Author Topic: Rules Updates: Changelog  (Read 45358 times)

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #150 on: May 22, 2018, 11:14:58 AM »
2018.05.22
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.166


- XSS vulnerability in PixelYourSite plugin prior to version 5.3.0 for WordPress (CVE-2018-0578)
- XSS vulnerability in WP Live Chat Support plugin before 8.0.08 for WordPress (CVE-2018-11105)
- XSS vulnerability in Dolibarr ERP/CRM before 5.0.4 (CVE-2017-9838)
- XSS vulnerability in frog cms 0.9.5 (CVE-2018-10806)
- Directory traversal vulnerability in NoneCms through 1.3.0 (CVE-2018-6022)
- XSS vulnerability  in Z-BlogPHP 2.0.0 (CVE-2018-11208)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #151 on: June 07, 2018, 06:32:40 PM »
2018.06.08
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.167


- SQLi vulnerability in HRSALE The Ultimate HRM v1.0.2 (CVE-2018-10256)
- SQLi vulnerability in OpenEMR before v5_0_1_1 (CVE-2018-9250)
- Directory Traversal vulnerability in ASUSTOR AS6202T ADM 3.1.0.RFQ3 (CVE-2018-11342)
- XSS vulnerability in DomainMod v4.09.03 (CVE-2018-11403 and CVE-2018-11404)
- XSS vulnerability in Dolibarr ERP/CRM before 7.0.1 (CVE-2018-10095)
- XSS vulnerability in Z-BlogPHP 1.5.1 (CVE-2018-9169)
- Directory Traversal vulnerability in ASUSTOR AS6202T ADM 3.1.0.RFQ3 (CVE-2018-11344)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #152 on: June 12, 2018, 12:59:13 PM »
2018.06.12
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.168


- SQLi vulnerability in Dolibarr ERP/CRM before 7.0.1 (CVE-2018-10094)
- Directory Traversal vulnerability in ASUSTOR AS6202T ADM 3.1.0.RFQ3 (CVE-2018-11341)
- XSS And SQLi vulnerability in EasyService Billing 1.0. (CVE-2018-11443 and CVE-2018-11444)
- XSS vulnerability in the Moderator Log Notes plugin 1.1 for MyBB (CVE-2018-11430)
- XSS vulnerability in ASUSTOR soundsgood (CVE-2018-11343)
- XSS vulnerability in DomainMod v4.10.0 (CVE-2018-11558 and CVE-2018-11559)
- SQLi vulnerability in iScripts eSwap v2.4 (CVE-2018-11372 and CVE-2018-11373)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #153 on: June 20, 2018, 11:42:19 AM »
2018.06.20
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.169


- XSS vulnerability in MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress (CVE-2018-11485)
- CSRF vulnerability in Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress (CVE-2018-11632)
- CSRF vulnerability in Woo Checkout for Digital Goods plugin 2.1 for WordPress (CVE-2018-11633)
- SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress (CVE-2018-10969)
- RCE vulerability in Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 (CVE-2018-7600, CVE-2018-7602)
- XSS vulnerability in the MODX Revolution 2.6.3 (CVE-2018-10382)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #154 on: July 06, 2018, 08:24:28 AM »
2018.07.06
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.171


- SQL injection vulnerability in CW Tags 2.0.6 component for Joomla (CVE-2018-7313)
- XSS vulnerability in Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla (CVE-2018-11690)
- SQLi vulnerability in The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress (CVE-2018-12636)
- XSS vulnerability in MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress (CVE-2018-11485)
- SQL Injection vulnerability in  Quick Chat plugin before 4.00 for WordPress (CVE-2018-12534)
- XSS vulnerability in the User Profile & Membership plugin before 2.0.11 for WordPress (CVE-2018-10234)
- XSS vulnerability in the WP Statistics plugin 12.0.2-12.0.5 for WordPress (CVE-2018-1000556)
- XSS vulnerability in Events Manager plugin prior to version 5.9 for WordPress (CVE-2018-0576)
- Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress (CVE-2018-0587)
- CSRF & XSS vulnerability in SLiMS 8 Akasia through 8.3.1 (CVE-2017-12584, CVE-2018-12659)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #155 on: July 16, 2018, 12:20:00 PM »
2018.07.16
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.172


- SQL Injection vulnerability in JB Bus 2.3 component for Joomla (CVE-2018-6372)
- SQL injection vulnerability in DT Register 3.2.7 component for Joomla (CVE-2018-6584)
- Unrestricted file upload vulnerability in WP Live Chat Support Pro plugin before 8.0.07 for WordPress (CVE-2018-12426)
- SQL injection vulnerability in the MemberMouse plugin 2.2.8 and prior for WordPress (CVE-2018-11309)
- XSS vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress (CVE-2018-0579)
- XSS vulnerability in WP Google Map Plugin prior to version 4.0.4 for WordPress (CVE-2018-0577)
- XSS vulnerability in SLiMS 8 Akasia through 8.3.1 (CVE-2018-12654, CVE-2018-12655, CVE-2018-12656, CVE-2018-12657, CVE-2018-12658)
- XSS Vulnerability in ClipperCMS 1.3.3 (CVE-2018-11572)
- XSS vulnerability in Chevereto Free before 1.0.13 (CVE-2018-12030)
- SQL Injection vulnerability in iCMS V7.0.8 (CVE-2018-12498)
- Directory Traversal vulnerability in in YXcms 1.4.7 (CVE-2018-13025)
- XSS vulnerability in BigTree-CMS (CVE-2018-1000521)
- XSS vulnerability in CMS Made Simple in 2.2.6 (CVE-2018-7893, CVE-2018-8058)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #156 on: July 23, 2018, 12:17:28 PM »
2018.07.23
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.173


- Directory traversal vulnerability in K2 component 2.8.0 for Joomla (CVE-2018-7482)
- SQL injection vulnerability in the Saxum Numerology 3.0.4 component for Joomla (CVE-2018-7177)
- SQL Injection vulnerability in AllVideos Reloaded 1.2.x component for Joomla (CVE-2018-5990)
- SQL Injection vulnerability in ccNewsletter 2.x component for Joomla (CVE-2018-5989)
- SQL Injection vulnerability in the JS Jobs 1.1.9 component for Joomla (CVE-2018-5994)
- SQL injection vulnerability in CP Event Calendar 3.0.1 component for Joomla (CVE-2018-6398)
- XSS vulnerability in Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress (CVE-2018-13832)
- XSS Vulnerability in ClipperCMS 1.3.3 (CVE-2018-11332, CVE-2018-13106)
- Directory traversal vulnerability in CMS Made Simple in 2.2.7 (CVE-2018-10083)
- XSS Vulnerability in ClipperCMS 1.3.3 (CVE-2018-13998)
- Directory traversal vulnerability in CMS Made Simple in 2.2.7 (CVE-2018-10520)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #157 on: July 30, 2018, 09:26:51 AM »
2018.07.30
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.174



- SQL injection vulnerability in JquickContact 1.3.2.2.1 component for Joomla (CVE-2018-5983)
- SQL injection vulnerability in the Form Maker 3.6.12 component for Joomla (CVE-2018-5991)
- SQL Injection vulnerability in Visual Calendar 3.1.3 component for Joomla (CVE-2018-6395)
- SQL injection vulnerability in Advertisement Board 3.1.0 component for Joomla (CVE-2018-5982)
- SQL injection vulnerability in Smart Shoutbox 3.0.0 component for Joomla (CVE-2018-5975)
- SQL injection vulnerability in Realpin 1.5.04 component for Joomla (CVE-2018-6005)
- Arbitrary File Download vulnerability in Jtag Members Directory 5.3.7 component for Joomla (CVE-2018-6008)
- SQL injection vulnerability in Solidres 2.5.1 component for Joomla (CVE-2018-5980)
- SQL injection vulnerability in Aist through 2.0 component for Joomla (CVE-2018-5993)
- SQL injection vulnerability in JomEstate PRO through 3.7 component for Joomla (CVE-2018-6368)
- bl_domains update
« Last Edit: August 08, 2018, 12:29:23 PM by SergeiP »

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #158 on: August 08, 2018, 12:30:09 PM »
2018.08.08
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.175


- SQL injection vulnerability in Google Map Landkarten 4.2.3 component for Joomla (CVE-2018-6396)
- Directory Traversal vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress (CVE-2018-0588)
- XSS vulnerability in Responsive Cookie Consent plugin before 1.8 for WordPress (CVE-2018-10309)
- XSS vulnerability in Multi Step Form plugin 1.2.5 for WordPress (CVE-2018-14846)
- XSS vulnerability in YXcms 1.7 (CVE-2018-14686)
- XSS and SQLi vulnerability in WUZHI CMS 4.1.0 (CVE-2018-14515, CVE-2018-14472)
- XSS vulnerability in WUZHI CMS 4.1.0 (CVE-2018-14512)
- XSS vulnerability in WUZHI CMS 4.1.0 (CVE-2018-14513)
- XSS vulnerability in iCMS before 7.0.10 (CVE-2018-14415)
- bl_domains update
« Last Edit: August 15, 2018, 11:35:04 AM by SergeiP »

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #159 on: August 15, 2018, 11:35:53 AM »
2018.08.15
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.176


- SQL injection vulnerability in Staff Master through 1.0 RC 1 component for Joomla (CVE-2018-5992)
- Arbitrary File Upload vulnerability in Proclaim 9.1.1 component for Joomla (CVE-2018-7316)
- SQL injection vulnerability in Fastball 2.5 component for Joomla (CVE-2018-6373)
- CSRF vulnerability in JS Support Ticket 1.1.0 component for Joomla (CVE-2018-6007)
- SQL injection vulnerability in OS Property Real Estate 3.12.7 component for Joomla (CVE-2018-7319)
- XSS vulnerability in Multi Step Form plugin through 1.2.5 for WordPress (CVE-2018-14430)
- SQLi vulnerability in WP Support Plus Responsive Ticket System plugin 9.0.2 and earlier for WordPress (CVE-2018-1000131)
- XSS vulnerability in October CMS prior to build 437 (CVE-2018-1999008)
- XSS vulnerability in Subrion CMS 4.2.1 (CVE-2018-14835)
- XSS vulnerability in SeedDMS before 5.1.8 (CVE-2018-12944)
- XSS vulnerability in SeedDMS before 5.1.8 (CVE-2018-12943)
- bl_domains update
« Last Edit: August 17, 2018, 08:22:18 AM by SergeiP »

Offline Pavel Karabchevsky

  • Newbie
  • *
  • Posts: 2
Re: Rules Updates: Changelog
« Reply #160 on: August 20, 2018, 09:14:03 AM »
2018.08.20
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.177


- Unrestricted file upload vulerability in WordPress 4.9.7 (CVE-2018-14028)
- Unrestricted file upload vulerability in SeedDMS before 5.1.8 (CVE-2018-12940)
- Arbitrary File Upload vulnerability in Subrion CMS  4.2.1 (CVE-2018-14840)
- XSS vulnerability Wolf CMS 0.8.3.1 (CVE-2018-6890)
- XSS vulerability in joyplus-cms 1.6.0 (CVE-2018-10096)
- bl_domains update

Offline Pavel Karabchevsky

  • Newbie
  • *
  • Posts: 2
Re: Rules Updates: Changelog
« Reply #161 on: August 29, 2018, 10:01:19 AM »
2018.08.29
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.178


- XSS vulerability in jDownloads extension before 3.2.59 for Joomla (CVE-2018-10068)
- XSS vulerability in Geo Mashup plugin before 1.10.4 for WordPress (CVE-2018-14071)
- Content injection and CSRF vulnerability in ULike plugin version 2.8.1, 3.1 for WordPress (CVE-2018-1000511)
- XSS and CSRF vulnerability in Metronet Tag Manager plugin version 1.2.7 for WordPress (CVE-2018-1000506)
- XSS vulnerability in Wolf CMS 0.8.3.1 (CVE-2018-14837)
- XSS vulnerability in Joyplus CMS 1.6.0 (CVE-2018-14500)
- SQL injection vulnerability in Joyplus CMS 1.6.0 (CVE-2018-14501)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #162 on: September 05, 2018, 01:00:35 PM »
2018.09.05
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.179


- XSS vulnerability in Joomla! before 3.8.12 (CVE-2018-15880)
- Unrestricted file vulnerability in Joomla! before 3.8.12 (CVE-2018-15882)
- OS command injection vulerability in Plainview Activity Monitor plugin 20161228 for WordPress (CVE-2018-15877)
- XSS vulnerability Wolf CMS 0.8.3.1 (CVE-2018-15842)
- XSS vulnerability in Joyplus CMS 1.6.0 (CVE-2018-8767)
- XSS vulnerability in Wolf CMS 0.8.3.1 (CVE-2018-1000084)
- Directory traversal vulnerability OpenCart through 3.0.2.0 (CVE-2018-11495)
- SQL injection vulnerability in SeedDMS before 5.1.8 (CVE-2018-12942)
- SQLi vulnerability in WUZHI CMS 4.1.0 (CVE-2018-15894)
- SQL injection vulnerability in Dolibarr ERP/CRM version 7.0.3 (CVE-2018-13448, CVE-2018-13450)
- XSS and SQLi vulnerability in WUZHI CMS 4.1.0 (CVE-2018-15893)
- XSS vulnerability in MiniCMS v1.10 (CVE-2018-10227)
- XSS vulnerability in Wolf CMS 0.8.3.1 (CVE-2018-1000087)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #163 on: September 13, 2018, 12:22:24 PM »
2018.09.13
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.180


- XSS vulnerability in Import any XML or CSV File (WP All Import) plugin 3.4.9 for WordPress (CVE-2018-16254, CVE-2018-16255, CVE-2018-16257, CVE-2018-16258, CVE-2018-16259)
- XSS vulnerability in File Manager plugin V2.9 for WordPress (CVE-2018-16363)
- XSS vulnerability in CMSUno before 1.5.3 (CVE-2018-15567)
- XSS vulnerability in MiniCMS v1.10 (CVE-2018-15899, CVE-2018-16298)
- XSS vulnerability in MiniCMS v1.10 (CVE-2018-10296)
- XSS vulnerability in Bludit 2.3.4 (CVE-2018-16313)
- XSS vulnerability in ChemCMS 1.0.6 (CVE-2018-16346)
- Directory Traversal vulnerability in idreamsoft iCMS V7.0.11 (CVE-2018-16320)
- XSS vulnerability in WUZHI CMS 4.1.0 (CVE-2018-16349, CVE-2018-16350)
- XSS vulnerability in GetSimple CMS 3.4.0.9 (CVE-2018-16325)
- Directory traversal vulnerability in SeedDMS before 5.1.8 (CVE-2018-12939)
- XSS vulnerability in idreamsoft iCMS V7.0.11 (CVE-2018-9922)
- bl_domain update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 163
Re: Rules Updates: Changelog
« Reply #164 on: September 19, 2018, 12:08:16 PM »
2018.09.19
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.181


- CSRF and XSS vulnerability in File Manager plugin V3.0 for WordPress (CVE-2018-16966 ,CVE-2018-16967)
- XSS vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 for WordPress (CVE-2018-0642)
- SQLi vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-15147)
- XSS vulnerability in BTITeam XBTIT 2.5.4. (CVE-2018-16361)
- XSS and SQLi vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-15144, CVE-2018-15151 and CVE-2018-15146)
- XSS vulnerability in YzmCMS 3.7 (CVE-2018-8078)
- Directory Traversal vulnerability in Monstra CMS through 3.0.4 (CVE-2018-9038)
- XSS vulnerabilities in e107 2.1.8 (CVE-2018-16381)
- XSS vulnerability in frog cms 0.9.5 (CVE-2018-16374)
- Arbitrary code execution vulnerability in Request URI
- bl_domains update

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek