Author Topic: Rules Updates: Changelog  (Read 33200 times)

Offline SergeiP

  • Moderator
  • Comodo Family Member
  • *****
  • Posts: 82
Re: Rules Updates: Changelog
« Reply #120 on: August 29, 2017, 11:29:31 AM »
2017.08.29
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.136


- XSS vulnerability in Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress (CVE-2017-12200)
- CSRF vulnerability in Clean Login plugin before 1.8 for WordPress (CVE-2017-8875)
- Possible arbitrary code execution in Cacti before 1.1.16 (CVE-2017-12065)
- CSRF vulnerability in the BigTree CMS through 4.2.18 (CVE-2017-9379)
- XSS vulnerability in XOOPS Core 2.5.8 (CVE-2017-12139)
- SQL injection vulnerability in Fiyo CMS 2.0.7 (CVE-2017-11412)
- CSRF vulnerability in the BigTree CMS through 4.2.17 (CVE-2017-7881)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Family Member
  • *****
  • Posts: 82
Re: Rules Updates: Changelog
« Reply #121 on: September 05, 2017, 11:14:41 AM »
2017.09.05
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.137


- XSS vulnerability in Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress (CVE-2017-12200)
- XSS vulnerability in Easy Testimonials plugin 3.0.4 for WordPress (CVE-2017-12131)
- CSRF vulnerability in WHIZZ plugin before 1.1.1 for WordPress (CVE-2017-8099)
- SQL injection vulnerability in the Podlove Podcast Publisher plugin 2.5.3 for WordPress (CVE-2017-12949)
- SQL injection vulnerability in Easy Modal plugin before 2.1.0 for WordPress (CVE-2017-12946,CVE-2017-12947)
- SQL injection vulnerability in Web-Dorado Photo Gallery by WD - Responsive Photo Gallery plugin before 1.3.51 for WordPress (CVE-2017-12977)
- XSS vulnerability in Cacti 1.1.17 (CVE-2017-12927)
- SQL injection vulnerability in Fiyo CMS 2.0.7 (CVE-2017-11417)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Family Member
  • *****
  • Posts: 82
Re: Rules Updates: Changelog
« Reply #122 on: September 20, 2017, 11:52:16 AM »
2017.09.20
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.138


- XSS vulnerability in Participants Database plugin before 1.7.5.10 for WordPress (CVE-2017-14126)
- XSS vulnerability in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress (CVE-2015-9229)
- Unrestricted file upload vulnerability in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress (CVE-2015-9228)
- SQLi vulnerability in Photocrati image-gallery-with-slideshow v1.5.2 plugin for WordPress (CVE-2017-1002012)
- SQL injection vulnerability in Dolibarr ERP/CRM version 6.0.0 (CVE-2017-14242)
- SQL injection vulnerability in Dolibarr ERP/CRM version 6.0.0 (CVE-2017-14238)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Family Member
  • *****
  • Posts: 82
Re: Rules Updates: Changelog
« Reply #123 on: September 26, 2017, 11:33:26 AM »
2017.09.26
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.139


- SQLi vulnerability in Photocrati image-gallery-with-slideshow v1.5.2 plugin for WordPress (CVE-2017-1002013)
- SQLi vulnerability in Photocrati image-gallery-with-slideshow v1.5.2 plugin for WordPress (CVE-2017-1002015)
- CSRF & XSS vulnerability in Crony Cronjob Manager plugin before 0.4.7 for WordPress (CVE-2017-14530)
- SQL injection vulnerability in the eventr v1.02.2 for WordPress (CVE-2017-1002019,CVE-2017-1002018)
- SQL injection vulnerability in the image-gallery-with-slideshow v1.5.2 for WordPress (CVE-2017-1002014)
- SQL injection vulnerability in the Easy Team Manager v1.3.2 for WordPress (CVE-2017-1002023)
- XSS vulnerabilities in the XCloner plugin 3.1.2 for WordPress (CVE-2015-4337)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Family Member
  • *****
  • Posts: 82
Re: Rules Updates: Changelog
« Reply #124 on: October 03, 2017, 11:54:11 AM »
2017.10.03
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.140


- Emergency DDoS bot protection
- XSS vulnerability in Anti-Malware Security and Brute-Force Firewall v. 4.17.29 for WordPress
- XSS vulnerability in WooCommerce PDF Invoices & Packing Slips 2.0.9 for WordPress
- XSS vulnerability in Photocrati image-gallery-with-slideshow v1.5.2 plugin for WordPress (CVE-2017-1002011)
- XSS vulnerability in Crelly Slider v1.2.2 for WordPress
- XSS vulnerability in Booking Calendar for WordPress
- XSS vulnerability in Google Pagespeed Insights plugin v3.0.0 for WordPress
- bl_domains update

Offline vadim

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 338
Re: Rules Updates: Changelog
« Reply #125 on: October 05, 2017, 04:57:13 PM »
2017.10.05
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.141


Emergency disabled rules from 1.140 which caused the performance issue.
--
Vadim Lvovskiy
Development Manager
COMODO Group Inc.

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 365
Re: Rules Updates: Changelog
« Reply #126 on: October 06, 2017, 04:22:15 PM »
2017.10.06
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.142


- Removed rules which were added in 1.140
- bl_domain update

Offline SergeiP

  • Moderator
  • Comodo Family Member
  • *****
  • Posts: 82
Re: Rules Updates: Changelog
« Reply #127 on: October 11, 2017, 11:47:59 AM »
2017.10.11
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.143


- SQLi vulnerability in Content Timeline plugin 4.4.2 for WordPress (CVE-2017-14507)
- XSS vulnerability in 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress (CVE-2017-14622)
- SQL injection vulnerability in the event-espresso-free v3.1.37.12.L for WordPress (CVE-2017-14760)
- SQL injection vulnerability in Event Expresso Free v3.1.37.11.L plugin for WordPress (CVE-2017-1002026)
- SQL injection vulnerability in Responsive Image Gallery plugin before 1.2.1 for WordPress (CVE-2017-14125)
- SQL injection vulnerability in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (CVE-2017-14757)
- SQL injection vulnerability in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (CVE-2017-14758)
- XSS vulnerability in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (CVE-2017-14755)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Family Member
  • *****
  • Posts: 82
Re: Rules Updates: Changelog
« Reply #128 on: November 02, 2017, 12:01:03 PM »
2017.11.02
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.144


- SQL injection vulnerability in WPHRM Human Resource Management System for WordPress 1.0 (CVE-2017-14848)
- XSS vulnerability in gift-certificate-creator v1.0 plugin for WordPress (CVE-2017-1002017)
- SQL injection vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0 (CVE-2017-1002025)
- SQL injection vulnerability in Mojoomla WPAMS Apartment Management System for WordPress (CVE-2017-14847)
- SQL injection vulnerability in the Mojoomla WPCHURCH Church Management System for WordPress (CVE-2017-14845)
- SQL injection vulnerability in the rk-responsive-contact-form v1.0 for WordPress (CVE-2017-1002027)
- Multiple XSS vulnerabilities in WpJobBoard v4.5.1 web-application for WordPress (CVE-2017-15375)
- SQL injection vulnerability in Mojoomla Hospital Management System for WordPress (CVE-2017-14846)
- XSS vulnerability in Flyspray before 1.0-rc6 (CVE-2017-15213)
- CSRF vulnerability in Subrion CMS before 4.2.0 (CVE-2017-15063)
- CSRF vulnerability in Subrion CMS 4.0.5 (CVE-2017-6068)
- XSS vulnerability in GeniXCMS 1.1.4 (CVE-2017-14761)
- SQL injection vulnerability in PHPSUGAR PHP Melody before 2.7.3 (CVE-2017-15578)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Family Member
  • *****
  • Posts: 82
Re: Rules Updates: Changelog
« Reply #129 on: November 09, 2017, 11:25:50 AM »
2017.11.09
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.145


- SQL injection vulnerability in Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla (CVE-2017-15966)
- XSS vulnerability in PopCash.Net Code Integration Tool plugin for WordPress (CVE-2017-15810)
- XSS vulnerability in wp-noexternallinks plugin before 3.5.19 for WordPress (CVE-2017-15863)
- XSS vulnerability in user-login-history plugin through 1.5.2 for WordPress (CVE-2017-15867)
- XSS vulnerability in the Pootle Button plugin before 1.2.0 for WordPress for WordPress (CVE-2017-15811)
- XSS vulnerability in GeniXCMS 1.1.4 (CVE-2017-14762 & CVE-2017-14765)
- SQL injection vulnerability in GLPI before 9.1.5.1 (CVE-2017-11474)
- SQL injection vulnerability in PHPSUGAR PHP Melody before 2.7.3 (CVE-2017-15579)
- XSS vulnerability in the OpenEMR v5_0_0 (CVE-2017-6482)
- XSS vulnerability in the E-Sic 1.0 (CVE-2017-15380)
- SQL injection vulnerability in the E-Sic 1.0 (CVE-2017-15373)
- XSS vulnerability in the BlackCat CMS 1.2 (CVE-2017-14049)
- Unrestricted file upload vulnerability in OctoberCMS 1.0.425 (aka Build 425) (CVE-2017-15284)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Family Member
  • *****
  • Posts: 82
Re: Rules Updates: Changelog
« Reply #130 on: November 16, 2017, 12:20:31 PM »
2017.11.16
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.146


- XSS vulnerability in the Ultimate Instagram Feed plugin before 1.3 for WordPress (CVE-2017-16758)
- XSS vulnerability in Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 (CVE-2017-15273)
- Directory traversal vulnerability in b2evolution through 6.8.3 (CVE-2017-5480)
- XSS vulnerability in Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 (CVE-2017-14752)
- XSS vulnerability in Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 (CVE-2017-1000138)
- XSS vulnerability in CMS Made Simple 2.2.3.1 (CVE-2017-16799)
- XSS vulnerability in the AffiliateWp plugin before 2.0.9 for WordPress
- FP fix
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Family Member
  • *****
  • Posts: 82
Re: Rules Updates: Changelog
« Reply #131 on: Yesterday at 11:59:29 AM »
2017.11.23
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.147


- SQL injection vulnerability in Fiyo CMS 2.0.7 (CVE-2017-11413)
- XSS vulnerability in WBCE v1.1.11 (CVE-2017-1000213)
- XSS vulnerability in October CMS build 412 (CVE-2017-1000193)
- Unrestricted file upload vulnerability in Perch Content Management System 3.0.3 (CVE-2017-15948)
- CSRF vulnerability in YouTube plugin for WordPress (CVE-2017-1000224)
- Unrestricted file upload vulnerability in WP Support Plus Responsive Ticket System before 8.0.7 for WordPress
- Unauthenticated Directory traversal vulnerability in Javo Spot Premium Theme for WordPress
- bl_domains update

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek