Author Topic: Rules Updates: Changelog  (Read 60055 times)

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 215
Re: Rules Updates: Changelog
« Reply #165 on: October 04, 2018, 01:06:35 PM »
2018.10.04
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.182


- XSS and SQLi vulnerability in Gift Vouchers plugin 2.0.1 and before for WordPress (CVE-2018-16159, CVE-2018-16609, CVE-2018-16610, CVE-2018-16611, CVE-2018-16612)
- XSS vulnerability in Subrion 4.2.1 (CVE-2018-16327)
- XSS vulnerability in Monstra CMS through 3.0.4 (CVE-2018-17024, CVE-2018-17025, CVE-2018-17026)
- XSS vulnerability in Dolibarr ERP/CRM 7.0.3 (CVE-2018-17239)
- SQLi vulnerability in Simple POS 4.0.24 (CVE-2018-17110)
- SQLi vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-15149)
- XSS vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-1000218, CVE-2018-1000219)
- XSS vulnerability in FV Flowplayer Video Player plugin 7.1.15.727 for WordPress
- XSS vulnerability in Dolibarr ERP/CRM 8.0.2
- bl_domains update

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 215
Re: Rules Updates: Changelog
« Reply #166 on: October 10, 2018, 08:29:50 AM »
2018.10.10
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.183


- SQL injection vulnerability in Collection Factory 4.1.9 component for Joomla (CVE-2018-17383)
- XSS vulnerability in WPtouch plugin 4.3.28 for WordPress (CVE-2018-17417)
- Local File Inclusion vulnerability in Wechat Broadcast 1.2.0 Plugin for WordPress(CVE-2018-16283)
- CSRF and XSS vulnerability in WP Fastest Cache 0.8.8.5 plugin for WordPress (CVE-2018-17583, CVE-2018-17584, CVE-2018-17585 and CVE-2018-17586)
- XSS vulnerability in Monstra CMS through 3.0.4 (CVE-2018-17024, CVE-2018-17025, CVE-2018-17026)
- XSS vulnerability in Navigate CMS 2.8 (CVE-2018-17255)
- SQLi vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-15148)
- Local File Inclusion vulnerability in BigTree 4.2.23 (CVE-2018-17341)
- XSS vulnerability in the MODX Revolution v2.6.5-pl (CVE-2018-17556)
- SQL injection vulnerability in WUZHI CMS 4.1.0 (CVE-2018-17852)
- XSS vulnerability in Monstra CMS through 3.0.4 (CVE-2018-16819, CVE-2018-16820)
- XSS vulnerability in MetInfo 6.0.0 (CVE-2018-9928)
- bl_domains update

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 215
Re: Rules Updates: Changelog
« Reply #167 on: October 18, 2018, 11:02:12 AM »
2018.10.18
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.184


- XSS vulnerability in FooGallery plugin through 1.4.31 for WordPress (CVE-2018-17308)
- XSS vulnerability in Wp-Insert 2.4.2 plugin for WordPress (CVE-2018-17991)
- XSS vulnerability in Affiliates Manager plugin through 2.6.0 for WordPress (CVE-2018-17579)
- XSS vulnerability in Ultimate WordPress Auction plugin through 1.4.31 (CVE-2018-17576)
- SQLi and XSS vulnerability in Slideshow Gallery 1.6.8 plugin for WordPress (CVE-2018-18017, CVE-2018-18018 and CVE-2018-18019)
- XSS vulnerability in Tribulant Slideshow Gallery 1.6.8 plugin for WordPress (CVE-2018-17946)
- XSS vulnerability in LearnPress WordPress LMS Plugin through 3.0.12.1 (CVE-2018-17970, CVE-2018-17971)
- XSS vulerability in Affiliates Manager plugin 2.6.0 for WordPress (CVE-2018-17995)
- XSS vulnerability in Email Subscribers & Newsletters 3.5.13 for WordPress (CVE-2018-18063, CVE-2018-18076)
- XSS vulnerability in LimeSurvey 3.14.7 (CVE-2018-17003)
- XSS vulnerability in DiliCMS 2.4.0 (CVE-2018-10430)
- XSS vulnerability in GetSimple CMS 3.3.15 (CVE-2018-17835)
- XSS vulnerability in waimai Super Cms 20150505 (CVE-2018-15570)
- XSS vulnerability in waimai Super Cms 20150505 (CVE-2018-18082)
- FPs fix
- bl_domains update

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 215
Re: Rules Updates: Changelog
« Reply #168 on: October 24, 2018, 12:23:58 PM »
2018.10.24
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.185


- XSS vulnerability in Smart Slider3 plugin version 3.3.8 for WordPress (CVE-2018-18302, CVE-2018-18303, CVE-2018-18304, CVE-2018-18305)
- XSS vulnerability in Ultimate Member - User Profile & Membership plugin 2.0.29 and before 2.0.28 for WordPress (CVE-2018-17866)
- XSS vulnerability WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress (CVE-2018-18069)
- XSS vulnerability in CMS Made Simple 2.2.7 (CVE-2018-18270 & CVE-2018-18271)
- XSS vulnerability in DiliCMS 2.4.0 (CVE-2018-18209, CVE-2018-18210)
- XSS vulnerability in Navigate CMS 2.8 (CVE-2018-17849)
- XSS vulnerability in Slimstat Analytics 4.7.8.3 plugin for WordPress
- XSS vulnerability in Chamber Dashboard Business Directory plugin 3.0.2 for WordPress
- CSRF and XSS vulnerability in Slimstat Analytics 4.7.8.3 plugin for WordPress
- XSS vulnerability in waimai Super Cms 20150505
- FP fix
- bl_domains update

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 215
Re: Rules Updates: Changelog
« Reply #169 on: October 30, 2018, 10:34:39 AM »
2018.10.30
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.186


- XSS vulnerability in LUYA CMS 1.0.12 (CVE-2018-18259)
- SQL injection vulnerability in Questions 1.4.3 component for Joomla (CVE-2018-17377)
- XSS vulnerability Schiocco Support Board - Chat And Help Desk plugin 1.2.3 for WordPress (CVE-2018-18373)
- Unrestricted file upload vulnerability in Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress (CVE-2018-18461)
- XSS vulnerability in Appointments plugin 2.4.0 for WordPress
- XSS vulnerability in NextGEN Gallery plugin 3.0.16 for WordPress
- XSS vulnerability in Unite Gallery Lite plugin 1.7.43 for WordPress
- XSS vulnerability in Smart Slider3 plugin version 3.3.8 for WordPress
- bl_domains update

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 215
Re: Rules Updates: Changelog
« Reply #170 on: November 06, 2018, 11:24:59 AM »
2018.11.06
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.187


- SQL injection vulnerability in Reverse Auction Factory 4.3.8 component for Joomla! (CVE-2018-17376)
- SQL injection vulnerability in Swap Factory 2.2.1, Raffle Factory 3.5.2, Penny Auction Factory 2.0.4 component for Joomla! (CVE-2018-17379, CVE-2018-17378, CVE-2018-17384)
- SQL injection vulnerability in Timetable Schedule 3.6.8 component for Joomla! (CVE-2018-17394)
- SQL injection vulnerability in Music Collection 3.0.3 component for Joomla! (CVE-2018-17375)
- SQL injection vulnerability in Article Factory Manager 4.3.9 component for Joomla! (CVE-2018-17380)
- XSS vulnerability in Events Manager plugin prior to version 5.9 for WordPress (CVE-2018-0576)
- XSS vulnerability in WP Live Chat Support plugin 8.0.15 for WordPress (CVE-2018-18460)
- XSS and SQLi vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-15144, CVE-2018-15151 and CVE-2018-15146)
- bl_domains update

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 215
Re: Rules Updates: Changelog
« Reply #171 on: November 28, 2018, 12:19:13 PM »
2018.11.28
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.189


- SQL injection vulnerability in Jobs Factory 2.0.4 component for Joomla! (CVE-2018-17382)
- SQL injection vulnerability in AlphaIndex Dictionaries 1.0 component for Joomla! (CVE-2018-17397)
- XSS vulnerability in  Snazzy Maps plugin before 1.1.5 for WordPress (CVE-2018-17947)
- SQLi vulnerability in Piwigo before 2.9.3 (CVE-2018-6883)
- XSS vulnerability in VO Store Locator plugin 3.2.12 for WordPress
- XSS vulnerability in WP Native Articles plugin 1.5.3 for WordPress
- XSS vulnerability in Interactive World Map plugin 1.1 for WordPress
- XSS vulnerability in Simba Plugin Updates Manager 1.8.11 for WordPress
- XSS vulnerability in Amazon Product in a Post Plugin 4.0.3.3 for WordPress
- XSS vulnerability in Simple Wishlists for Weddings, Birthdays etc Plugin 1.5.3 For WordPress
- FP fix
- bl_domains update

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 215
Re: Rules Updates: Changelog
« Reply #172 on: December 06, 2018, 12:02:31 PM »
2018.12.06
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.190


- XSS vulnerability in DomainMOD 4.11.01 (CVE-2018-19136, CVE-2018-19137)
- SQL injection vulnerability in Social Factory 3.8.3 component for Joomla (CVE-2018-17385)
- XSS vulnerability in Ninja Forms plugin before 3.3.18 for WordPress (CVE-2018-19287)
- Arbitrary Code Execution vulnerability in WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress (CVE-2018-19207)
- XSS vulnerability in WordPress Download Manager Plugin 2.9.82
- XSS vulnerability in Restrict User Access WordPress Plugin 1.0.1
- XSS vulnerability in Another WordPress Classifieds Plugin 3.9.3
- XSS vulnerability in Another WordPress Classifieds Plugin 3.9.3
- XSS vulnerability in Another WordPress Classifieds Plugin 3.9.3
- bl_domains update

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 215
Re: Rules Updates: Changelog
« Reply #173 on: December 12, 2018, 11:57:03 AM »
2018.12.12
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.191


- SQL injection vulnerability in JCK Editor component 6.4.4 for Joomla (CVE-2018-17254)
- SQL injection vulnerability in webERP 4.15 (CVE-2018-19435)
- directory traversal vulnerability in PopojiCMS v2.0.1 (CVE-2018-18936)
- directory traversal vulnerability in OpenEMR before 5.0.1.4 (CVE-2018-15140)
- directory traversal vulnerability in BearAdmin 0.5 (CVE-2018-11413)
- XSS vulnerability in MantisBT 2.3.x before 2.3.2 (CVE-2017-7897)
- XSS vulnerability in Custom Field Suite plugin 2.5.12 for WordPress
- XSS vulnerability Charitable - Donation Plugin 1.6.6 for WordPress
- XSS vulnerability in Image Photo Gallery Final Tiles Grid 3.3.52 for WordPress
- bl_domains update

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 215
Re: Rules Updates: Changelog
« Reply #174 on: December 18, 2018, 12:09:35 PM »
2018.12.18
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.192


- XSS vulnerability in Easy Testimonials plugin 3.2 for WordPress (CVE-2018-19564)
- SQL injection vulnerability in Arigato Autoresponder and News letter plugin 2.5.1.8 for WordPress (CVE-2018-1002000)
- XSS vulnerability in Arigato Autoresponder and News letter plugin 2.5.1.8 for WordPress (CVE-2018-1002006, CVE-2018-1002007)
- XSS vulnerability in Arigato Autoresponder and News letter plugin 2.5.1.8 for WordPress (CVE-2018-1002001, CVE-2018-1002002, CVE-2018-1002003, CVE-2018-1002004, CVE-2018-1002005, CVE-2018-1002008)
- XSS vulnerability in Bookly - Online Booking and Scheduling Plugin 16.4 for WordPress
- XSS vulnerability in Opti MozJpeg Guetzli WebP plugin 1.16 for WordPress 3.9.3
- XSS vulnerability in Image Hover Effects plugin 4.7.6 for WordPress
- bl_domains update

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 215
Re: Rules Updates: Changelog
« Reply #175 on: January 14, 2019, 04:41:34 AM »
2019.01.14
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.193


- Open redirect vulnerability in Ninja Forms plugin before 3.3.19.1 for WordPress (CVE-2018-19796)
- XSS vulnerability in Arigato Autoresponder and News letter 2.5.1.8 plugin for WordPress (CVE-2018-1002009)
- Directory Traversal vulnerability in PHPSHE 1.7 (CVE-2018-18485)
- Directory Traversal vulnerability in HRSALE The Ultimate HRM 1.0.2 (CVE-2018-10260)
- XSS vulnerability in DomainMOD 4.11.01 (CVE-2018-19750, CVE-2018-19751, CVE-2018-19892)
- XSS vulnerability in DomainMOD 4.11.01 (CVE-2018-19749, CVE-2018-19752, CVE-2018-19913, CVE-2018-19914, CVE-2018-19915, CVE-2018-20009, CVE-2018-20010, CVE-2018-20011)
- XSS vulnerability in BlackCat CMS 1.3.2 (CVE-2018-16635)
- XSS vulnerability in LifterLMS Plugin 3.25.4 for WordPress

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 215
Re: Rules Updates: Changelog
« Reply #176 on: January 17, 2019, 12:19:32 PM »
2019.01.17
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.194


- XSS vulnerability in Zurmo 3.2.4 (CVE-2018-19506)
- SQL injection vulnerability in Dolibarr ERP/CRM version 6.0.4 (CVE-2017-17900)
- Directory traversal vulnerability in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 (CVE-2016-9835)
- XSS vulnerability in SilverStripe CMS before 3.6.1 (CVE-2017-14498)
- Unrestricted file upload vulnerability in AccessPress Anonymous Post Pro 3.2.0 for WordPress (CVE-2017-1649)
- XSS vulnerability in Disqus Comment System plugin before 2.76 for WordPress (CVE-2014-5345)
- XSS vulnerability in Image Photo Gallery Final Tiles Grid 3.3.52 for WordPress
- SQL injection vulnerability in WP AutoSuggest plugin 0.24 for WordPress
- XSS vulnerability in Dolibarr ERP/CRM 8.0.3
- XSS vulnerability in Booking Calendar for WordPress
« Last Edit: February 12, 2019, 05:08:20 AM by SergeiP »

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 215
Re: Rules Updates: Changelog
« Reply #177 on: January 23, 2019, 01:26:38 PM »
2019.01.23
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.195


- XSS vulnerability in JSmol2WP plugin 1.07 for WordPress (CVE-2018-20462)
- Directory traversal vulnerability in JSmol2WP plugin 1.07 for WordPress (CVE-2018-20462)
- CSRF vulnerability in two-factor-authentication plugin before 1.3.13 for WordPress (CVE-2018-20231)
- XSS and SQLi vulnerability in WUZHI CMS 4.1.0 (CVE-2018-14515, CVE-2018-14472, CVE-2018-20572)
- XSS vulnerability in MantisBT 2.1.0 through 2.17.1 (CVE-2018-17782, CVE-2018-17783)
- SQLi vulnerability in Dolibarr ERP/CRM version 7.0.3 (CVE-2018-13449)
- SQL injection vulnerability in WP Google Map Plugin 4.0.4 and below for WordPress
- XSS vulnerability in ForkCMS 5.0.6

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 215
Re: Rules Updates: Changelog
« Reply #178 on: February 05, 2019, 12:40:37 PM »
2019.02.05
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.196


- XSS vulnerability in Joomla before 3.9.2 (CVE-2019-6263)
- SQLi vulnerability in File Download Tracker 3.0 component for Joomla (CVE-2018-6004)
- SQL injection vulnerability in Pinterest Clone Social Pinboard 2.0 component for Joomla (CVE-2018-5987)
- SQL injection vulnerability in Zap Calendar Lite 4.3.4 component for Joomla
- SQL injection vulnerability in Survey Force Deluxe 3.2.4 component for Joomla
- SQL injection vulnerability in J-BusinessDirectory 4.9.7 component for Joomla
- FP fix
« Last Edit: February 12, 2019, 05:08:39 AM by SergeiP »

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 215
Re: Rules Updates: Changelog
« Reply #179 on: February 14, 2019, 10:45:19 AM »
2019.02.14
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.197


- CSRF vulnerability in Tooltipy plugin 5.0 for WordPress (CVE-2018-1000505)
- SQL injection vulnerability in FrontAccounting 2.4.5 (CVE-2018-1000890)
- SQL injection vulnerability in Dolibarr ERP/CRM 8.0.2 (CVE-2018-19998)
- XSS Vulnerability in Evolution 1.4.x CMS (CVE-2018-16637)
- XSS vulnerabilty in CMS Made Simple 2.2.8 (CVE-2018-20464)
- XSS vulnerability in DomainMOD 4.11.01 (CVE-2018-1000856)
- SQL injection vulnerability in CuppaCMS (CVE-2018-19559)
- XSS vulnerability in YzmCMS 5.1 (CVE-2018-17044)
- XSS vulnerability in User Registration plugin v1.5.3 for WordPress
- SQL Injection vulnerability in Dolibarr ERP/CRM 8.0.4

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek