Author Topic: Rules Updates: Changelog  (Read 45148 times)

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #135 on: December 21, 2017, 09:00:52 AM »
2017.12.21
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.151


- XSS vulnerability in concrete5 before 5.6.3.4 (CVE-2017-6905)
- XSS vulnerability in the MODX Revolution 2.5.7 and earlier (CVE-2017-1000223 & CVE-2017-11744)
- Open redirect vulnerability in XOOPS Core 2.5.8 (CVE-2017-12138)
- Arbitrary File Read vulnerability in Fiyo CMS 2.0.7 (CVE-2017-17104)
- XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.0 (CVE-2017-6087)
- XSS vulnerability in MetInfo 5.3.15 (CVE-2017-6878)
- XSS vulnerability in ViMbAdmin 3.0.15 (CVE-2017-5870)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #136 on: December 27, 2017, 11:09:54 AM »
2017.12.27
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.152


- XSS vulnerability in custom-map plugin through 1.1 for WordPress (CVE-2017-17744)
- CSRF vulnerability in admidio 3.2.8 (CVE-2017-8382)
- SQL injection vulnerability in Dolibarr ERP/CRM version 6.0.4 (CVE-2017-17899)
- SQL injection vulnerability in Dolibarr ERP/CRM version 6.0.4 (CVE-2017-17897)
- SQL injection vulnerability in Dolibarr ERP/CRM version 6.0.4 (CVE-2017-17900)
- XSS & SQL injection vulnerability in Piwigo 2.9.2 (CVE-2017-17823)
- XSS vulnerability in Piwigo 2.9.2 (CVE-2017-17826)
- CSRF vulnerability in the Piwigo through 2.9.2 (CVE-2017-17827)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #137 on: January 11, 2018, 11:45:38 AM »
2018.01.11
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.153


- SQL injection vulnerability in Joomla! Component JEXTN FAQ Pro 4.0.0 (CVE-2017-17875)
- SQL injection vulnerability in JEXTN Video Gallery extension 3.0.5 for Joomla! (CVE-2017-17872)
- SQL injection vulnerability in surveys v1.01.8 for WordPress (CVE-2017-1002020, CVE-2017-1002021, CVE-2017-1002022)
- XSS vulnerability in wp-concours plugin through 1.1 for WordPress (CVE-2017-17719)
- SQL Injection vulnerability in Oturia Smart Google Code Inserter plugin before 3.5 for WordPress (CVE-2018-3811)
- XSS vulnerability in Z-URL Preview plugin 1.6.1 for WordPress (CVE-2017-18012)
- XSS and Directory Traversal vulnerability in GD Rating System plugin 2.3 for WordPress (CVE-2018-5286, CVE-2018-5287, CVE-2018-5288, CVE-2018-5289, CVE-2018-5290, CVE-2018-5291, CVE-2018-5292, CVE-2018-5293)
- SQL Injection vulnerability in Piwigo 2.9.2 (CVE-2017-17822)
- XSS vulnerability in Piwigo 2.9.2 (CVE-2017-17825)
- XSS vulnerability in NetWin SurgeFTP version 23f2 (CVE-2017-17933)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #138 on: February 01, 2018, 11:24:37 AM »
2018.02.01
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.154


- SQL injection vulnerability in  JBuildozer extension 1.4.1 for Joomla (CVE-2017-17870)
- SQL injection vulnerability in NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! (CVE-2017-15965)
- XSS vulnerability in esb-csv-import-export plugin through 1.1 for WordPress (CVE-2017-17753)
- XSS vulnerability in Oturia Smart Google Code Inserter plugin before 3.5 for WordPress (CVE-2018-3810)
- XSS vulnerability in the Add Link to Facebook plugin through 2.3 for WordPress(CVE-2018-5214)
- CSRF & XSS vulnerability in Responsive-coming-soon-page plugin 1.1.18 for WordPress (CVE-2018-5657, CVE-2018-5658, CVE-2018-5659, CVE-2018-5660, CVE-2018-5661, CVE-2018-5662, CVE-2018-5663, CVE-2018-5664, CVE-2018-5665 and CVE-2018-5666)
- CSRF & XSS vulnerability in Booking-calendar plugin 2.1.7 for WordPress (CVE-2018-5670, CVE-2018-5671, CVE-2018-5672 and CVE-2018-5673)
- XSS vulnerability in the Simple Download Monitor plugin before 3.5.4 for WordPress(CVE-2018-5213,CVE-2018-5212)
- CSRF & XSS vulnerability in Weblizar-pinterest-feeds plugin 1.1.1 for WordPress (CVE-2018-5667, CVE-2018-5668 and CVE-2018-5669)
- CSRF & XSS vulnerability in Weblizar-pinterest-feeds plugin 1.1.1 for WordPress (CVE-2018-5653, CVE-2018-5654 , CVE-2018-5655 and CVE-2018-5656)
- Directory Traversal vulnerability in Media from FTP plugin 9.85 for WordPress (CVE-2018-5310)
- CSRF & XSS vulnerability in ImageInject plugin 1.15 for WordPress (CVE-2018-5284 and CVE-2018-5285)
- XSS vulnerability in Shibboleth plugin before 1.8 for WordPress (CVE-2017-14313)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #139 on: February 12, 2018, 12:20:55 PM »
2018.02.12
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.155


- COMODO WAF: XSS vulnerability in Download-manager plugin before 2.9.52 for WordPress (CVE-2017-18032)
- COMODO WAF: SQL Injection vulnerability in Dbox 3D Slider Lite plugin through 1.2.2 for WordPress (CVE-2018-5374)
- COMODO WAF: SQL Injection vulnerability in Testimonial Slider plugin through 1.2.4 for WordPress (CVE-2018-5372)
- COMODO WAF: CSRF & XSS vulnerability in WPGlobus plugin 1.9.6 for WordPress (CVE-2018-5361,CVE-2018-5362, CVE-2018-5363, CVE-2018-5364, CVE-2018-5365, CVE-2018-5366 and CVE-2018-5367)
- COMODO WAF: CSRF & XSS vulnerability in SrbTransLatin plugin 1.46 for WordPress (CVE-2018-5368 and CVE-2018-5369)
- COMODO WAF: SQL Injection vulnerability in Piwigo 2.9.2 (CVE-2017-17824)
- COMODO WAF: CSRF & XSS vulnerability in the Piwigo through 2.9.2 (CVE-2017-17774 and CVE-2017-17775)
- COMODO WAF: XSS vulnerability in Piwigo 2.8.2 (CVE-2018-5692)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #140 on: February 15, 2018, 11:22:24 AM »
2018.02.15
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.156


- SQL injection vulnerability in the iJoomla com_adagency plugin 6.0.9 for Joomla! (CVE-2018-5696)
- XSS vulnerability in Dark-mode plugin 1.66 for WordPress (CVE-2018-5651 and CVE-2018-5652)
- CSRF and XSS vulnerability in Acurax-social-media-widget plugin before 3.2.6 for WordPress (CVE-2018-6357)
- CSRF & XSS vulnerability in FlickrRSS plugin 5.3.1 for WordPress (CVE-2018-6466, CVE-2018-6467, CVE-2018-6468 and CVE-2018-6469)
- XSS vulnerability in CMS Made Simple 2.2.5 (CVE-2018-5963, CVE-2018-5964 and CVE-2018-5965)
- XSS vulnerability in BigTree CMS 4.2.19 (CVE-2018-6013)
- bl_domains update
« Last Edit: February 22, 2018, 12:40:41 PM by SergeiP »

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #141 on: February 22, 2018, 12:48:12 PM »
2018.02.22
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.157


- SQL injection vulnerability in the SimpleCalendar 3.1.9 component for Joomla! (CVE-2018-5974)
- SQL injection vulnerability in the MediaLibrary Free 4.0.12 component for Joomla! (CVE-2018-5971)
- XSS vulnerability in WordPress Booking Plugin Lite before 14.5 (CVE-2018-6891)
- XSS vulnerability in wp-splashing-images-2.1.0 plugin for WordPress (CVE-2018-6194)
- XSS vulnerability in UltimateMember plugin 2.0 for WordPress (CVE-2018-6943 and CVE-2018-6944)
- OS Command Injection vulnerability in OpenEMR version 5.0.0 (CVE-2018-1000019)
- Stored XSS  vulnerability in Dolibarr ERP/CRM version 6.0.2 (CVE-2017-1000509)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #142 on: March 01, 2018, 12:28:09 PM »
2018.03.01
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.158


- SQL injection vulnerability in Zh YandexMap 6.2.1.0, Zh BaiduMap 3.0.0.1 and Zh GoogleMap 8.4.0.0 for Joomla (CVE-2018-6582, CVE-2018-6604 and 2018-6605)
- SQL injection vulnerability in JSP Tickets 1.1 component for Joomla (CVE-2018-6609)
- Unauthenticated attackers can cause a denial of service in WordPress through 4.9.2 (CVE-2018-6389)
- Unrestricted file upload vulnerability in AccessPress Anonymous Post Pro 3.2.0 for WordPress (CVE-2017-1649)
- XSS vulnerability in SilverStripe CMS before 3.6.1 (CVE-2017-14498)
- XSS in Monstra CMS through 3.0.4 (CVE-2018-6550)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #143 on: March 14, 2018, 08:22:33 AM »
2018.03.14
Rules for: Apache, LiteSpeed, Nginx, IIS
Version 1.159


- Added the rules set for ModSecurity 3 and NGINX
- SQL injection vulnerability in the Gallery WD 1.3.6 component for Joomla! (CVE-2018-5981)
- SQL injection vulnerability in the PrayerCenter 3.0.2 component for Joomla! (CVE-2018-7314)
- SQL injection vulnerability in JEXTN Classified 1.0.0 component and JEXTN Reverse Auction 3.1.0 component for Joomla (CVE-2018-6575 and CVE-2018-6579)
- SQL Injection vulnerability in CP Contact Form with PayPal plugin 1.1.5 for WordPress (CVE-2015-9234)
- XSS vulnerability in  Bullet Proof Security plugin before 0.52.5 for WordPress (CVE-2018-6194)
- XSS vulnerabilities in the XCloner plugin 3.1.2 for WordPress (CVE-2015-4337)
- XSS vulnerability in phpMyAdmin before 4.7.8 (CVE-2018-7260)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #144 on: April 04, 2018, 12:57:22 PM »
2018.04.04
Rules for modsecurity up to v2,9.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity 3: Nginx
Version 1.160


- SQLi vulnerability in Piwigo before 2.9.3 (CVE-2018-6883)
- SQL injection vulnerability in in the Saxum Astro 4.0.14 component for Joomla! (CVE-2018-7180)
- SQL injection vulnerability in the Saxum Picker 3.2.10 component for Joomla! (CVE-2018-7178)
- SQL injection vulnerability in Ek Rishta 2.9 component for Joomla! (CVE-2018-7315)
- XSS & Unrestricted file upload vulnerability in Tiki before 18 (CVE-2018-7188)
- Directory traversal vulnerability in BlackCat CMS before 1.1.2 (CVE-2015-5079)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #145 on: April 18, 2018, 10:28:50 AM »
2018.04.18
Rules for modsecurity up to v2,9.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity 3: Nginx
Version 1.161


- Updated rules for IP whitelisting/blacklisting for modsec3 for nginx
- SQL injection vulnerability in JMS Music 1.1.1 component for Joomla (CVE-2018-6581)
- Remote file inclusion vulnerability in the Jimtawl 2.1.6 and 2.2.5 component for Joomla (CVE-2018-6580)
- Directory traversal vulnerability in The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress (CVE-2017-15079)
- Stored XSS vulnerability in Piwigo 2.9.3 (CVE-2018-7723)
- XSS vulnerability in Piwigo Facetag plugin 0.0.3 (CVE-2017-9425)
- SQLi vulnerability in Piwigo Facetag plugin 0.0.3 (CVE-2017-9426)
- SQLi vulnerability in Textpattern CMS 4.6.2 (CVE-2018-7474)
- XSS vulnerability in Piwigo 2.9.3 (CVE-2018-7722)
- XSS vulnerability in Piwigo 2.9.3 (CVE-2018-7724)
- XSS vulnerability in Enhancesoft osTicket before 1.10.2 (CVE-2018-7193)
- XSS vulnerability in Enhancesoft osTicket before 1.10.2 (CVE-2018-7196)
- FP fix
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #146 on: April 26, 2018, 12:32:06 PM »
2018.04.26
Rules for modsecurity up to v2,9.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity 3: Nginx
Version 1.162


- XSS vulnerability in Two-Factor Authentication - Clockwork SMS plugin 1.0.2 for wordpress (CVE-2017-17780)
- XSS vulnerability in elevanssi plugin 4.0.4 for WordPress (CVE-2018-9034)
- XSS vulnerability in The Iptanus WordPress File Upload plugin before 4.3.4 for wordpress (CVE-2018-9844)
- XSS vulnerability in WP Live Chat Support plugin before 8.0.06 for wordpress (CVE-2018-9864)
- Directory Traversal vulnerability in WP Background Takeover Advertisements plugin before 4.1.5 for wordpress (CVE-2018-9118)
- RCE vulerability in Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 (CVE-2018-7600, CVE-2018-7602)
- SQLi vulnerability in Western Bridge Cobub Razor 0.8.0 (CVE-2018-8057)
- XSS vulnerability in Xiuno BBS 4.0.0 (CVE-2018-8942)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #147 on: May 02, 2018, 01:01:27 PM »
2018.05.02
Rules for modsecurity up to v2,9.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity 3: Nginx
Version 1.163


- XSS vulnerability in bilboplanet 2.0 (CVE-2014-9916)
- XSS vulnerability in GetSimple CMS 3.3.13 (CVE-2018-9173)
- XSS vulnerability in Coppermine Photo Gallery before 1.5.27 and 1.6.x before 1.6.01 (CVE-2014-4612)
- XSS vulnerability in CMS Made Simple 2.2.7 (CVE-2018-10029 & CVE-2018-10032)
- XSS vulnerability in Zurmo 3.2.3 (CVE-2017-18004)
- SQLi vulnerability in Dolibarr ERP/CRM 7.0.0 (CVE-2017-18260)
- XSS vulnerability in frog cms 0.9.5 (CVE-2018-9992)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #148 on: May 08, 2018, 10:17:43 AM »
2018.05.08
Rules for modsecurity v2.9.2: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3: Nginx
Version 1.164


- XSS vulnerability in WordPress Download Manager prior to version 2.9.50 for wordpress (CVE-2017-2216)
- XSS vulnerability in phpIPAM before 1.3.1 (CVE-2018-10329)
- XSS vulnerability in Dolibarr ERP/CRM 7.0.0 (CVE-2017-18259)
- XSS vulnerability in iCMS V7.0.8 (CVE-2018-10250)
- XSS vulnerability in GeniXCMS 1.1.0 (CVE-2017-14740)
- XSS vulnerability in the Threads to Link plugin 1.3 for MyBB (CVE-2018-10365)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #149 on: May 15, 2018, 12:43:58 PM »
2018.05.15
Rules for modsecurity v2.9.2: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3: Nginx
Version 1.165


- SQLi and XSS vulnerability in Dolibarr ERP/CRM before 5.0.4 (CVE-2017-9839)
- XSS vulnerability in Z-BlogPHP 1.5.2 (CVE-2018-10680, CVE-2018-7736)
- XSS vulnerability in iCMS V7.0.7 (CVE-2018-9925)
- XSS vulnerability in HRSALE The Ultimate HRM v1.0.2 (CVE-2018-10259)
- XSS vulnerability in phpIPAM before 1.3.1 (CVE-2017-15640)
- SQLi vulnerability in iCMS V7.0.7 (CVE-2018-9924)
- bl_domains update

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek