Author Topic: Rules Updates: Changelog  (Read 29567 times)

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: Rules Updates: Changelog
« Reply #15 on: January 29, 2015, 07:58:44 AM »
Version 1.24 - 2015.01.29
 - CVE-2014-4687
 - CVE-2014-4688
 - CVE-2014-4689
 - CVE-2014-5115
 - CVE-2014-4852
 - CVE-2014-4533
 - CVE-2014-4552
 - CVE-2014-4554
 - CVE-2014-4555
 - CVE-2014-4556
 - CVE-2014-4557
 - CVE-2014-4563
 - CVE-2014-4564
 - CVE-2014-4565
 - CVE-2014-4566
 - CVE-2014-4594
 - CVE-2014-4595
 - CVE-2014-4596
 - CVE-2014-5183
 - CVE-2014-5184
 - CVE-2014-5187
 - CVE-2014-5194
 - CVE-2014-5186
 - CVE-2014-4575
 - CVE-2014-4584
 - CVE-2014-4585
 - CVE-2014-4587
 - CVE-2014-4604
 - CVE-2014-4605
 - CVE-2014-4606
 - CVE-2014-4939
 - CVE-2014-4940
 - CVE-2014-4941
 - CVE-2014-5180
 - CVE-2014-5190
 - CVE-2014-5196
 - CVE-2014-5022
 - CVE-2014-5181
 - CVE-2014-5182
 - CVE-2014-5193
 - CVE-2014-5199
 - CVE-2014-5201
 - CVE-2014-5202
 - Extra WHMCS protection rule
 - Extra Wordpress protection rule

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: Rules Updates: Changelog
« Reply #16 on: February 25, 2015, 05:52:36 AM »
Rules for Apache: version 1.25 - 2015.02.25
 - CVE-2013-3727 [SQLi] Kasseler CMS
 - CVE-2013-3728 [XSS] Kasseler CMS
 - CVE-2014-1222 [Dir.Traversal] Vtiger CRM before 6.0.0 Security patch 1
 - CVE-2014-4002 [XSS] Cacti 0.8.8b
 - CVE-2014-4524 [XSS] WP Easy Post Types plugin before 1.4.4 for WordPress
 - CVE-2014-4526 [XSS] efence plugin 1.3.2 and earlier for WordPress
 - CVE-2014-4527 [XSS] EnvialoSimple: Email Marketing and Newsletters plugin before 1.98 for WordPress
 - CVE-2014-4534 [XSS] HTML5 Video Player with Playlist plugin 2.4.0 and earlier for WordPress
 - CVE-2014-4537 [XSS] Keyword Strategy Internal Links plugin 2.0 and earlier for WordPress
 - CVE-2014-4538 [XSS] Malware Finder plugin 1.1 and earlier for WordPress
 - CVE-2014-4549 [XSS] WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress
 - CVE-2014-4560 [XSS] ToolPage plugin 1.6.1 and earlier for WordPress
 - CVE-2014-4574 [XSS] WebEngage plugin before 2.0.1 for WordPress
 - CVE-2014-4581 [XSS] WPCB plugin 2.4.8 and earlier for WordPress
 - CVE-2014-4582 [XSS] WP Consultant plugin 1.0 and earlier for WordPress
 - CVE-2014-4583 [XSS] WP-Contact (wp-contact-sidebar-widget) plugin 1.0 and earlier for WordPress
 - CVE-2014-4586 [XSS] wp-football plugin 1.1 and earlier for WordPress
 - CVE-2014-4591 [XSS] WP-Picasa-Image plugin 1.0 and earlier for WordPress
 - CVE-2014-4593 [XSS] WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress
 - CVE-2014-4942 [Information] The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress
 - CVE-2014-4944 [SQLi] BSK PDF Manager plugin 1.3.2 for WordPress
 - CVE-2014-4600 [XSS] WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress
 - CVE-2014-4601 [XSS] Wu-Rating plugin 1.0 12319 and earlier for WordPress
 - CVE-2014-4602 [XSS] XEN Carousel plugin 0.12.2 and earlier for WordPress
 - CVE-2014-5192 [SQLi] Sphider
 - CVE-2014-5337 [Information] The WordPress Mobile Pack plugin before 2.0.2 for WordPress
 - CVE-2014-5343 [XSS] Attack in Feng Office
 - CVE-2014-5344 [XSS] Mobiloud plugin before 2.3.8 for WordPress
 - CVE-2014-5345 [XSS] Possible XSS Attack in Disqus Comment System plugin before 2.76 for WordPress
 - CVE-2014-5347 [CSRF/XSS] Disqus Comment System plugin before 2.76 for WordPress
 - CVE-2014-5368 [Dir.Traversal] WP Content Source Control plugin 3.0.0 and earlier for WordPress
 - Possible Shell Upload Vulnerability in extplorer plugin for Joomla!
 - Blocking execution of an uloaded shell in Joomla!
« Last Edit: February 25, 2015, 06:29:33 AM by TDmitry »

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: Rules Updates: Changelog
« Reply #17 on: April 09, 2015, 08:07:55 AM »
Rules for Apache: version 1.28 - 2015.04.09
- New rules organisation scheme
- CVE-2014-4543 - XSS in the Pay Per Media Player plugin 1.24 and earlier for WordPress
- CVE-2014-4546 - XSS in book_ajax.php in the Rezgo plugin 1.4.2 and earlier for WordPress
- CVE-2014-4572 - XSS in the Votecount for Balatarin plugin 0.1.1 and earlier for WordPress
- CVE-2014-4580 - XSS in the WP BlipBot plugin 3.0.9 and earlier for WordPress
- CVE-2014-4588 - XSS in the Hot Files: File Sharing and Download Manager (wphotfiles) plugin 1.0.0 and earlier for WordPress
- CVE-2012-4768 - XSS in the Download Monitor plugin before 3.3.5.9 for WordPress
- CVE-2014-6445 - XSS in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress
- CVE-2014-7152 - XSS in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress
- CVE-2014-7153 - SQL injection in the Huge-IT Image Gallery plugin 1.0.1 for WordPress
- CVE-2014-10021 - Shell Upload Vulnerability WP Symposium plugin 14.11 for WordPress
- Shell Upload Vulnerability in extplorer for Joomla
- Updated list of malware and phishing domains
- Few false positives removed

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: Rules Updates: Changelog
« Reply #18 on: April 22, 2015, 10:09:57 AM »
2015.04.22
Rules for Apache: version 1.31
Rules for LiteSpeed: version 1.25
Rules for Nginx: version 1.04

- CVE-2014-4570 - Multiple XSS vulnerabilities in the VideoWhisper Video Presentation plugin before 3.31 for WordPress
- CVE-2014-4569 - XSS in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress
- CVE-2014-4545 - Multiple XSS vulnerabilities in pq_dialog.php in the Pro Quoter plugin 1.0 and earlier for WordPress
- CVE-2014-4540 - XSS vulnerability in the Oleggo LiveStream plugin 0.2.6 and earlier for WordPress
- CVE-2014-4599 - Multiple XSS vulnerabilities in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and earlier for WordPress
- CVE-2014-4590 - XSS vulnerability in the WP Microblogs plugin 0.4.0 and earlier for WordPress
- CVE-2014-4579 - XSS vulnerability in the Appointments Scheduler plugin 1.5 and earlier for WordPress
- CVE-2014-4573 - Multiple XSS vulnerabilities in the Walk Score plugin 0.5.5 and earlier for WordPress
- CVE-2014-4576 - XSS vulnerability in the WordPress Social Login plugin 2.0.3 and earlier for WordPress
- CVE-2014-4578 - XSS vulnerability in the WP App Maker plugin 1.0.16.4 and earlier for WordPress
- CVE-2012-5700 - Multiple XSS vulnerabilities in Baby Gekko before 1.2.2f
- CVE-2012-6659 - XSS vulnerability in the admin interface in Phorum before 5.2.19
- CVE-2014-5017 - SQL injection vulnerability in LimeSurvey 2.05+ Build 140618
- CVE-2014-5016 - Multiple XSS vulnerabilities in LimeSurvey 2.05+ Build 140618
- CVE-2014-5018 - XSS vulnerability in LimeSurvey 2.05+ Build 140618
- CVE-2010-5302 / CVE-2010-5303 / CVE-2009-5142 - XSS vulnerability in TimThumb 1.09 and earlier
- CVE-2014-6619 - Multiple XSS vulnerabilities in Restaurant Script (PizzaInn_Project) 1.0.0
- CVE-2014-5259 - XSS vulnerability in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3
- CVE-2014-5111 - Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files
- CVE-2014-5109 / CVE-2014-5110 - SQL injection and XSS vulnerabilities in Fonality trixbox
- CVE-2014-5112 - Fonality trixbox allows remote attackers to execute arbitrary commands
- Updated list of malware and phishing domains
« Last Edit: April 22, 2015, 11:45:53 AM by TDmitry »

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: Rules Updates: Changelog
« Reply #19 on: April 28, 2015, 04:23:28 AM »
2015.04.28
Rules for Apache: version 1.32
Rules for LiteSpeed: version 1.26
Rules for Nginx: version 1.05

- CVE-2014-4521 / CVE-2014-4522 - Multiple XSS vulnerabilities in the dsIDXpress IDX plugin before 2.1.1 and WordPress Edition plugin 1.0-beta10 and earlier for WordPress
- CVE-2014-4516 - XSS vulnerability in the BIC Media Widget plugin 1.0 and earlier for WordPress
- CVE-2014-4597 - XSS vulnerability in in the WP Social Invitations plugin before 1.4.4.3 for WordPress
- CVE-2014-4571 - Multiple XSS vulnerabilities in the VN-Calendar plugin 1.0 and earlier for WordPress
- CVE-2014-4603 - Multiple XSS vulnerabilities in the Yahoo! Updates for WordPress plugin 1.0 and earlier for WordPress
- CVE-2014-4735 - XSS vulnerability in MyWebSQL 3.4 and earlier
- CVE-2014-1879 - XSS vulnerability in phpMyAdmin before 4.1.7
- CVE-2012-1506 - SQL injection vulnerability in OrangeHRM before 2.7
- Updated list of malware and phishing domains
- Removed SecServerSignature from ruleset

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: Rules Updates: Changelog
« Reply #20 on: May 14, 2015, 07:09:09 AM »
2015.05.14
Rules for Apache: version 1.33
Rules for LiteSpeed: version 1.27
Rules for Nginx: version 1.06

 - CVE-2012-2687 - Multiple XSS vulnerabilities in the Apache HTTP Server 2.4.x before 2.4.3
 - CVE-2012-0984 - Multiple XSS vulnerabilities in XOOPS before 2.5.5
 - CVE-2014-5107 - Information leakage in the Concrete5 before 5.6.3
 - CVE-2014-3550 - Multiple XSS vulnerabilities in Moodle 2.7.x before 2.7.1
 - CVE-2014-3547 - Multiple XSS vulnerabilities in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4
 - Updated list of malware and phishing domains

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: Rules Updates: Changelog
« Reply #21 on: May 26, 2015, 09:42:45 AM »
2015.05.26
Rules for Apache: version 1.34
Rules for LiteSpeed: version 1.28
Rules for Nginx: version 1.07

 - CVE-2015-2195 - Multiple XSS vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress
 - CVE-2015-2199 - Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress
 - CVE-2015-2218 - Multiple XSS vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress
 - CVE-2015-2315 - XSS vulnerability in the WPML plugin before 3.1.9 for WordPress
 - bl_domains updated
« Last Edit: June 03, 2015, 10:35:45 AM by TDmitry »

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: Rules Updates: Changelog
« Reply #22 on: June 03, 2015, 10:35:29 AM »
2015.06.03
Rules for Apache: version 1.35
Rules for LiteSpeed: version 1.29
Rules for Nginx: version 1.08

 - XSS vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress (CVE-2015-1385)
 - XSS vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress (CVE-2015-1436)
 - XSS vulnerability in the FancyBox plugin for WordPress before 3.0.3 (CVE-2015-1494)
 - XSS vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress (CVE-2015-1582)
 - XSS vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress (CVE-2015-1879)
 - XSS vulnerability in the Contact Form DB plugin 2.8.26 for WordPress (CVE-2015-2040)
 - XSS vulnerability in the WooCommerce plugin before 2.2.11 (CVE-2015-2069)
 - bl_domains updated

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: Rules Updates: Changelog
« Reply #23 on: June 10, 2015, 09:34:08 AM »
2015.06.10
Rules for Apache: version 1.36
Rules for LiteSpeed: version 1.30
Rules for Nginx: version 1.09

 - Overflow and DOS Attack Vulnerability in the PHP through 5.5.6 (CVE-2013-6712)
 - Various vulnerabilities in the Slider Revolution Plugin
 - XSS vulnerability in the Ninja Forms plugin before 2.8.9 for WordPress (CVE-2015-2220)
 - XSS vulnerability in the Banner Effect Header plugin before 1.2.8 for WordPress (CVE-2015-1384)
 - Upload URL vulnerability in Pixabay Images plugin before 2.4 for WordPress (CVE-2015-1376)
 - XSS and CSRF vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress (CVE-2015-2755)
 - CSRF Vulnerabilty in WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 (CVE-2015-2293)
 - SQL Vulnerabilty in WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 (CVE-2015-2292)
 - userdata_bl_domains
 - bl_domains update
« Last Edit: June 10, 2015, 09:56:46 AM by TDmitry »

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: Rules Updates: Changelog
« Reply #24 on: June 17, 2015, 08:17:43 AM »
2015.06.17
Rules for Apache: version 1.37
Rules for LiteSpeed: version 1.31
Rules for Nginx: version 1.10

 - Possible Information Disclosure by Directory Listing fixed
 - CSRF and XSS vulnerabilities in the CrossSlide jQuery plugin 2.0.5 for WordPress (CVE-2015-2089)
 - CSRF and XSS vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress (CVE-2015-2039)
 - Write file vulnerability in the Pixabay Images plugin before 2.4 for WordPress (CVE-2015-1375)
 - XSS vulnerability in Pixabay Images plugin before 2.4 for WordPress (CVE-2015-1366)
 - Directory traversal vulnerability in the Pixabay Images plugin before 2.4 for WordPress (CVE-2015-1365)
 - bl_domains update
 - false positives fixed

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: Rules Updates: Changelog
« Reply #25 on: June 24, 2015, 07:43:53 AM »
2015.06.23
Rules for Apache: version 1.38
Rules for LiteSpeed: version 1.32
Rules for Nginx: version 1.11

 - Multiple CSRF vulnerabilities in the MailPoet Newsletters WordPress plugin before 2.6.11 (CVE-2014-3907)
 - Multiple CSRF vulnerabilities in the GD Star Rating plugin 19.22 for WordPress (CVE-2014-2838)
 - CSRF and XSS vulnerabilities in the Easy Social Icons plugin before 1.2.3 for WordPress (CVE-2015-2084)
 - CSRF vulnerability in the Contact Form DB plugin before 2.8.32 for WordPress (CVE-2015-1874)
 - XSS vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress (CVE-2015-0901)
 - Multiple XSS vulnerabilities in the Image Metadata Cruncher plugin for WordPress (CVE-2015-1614)
 - Multiple XSS and CSRF vulnerabilities in the Mobile Domain plugin 1.5.2 for WordPress (CVE-2015-1581)
 - XSS vulnerability in the WP Slimstat plugin before 3.9.2 for WordPress (CVE-2015-1204)
 - XSS vulnerability in the April Super Functions Pack plugin before 1.4.8 for WordPress (CVE-2014-100026)
 - Multiple XSS and CSRF vulnerabilities in the Redirection Page plugin 1.2 for WordPress (CVE-2015-1580)
 - XSS vulnerability in the mTouch Quiz before 3.0.7 for WordPress (CVE-2014-100023)
 - SQL injection vulnerability in the mTouch Quiz before 3.0.7 for WordPress (CVE-2014-100022)
 - Multiple XSS vulnerabilities in OrangeHRM before 2.7 (CVE-2012-1507)
 - bl_domains update

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: Rules Updates: Changelog
« Reply #26 on: July 07, 2015, 08:26:54 AM »
2015.07.07
Rules for Apache: version 1.39
Rules for LiteSpeed: version 1.33
Rules for Nginx: version 1.12

 - CSRF vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress (CVE-2014-100001)
 - SQL injection vulnerability in the Code Futures YourMembers plugin for WordPress (CVE-2014-100003)
 - Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress (CVE-2014-10017)
 - XSS vulnerability in the Pods plugin before 2.5 for WordPress (CVE-2014-7956)
 - Multiple XSS vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress (CVE-2014-10016)
 - CSRF and XSS vulnerabilities in the Pods plugin before 2.5 for WordPress (CVE-2014-7957)
 - CSRF vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress (CVE-2015-0895)
 - SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress (CVE-2014-2839)
 - bl_domains update

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: Rules Updates: Changelog
« Reply #27 on: July 21, 2015, 09:54:08 AM »
2015.07.21
Rules for Apache: version 1.40
Rules for LiteSpeed: version 1.34
Rules for Nginx: version 1.13

 - Multiple CSRF vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress (CVE-2014-5346)
 - SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress (CVE-2014-10013)
 - Vulnerability in the Pie Register plugin before 2.0.14 for WordPress (CVE-2014-8802)
 - XSS vulnerability in the Unconfirmed plugin before 1.2.5 for WordPress (CVE-2014-100018)
 - False positives fix
 - bl_domains update

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: Rules Updates: Changelog
« Reply #28 on: August 05, 2015, 06:06:03 AM »
2015.08.05
Rules for Apache: version 1.41
Rules for LiteSpeed: version 1.35
Rules for Nginx: version 1.14

 - XSS vulnerability in the Floating Social Bar plugin before 1.1.6 for WordPress (CVE-2015-5528)
 - XSS vulnerability in the Twitget plugin before 3.3.3 for WordPress (CVE-2014-2995)
 - XSS vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress (CVE-2014-7181)
 - XSS vulnerability in  the Google Calendar Events plugin before 2.0.4 for WordPress (CVE-2014-7138)
 - XSS vulnerabilities in the Register Plus plugin 3.5.1 and earlier for WordPress (CVE-2010-4402)
 - XSS vulnerability in Landing Pages plugin before 1.8.5 for WordPress (CVE-2015-4065)
 - SQL injection vulnerability in the ajax_survey function in the WordPress Survey and Poll plugin 1.1.7 for WordPress (CVE-2015-2090)
 - SQL injection vulnerability in the NewStatPress plugin before 0.9.9 for WordPress (CVE-2015-4062)
 - SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress (CVE-2015-1393)
 - XSS vulnerability in the NewStatPress plugin before 0.9.9 for WordPress (CVE-2015-4063)
 - CSRF vulnerability in the Login Widget With Shortcode plugin before 3.2.1 for WordPress (CVE-2014-6312)
 - XSS vulnerabilities in the MetalGenix GeniXCMS 0.0.3 (CVE-2015-5066)
 - IDs change
 - False positives fix
 - bl_domains update

Offline TDmitry

  • Head CWAF Rule Writing Team
  • Comodo's Hero
  • *****
  • Posts: 357
Re: Rules Updates: Changelog
« Reply #29 on: August 11, 2015, 09:29:03 AM »
2015.08.11
Rules for Apache: version 1.42
Rules for LiteSpeed: version 1.36
Rules for Nginx: version 1.15

 - SQL injection vulnerability in the Landing Pages plugin before 1.8.5 for WordPress (CVE-2015-4064)
 - Open redirect vulnerability in the Redirect function in the StageShow plugin before 5.0.9 for WordPress (CVE-2015-5461)
 - Multiple SQL injection vulnerabilities in the GigPress plugin before 2.3.9 for WordPress (CVE-2015-4066)
 - SQL injection vulnerability in the FeedWordPress plugin before 2015.0514 for WordPress (CVE-2015-4018)
 - Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 (CVE-2015-3301)
 - CSRF vulnerabilities in Free Reprintables ArticleFR 3.0.6 (CVE-2015-5530)
 - XSS vulnerabilities in Free Reprintables ArticleFR 3.0.6 (CVE-2015-5529)

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek