Author Topic: Rules Updates: Changelog  (Read 49479 times)

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 198
Re: Rules Updates: Changelog
« Reply #165 on: October 04, 2018, 01:06:35 PM »
2018.10.04
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.182


- XSS and SQLi vulnerability in Gift Vouchers plugin 2.0.1 and before for WordPress (CVE-2018-16159, CVE-2018-16609, CVE-2018-16610, CVE-2018-16611, CVE-2018-16612)
- XSS vulnerability in Subrion 4.2.1 (CVE-2018-16327)
- XSS vulnerability in Monstra CMS through 3.0.4 (CVE-2018-17024, CVE-2018-17025, CVE-2018-17026)
- XSS vulnerability in Dolibarr ERP/CRM 7.0.3 (CVE-2018-17239)
- SQLi vulnerability in Simple POS 4.0.24 (CVE-2018-17110)
- SQLi vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-15149)
- XSS vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-1000218, CVE-2018-1000219)
- XSS vulnerability in FV Flowplayer Video Player plugin 7.1.15.727 for WordPress
- XSS vulnerability in Dolibarr ERP/CRM 8.0.2
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 198
Re: Rules Updates: Changelog
« Reply #166 on: October 10, 2018, 08:29:50 AM »
2018.10.10
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.183


- SQL injection vulnerability in Collection Factory 4.1.9 component for Joomla (CVE-2018-17383)
- XSS vulnerability in WPtouch plugin 4.3.28 for WordPress (CVE-2018-17417)
- Local File Inclusion vulnerability in Wechat Broadcast 1.2.0 Plugin for WordPress(CVE-2018-16283)
- CSRF and XSS vulnerability in WP Fastest Cache 0.8.8.5 plugin for WordPress (CVE-2018-17583, CVE-2018-17584, CVE-2018-17585 and CVE-2018-17586)
- XSS vulnerability in Monstra CMS through 3.0.4 (CVE-2018-17024, CVE-2018-17025, CVE-2018-17026)
- XSS vulnerability in Navigate CMS 2.8 (CVE-2018-17255)
- SQLi vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-15148)
- Local File Inclusion vulnerability in BigTree 4.2.23 (CVE-2018-17341)
- XSS vulnerability in the MODX Revolution v2.6.5-pl (CVE-2018-17556)
- SQL injection vulnerability in WUZHI CMS 4.1.0 (CVE-2018-17852)
- XSS vulnerability in Monstra CMS through 3.0.4 (CVE-2018-16819, CVE-2018-16820)
- XSS vulnerability in MetInfo 6.0.0 (CVE-2018-9928)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 198
Re: Rules Updates: Changelog
« Reply #167 on: October 18, 2018, 11:02:12 AM »
2018.10.18
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.184


- XSS vulnerability in FooGallery plugin through 1.4.31 for WordPress (CVE-2018-17308)
- XSS vulnerability in Wp-Insert 2.4.2 plugin for WordPress (CVE-2018-17991)
- XSS vulnerability in Affiliates Manager plugin through 2.6.0 for WordPress (CVE-2018-17579)
- XSS vulnerability in Ultimate WordPress Auction plugin through 1.4.31 (CVE-2018-17576)
- SQLi and XSS vulnerability in Slideshow Gallery 1.6.8 plugin for WordPress (CVE-2018-18017, CVE-2018-18018 and CVE-2018-18019)
- XSS vulnerability in Tribulant Slideshow Gallery 1.6.8 plugin for WordPress (CVE-2018-17946)
- XSS vulnerability in LearnPress WordPress LMS Plugin through 3.0.12.1 (CVE-2018-17970, CVE-2018-17971)
- XSS vulerability in Affiliates Manager plugin 2.6.0 for WordPress (CVE-2018-17995)
- XSS vulnerability in Email Subscribers & Newsletters 3.5.13 for WordPress (CVE-2018-18063, CVE-2018-18076)
- XSS vulnerability in LimeSurvey 3.14.7 (CVE-2018-17003)
- XSS vulnerability in DiliCMS 2.4.0 (CVE-2018-10430)
- XSS vulnerability in GetSimple CMS 3.3.15 (CVE-2018-17835)
- XSS vulnerability in waimai Super Cms 20150505 (CVE-2018-15570)
- XSS vulnerability in waimai Super Cms 20150505 (CVE-2018-18082)
- FPs fix
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 198
Re: Rules Updates: Changelog
« Reply #168 on: October 24, 2018, 12:23:58 PM »
2018.10.24
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.185


- XSS vulnerability in Smart Slider3 plugin version 3.3.8 for WordPress (CVE-2018-18302, CVE-2018-18303, CVE-2018-18304, CVE-2018-18305)
- XSS vulnerability in Ultimate Member - User Profile & Membership plugin 2.0.29 and before 2.0.28 for WordPress (CVE-2018-17866)
- XSS vulnerability WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress (CVE-2018-18069)
- XSS vulnerability in CMS Made Simple 2.2.7 (CVE-2018-18270 & CVE-2018-18271)
- XSS vulnerability in DiliCMS 2.4.0 (CVE-2018-18209, CVE-2018-18210)
- XSS vulnerability in Navigate CMS 2.8 (CVE-2018-17849)
- XSS vulnerability in Slimstat Analytics 4.7.8.3 plugin for WordPress
- XSS vulnerability in Chamber Dashboard Business Directory plugin 3.0.2 for WordPress
- CSRF and XSS vulnerability in Slimstat Analytics 4.7.8.3 plugin for WordPress
- XSS vulnerability in waimai Super Cms 20150505
- FP fix
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 198
Re: Rules Updates: Changelog
« Reply #169 on: October 30, 2018, 10:34:39 AM »
2018.10.30
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.186


- XSS vulnerability in LUYA CMS 1.0.12 (CVE-2018-18259)
- SQL injection vulnerability in Questions 1.4.3 component for Joomla (CVE-2018-17377)
- XSS vulnerability Schiocco Support Board - Chat And Help Desk plugin 1.2.3 for WordPress (CVE-2018-18373)
- Unrestricted file upload vulnerability in Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress (CVE-2018-18461)
- XSS vulnerability in Appointments plugin 2.4.0 for WordPress
- XSS vulnerability in NextGEN Gallery plugin 3.0.16 for WordPress
- XSS vulnerability in Unite Gallery Lite plugin 1.7.43 for WordPress
- XSS vulnerability in Smart Slider3 plugin version 3.3.8 for WordPress
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 198
Re: Rules Updates: Changelog
« Reply #170 on: November 06, 2018, 11:24:59 AM »
2018.11.06
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.187


- SQL injection vulnerability in Reverse Auction Factory 4.3.8 component for Joomla! (CVE-2018-17376)
- SQL injection vulnerability in Swap Factory 2.2.1, Raffle Factory 3.5.2, Penny Auction Factory 2.0.4 component for Joomla! (CVE-2018-17379, CVE-2018-17378, CVE-2018-17384)
- SQL injection vulnerability in Timetable Schedule 3.6.8 component for Joomla! (CVE-2018-17394)
- SQL injection vulnerability in Music Collection 3.0.3 component for Joomla! (CVE-2018-17375)
- SQL injection vulnerability in Article Factory Manager 4.3.9 component for Joomla! (CVE-2018-17380)
- XSS vulnerability in Events Manager plugin prior to version 5.9 for WordPress (CVE-2018-0576)
- XSS vulnerability in WP Live Chat Support plugin 8.0.15 for WordPress (CVE-2018-18460)
- XSS and SQLi vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-15144, CVE-2018-15151 and CVE-2018-15146)
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 198
Re: Rules Updates: Changelog
« Reply #171 on: November 28, 2018, 12:19:13 PM »
2018.11.28
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.189


- SQL injection vulnerability in Jobs Factory 2.0.4 component for Joomla! (CVE-2018-17382)
- SQL injection vulnerability in AlphaIndex Dictionaries 1.0 component for Joomla! (CVE-2018-17397)
- XSS vulnerability in  Snazzy Maps plugin before 1.1.5 for WordPress (CVE-2018-17947)
- SQLi vulnerability in Piwigo before 2.9.3 (CVE-2018-6883)
- XSS vulnerability in VO Store Locator plugin 3.2.12 for WordPress
- XSS vulnerability in WP Native Articles plugin 1.5.3 for WordPress
- XSS vulnerability in Interactive World Map plugin 1.1 for WordPress
- XSS vulnerability in Simba Plugin Updates Manager 1.8.11 for WordPress
- XSS vulnerability in Amazon Product in a Post Plugin 4.0.3.3 for WordPress
- XSS vulnerability in Simple Wishlists for Weddings, Birthdays etc Plugin 1.5.3 For WordPress
- FP fix
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 198
Re: Rules Updates: Changelog
« Reply #172 on: December 06, 2018, 12:02:31 PM »
2018.12.06
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.190


- XSS vulnerability in DomainMOD 4.11.01 (CVE-2018-19136, CVE-2018-19137)
- SQL injection vulnerability in Social Factory 3.8.3 component for Joomla (CVE-2018-17385)
- XSS vulnerability in Ninja Forms plugin before 3.3.18 for WordPress (CVE-2018-19287)
- Arbitrary Code Execution vulnerability in WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress (CVE-2018-19207)
- XSS vulnerability in WordPress Download Manager Plugin 2.9.82
- XSS vulnerability in Restrict User Access WordPress Plugin 1.0.1
- XSS vulnerability in Another WordPress Classifieds Plugin 3.9.3
- XSS vulnerability in Another WordPress Classifieds Plugin 3.9.3
- XSS vulnerability in Another WordPress Classifieds Plugin 3.9.3
- bl_domains update

Offline SergeiP

  • Moderator
  • Comodo Loves me
  • *****
  • Posts: 198
Re: Rules Updates: Changelog
« Reply #173 on: December 12, 2018, 11:57:03 AM »
2018.12.12
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.191


- SQL injection vulnerability in JCK Editor component 6.4.4 for Joomla (CVE-2018-17254)
- SQL injection vulnerability in webERP 4.15 (CVE-2018-19435)
- directory traversal vulnerability in PopojiCMS v2.0.1 (CVE-2018-18936)
- directory traversal vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-15140)
- directory traversal vulnerability in BearAdmin 0.5 (CVE-2018-11413)
- XSS vulnerability in MantisBT 2.3.x before 2.3.2 (CVE-2017-7897)
- XSS vulnerability in Custom Field Suite plugin 2.5.12 for WordPress
- XSS vulnerability Charitable - Donation Plugin 1.6.6 for WordPress
- XSS vulnerability in Image Photo Gallery Final Tiles Grid 3.3.52 for WordPress
- bl_domains update

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek