful attack can result in directory traversal attacks.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, isg-3.5.141332
An SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the agentKey parameter when processing requests sent to "com.manageengine.opmanager.servlet.AgentDetailsUtil". A remote attacker can exploit this vulnerability to inject and execute arbitrary SQL code on the affected system.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, isg-3.5.141332
This signature detects attempts to exploit a SQL Injection vulnerability in ManageEnginer Multiple Products. A successful attack can lead to SQL Injection attack.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, isg-3.5.141332
This signature detects attempts to exploit a known vulnerability against OpenSSL. A successful attack can result in a denial-of-service condition.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, isg-3.5.141332
A denial of service vulnerability has been reported in Dell NetVault Backup. The vulnerability is due to an assertion failure when processing specially crafted data sent to TCP port 20031. A remote unauthenticated attacker can exploit this vulnerability to cause a denial of service condition on the target system.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, isg-3.5.141332
This signature detects attempts to exploit a known vulnerability against Microsoft Windows Media Device Manager. A successful attack can lead to arbitrary code execution.
srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.5.141332, mx-9.4, idp-5.0.110130325, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, isg-3.4.140032, srx-10.0, srx-branch-10.0, vsrx-12.1, isg-3.5.140842, idp-5.0.110121210, isg-3.4.139899, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, idp-4.1.110110609, srx-11.4
This signature detects attempts to exploit a known vulnerability in the IBM Lotus Domino. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted daemon.
srx-branch-11.4, idp-4.1.110110719, idp-4.0.110090709, idp-4.0.110090831, idp-4.2.0, idp-5.0.0, mx-9.4, idp-5.0.110130325, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-10.0, srx-branch-10.0, mx-11.4, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, idp-4.1.110110609, srx-11.4
A directory traversal vulnerability exists in Oracle Endeca Information Discovery Integrator ETL Server. The vulnerability is due to insufficient input validation while processing SOAP requests to the MoveFile operation. By sending crafted SOAP requests to the target system, a remote authenticated attacker can leverage this vulnerability to move arbitrary files on a target system with System privileges. This can further lead to information disclosure and eventually arbitrary code execution.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, isg-3.5.141332
A heap buffer overflow vulnerability exists in Foxit Reader. Successful exploitation would result in execution of arbitrary code in the security context of the target user.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, isg-3.5.141332
This signature detects attempts to exploit a known vulnerability against Novell Groupwise Web application. Attackers can execute malicious crafted strings and launch further attacks.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, isg-3.5.141332
A cross-site scripting vulnerability exists in Novell GroupWise WebAccess. A successful exploitation attempt will result in the execution of script code in the current browser session of a target user.
idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.5.140842, idp-5.1.110140822, vsrx-15.1, idp-5.1.110150609, isg-3.5.141332