Author Topic: Rules Updates: Changelog  (Read 104382 times)

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #180 on: February 27, 2019, 07:57:24 AM »
2019.02.27
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.198


- XSS vulnerability in spam-byebye 2.2.1 plugin for WordPress (CVE-2018-16206)
- XSS and Directory Traversal vulnerability in  Media File Manager plugin 1.4.2 for WordPress (CVE-2018-19040, CVE-2018-19041, CVE-2018-19042, CVE-2018-19043)
- XSS vulnerability in Unite Gallery Lite plugin 1.7.43 for WordPress
- XSS vulnerability in Strong Testimonials plugin 2.3.14 and below for WordPress
- XSS vulnerability in Ultimate Form Builder Lite versions 1.3.7 and below plugin for WordPress
- XSS vulnerability in Hide Adsense Ads for specific countries plugin 1.5 for WordPress
- XSS vulnerability in Contact Form Maker plugin v1.2.20 and below for WordPress
- SQL and XSS vulnerability in Doctor Appointment Booking Plugin v1.0.0 for WordPress
- XSS vulnerability in YOP POLL Plugin v6.0.2 for WordPress

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #181 on: March 06, 2019, 11:32:43 AM »
2019.03.06
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.199


- CSRF vulnerability in YzmCMS 3.8 (CVE-2018-10223)
- SQLi vulnerability in Cleanto 5.0 (CVE-2019-6295, CVE-2019-6296)
- SQL injection vulnerability in Dolibarr ERP/CRM version 7.0.3 (CVE-2018-13447, CVE-2018-13450)
- SQL injection vulnerability in Dolibarr ERP/CRM version 7.0.3 (CVE-2018-13447, CVE-2018-13450)
- SQL injection vulnerability in Dolibarr ERP/CRM 8.0.2 (CVE-2018-19994)
- CSRF vulnerability in FrontAccounting 2.4.3 (CVE-2018-7176)
- XSS vulnerability in FUEL CMS  1.4.3 (CVE-2018-20137)
- CSRF vulnerability in CScms 4.1 (CVE-2019-6779)
- XSS vulnerability in Kanboard before 1.2.8 (CVE-2019-7324)
- XSS vulnerability in Metinfo 6.1.3 (CVE-2018-19050)
- XSS vulnerability in Metinfo 6.1.3 (CVE-2018-19051)

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #182 on: March 12, 2019, 12:27:23 PM »
2019.03.12
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.200


- Arbitrary Code Execution vulnerability in Total Donations plugin through 2.0.5 for WordPress (CVE-2019-6703)
- XSS vulnerability in Dolibarr ERP/CRM 8.0.2 (CVE-2018-19992, CVE-2018-19995)
- XSS vulnerability in ForkCMS 5.0.6 (CVE-2018-20682)
- XSS vulnerability in CuppaCMS through 2018-09-03 release (CVE-2018-17300)
- XSS vulnerability in Cacti before 1.2.0 (CVE-2018-20723, CVE-2018-20724, CVE-2018-20725 and CVE-2018-20726)
- Directory traversal vulnerability in webERP 4.15 (CVE-2018-20420)
- XSS vulnerability in Creatiwity wityCMS 0.6.1 (CVE-2018-11512)
- XSS vulnerability in Cacti before 1.1.18 (CVE-2017-12978)
- XSS vulnerability in ATutor through v2.2.4 (CVE-2019-7172)
- XSS vulnerability in ZoneMinder through 1.32.3 (CVE-2019-6990, CVE-2019-6992, CVE-2019-7326, CVE-2019-7338, CVE-2019-7339, CVE-2019-7340, CVE-2019-7341, CVE-2019-7342, CVE-2019-7343, CVE-2019-7345, CVE-2019-7348, CVE-2019-7349, CVE-2019-7352)
- Arbitrary code execution vulnerability in Metinfo 6.x. (CVE-2019-7718)
- CSRF vulnerability Hide Adsense Ads for specific countries plugin 1.5 for WordPress

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #183 on: March 21, 2019, 09:18:41 AM »
2019.03.21
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.201


- SQLi vulnerability in J2Store plugin 3.x before 3.3.7 for Joomla! (CVE-2019-9184)
- XSS vulnerability in Quiz and Survey Master Plugin v6.0.4 for WordPress (CVE-2019-9575)
- SQLi vulnerability in Forminator Contact Form, Poll & Quiz Builder plugin before 1.6 for WordPress (CVE-2019-9568)
- Arbitrary code execution vulnerability in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 (CVE-2019-6340)
- XSS vulnerability in Metinfo 6.1.3 (CVE-2018-19835)
- XSS vulnerability in WUZHI CMS 4.1.0 (CVE-2019-9110)
- XSS vulnerability in Collabtive 1.3
- XSS vulnerability in Font Organizer plugin 2.1.1 for WordPress
- SQL vulnerability in WordPress Booking Calendar Plugin v8.4.3 for WordPress
- XSS vulnerability in Geo Mashup Options plugin 1.11.4 for WordPress
- XSS vulnerability in LightGallery plugin 1.0.3 for WordPress
- XSS vulnerability in WP Product Gallery Lite plugin 1.0.4 for WordPress

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #184 on: March 28, 2019, 05:03:15 AM »
2019.03.28
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.202


- SQL injection vulnerability in Questions 1.4.3 component for Joomla (CVE-2018-17377)
- XSS vulnerability in Blog2Social plugin v5.0.2  for Wordpress (CVE-2019-9576)
- XSS vulnerability in ZoneMinder through 1.32.3 (CVE-2019-7327, CVE-2019-7328, CVE-2019-7330, CVE-2019-7332, CVE-2019-7336, CVE-2019-7337, CVE-2019-7344)
- XSS vulnerability in WUZHI CMS 4.1.0 (CVE-2019-9107, CVE-2019-9109)
- CSRF vulnerability in WUZHI CMS 4.1.0 (CVE-2018-18712)
- CSRF vulnerability in YzmCMS v5.2 (CVE-2018-20015)
- CSRF vulnerability in CmsEasy 6.1 (CVE-2018-11679)
- XSS vulnerability in MOPCMS (CVE-2019-9016)
- Arbitrary File Download exists in RhinOS CMS v3.x (CVE-2018-18760)
- SQL vulnerability exists in Bo-blog Wind CMS (CVE-2019-7587)
- XSS vulnerability exists in imcat  v4.5 (CVE-2019-8436)
- XSS vulnerability in the MODX Revolution through v2.7.0-pl (CVE-2018-20755)
- Arbitrary File Download vulnerability in Ad Manager WD Plugin v1.0.11 for WordPress
- SQL vulnerability in Rukovoditel Project Management CRM 2.4.1

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #185 on: April 08, 2019, 12:01:58 PM »
2019.04.08
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.203


- CSRF vulnerability in Smart Forms plugin before 1.2.2 for WordPress (CVE-2019-5920)
- XSS vulnerability in YzmCMS 5.2 (CVE-2019-9660, CVE-2019-9661)
- XSS vulnerability in the MODX Revolution through v2.7.0-pl (CVE-2018-20756,CVE-2018-20757)
- XSS vulnerability in YzmCMS 5.2 (CVE-2019-9570)
- Arbitrary code Injection exists in PHPMyWind CMS v5.5 (CVE-2018-17131)
- Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (CVE-2014-5462)
- XSS and Directory Traversal vulnerability in SP Easy Image Gallery 1.5 component for Joomla
- SQL injection vulnerability in WP AutoSuggest plugin 0.24 for WordPress
- SQL vulnerability in ResourceSpace 8.6

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #186 on: April 23, 2019, 08:42:13 AM »
2019.04.23
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.204


- Disabled by default rules 240330-240336
- XSS vulnerability in WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress (CVE-2019-7299)
- XSS vulnerability exists in Maccms v8.4 (CVE-2019-8410)
- XSS vulnerability in SEMCMS V3.4 (CVE-2018-18840, CVE-2018-18841)
- XSS vulnerability exists in WTCMS (CVE-2019-8911)
- XSS vulnerability in social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 plugin for WordPress (CVE-2019-9911)
- Directory traversal vulnerability exists in imcat (CVE-2018-20610)
- XSS vulnerability exists in verydows cms (CVE-2019-7753)
- XSS vulnerability in social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 plugin for WordPress (CVE-2019-9911)
- XSS vulnerability in wp-google-maps plugin before 7.10.43 for WordPress (CVE-2019-9912)
- SQL injection vulnerabilities in the TeamPass before 2.1.20 (CVE-2014-3773)
- XSS vulnerabilities in pfSense before 2.1.4 (CVE-2014-4687)
- CSRF vulnerability in CScms 4.1 (CVE-2018-16337)
- XSS vulnerability in Event Geek plugin 2.5.2 for WordPress
- Arbitrary File Download exists in OpenSTA Manager v2.3
- Rules in 27_WpPlugin reordered

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #187 on: May 08, 2019, 11:32:48 AM »
2019.05.08
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.205


- SQL injection vulnerability in Reverse Auction Factory 4.3.8 component for Joomla! (CVE-2018-17376)
- XSS vulnerability in Weblizar-pinterest-feeds plugin 1.1.1 for WordPress (CVE-2018-5653, CVE-2018-5654 and CVE-2018-5655)
- XSS vulnerability in Crony Cronjob Manager plugin before 0.4.7 for WordPress (CVE-2017-14530)
- XSS vulnerability in Responsive-coming-soon-page plugin 1.1.18 for WordPress (CVE-2018-5657, CVE-2018-5659, CVE-2018-5660, CVE-2018-5661, CVE-2018-5662, CVE-2018-5663, CVE-2018-5664, CVE-2018-5665 and CVE-2018-5666)
- XSS vulnerability in Booking-calendar plugin 2.1.7 for WordPress (CVE-2018-5670, CVE-2018-5671 and CVE-2018-5672)
- XSS vulnerability in Weblizar-pinterest-feeds plugin 1.1.1 for WordPress (CVE-2018-5667 and CVE-2018-5668)
- XSS vulnerability in ImageInject plugin 1.15 for WordPress (CVE-2018-5284)
- XSS vulnerability in WPGlobus plugin 1.9.6 for WordPress (CVE-2018-5362, CVE-2018-5363, CVE-2018-5364, CVE-2018-5365, CVE-2018-5366 and CVE-2018-5367)
- XSS vulnerability in SrbTransLatin plugin 1.46 for WordPress (CVE-2018-5369)
- XSS vulnerability in FlickrRSS plugin 5.3.1 for WordPress (CVE-2018-6466, CVE-2018-6468 and CVE-2018-6469)
- XSS vulnerability in Metronet Tag Manager plugin version 1.2.7 for WordPress (CVE-2018-1000506)
- XSS vulnerability in File Manager plugin 3.0 for WordPress (CVE-2018-16967)
- XSS vulnerability in WP Fastest Cache 0.8.8.5 for WordPress (CVE-2018-17585)
- XSS vulnerability in Acurax-social-media-widget plugin before 3.2.6 for WordPress (CVE-2018-6357)
- XSS Vulnerability in Improved user search in backend plugin before 1.2.5 (CVE-2014-5196)
- Arbitrary File Delete exists in PHPMyWind CMS v5.5 (CVE-2019-7403)
- XSS vulnerability in Doctor Appointment Booking Plugin v1.0.0 for WordPress

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #188 on: May 15, 2019, 12:51:26 PM »

2019.05.15
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.206


- CSRF vulnerability in the DiliCMS through 2.4.0 (CVE-2018-19291)
- CSRF vulnerability in YzmCMS 3.8 (CVE-2018-10224)
- XSS vulnerability exists in UCMS v1.4.7 (CVE-2018-20600)
- LFI vulnerability in WebDorado Contact Form Builder plugin before 1.0.69 for WordPress (CVE-2019-11557)
- XSS vulnerability in King Composer Plugin v2.x for WordPress (CVE-2019-9910)
- LFI vulnerability in WordPress through 5.0.3 (CVE-2019-8943)

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #189 on: May 22, 2019, 08:36:50 AM »
2019.05.22
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.207


- Directory Traversal vulnerability in Joomla before 3.9.5 (CVE-2019-10945)
- XSS vulnerability in ProFiles 1.5 component for Joomla (CVE-2018-18276)
- LFI vulnerability in WebDorado Contact Form Builder plugin before 1.13.5 for WordPress (CVE-2019-11590)
- XSS vulnerability in Donation Plugin and Fundraising Platform (give) plugin for WordPress (CVE-2019-9909)
- XSS vulnerability exists in Calendar plugin on or before 1.3.10 for WordPress (CVE-2018-18872)
- XSS vulnerability in Custom Field Suite plugin on or before 2.5.14 for WordPress (CVE-2019-11871)
- XSS vulnerability in Duplicate Page plugin 3.3 or before for WordPress
- XSS vulnerability in Contact People plugin 3.2.4 for WordPress
- XSS vulnerability in Creative Image Slider component 3.1.0 for Joomla
- FP fix

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #190 on: May 31, 2019, 06:03:37 AM »
2019.05.31
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.208


- SQL vulnerability exists in SEACMS (CVE-2018-16445)
- XSS vulnerability exists in SEACMS  v6.64 or below (CVE-2018-17321)
- XSS vulnerability exists in Peel Shopping v9_1 (CVE-2018-1000887)
- XSS vulnerability exists in SEACMS on v6.61 or below  (CVE-2018-12431)
- SQL injection vulnerability in LibreNMS (CVE-2018-18478)
- XSS vulnerability exists in Omeka before v2.6.1  (CVE-2018-13423)
- RFI vulnerability in social warfare plugin before 3.5.3 for WordPress(CVE-2019-9978)
- XSS vulnerability in idreamsoft iCMS V7.0.14 (CVE-2019-11426)
- XSS vulnerability exists in Photo gallery WD on or before 1.3.66 for Wordpress
- Directory traversal vulnerability in Health Check and Troubleshooting plugin on or before 1.2.3 for WordPress
- XSS vulnerability in Pie Register Plugin 3.1 for WordPress
- SQL vulnerability exists in Ashop Shopping Cart Software
- FP fix

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #191 on: June 21, 2019, 10:17:03 AM »
2019.06.21
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.209


- SQL vulnerability exists in SEACMS (CVE-2018-16445)
- XSS vulnerability exists in SEACMS v6.64 or below (CVE-2018-17321)
- XSS vulnerability exists in Peel Shopping v9_1 (CVE-2018-1000887)
- XSS vulnerability exists in SEACMS on v6.61 or below (CVE-2018-12431)
- SQL injection vulnerability in LibreNMS (CVE-2018-18478)
- XSS vulnerability exists in Omeka before v2.6.1 (CVE-2018-13423)
- RFI vulnerability in social warfare plugin before 3.5.3 for WordPress(CVE-2019-9978)
- XSS vulnerability in idreamsoft iCMS V7.0.14 (CVE-2019-11426)
- XSS vulnerability exists in Photo gallery WD on or before 1.3.66 for Wordpress
- Directory traversal vulnerability in Health Check and Troubleshooting plugin on or before 1.2.3 for WordPress
- XSS vulnerability in Pie Register Plugin 3.1 for WordPress
- SQL vulnerability exists in Ashop Shopping Cart Software
- FP fix

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #192 on: June 25, 2019, 10:50:00 AM »

2019.06.25
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.210


- XSS vulnerability exists in Appointment Hour Booking Plugin v 1.1.35 or possibly below for WordPress
- Arbitrary File Download vulnerability in Simple File List plugin v3.2.4 or before WordPress
- XSS vulnerability in WordPress Download Manager Plugin 2.9.96 for WordPress
- XSS vulnerability exists in Event Calendar WD Plugin v 1.1.21 or below For WordPress (CVE-2018-16164)
- Directory Traversal vulnerability in WordPress Download Manager Plugin 2.9.96 for WordPress


Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #193 on: July 04, 2019, 12:25:48 PM »
2019.07.04
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.211


- LFI and CSRF vulnerability in WebDorado Contact Form Builder plugin, 10Web Form Maker plugin before 1.13.5 for WordPress (CVE-2019-11591)
- XSS vulnerability exists in Wordpress Hostel Plugin on or before 1.1.3 (CVE-2019-12345)
- XSS vulnerability in miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress (CVE-2019-12346)
- XSS vulnerability  exists in SiteMagic CMS v4.4 (CVE-2019-10238)
- SQL injection vulnerability in SEMCMS V3.4 (CVE-2019-11518)
- Directory traversal vulnerability in CMS Made Simple 2.2.7 (CVE-2018-10522)
- XSS vulnerability in SEMCMS V3.4 (CVE-2018-18738, CVE-2018-18743, CVE-2018-18739)
- Arbitrary File Delete vulnerability in Simple File List plugin v3.2.4  or before for WordPress
- XSS vulnerability in Better File Download Plugin 1.0.9 for WordPress
- XSS vulnerability in File Manager plugin 5.1.5 for WordPress
- XSS vulnerability in Modern Events Calendar Lite plugin 4.2.1 for WordPress
- XSS vulnerability in Salon booking system plugin 3.30.4 for WordPress
- FP fix

Offline Cwaf_Team

  • Moderator
  • Comodo's Hero
  • *****
  • Posts: 290
Re: Rules Updates: Changelog
« Reply #194 on: July 10, 2019, 11:11:20 AM »
2019.07.10
Rules for modsecurity v2.x: Apache, LiteSpeed, Nginx, IIS
Rules for modsecurity v3.x: Nginx
Version 1.212


- XSS vulnerability exists in Typesetter CMS v5.1 (CVE-2018-16639)
- SQL injection vulnerability in LibreNMS (CVE-2018-20678)
- Directory traversal vulnerability exists in ShopXO 1.2.0 (CVE-2019-5887)
- XSS vulnerability in Event Management Tickets Booking By Event Monster Plugin v 1.0.5 or below For WordPress
- XSS vulnerability in Table Reservation plugin 3.3.1 for WordPress
- XSS exists in Watu Quiz Plugin of v3.1.2.5 or before for WordPress
- XSS vulnerability in WP Nearby Places Basic plugin 1.3 for WordPress
- XSS vulnerability in SP Project and Document Manager plugin 3.4.7 for WordPress
- XSS vulnerability in Ultimate Profile Builder plugin v 3.1 for WordPress
- XSS vulnerability in CP Contact Form With Paypal Plugin v 1.2.97 or below For WordPress

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek