Supported Protection Rules

The Oracle Cloud Infrastructure WAF service supports many protection rule types. The following list provides a brief explanation of the purpose of each protection rule type.

Protection Rules

Rule ID/Key

Name

Description

90001 Filter Profanity Detects profanity used in request headers and body.
90002 United States Social Security Number Leakage Detects leakage of US SSN in C3 body and headers.
90004 Executable file upload attempt Detects attempts to upload executable files through input forms.
90005 Brazilian Social Security Number (CPF) Leakage Detects leakage of Brazilian CPF in response body and headers.
90006 Credit card leakage in request: GSA SmartPay Detects GSA SmartPay credit card numbers in user input.
90007 Credit card leakage in request: MasterCard Detects MasterCard credit card numbers in user input.
90008 Credit card leakage in request: Visa Detects Visa credit card numbers in user input.
90009 Credit card leakage in request: American Express Detects American Express credit card numbers in user input.
90010 Credit card leakage in request: Diners Club Detects Diners Club credit card numbers in user input.
90011 Credit card leakage in request: enRoute Detects enRoute credit card numbers in user input.
90012 Credit card leakage in request: Discover Detects Discover credit card numbers in user input.
90013 Credit card leakage in request: JCB Detects JCB credit card numbers in user input.
90014 Credit card leakage in response: GSA SmartPay Detects GSA SmartPay credit card numbers sent from site to user.
90015 Credit card leakage in response: MasterCard Detects MasterCard credit card numbers sent from site to user.
90016 Credit card leakage in response: Visa Detects Visa credit card numbers sent from site to user.
90017 Credit card leakage in response: American Express Detects American Express credit card numbers sent from site to user.
90018 Credit card leakage in response: Diners Club Detects Diners Club credit card numbers sent from site to user.
90019 Credit card leakage in response: enRoute Detects enRoute credit card numbers sent from site to user.
90020 Credit card leakage in response: Discover Detects Discover credit card numbers sent from site to user.
90021 Credit card leakage in response: JCB Detects JCB credit card numbers sent from site to user.
90022 Credit card Track 1 data leakage Detects credit card track 1 data in the response body.
90023 Credit card Track 2 data leakage Detects credit card track 2 data in the response body.
90024 Credit card PAN leakage Detects credit card primary account number in the response body.
90025 visitorTracker_isMob malware detection Detects and/or blocks visitorTracker_isMob malware.
120123 Joomla! Core CVE-2015-8562 Remote Code Execution Vulnerability Prevention Detects Joomla! Core CVE-2015-8562 Remote Code Execution Vulnerability payload.
120133 Canadian Social Identification Number (SIN) leakage Detects leakage of Canadian SIN in response body and headers.
900032 HTTP Parameter Polution (HPP) detection Rule Detects requests that have multiple arguments with the same name indicative of HPP attack.
911100 Restrict HTTP Request Methods Allows only request methods specified by the configurable "Allowed http methods" parameter.
920021, 920022, 920023 Credit card PAN leakage Detects credit card primary account number in the response body.
920100 Invalid HTTP Request Line Invalid HTTP Request Line.
920120 File Name Validation Detects multipart/form-data file name evasion attempts.
920160 Content-Length Header Validation Detects if content-length HTTP header is not numeric.
920170 GET/HEAD Requests Validation Detects if GET/HEAD requests contain request body by checking for content-length header, since it is not a common practice.
920171 GET/HEAD Requests Validation Detects if GET/HEAD requests contain request body by checking for Transfer-Encoding header since it is not a common practice.
920180 Content-Length Header Validation Detects if content-length and Transfer-Encoding headers are provided with every POST request.
920190 Range Header Validation This rule inspects the Range request header to see if it starts with 0.
920200, 920201 Range Header Validation Detects range header inconsistencies and invalid formatting.
920220, 920240 Check URL encodings There are two different chained rules. We need to separate them as we are inspecting two different variables - REQUEST_URI and REQUEST_BODY. For REQUEST_BODY, we only want to run the @validateUrlEncoding operator if the content-type is application/x-www-form-urlencoding.
920230 Detect multiple url encoding Detection of multiple url encodings.
920260 Disallow use of full-width unicode as decoding evasions may be possible. This rule looks for full-width encoding by looking for %u followed by 2 'f' characters and then 2 hex characters. It is a vulnerability that affected IIS circa 2007.
920270 Restrict type of characters sent This rule uses the @validateByteRange operator to restrict the request payloads.
920280 Missing/Empty Host Header Missing/Empty Host Header.
920300 Missing Accept Header Detection of missing accept header.
920310, 920311 Empty Accept Header Checks if an Accept header exists, but has an empty value. Also detects an empty Accept header if there is no user agent.
920320 Missing User-Agent header Detection of missing user-agent header.
920330 Empty User-Agent Header Detects empty request user-agent header.
920350 Invalid HTTP Request Line Invalid HTTP Request Line.
920360 Limit length of argument names Detects HTTP requests argument name length exceeding the configurable "Max length of argument name" value.
920370 Limit argument value length Detects HTTP requests arugment values exceeding the configurable "Max argument value length" parameter.
920380 Number of Arguments Limits Detects HTTP requests with number of arguments exceeding the configurable "Max amount of arguments" value.
920390 Limit arguments total length Detects HTTP requests arugment length exceeding the configurable "Max argument length" parameter.
920400 Limit file size Limits the size of a file by checking Content-Length Header for a varible max_file_size.
920410 Limit combined file size Limits the size of combined files by checking Content-Length Header for a varible combined_file_sizes.
920420 Check content-type header against allow list Restrict Content Types by checking the variable allowed_request_content_type.
920430 Request protocol version restriction Restrict protocol versions by using the variable allowed_http_versions.
920440 Restriction by file extension Restrict file extensions using the variable restricted_extensions.
920450 Restricted HTTP headers The use of certain headers is restricted. They are listed in the variable restricted_headers.
920470 Restrict Content Type Restrict Content Types by checking the content-type header.
920480 Charset restriction in content-type Restrict charset in Content Types by checking the variable allowed_request_content_type_charset.
920500 Detect backup or working files Detect backup or working files.
921110 HTTP Request Smuggling Looks for CR/LF characters in combination with HTTP / WEBDAV.
921120, 921130 HTTP Response Splitting Looks for CR/LF characters, may cause problems if the data is returned in a respones header and may be interpreted by an intermediary proxy server and treated as two separate responses.
921140 HTTP Header Injection These rules look for Carriage Return (CR) %0d and Linefeed (LF) %0a characters, on their own or in combination with header field names. These characters may cause problems if the data is returned in a respones header and interpreted by the client.
921150, 921160 Argument Newline Detection Detect newlines in argument names.
921151 Newline in GET Args Detect newlines in GET arguments which may point to HTTP header injection attacks.
921190 HTTP Splitting This rule detect \n or \r in the REQUEST FILENAME.
930100 Directory Traversal Attacks Directory Traversal Attacks, Encoded, /../ and Payloads.
930110 Directory Path Traversal Attacks Directory Path Traversal Attack /../ and Payloads.
930120 OS File Access Attempt OS File Access Attempt, Cookies and Arguments.
930130 Restricted File Access Restricted File Access. Detects attempts to retrieve application source code, metadata, credentials and version control history possibly reachable in a web root.
931100 Remote File Inclusion (RFI) Attempt: RFI Attack URL Parameter using IP Address Remote File Inclusion (RFI). These rules look for common types of Remote File Inclusion (RFI) attack methods. Possible RFI Attack: URL Parameter using IP Address.
931110 Remote File Inclusion (RFI) Attempt: RFI Attack: Common RFI Vulnerable Parameter Name used w/URL Payload Remote File Inclusion (RFI). These rules look for common types of Remote File Inclusion (RFI) attack methods. Possible RFI Attack: Common RFI Vulnerable Parameter Name used w/URL Payload.
931120 Remote File Inclusion (RFI) Attempt: RFI Attack: URL Payload Used w/Trailing Question Mark Character (?) Remote File Inclusion (RFI). These rules look for common types of Remote File Inclusion (RFI) attack methods. Possible RFI Attack: URL Payload Used w/Trailing Question Mark Character (?)
931130 Remote File Inclusion (RFI) Attempt: RFI Attack: Off-Domain Reference/Link Remote File Inclusion (RFI). These rules look for common types of Remote File Inclusion (RFI) attack methods. Possible RFI Attack: Off-Domain Reference/Link
932100 Remote Command Execution (RCE) Attempt: RCE Unix Command Injection Remote Command Execution (RCE) Attempt: RCE Unix Command Injection the vulnerability exists when an application executes a shell command without proper input escaping/validation.
932105 Remote Command Execution (RCE) Attempt: RCE Unix Command Injection Remote Command Execution (RCE) Attempt: RCE Unix Command Injection the vulnerability exists when an application executes a shell command without proper input escaping/validation.
932106 Unix Command Injection Detects several Unix command injections (and its attempts of obfuscation and evasion). The vulnerability exists when an application executes a shell command without proper input escaping/validation.
932110 Remote Command Execution (RCE) Attempt: RCE Windows command injection Remote Command Execution (RCE) Attempt: RCE This rule Detects Windows shell command injections. If you are not running Windows, it is safe to disable this rule.
932115 Remote Command Execution (RCE) Attempt: RCE Windows command injection Remote Command Execution (RCE) Attempt: RCE This rule Detects Windows shell command injections. If you are not running Windows, it is safe to disable this rule.
932120 Remote Command Execution (RCE) Attempt: RCE Windows PowerShell, cmdlets and options Remote Command Execution (RCE) Attempt: RCE Detect some common PowerShell commands, cmdlets and options.These commands should be relatively uncommon in normal text, but potentially useful for code injection. If you are not running Windows, it is safe to disable this rule.
932130 Remote Command Execution (RCE) Attempt: Unix shell expressions Remote Command Execution (RCE) Attempt: RCE Unix Shell Expression Found. Detects the following patterns which are common in Unix shell scripts and oneliners: Command substitution, Parameter expansion, Process substitution, Arithmetic expansion
932140 Remote Command Execution (RCE) Attempt: RCE Windows FOR, IF commands Remote Command Execution (RCE) Attempt: RCE Windows FOR/IF Command Found. This rule Detects Windows command shell FOR and IF commands. If you are not running Windows, it is safe to disable this rule.
932150 Remote Command Execution (RCE) Attempt: RCE Unix direct remote command execution Remote Command Execution (RCE) Attempt: RCE Direct Unix Command execution Found.This case is different from command injection (rule 932100), where a command string is appended (injected) to a regular parameter, and then passed to a shell unescaped.
932160 Remote Command Execution (RCE) Attempt: RCE Unix shell snippets Remote Command Execution (RCE) Attempt: RCE Unix Shell Code Found. Detect some common sequences found in shell commands and scripts.
932170 Remote Command Execution (RCE) Attempt: Shellshock vulnerability (CVE-2014-6271 and CVE-2014-7169) Remote Command Execution (RCE) Attempt: RCE Detect exploitation of "Shellshock" GNU Bash RCE vulnerability. Based on ModSecurity rules created by Red Hat.
932171 Remote Command Execution (RCE) Attempt: Shellshock vulnerability (CVE-2014-6271 and CVE-2014-7169) Remote Command Execution (RCE) Attempt: RCE Detect exploitation of "Shellshock" GNU Bash RCE vulnerability. Based on ModSecurity rules created by Red Hat.
932180 Restricted File Upload Detects attempts to upload a file with a forbidden filename. Many application contain Unrestricted File Upload vulnerabilities. These might be abused to upload configuration files or other files that affect the behavior of the web server, possibly causing remote code execution.
932190 Remote Command Execution - OS File Access Attempt A Remote Command Execution (RCE) could be exploited bypassing rule 93012032 (OS File Access Attempt) by using wildcard characters. Keep in mind that this rule could lead to many false positives.
933100 PHP Injection Attacks: PHP Open Tag Found PHP Injection Attacks: Detects PHP open tags "<?" and "<?php". Also Detects "[php]", "[/php]" and "[\php]" tags used by some applications to indicate PHP dynamic content.
933110 PHP Injection Attacks: PHP Script Uploads PHP Injection Attacks: Block file uploads with PHP extensions (.php, .php5, .phtml and so on), also block files with just dot (.) characters after the extension. Many application contain Unrestricted File Upload vulnerabilities. Attackers may use such a vulnerability to achieve remote code execution by uploading a .php file.Some AJAX uploaders use the nonstandard request headers X-Filename, X_Filename, or X-File-Name to transmit the file name to the server; scan these request headers as well as multipart/form-data file names.
933111 PHP Injection Attacks: PHP Script Uploads: Superfluous extension PHP Injection Attacks: PHP Script Uploads - Superfluous extension. Block file uploads with PHP extensions (.php, .php5, .phtml and so on) anywhere in the name, followed by a dot.
933120 PHP Injection Attacks: PHP Configuration Directives PHP Injection Attacks: Configuration Directive Found
933130 PHP Injection Attacks: PHP Variables PHP Injection Attacks: Variables Found
933131 PHP Injection Attacks: PHP Variables - Common Variable Indexes PHP Injection Attacks: Common Variable Indexes
933140 PHP Injection Attacks: PHP I/O Streams PHP Injection Attacks: Variables Found. The "php://" syntax can be used to refer to various objects, such as local files (for LFI), remote urls (for RFI), or standard input/request body. Its occurrence indicates a possible attempt to either inject PHP code or exploit a file inclusion vulnerability in a PHP web app.
933150 PHP Injection Attacks: High-Risk PHP Function Names PHP Injection Attacks: High-Risk PHP Function Names, Approx. 40 words highly common to PHP injection payloads and extremely rare in natural language or other contexts. Examples: 'base64_decode', 'file_get_contents'.
933151 PHP Injection Attacks: Medium-Risk PHP Function Names PHP Injection Attacks: Medium-Risk PHP Function Names, Medium-Risk PHP injection payloads and extremely rare in natural language or other contexts.
933160 PHP Injection Attacks: High-Risk PHP Function Calls PHP Injection Attacks: High-Risk PHP Function Calls, some PHP function names have a certain risk of false positives, due to short names, full or partial overlap with common natural language terms, uses in other contexts, and so on. Some examples are 'eval', 'exec', and 'system'.
933161 PHP Injection Attacks: PHP Functions - Low-Value PHP Function Calls PHP Injection Attacks: PHP Functions - Low-Value PHP Function Calls. Most of these function names are likely to cause false positives in natural text or common parameter values, such as 'abs', 'copy', 'date', 'key', 'max', 'min'. Therefore, these function names are not to be used if high false positives are expected.
933170 PHP Injection Attacks: PHP Object Injection PHP Injection Attacks: PHP Object Injection, is an application level vulnerability that could allow an attacker to perform different kinds of malicious attacks, such as Code Injection, SQL Injection, Path Traversal and Application Denial of Service, depending on the context. The vulnerability occurs when user-supplied input is not properly sanitized before being passed to the unserialize() PHP function.
933180 PHP Injection Attacks: PHP Functions - Variable Function Calls PHP Injection Attacks: PHP Functions - Variable Function Calls, PHP 'variable functions' provide an alternate syntax for calling PHP functions. An attacker may use variable function syntax to evade detection of function names during exploitation of a remote code execution vulnerability.
933190 PHP Injection Attacks: PHP Closing Tag Found PHP Injection Attacks: PHP Closing Tag Found.
933200 PHP Injection Attacks: PHP Wrappers PHP Injection Attacks: PHP Wrappers, PHP comes with many built-in wrappers for various URL-style protocols for use with the filesystem functions such as fopen(), copy(), file_exists() and filesize(). Abusing of PHP wrappers like phar://, zlib://, glob://, rar://, zip://, and so on... could lead to LFI and expect:// to RCE.
933210 PHP Injection Attacks: PHP Functions - Variable Function Prevent Bypass PHP Injection Attacks: PHP Functions - Variable Function Calls. This rule blocks bypass filter payloads.
934100 Insecure unserialization Remote Code Execution Detects generic Remote Code Executions on Insecure unserialiazation. Detects CVE-2017-5941
941100 Cross-Site Scripting (XSS) Attempt: Libinjection - XSS Detection Cross-Site Scripting (XSS) Attempt: Detects XSS Libinjection
941101 Cross-Site Scripting (XSS) Attempt: SS Attack Detected via libinjection Cross-Site Scripting (XSS) Attempt: SS Attack Detected via libinjection
941110 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 1 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 1. Script tag based XSS vectors, e.g., <script> alert(1)</script>
941120 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 2 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 2. XSS vectors making use of event handlers like onerror, onload and so on, e.g., <body onload="alert(1)">
941130 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 3 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 3. XSS vectors making use of Attribute Vectors
941140 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 4 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 4. XSS vectors making use of javascript URI and tags, e.g., <p style="background:url(javascript:alert(1))">
941150 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 5 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 5. HTML attribues - src, style and href
941160 Cross-Site Scripting (XSS) Attempt: NoScript XSS Filters Cross-Site Scripting (XSS) Attempt: NoScript XSS Filters, NoScript InjectionChecker - HTML injection
941170 Cross-Site Scripting (XSS) Attempt: NoScript XSS Filters Cross-Site Scripting (XSS) Attempt: NoScript XSS Filters, NoScript InjectionChecker - Attributes injection
941180 Cross-Site Scripting (XSS) Attempt: Blacklist Keywords from Node-Validator Cross-Site Scripting (XSS) Attempt: Blacklist Keywords from Node-Validator
941190 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
941200 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
941210 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
941220 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
941230 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
941240 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
941250 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
941260 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
941270 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
941280 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
941290 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
941300 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
941310 Cross-Site Scripting (XSS) Attempt: US-ASCII encoding bypass listed on XSS filter evasion Cross-Site Scripting (XSS) Attempt: US-ASCII encoding bypass listed on XSS filter evasion.
941320 Cross-Site Scripting (XSS) Attempt: HTML Tag Handler Cross-Site Scripting (XSS) Attempt: HTML Tag Handler
941330 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
941340 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
941350 Cross-Site Scripting (XSS) Attempt: UTF-7 encoding XSS filter evasion for IE Cross-Site Scripting (XSS) Attempt: UTF-7 encoding XSS filter evasion for IE.
941360 Cross-Site Scripting (XSS) Attempt: Defend against JSFuck and Hieroglyphy obfuscation of Javascript code Cross-Site Scripting (XSS) Attempt: Defend against JSFuck and Hieroglyphy obfuscation of Javascript code.
941370 Cross-Site Scripting (XSS) Attempt: Prevent 94118032 bypass by using JavaScript global variables Cross-Site Scripting (XSS) Attempt: Prevent 94118032 bypass by using JavaScript global variables.
941380 Cross-Site Scripting (XSS) Attempt: Defend against AngularJS client side template injection Cross-Site Scripting (XSS) Attempt: Defend against AngularJS client side template injection.
942100 SQL Injection (SQLi) Libinjection Detection SQL Injection (SQLi) Attempt: SQLi Filters via libinjection.
942101 SQL Injection (SQLi) Libinjection SQL Injection (SQLi) Attempt: Detects SQLi using libinjection.
942110 SQL Injection (SQLi) String termination/ Statement ending injection SQL Injection (SQLi) Attempt: String termination/ Statement ending injection detection also detects CVE-2018-2380.
942120 SQL Injection (SQLi) SQL operators SQL Injection (SQLi) Attempt: SQL operators detection also detects CVE-2018-2380.
942130 SQL Injection (SQLi) SQL Tautologies SQL Injection (SQLi) Attempt: SQL Tautologies detection
942140 SQL Injection (SQLi) Detect DB Names SQL Injection (SQLi) Attempt: SQLi Filters via DB Names
942150 SQL Injection (SQLi) SQL Function Names SQL Injection (SQLi) Attempt: SQL Function Names detection also detects CVE-2018-2380.
942160 SQL Injection (SQLi) PHPIDS SQLi Filters SQL Injection (SQLi) Attempt: SQLi Filters via PHPIDS.
942170 SQL Injection (SQLi) SQL benchmark and sleep injections SQL Injection (SQLi) Attempt: SQL benchmark and sleep injection detection.
942180 SQL Injection (SQLi) Basic SQL auth bypass SQL Injection (SQLi) Attempt: Basic SQL authentication bypass detection.
942190 SQL Injection (SQLi) MSSQL code execution and info gathering SQL Injection (SQLi) Attempt: MSSQL code execution and info gathering detection.
942200 SQL Injection (SQLi) MySQL comment-/space-obfuscated injections and backtick termination SQL Injection (SQLi) Attempt: MySQL comment-/space-obfuscated injections and backtick termination detection.
942210 SQL Injection (SQLi) chained SQL injection attempts SQL Injection (SQLi) Attempt: chained SQL injection attempts detection.
942220 SQL Injection (SQLi) Integer overflow attacks SQL Injection (SQLi) Attempt: Integer Overflow attack detection.
942230 SQL Injection (SQLi) Conditional SQL injections SQL Injection (SQLi) Attempt: Conditional SQL injection detection.
942240 SQL Injection (SQLi) MYSQL charset/ MSSQL DOS SQL Injection (SQLi) Attempt: MYSQL charset/ MSSQL DOS detection.
942250 SQL Injection (SQLi) Merge / Execute / Immediate injections SQL Injection (SQLi) Attempt: MERGE / EXECUTE / IMMEDIATE injections detection.
942251 SQL Injection (SQLi) SQL HAVING queries SQL Injection (SQLi) Attempt: Detects SQL HAVING queries.
942260 SQL Injection (SQLi) basic SQL auth bypass SQL Injection (SQLi) Attempt: basic SQL authentication bypass detection.
942270 SQL Injection (SQLi) Common SQLi attacks for various dbs SQL Injection (SQLi) Attempt: Common attacks against msql, oracle, and other dbs detection.
942280 SQL Injection (SQLi) pg_sleep injection/ waitfor delay/ database shutdown SQL Injection (SQLi) Attempt: pg_sleep injection/ waitfor delay attack/ database shutdown detection.
942290 SQL Injection (SQLi) MongoDB SQLi SQL Injection (SQLi) Attempt: MongoDB SQL injection detection.
942300 SQL Injection (SQLi) MySQL comments, conditions and ch(a)r injections SQL Injection (SQLi) Attempt: MySQL comments, conditions and ch(a)r injections detection.
942310 SQL Injection (SQLi) chained SQL injection SQL Injection (SQLi) Attempt: chained SQL injection detection.
942320 SQL Injection (SQLi) MYSQL/ PostgreSQL stored procedure and function injection SQL Injection (SQLi) Attempt: MYSQL/ PostgreSQL stored procedure and function injection detection.
942330 SQL Injection (SQLi) classic SQL injection probings SQL Injection (SQLi) Attempt: classic SQL injection probings detection.
942340 SQL Injection (SQLi) basic SQL auth bypass attempts SQL Injection (SQLi) Attempt: basic SQL authentication bypass attempts detection.
942350 SQL Injection (SQLi) MYSQL UDF/ data structure manipulation SQL Injection (SQLi) Attempt: MYSQL UDF/ data structure manipulation detection.
942360 SQL Injection (SQLi) Concatenated SQLi and SQLLFI SQL Injection (SQLi) Attempt: Concatenated SQLi and SQLLF detection.
942361 SQL Injection (SQLi) basic SQL injection based on keyword alter or union SQL Injection (SQLi) Attempt: basic SQL injection based on keyword alter or union detection.
942370 SQL Injection (SQLi) classic SQL injection probings SQL Injection (SQLi) Attempt: classic SQL injection probings detection also detects CVE-2018-2380.
942380 SQL Injection (SQLi) SQL injection SQL Injection (SQLi) Attempt: SQL injection detection.
942390 SQL Injection (SQLi) SQL injection SQL Injection (SQLi) Attempt: SQL injection detection.
942400 SQL Injection (SQLi) SQL injection SQL Injection (SQLi) Attempt: SQL injection detection.
942410 SQL Injection (SQLi) SQL injection SQL Injection (SQLi) Attempt: SQL injection detection also detects CVE-2018-2380.
942420 SQL Injection (SQLi) SQL Injection Character Anomaly Usage SQL Injection (SQLi) Attempt: Detects when there is an excessive use of meta-characters within a single parameter payload.
942421 SQL Injection (SQLi) SQL Injection Character Anomaly Usage SQL Injection (SQLi) Attempt: Detects SQL Injection Character Anomaly Usage.
942430 SQL Injection (SQLi) Restricted SQL Character Anomaly Detection SQL Injection (SQLi) Attempt: This rules attempts to gauge when there is an excessive use of meta-characters within a single parameter payload. Also detects CVE-2018-2380.
942431 SQL Injection (SQLi) Restricted SQL Character Anomaly Detection SQL Injection (SQLi) Attempt: Restricted SQL Character Anomaly Detection also detects CVE-2018-2380.
942432 SQL Injection (SQLi) Restricted SQL Character Anomaly Detection SQL Injection (SQLi) Attempt: Restricted SQL Character Anomaly Detection also detects CVE-2018-2380.
942440 SQL Injection (SQLi) SQL Comment Sequence SQL Injection (SQLi) Attempt: Detects SQL Comment Sequence.
942450 SQL Injection (SQLi) SQL Hex Evasion Methods SQL Injection (SQLi) Attempt: Detects SQL Hex Evasion Methods.
942460 SQL Injection (SQLi) Repetitive Non-Word Characters SQL Injection (SQLi) Attempt: Detects when multiple (4 or more) non-word characters are repeated in sequence.
942470 SQL Injection (SQLi) SQL injection SQL Injection (SQLi) Attempt: SQL injection detection.
942480 SQL Injection (SQLi) SQL injection SQL Injection (SQLi) Attempt: SQL injection detection.
942490 SQL Injection (SQLi) classic SQL injection probings SQL Injection (SQLi) Attempt: Detects classic SQL injection probings.
942500 SQL Injection (SQLi) in-line comments SQL Injection (SQLi) Attempt: In-line comments detection.
942510 SQL Injection (SQLi) SQLi bypass: backticks SQL Injection (SQLi) Attempt: Detects quotes and backticks can be used to bypass SQLi detection.
942511 SQL Injection (SQLi) SQLi bypass: quotes SQL Injection (SQLi) Attempt: Detects quotes and backticks which can be used to bypass filters.
943100 Session Fixation cookie in HTML Detects Cookie Values in HTML which could be a session fixation attack
943110 Session Fixation Off-Domain Referer in SessionID Detects SessionID Parameter Name with Off-Domain Referer
943120 Session Fixation No Referer in SessionID Detects SessionID Parameter Name with No Referer
944100 Java attack Attempt: Apache Struts and Oracle WebLogic vulnerabilities Java attack Attempt: Apache Struts and Oracle WebLogic vulnerabilities
944110, 944120 Java attack Attempt: Apache Struts and Oracle WebLogic vulnerabilities and detect processbuilder or runtime calls Java attack Attempt: Apache Struts and Oracle WebLogic vulnerabilities, Java deserialization
944130 Java attack Attempt: Apache Struts and Oracle WebLogic vulnerabilities Java attack Attempt: Apache Struts and Oracle WebLogic vulnerabilities
944200 Java attack Attempt:Detect exploitation of "Java deserialization" Apache Commons Java attack Attempt: Detect exploitation of "Java deserialization" Apache Commons
944210 Java attack Attempt:Detecting possibe base64 text to match encoded magic bytes \xac\xed\x00\x05 with padding encoded in base64 strings are rO0ABQ KztAAU Cs7QAF Java attack Attempt: Detecting possibe base64 text to match encoded magic bytes \xac\xed\x00\x05 with padding encoded in base64 strings are rO0ABQ KztAAU Cs7QAF
944240 Java attack Attempt:Remote Command Execution: Java serialization Java attack Attempt: Remote Command Execution: Java serialization
944250 Java attack Attempt:SAP CRM Java vulnerability CVE-2018-2380 Java attack Attempt: SAP CRM Java vulnerability CVE-2018-2380
944300 Java attack Attempt:Interesting keywords for possibly RCE on vulnerable classess and methods base64 encoded Java attack Attempt: Interesting keywords for possibly RCE on vulnerable classess and methods base64 encoded
950001, 959070, 959071, 959072, 950908, 959073 Common SQL Injections Detects common SQL injection attacks
950002 Common system command access attempt Detect access attempts to common system commands, such as map, telnet, ftp, rcms, and cmd.
950005 Common system files access attempt Detects access attempts to common system files, such as access, passwd, groupm global.asa, httpd.conf, boot.ini, /and so on.
950006 Injection for common system commands Detects injections for common system commands such as telnet, map, blocalgroup, ftp, rcmd, echo, cmd, chmod, passwd, and mail.
950007 Blind SQL injection Detects common blind SQL injection attacks.
950008 ColdFusion Admin Functions Injection Detects injection of ColdFusion undocumented admin functions.
950009, 950003, 950000 Session fixation Session Fixation is an attack technique that forces a user's session ID to an explicit value. Depending on the functionality of the target web site, a number of techniques can be utilized to "fix" the session ID value. These techniques range from Cross-site Scripting exploits to peppering the web site with previously made HTTP requests. After a user's session ID has been fixed, the attacker will wait for that user to login. Once the user does so, the attacker uses the predefined session ID value to assume the same online identity.
950010 LDAP Injection Detects common LDAP data constructions injections.
950011 SSI Injection Detects common Server-Side-Include format data injections.
950012 HTTP Request Smuggling Detects specially crafted requests that under certain circumstances could be seen by the attacked entities as two different sets of requests. This allows certain requests to be smuggled through to a second entity without the first one realizing it.
950018 UPDF XSS Injection Detects submitted links that contains the # fragment in a query_string.
950019 Email Injection Detects mail command Injections targeting mail servers and webmail applications that construct IMAP/SMTP statements from user-supplied input that is not properly sanitized.
950103 Path/directory traversal Detects path traversal attempts, also known as directory traversal or "../" attacks.
950107, 950109, 950108 URL Encodings Validation Detects URL encoding inconsistencies, encoding abuse and invalid formatting.
950110, 950921, 950922 Trojan, Backdoor and Webshell Access Attempts Detects when an attacker attempts to access trojan, backdoor or webshell web page.
950116 Unicode Encoding/Decoding Validation Blocks full-width Unicode encoding as decoding evasions could be possible.
950117 URL Contains an IP Address Detects a common RFI attack, when URL contains an IP address.
950118 PHP include() function Detects a common RFI php include() function attacks.
950119 Data ends with question mark(s) (?) Detects a common RFI attack, when data ends with question mark(s) (?).
950120 Host doesn't match localhost Detects a common RFI attack, when Host Doesn't Match Local Host.
950801 UTF Encoding Validation Detects UTF encoding inconsistencies and invalid formatting.
950901 SQL Tautologies Detects common SQL tautologies attacks.
950907 OS Command Injection Detects OS command injection in an application to elevate privileges, execute arbitrary commands, compromise the underlying operating system and install malicious toolkits such as those to participate in botnet attacks.
950910, 950911 HTTP Response Splitting Detects Carriage Return + Linefeed characters in the response header that could cause attacked entities to interpret it as two separate responses instead of one.
958000 addimport XSS attack Detects usage of addimport in request, cookies, or arguments.
958001 document cookie XSS attack Detects usage of document.cookie in request, cookies, or arguments.
958002 execscript XSS attack Detects usage of execscript in request, cookies, or arguments.
958003 fromcharcode XSS attack Detects usage of fromcharcode in request, cookies, or arguments.
958004 innerhtml XSS attack Detects usage of innerhtml in request, cookies, or arguments.
958005 cdata XSS attack Detects usage of cdata in request, cookies, or arguments.
958006 body background XSS attack Detects usage of <body background in request, cookies, or arguments.
958007 onload XSS attack Detects usage of onload in request, cookies, or arguments.
958008 input type image XSS attack Detects usage of <input type image in request, cookies, or arguments.
958009 import XSS attack Detects usage of import in request, cookies, or arguments.
958010 activexobject XSS attack Detects usage of activexobject in request, cookies, or arguments.
958011 background-image: XSS attack Detects usage of background-image: in request, cookies, or arguments.
958012 copyparentfolder XSS attack Detects usage of copyparentfolder in request, cookies, or arguments.
958013 createtextrange XSS attack Detects usage of createtextrange in request, cookies, or arguments.
958016 getparentfolder XSS attack Detects usage of getparentfolder in request, cookies, or arguments.
958017 getspecialfolder XSS attack Detects usage of getspecialfolder in request, cookies, or arguments.
958018 href javascript: XSS attack Detects usage of href javascript: in request, cookies, or arguments.
958019 href schell XSS attack Detects usage of href schell in request, cookies, or arguments.
958020 href vbscript: XSS attack Detects usage of href vbscript: in request, cookies, or arguments.
958022 livescript: XSS attack Detects usage of livescript: in request, cookies, or arguments.
958023 lowsrc javascript: XSS attack Detects usage of lowsrc javascript: in request, cookies, or arguments.
958024 lowsrc shell XSS attack Detects usage of lowsrc shell in request, cookies, or arguments.
958025 lowsrc vbscript XSS attack Detects usage of lowsrc vbscript in request, cookies, or arguments.
958026 mocha: XSS attack Detects usage of mocha: in request, cookies, or arguments.
958027 onabort XSS attack Detects usage of onabort in request, cookies, or arguments.
958028 settimeout XSS attack Detects usage of settimeout in request, cookies, or arguments.
958030 src http: XSS attack Detects usage of src http: in request, cookies, or arguments.
958031 javascript: XSS attack Detects usage of javascript: in request, cookies, or arguments.
958032 src and shell XSS attack Detects usage of src and shell in request, cookies, or arguments.
958033 vbscript: XSS attack Detects usage of vbscript: in request, cookies, or arguments.
958034 style bexpression XSS attack Detects usage of style bexpression in request, cookies, or arguments.
958036 type application x-javascript XSS attack Detects usage of type application x-javascript in request, cookies, or arguments.
958037 type application x-vbscript XSS attack Detects usage of type application x-vbscript in request, cookies, or arguments.
958038 type text ecmascript XSS attack Detects usage of type text ecmascript in request, cookies, or arguments.
958039 type text javascript XSS attack Detects usage of type text javascript in request, cookies, or arguments.
958040 type text jscript XSS attack Detects usage of type text jscript in request, cookies, or arguments.
958041 type text vbscript XSS attack Detects usage of type text vbscript in request, cookies, or arguments.
958045 url javascript: XSS attack Detects usage of url javascript: in request, cookies, or arguments.
958046 url shell XSS attack Detects usage of <url shell in request, cookies, or arguments.
958047 url vbscript: XSS attack Detects usage of url vbscript: in request, cookies, or arguments.
958049 ?meta XSS attack Detects usage of ?meta in request, cookies, or arguments.
958051 ?script XSS attack Detects usage of < ?script in request, cookies, or arguments.
958052 alert XSS attack Detects usage of alert in request, cookies, or arguments.
958054 lowsrc and http: XSS attack Detects usage of lowsrc and http: in request, cookies, or arguments.
958056 iframe src XSS attack Detects usage of iframe src in request, cookies, or arguments.
958057 ?iframe XSS attack Detects usage of ?iframe in request, cookies, or arguments.
958059 asfunction: XSS attack Detects usage of asfunction: in request, cookies, or arguments.
958295 Connection Header Validation Detects connection header inconsistencies and invalid formatting
958404 onerror XSS attack Detects usage of onerror in request, cookies, or arguments.
958405 onblur XSS attack Detects usage of onblur in request, cookies, or arguments.
958406 onchange XSS attack Detects usage of onchange in request, cookies, or arguments.
958407 onclick XSS attack Detects usage of onclick in request, cookies, or arguments.
958408 ondragdrop XSS attack Detects usage of ondragdrop in request, cookies, or arguments.
958409 onfocus XSS attack Detects usage of onfocus in request, cookies, or arguments.
958410 onkeydown XSS attack Detects usage of onkeydown in request, cookies, or arguments.
958411 onkeypress XSS attack Detects usage of onkeypress in request, cookies, or arguments.
958412 onkeyup XSS attack Detects usage of onkeyup in request, cookies, or arguments.
958413 onload XSS attack Detects usage of onload in request, cookies, or arguments.
958414 onmousedown XSS attack Detects usage of onmousedown in request, cookies, or arguments.
958415 onmousemove XSS attack Detects usage of onmousemove in request, cookies, or arguments.
958416 bonmouseout XSS attack Detects usage of bonmouseout in request, cookies, or arguments.
958417 bonmouseover XSS attack Detects usage of bonmouseover in request, cookies, or arguments.
958418 onmouseup XSS attack Detects usage of onmouseup in request, cookies, or arguments.
958419 onmove XSS attack Detects usage of onmove in request, cookies, or arguments.
958420 onresize XSS attack Detects usage of onresize in request, cookies, or arguments.
958421 onselect XSS attack Detects usage of onselect in request, cookies, or arguments.
958422 onsubmit XSS attack Detects usage of onsubmit in request, cookies, or arguments.
958423 onunload XSS attack Detects usage of onunload in request, cookies, or arguments.
959151, 958976, 958977 php code injection Detects a common injections attack, when request contain any php code e.g. "<\?>"
960000 File Name Validation Detects multipart/form-data file name evasion attempts.
960007, 960008 Missing Host Header Detects missing request host header.
960009, 960006 Missing User-Agent Header Detects missing request user-agent header.
960010 Restrict HTTP Content Types Allows only such content types as: application/x-www-form-urlencoded, multipart/form-data, text/xml, application/xml, application/x-amf, application/json
960011 GET/HEAD Requests Validation Detects if GET/HEAD requests contain request body, since it is not a common practice.
960012 Content-Length Header Validation Detects if content-length header is provided with every POST request.
960013 Require Content-Length to be provided with every HTTP/1.1 POST request that has no Transfer-Encoding header Detect HTTP/1.1 request that do not comply with HTTP 1.1 spec by having no Content-Length header when Transfer-Encoding is also absent.
960014 URI Validation Ensures that URI and canonical server name are matching.
960015, 960021 Missing Accept Header Detects missing request accept header.
960016 Content-Length Header Validation Detects if content-length HTTP header is not numeric.
960017 Host Header Is IP Address Detects if host header is a numeric IP address as it could be an indicative of automated client access.
960020 Pragma Header Validation Ensures that pragma, cache-control headers and HTTP protocol version supplied by the client are matching.
960022 Expect Header Validation Ensures that expect header and HTTP protocol version supplied by the client are matching.
960024 Repeatative Non-Word Chars Attempts to identify when four or more non-word characters are repeated in sequence.
960032 Restrict HTTP Request Methods Allows only request methods specified by the configurable "Allowed http methods" parameter.
960034 Restrict HTTP Protocol Versions Allows only HTTP protocol versions HTTP/1.0 and HTTP/1.1.
960208 Values Limits Detects HTTP requests with value length exceeding the configurable "Max length of argument" parameter.
960209 Arguments Limits Detects HTTP requests with argument name length exceeding the 100 symbols.
960335 Number of Arguments Limits Detects HTTP requests with number of arguments exceeding the configurable "Max amount of arguments" value.
960341 Total Arguments Limits Detects HTTP requests with total length of all arguments exceeding the configurable "Max total argument length" parameter.
960901, 960018 Character Set Validation Ensures that only specific character set(s) is used.
960902 Content-Encoding Header Validation Ensures that identity is not specified in content-encoding header.
960904 Missing Content-Type Header Detects missing content-type header or if combination of content-length and content-type headers is invalid.
960911 Request Line Format Validation against the HTTP RFC Uses rule negation against the regex for positive security. The regex specifies the proper construction of URI request lines such as: "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]. It also outlines proper construction for CONNECT, OPTIONS and GET requests.
960912 Malformed request bodies Checks for Request body parsing errors.
960914 Strict Multipart Parsing Checks By default be strict with what we accept in the multipart/form-data request body. If the rule below proves to be too strict for your environment, consider changing it to Off.
960915 Multipart Unmatched Boundary Check Checks for signs of evasions during file upload requests.
970002 Statistics pages information leakage Detects statistics pages information leakage.
970003 SQL errors information leakage Detects SQL errors information leakage.
970004, 970904 IIS errors information leakage Detects IIS errors information leakage.
970007 Zope information leakage Detects Zope information leakage.
970008 ColdFusion information leakage Detects ColdFusion information leakage.
970009 PHP information leakage Detects PHP information leakage.
970010 ISA server existence revealed Detects if ISA server existence revealed.
970011 File and/or directory names leakage Detects file and/or directory names leakage.
970012, 970903 MS Office document properties leakage Detects MS Office document properties leakage.
970013 Directory listing information leakage Detects directory listing information leakage.
970014 ASP/JSP source code leakage Detects ASP/JSP source code leakage.
970015, 970902 PHP source code leakage Detects PHP source code leakage.
970016 ColdFusion source code leakage Detects ColdFusion source code leakage.
970018 IIS default location revealed Detects if IIS default location revealed.
970021 Weblogic information leakage Detects Weblogic information leakage.
970118 Microsoft OLE DB Provider Error page leakage Detects Microsoft OLE DB Provider for SQL Server error page.
970901 5XX Status code information leakage Detects if application generates 500-level status code, for example, 500 Internal Server Error, 501 Not Implemented...505 HTTP Version Not Supported.
973300, 973301, 973302 Common direct HTML injection Detects tags that are the most common direct HTML injection points.
973306 Embedding javascript in style attribute Detects embedding javascript in style attribute.
973307 Embedded Scripts Within JavaScript Fragments Detects common JavaScript fragments like fromcharcode, alert, eval that can be used for attacks.
973309, 973308 CSS Fragments attacks Detects common CSS fragments attacks like <div style="background-image: url(javascript:...)"> or <img style="x:expression(document.write(1))">
973310 Embedded Scripts Within Alert Fragments Detects attacks like alert('xss'), alert("xss"), alert(/xss/).
973311 String.fromCharCode(88,83,83) attacks Detects String.fromCharCode(88,83,83) attacks.
973312 '';!--"<XSS>=&{()} Attacks Detects '';!--"<XSS>=&{()} attacks.
973313 &{alert('xss')} attacks Detects &{alert('xss')} attacks.
973314 Doctype Entity inject Detects Doctype Entity inject attacks.
973331, 973315, 973330, 973327, 973326, 973346, 973345, 973324, 973323, 973322, 973348, 973321, 973320, 973318, 973317, 973347, 973335, 973334, 973333, 973344, 973332, 973329, 973328, 973316, 973325, 973319 Internet Explorer XSS Filters Detects common IE XSS attacks.
973336 Embedding Scripts Within Scripts Detects script tag based XSS vectors, for example, <script> alert(1)</script>.
973337, 973303 Embedded Scripts Within Event Handlers Detects event handler based XSS vectors, for example, <body onload="alert(1)">.
973338, 973304, 973305 Embedded Scripts Within URI Schemes Detects "data", "javascript", "src" or other URI schemes/attributes based XSS vectors, for example, <p style="background:url(javascript:alert(1))">
981004 Potential Obfuscated Javascript, fromCharCode Detects excessive fromCharCode Javascript in Output.
981005 Potential Obfuscated Javascript, Eval+Unescape Detects Potential Eval+Unescape in response.
981006 Potential Obfuscated Javascript, Unescape Detects Potential Unescape in response.
981007 Potential Obfuscated Javascript, Heap Spray Detects Potential Heap Spray in response.
981078, 920019, 920005, 920007, 920009, 920011, 920013, 920015, 920017 Credit card leakage in request Detects primary credit card numbers (Visa, MasterCard, GSA SmartPay, Americal Express, Diners Club, enRoute, Discover, JCB) in user input.
981080, 920020, 920006, 920008, 920010, 920012, 920014, 920016, 920018 Credit card leakage in response Detects primary credit card numbers (Visa, MasterCard, GSA SmartPay, Americal Express, Diners Club, enRoute, Discover, JCB) sent from site to user.
981136 Generic XSS attacks Detects common XSS attacks embedded within non-script elements, for example, jscript onsubmit copyparentfolder document javascript meta onchange onmove onkeydown onkeyup activexobject onerror onmouseup ecmascript bexpression onmouseover vbscript.
981172, 981173 SQL Character Anomaly Scoring Attempts to gauge when there is an excessive use of meta-characters within a single parameter payload.
981177, 981000, 981001, 981003 IFrame Injection Detects iframe injections that could execute malicious code to steal data, redirect to malware infected sites, load malware, and so on.
981227 Request URI Validation Detects invalid URI in request.
981231 SQL Comment Sequences Detects common SQL comment sequences, for example, DROP/*comment*/sampletable.
981240 MySQL comments, conditions Detects MySQL comments, conditions and ch(a)r injections.
981241 Conditional SQL injection attempts Detects conditional SQL injection attempts.
981242, 981243 Сlassic SQL injection probings Detects classic SQL injection probings.
981244, 981245, 981246 SQL authentication bypass attempts Detects basic SQL authentication bypass attempts.
981247 Concatenated basic SQL injection and SQLLFI attempts Detects concatenated basic SQL injection and SQLLFI attempts.
981248, 981249 Chained SQL injection attempts Detects chained SQL injection attempts.
981250 SQL benchmark and sleep injection attempts Detects SQL benchmark and sleep injection attempts including conditional queries.
981251 MySQL UDF injection Detects MySQL UDF injection and other data/structure manipulation attempts.
981252 MySQL charset switch and MSSQL DoS attempts Detects MySQL charset switch and MSSQL DoS attempts.
981253 MySQL and PostgreSQL stored procedure/function injections Detects MySQL and PostgreSQL stored procedure/function injections.
981254 PostgreSQL pg_sleep injection Detects PostgreSQL pg_sleep injection, waitfor delay attacks and database shutdown attempts.
981255 MSSQL code execution Detects MSSQL code execution and information gathering attempts.
981256 MATCH AGAINST, MERGE, EXECUTE IMMEDIATE and HAVING Detects MATCH AGAINST, MERGE, EXECUTE IMMEDIATE and HAVING injections.
981257 MySQL comment-/space-obfuscated Detects MySQL comment-/space-obfuscated injections and backtick termination.
981260 SQL Hex Evasion Methods Detects SQL hex encoding evasion attacks.
981270 MongoDB SQL injection Detects basic MongoDB SQL injection attempts.
981272 SQL injection using sleep() or benchmark() Detects blind SQL injection tests using sleep() or benchmark() functions.
981276 Common attack string for mysql, oracle Detects common attack string for mysql, oracle and others
981277 Integer overflow attacks Detects integer overflow attacks.
981300, 981301, 981302, 981303, 981304, 981305, 981306, 981307, 981308, 981309, 981310, 981311, 981312, 981313, 981314, 981315, 981316, 981317 SQL Keyword Anomaly Scoring Detects common SQL keywords anomalies.
981318 String Termination/Statement Ending Identifies common initial SQLi probing requests where attackers insert/append quote characters to the existing normal payload to see how the app/db responds.
981319 SQL Operators Detects common SQL operators injection attacks.
981320 DB Names Detects common DB names injection attacks.
1000000, 1000001, 1000002, 1000003, 1000004 Shellshock exploit attempt Detects the the ability to unintentionally execute commands in Bash. CVE-2014-6271
2017100 Apache Struts 2 Multipart parser CVE-2017-5638 Remote Code Execution Vulnerability Prevention Detects Apache Jakarta CVE-2017-5638 Remote Code Execution Vulnerability payload.
2018100 CVE-2018-6389 WordPress Parameter Resource Consumption Remote DoS WordPress Parameter Resource Consumption Remote DoS on jquery-ui-core.
2100019 /_layouts/scriptresx.ashx sections Parameter XSS Microsoft SharePoint /_layouts/scriptresx.ashx sections Parameter XSS
2100023 /owssrv.dll List Parameter XSS Microsoft SharePoint /owssrv.dll List Parameter XSS
2100026 _layouts/Chart/WebUI/WizardList.aspx skey Parameter XSS Microsoft SharePoint _layouts/Chart/WebUI/WizardList.aspx skey Parameter XSS
2100027 _layouts/themeweb.aspx XSS Microsoft SharePoint _layouts/themeweb.aspx ctl00$PlaceHolderMain$ctl82$customizeThemeSection$accent6 Parameter XSS
2100028 _layouts/inplview.aspx ListViewPageUrl Parameter XSS Microsoft SharePoint _layouts/inplview.aspx ListViewPageUrl Parameter XSS
2100032 owssrv.dll View Parameter XSS Microsoft SharePoint owssrv.dll View Parameter XSS
2100033 NewForm.aspx TextField_spSave Parameter XSS Microsoft SharePoint NewForm.aspx TextField_spSave Parameter XSS
2100034 /Lists/Calendar/calendar.aspx CalendarDate Parameter XSS Microsoft SharePoint /Lists/Calendar/calendar.aspx CalendarDate Parameter XSS
2100035 _layouts/Picker.aspx XSS Microsoft SharePoint _layouts/Picker.aspx ctl00$PlaceHolderDialogBodySection$ctl04$hiddenSpanData Parameter XSS
2100048 _layouts/help.aspx cid0 Parameter XSS Microsoft SharePoint _layouts/help.aspx cid0 Parameter XSS
2100062 _layouts/ScriptResx.ashx name Parameter LFI Microsoft SharePoint _layouts/ScriptResx.ashx name Parameter LFI
2100063 _layouts/OSSSearchResults.aspx k Parameter XSS Microsoft SharePoint _layouts/OSSSearchResults.aspx k Parameter XSS
2100069 wiki pages multiple Parameter XSS Microsoft SharePoint wiki pages multiple Parameter XSS (CVE-2013-3180)
2100070 /Lists/Links/AllItems.aspx XSS Microsoft SharePoint /Lists/Links/AllItems.aspx ctl00$m$g_2085a7 32_4692_4d3e_99d2_4d90ea5108d2$ctl00$ctl05$ctl00$ctl00$ctl00$ctl04$ctl00$ctl00$UrlFieldUrl Parameter XSS
2100082 Drupal - pre-auth SQL Injection Vulnerability A malicious user can inject arbitrary SQL queries, and thereby control the complete Drupal site. This leads to a code execution as well. Drupal 7.32 fixed this bug.
2100083 Gerber WebPDM XSS Vulnerability Cross-Site Scripting Vulnerability in Gerber WebPDM Product Data Management System
2100084 Gerber WebPDM SQL Injection Vulnerability SQL Injection Vulnerability in Gerber WebPDM Product Data Management System
2100085 High X-SharePointHealthScore Microsoft SharePoint High X-SharePointHealthScore - Potential DoS Attack/Availability Risk
2100086 Response Header Found Microsoft SharePoint SharePointError Response Header Found
2100087 x-virus-infected Response Header Found Microsoft SharePoint x-virus-infected Response Header Found
2100088 Rights Management (IRM) Error Response Header Found Microsoft SharePoint Information Rights Management (IRM) Error Response Header Found
2100089 /_layouts/mobile/editform.aspx XSS Microsoft SharePoint /_layouts/mobile/editform.aspx XSS
2100090 Microsoft OWA X-OWA-Error Response Header Found Microsoft OWA X-OWA-Error Response Header Found
2200924 IRC Botnet Attacks Detects common IRC Botnet Attack Commands
2250117, 2250118, 2250119 Common RFI attacks Detects a common types of Remote File Inclusion (RFI) attack
2250120 Local File Inclusion Attacks Detects common local file inclusion attacks like my $dir = "../../../../../../../../../../../../../"; or "http://".$site.$bug.$dir."/proc/self/environ%0000";
2250121 Local File Inclusion ENV Attack in User-Agent Detects Local File Inclusion ENV Attack in User-Agent
2250122 PHP Injection Attack Detects common php injection attacks like "send-contactus=1&author_name=[php]eval(base64_decode('".$code."'))%3Bdie%28%29%3B%5B%2Fphp%5D"
2250123 XML-RPC PHP Injection Attack Detects common XML-RPC PHP Injections like $exploit .= "echo'j13mb0t';".$code."echo'j13mb0t';exit;/*</name></value></param></params></methodCall>";
2250124 Botnet SQL Injection Attack Detects Botnet SQL Injections like $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cfin;
2250125 osCommerce File Upload Detects osCommerce file upload attacks like "http://".$site."admin/file_manager.php/login.php";
2250126 Oscommerce File Disclosure And Admin ByPass Detects Oscommerce File Disclosure And Admin ByPass
2250127 e107 Plugin my_gallery Exploit Detects e107 Plugin my_gallery Exploit "http://".$site."e107_plugins/my_gallery/image.php?file=../../e107_config.php"
2250128 Opencart Remote File Upload Vulnerability Detects Opencart Remote File Upload Vulnerability.
2250129 Zen Cart local file disclosure vulnerability Detects Zen Cart local file disclosure vulnerability.
2200925, 2200926 Detects HOIC DoS Tool requests Detects HOIC DoS Tool requests.
9300000 Local File Inclusion (LFI) Collaborative Group - LFI Filter Categories Local File Inclusion (LFI) Attempt: Directory Traversal Attacks - OS File Access.
9320000 Remote Code Execution (RCE) Collaborative Group - Unix RCE Filter Categories Remote Code Execution (RCE) Attempt: RCE Filters for Unix.
9320001 Remote Code Execution (RCE) Collaborative Group - Windows RCE Filter Categories Remote Code Execution (RCE) Attempt: RCE Filters for Windows.
9330000 PHP Injection Attacks Collaborative Group - PHP Filters Categories PHP Injection Attempt: PHP Filters - Detects PHP open tags "<?", "<?php", "[php]", "[/php]" and "[\php]" - PHP Script Uploads, PHP Config Directives, PHP Functions, PHP Object Injection.
9410000 Cross-Site Scripting (XSS) Collaborative Group - XSS Filters Categories Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 1.
9420000 SQL Injection (SQLi) Collaborative Group - SQLi Filters Categories SQL Injection (SQLi) Attempt: SQLi Filters via libinjection - Detect Database names - PHPIDS - Converted SQLI Filters.
9958291, 958230, 958231 Range Header Validation This rule inspects the Range request header to see if it starts with 0.
20182056 CVE-2003-1567 CVE-2004-2320 CVE-2010-0360 TRACE & CONNECT Attempts TRACE Method attempt
92010032 Request Line Format Validation against the HTTP RFC Uses rule negation against the regex for positive security. The regex specifies the proper construction of URI request lines such as: "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]. It also outlines proper construction for CONNECT, OPTIONS and GET requests.
92035032 Host Header Is IP Address Detects if host header is a numeric IP address as it could be an indicative of automated client access.
93010032 Local File Inclusion (LFI) - Directory Traversal - Encoded Payloads Local File Inclusion (LFI) Attempt: Directory Traversal Attacks - Encoded Payloads
93011032 Local File Inclusion (LFI) - Directory Traversal - Decoded Payloads Local File Inclusion (LFI) Attempt: Directory Traversal Attacks - Decoded Payloads
93012032 Local File Inclusion (LFI) - OS File Access Local File Inclusion (LFI) Attempt: OS File Access
93013032 Local File Inclusion (LFI) - Restricted File Access Local File Inclusion (LFI) Attempt: Restricted File Access
93110032 Remote File Inclusion (RFI) Attempt: RFI Attack URL Parameter using IP Address Remote File Inclusion (RFI). These rules look for common types of Remote File Inclusion (RFI) attack methods. Possible RFI Attack: URL Parameter using IP Address
93111032 Remote File Inclusion (RFI) Attempt: RFI Attack: Common RFI Vulnerable Parameter Name used w/URL Payload Remote File Inclusion (RFI). These rules look for common types of Remote File Inclusion (RFI) attack methods. Possible RFI Attack: Common RFI Vulnerable Parameter Name used w/URL Payload
93112032 Remote File Inclusion (RFI) Attempt: RFI Attack: URL Payload Used w/Trailing Question Mark Character (?) Remote File Inclusion (RFI). These rules look for common types of Remote File Inclusion (RFI) attack methods. Possible RFI Attack: URL Payload Used w/Trailing Question Mark Character (?)
93113032 Remote File Inclusion (RFI) Attempt: RFI Attack: Off-Domain Reference/Link Remote File Inclusion (RFI). These rules look for common types of Remote File Inclusion (RFI) attack methods. Possible RFI Attack: Off-Domain Reference/Link
93210032 Unix Command Injection Detects several Unix command injections (and its attempts of obfuscation and evasion). The vulnerability exists when an application executes a shell command without proper input escaping/validation. This rule is also triggered by an Oracle WebLogic Remote Command Execution exploit.
93210532 Unix Command Injection Detects several Unix command injections (and its attempts of obfuscation and evasion). The vulnerability exists when an application executes a shell command without proper input escaping/validation.
93211032 Windows Command Injection This rule Detects Windows shell command injections (and its attempts of obfuscation and evasion). The vulnerability exists when an application executes a shell command without proper input escaping/validation.
93211532 Windows Command Injection This rule Detects Windows shell command injections (and its attempts of obfuscation and evasion). The vulnerability exists when an application executes a shell command without proper input escaping/validation.
93212032 Windows PowerShell Injection - cmdlets and options Detect some common PowerShell commands, cmdlets and options. These commands should be relatively uncommon in normal text, but potentially useful for code injection.
93213032 Unix Shell Script Expressions and Oneliners. Detects common Unix Shell Expressions used in Shell Scripts and Oneliners, such as "$(foo), ${foo}, <(foo), >(foo), $((foo)), among others"
93214032 Windows Command Shell Injection - FOR and IF commands This rule Detects Windows command shell FOR and IF commands.
93215032 Unix Direct Remote Command Execution Detects Unix commands at the start of a parameter (direct RCE). Example: foo=wget%20www.example.com. This case is different from command injection (rule 93210032), where a command string is appended (injected) to a regular parameter, and then passed to a shell unescaped. This rule is also triggered by an Oracle WebLogic Remote Command Execution exploit.
93216032 Unix Shell Snippets Injection Detect some common sequences found in shell commands and scripts. This rule is also triggered by an Apache Struts Remote Code Execution, and Oracle WebLogic Remote Command Execution exploits.
93217032, 93217132 GNU Bash RCE Shellshock Vulnerability (CVE-2014-6271 and CVE-2014-7169) Detect exploitation of "Shellshock" GNU Bash RCE vulnerability. Based on ModSecurity rules created by Red Hat.
93310032 PHP Injection Attacks: PHP Open Tag Found PHP Injection Attacks: Detects PHP open tags "<?" and "<?php". Also Detects "[php]", "[/php]" and "[\php]" tags used by some applications to indicate PHP dynamic content.
93311032 PHP Injection Attacks: PHP Script Uploads PHP Injection Attacks: Block file uploads with PHP extensions (.php, .php5, .phtml and so on), also block files with just dot (.) characters after the extension. Many application contain Unrestricted File Upload vulnerabilities. Attackers may use such a vulnerability to achieve remote code execution by uploading a .php file.Some AJAX uploaders use the nonstandard request headers X-Filename, X_Filename, or X-File-Name to transmit the file name to the server; scan these request headers as well as multipart/form-data file names.
93311132 PHP Injection Attacks: PHP Script Uploads - Superfluous extension PHP Injection Attacks: PHP Script Uploads - Superfluous extension. Block file uploads with PHP extensions (.php, .php5, .phtml and so on) anywhere in the name, followed by a dot.
93312032 PHP Injection Attacks: PHP Configuration Directives PHP Injection Attacks: Configuration Directive Found
93313032 PHP Injection Attacks: PHP Variables PHP Injection Attacks: Variables Found
93313132 PHP Injection Attacks: PHP Variables - Common Variable Indexes PHP Injection Attacks: Common Variable Indexes
93314032 PHP Injection Attacks: PHP I/O Streams PHP Injection Attacks: Variables Found. The "php://" syntax can be used to refer to various objects, such as local files (for LFI), remote urls (for RFI), or standard input/request body. Its occurrence indicates a possible attempt to either inject PHP code or exploit a file inclusion vulnerability in a PHP web app.
93315032 PHP Injection Attacks: High-Risk PHP Function Names PHP Injection Attacks: High-Risk PHP Function Names, Approximately 40 words highly common to PHP injection payloads and extremely rare in natural language or other contexts. Examples: 'base64_decode', 'file_get_contents'.
93315132 PHP Injection Attacks: Medium-Risk PHP Function Names PHP Injection Attacks: Medium-Risk PHP Function Names, Medium-Risk PHP injection payloads and extremely rare in natural language or other contexts. This includes most PHP functions and keywords.
93316032 PHP Injection Attacks: High-Risk PHP Function Calls PHP Injection Attacks: High-Risk PHP Function Calls, some PHP function names have a certain risk of false positives, due to short names, full or partial overlap with common natural language terms, uses in other contexts, and so on. Some examples are 'eval', 'exec', and 'system'.
93316132 PHP Injection Attacks: PHP Functions - Low-Value PHP Function Calls PHP Injection Attacks: PHP Functions - Low-Value PHP Function Calls. Most of these function names are likely to cause false positives in natural text or common parameter values, such as 'abs', 'copy', 'date', 'key', 'max', 'min'. Therefore, these function names are not scanned in lower paranoia levels or if high false positives are expected.
93317032 PHP Injection Attacks: PHP Object Injection PHP Injection Attacks: PHP Object Injection, is an application level vulnerability that could allow an attacker to perform different kinds of malicious attacks, such as Code Injection, SQL Injection, Path Traversal and Application Denial of Service, depending on the context. The vulnerability occurs when user-supplied input is not properly sanitized before being passed to the unserialize() PHP function.
93318032 PHP Injection Attacks: PHP Functions - Variable Function Calls PHP Injection Attacks: PHP Functions - Variable Function Calls, PHP 'variable functions' provide an alternate syntax for calling PHP functions. An attacker may use variable function syntax to evade detection of function names during exploitation of a remote code execution vulnerability.
94110032 Cross-Site Scripting (XSS) Attempt: Libinjection - XSS Detection Cross-Site Scripting (XSS) Attempt: Detects XSS Libinjection.
94110132 Cross-Site Scripting (XSS) Attempt: SS Attack Detected via libinjection Cross-Site Scripting (XSS) Attempt: SS Attack Detected through libinjection.
94111032 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 1 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 1. Script tag based XSS vectors, for example, <script> alert(1)</script>
94112032 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 2 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 2. XSS vectors making use of event handlers like onerror, onload and so on, for example, <body onload="alert(1)">
94113032 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 3 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 3. XSS vectors making use of Attribute Vectors
94114032 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 4 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 4. XSS vectors making use of javascript URI and tags, for example, <p style="background:url(javascript:alert(1))">
94115032 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 5 Cross-Site Scripting (XSS) Attempt: XSS Filters - Category 5. HTML attribues - src, style, and href
94116032 Cross-Site Scripting (XSS) Attempt: NoScript XSS Filters Cross-Site Scripting (XSS) Attempt: NoScript XSS Filters, NoScript InjectionChecker - HTML injection
94117032 Cross-Site Scripting (XSS) Attempt: NoScript XSS Filters Cross-Site Scripting (XSS) Attempt: NoScript XSS Filters, NoScript InjectionChecker - Attributes injection
94118032 Cross-Site Scripting (XSS) Attempt: Blacklist Keywords from Node-Validator Cross-Site Scripting (XSS) Attempt: Blacklist Keywords from Node-Validator
94119032 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
94120032 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
94121032 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
94122032 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
94123032 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
94124032 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
94125032 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
94126032 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
94127032 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
94128032 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
94129032 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
94130032 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
94131032 Cross-Site Scripting (XSS) Attempt: US-ASCII encoding bypass listed on XSS filter evasion Cross-Site Scripting (XSS) Attempt: US-ASCII encoding bypass listed on XSS filter evasion
94132032 Cross-Site Scripting (XSS) Attempt: HTML Tag Handler Cross-Site Scripting (XSS) Attempt: HTML Tag Handler
94133032 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
94134032 Cross-Site Scripting (XSS) Attempt: XSS Filters from Internet Explorer Cross-Site Scripting (XSS) Attempt: XSS Filters from IE
94135032 Cross-Site Scripting (XSS) Attempt: UTF-7 encoding XSS filter evasion for IE Cross-Site Scripting (XSS) Attempt: UTF-7 encoding XSS filter evasion for IE.
201710271 CVE-2017-10271 Oracle WebLogic Remote Code Execution in versions (10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0) Oracle WebLogic remote code execution in versions (10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0) - CVE-2017-10271
201821375 CVE-2012-0209, Remote Execution Backdoor Attempt Against Horde Remote Execution Backdoor Attempt Against Horde
201821438 CVE-2012-1723, CVE-2012-1889, CVE-2012-4681, Blackhole exploit kit JavaScript carat string splitting with hostile applet Blackhole exploit kit JavaScript carat string splitting with hostile applet
201822063 CVE-2012-1823, CVE-2012-2311, CVE-2012-2335, CVE-2012-2336, PHP-CGI remote file include attempt PHP-CGI remote file include attempt
201826834 CVE-2012-4681, CVE-2012-5076, CVE-2013-2423, Sweet Orange exploit kit landing page in.php base64 uri Sweet Orange exploit kit landing page in.php base64 uri
201826947 CVE-2013-2423, DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download
201826948 CVE-2013-1493, DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download DotkaChef/Rmayana/DotCache exploit kit inbound java exploit download
201827040 CVE-2013-0422, CVE-2013-2423, Styx exploit kit plugin detection connection jorg Styx exploit kit plugin detection connection jorg
201841409 CVE-2017-3823, CVE-2017-6753, Cisco WebEx explicit use of web plugin Cisco WebEx explicit use of web plugin
201843811 CVE-2017-9812, Kaspersky Linux File Server WMC directory traversal attempt Kaspersky Linux File Server WMC directory traversal attempt
201843812 CVE-2017-9812, Kaspersky Linux File Server WMC directory traversal attempt Kaspersky Linux File Server WMC directory traversal attempt
201843813 CVE-2017-9813, Kaspersky Linux File Server WMC cross site scripting attempt Kaspersky Linux File Server WMC cross site scripting attempt
201846316 CVE-2018-7600, CVE-2018-7602, Drupal 8 remote code execution attempt Drupal 8 remote code execution attempt
201846451 CVE-2018-7600, CVE-2018-7602, Drupal unsafe internal attribute remote code execution attempt Drupal unsafe internal attribute remote code execution attempt
201919781 CVE-2019-19781 Citrix Application Delivery Controller(ADC) Path Traversal Vulnerability SERVER-WEBAPP Citrix ADC NSC_USER directory traversal attempt. Versions (10.5, 11.1, 12.0, 12.1, and 13.0) - CVE-2019-19781
201939743 SERVER-WEBAPP Dell SonicWall GMS set_time_config XMLRPC method command injection attempt SERVER-WEBAPP Dell SonicWall GMS set_time_config XMLRPC method command injection attempt
201945493 SERVER-WEBAPP Seagate Personal Cloud getLogs.psp command injection attempt SERVER-WEBAPP Seagate Personal Cloud getLogs.psp command injection attempt
201945494 SERVER-WEBAPP Seagate Personal Cloud uploadTelemetry.psp command injection attempt SERVER-WEBAPP Seagate Personal Cloud uploadTelemetry.psp command injection attempt
201945495 SERVER-WEBAPP Seagate Personal Cloud getLogs.psp command injection attempt SERVER-WEBAPP Seagate Personal Cloud getLogs.psp command injection attempt
201945496 SERVER-WEBAPP Seagate Personal Cloud uploadTelemetry.psp command injection attempt SERVER-WEBAPP Seagate Personal Cloud uploadTelemetry.psp command injection attempt
201945526 SERVER-WEBAPP AsusWRT vpnupload.cgi unauthenticated NVRAM configuration modification attempt SERVER-WEBAPP AsusWRT vpnupload.cgi unauthenticated NVRAM configuration modification attempt
201945911 SERVER-WEBAPP ManageEngine Applications Manager testCredential.do command injection attempt SERVER-WEBAPP ManageEngine Applications Manager testCredential.do command injection attempt
201945912 SERVER-WEBAPP ManageEngine Applications Manager testCredential.do command injection attempt SERVER-WEBAPP ManageEngine Applications Manager testCredential.do command injection attempt
201945913 SERVER-WEBAPP ManageEngine Applications Manager testCredential.do command injection attempt SERVER-WEBAPP ManageEngine Applications Manager testCredential.do command injection attempt
201945984 SERVER-WEBAPP Joomla component Jimtawl 2.2.5 arbitrary PHP file upload attempt SERVER-WEBAPP Joomla component Jimtawl 2.2.5 arbitrary PHP file upload attempt
201946024 SERVER-WEBAPP multiple vendor calendar application id parameter SQL injection attempt SERVER-WEBAPP multiple vendor calendar application id parameter SQL injection attempt
201946025 SERVER-WEBAPP multiple vendor calendar application id parameter SQL injection attempt SERVER-WEBAPP multiple vendor calendar application id parameter SQL injection attempt
201946026 SERVER-WEBAPP EventManager page.php sql injection attempt SQL injection attempt SERVER-WEBAPP EventManager page.php sql injection attempt SQL injection attempt
201946027 SERVER-WEBAPP EventManager page.php sql injection attempt SQL injection attempt SERVER-WEBAPP EventManager page.php sql injection attempt SQL injection attempt
201946028 SERVER-WEBAPP Joomla JE PayperVideo extension SQL injection attempt SERVER-WEBAPP Joomla JE PayperVideo extension SQL injection attempt
201946029 SERVER-WEBAPP Joomla jextn-classifieds SQL injection attempt SERVER-WEBAPP Joomla jextn-classifieds SQL injection attempt
201946030 SERVER-WEBAPP Joomla jextn-classifieds SQL injection attempt SERVER-WEBAPP Joomla jextn-classifieds SQL injection attempt
201946041 SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt
201946042 SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt
201946043 SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt
201946044 SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt
201946045 SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt
201946046 SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt SERVER-WEBAPP Joomla Component JMS Music 1.1.1 SQL injection attempt
201946062 SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt
201946063 SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt
201946064 SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt SERVER-WEBAPP Joomla JEXTN Membership extension SQL injection attempt
201946087 SERVER-WEBAPP Joomla JEXTN Reverse Auction extension SQL injection attempt SERVER-WEBAPP Joomla JEXTN Reverse Auction extension SQL injection attempt
201946088 SERVER-WEBAPP Joomla JEXTN Reverse Auction extension SQL injection attempt SERVER-WEBAPP Joomla JEXTN Reverse Auction extension SQL injection attempt
201946089 SERVER-WEBAPP Joomla JEXTN Reverse Auction extension SQL injection attempt SERVER-WEBAPP Joomla JEXTN Reverse Auction extension SQL injection attempt
201946303 SERVER-WEBAPP Antsle antman authentication bypass attempt SERVER-WEBAPP Antsle antman authentication bypass attempt
201946316 SERVER-WEBAPP Drupal 8 remote code execution attempt SERVER-WEBAPP Drupal 8 remote code execution attempt
201946333 SERVER-WEBAPP Joomla DT Register SQL injection attempt SERVER-WEBAPP Joomla DT Register SQL injection attempt
201946334 SERVER-WEBAPP Joomla DT Register SQL injection attempt SERVER-WEBAPP Joomla DT Register SQL injection attempt
201946337 SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt
201946338 SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt SERVER-WEBAPP Joomla Saxum Picker SQL injection attempt
201946451 SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt
201946509 SERVER-WEBAPP Unitrends Enterprise Backup API command injection attempt SERVER-WEBAPP Unitrends Enterprise Backup API command injection attempt
201946510 SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt
201946511 SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt
201946512 SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt
201946513 SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt
201946514 SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt
201946515 SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt
201946516 SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt
201946517 SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt
201946624 SERVER-WEBAPP GPON Router authentication bypass and command injection attempt SERVER-WEBAPP GPON Router authentication bypass and command injection attempt
201946625 SERVER-WEBAPP GPON Router authentication bypass and command injection attempt SERVER-WEBAPP GPON Router authentication bypass and command injection attempt
201946626 SERVER-WEBAPP GPON Router authentication bypass and command injection attempt SERVER-WEBAPP GPON Router authentication bypass and command injection attempt
201946627 SERVER-WEBAPP GPON Router authentication bypass and command injection attempt SERVER-WEBAPP GPON Router authentication bypass and command injection attempt
201946665 SERVER-WEBAPP Digital Guardian Management Console arbitrary file upload attempt SERVER-WEBAPP Digital Guardian Management Console arbitrary file upload attempt
201946666 SERVER-WEBAPP Digital Guardian Management Console arbitrary file upload attempt SERVER-WEBAPP Digital Guardian Management Console arbitrary file upload attempt
201946773 SERVER-WEBAPP Nagios XI SQL injection attempt SERVER-WEBAPP Nagios XI SQL injection attempt
201946774 SERVER-WEBAPP NagiosXI SQL injection attempt SERVER-WEBAPP NagiosXI SQL injection attempt
201946775 SERVER-WEBAPP Nagios XI command injection attempt SERVER-WEBAPP Nagios XI command injection attempt
201946776 SERVER-WEBAPP Nagios XI command injection attempt SERVER-WEBAPP Nagios XI command injection attempt
201946777 SERVER-WEBAPP Nagios XI command injection attempt SERVER-WEBAPP Nagios XI command injection attempt
201946778 SERVER-WEBAPP Nagios XI command injection attempt SERVER-WEBAPP Nagios XI command injection attempt
201946779 SERVER-WEBAPP Nagios XI database settings modification attempt SERVER-WEBAPP Nagios XI database settings modification attempt
201946823 SERVER-WEBAPP Spring Security OAuth remote code execution attempt SERVER-WEBAPP Spring Security OAuth remote code execution attempt
201946828 SERVER-WEBAPP D-Link DIR-620 index.cgi command injection attempt SERVER-WEBAPP D-Link DIR-620 index.cgi command injection attempt
201946829 SERVER-WEBAPP D-Link DIR-620 index.cgi command injection attempt SERVER-WEBAPP D-Link DIR-620 index.cgi command injection attempt
201946849 SERVER-WEBAPP IBM QRadar SIEM command injection attempt SERVER-WEBAPP IBM QRadar SIEM command injection attempt
201946850 SERVER-WEBAPP IBM QRadar SIEM ForensicsAnalysisServlet authentication bypass attempt SERVER-WEBAPP IBM QRadar SIEM ForensicsAnalysisServlet authentication bypass attempt
201946851 SERVER-WEBAPP IBM QRadar SIEM command injection attempt SERVER-WEBAPP IBM QRadar SIEM command injection attempt
201946852 SERVER-WEBAPP IBM QRadar SIEM command injection attempt SERVER-WEBAPP IBM QRadar SIEM command injection attempt
201946886 SERVER-WEBAPP Quest KACE Systems Management Appliance ajax_email_connection_test.php command injection attempt SERVER-WEBAPP Quest KACE Systems Management Appliance ajax_email_connection_test.php command injection attempt
201946921 SERVER-WEBAPP Quest DR Series Disk Backup Login.pm command injection attempt SERVER-WEBAPP Quest DR Series Disk Backup Login.pm command injection attempt
201946997 SERVER-WEBAPP XiongMai NVR login.htm buffer overflow attempt SERVER-WEBAPP XiongMai NVR login.htm buffer overflow attempt
201947041 SERVER-WEBAPP Quest KACE Systems Management Appliance download_agent_installer.php command injection attempt SERVER-WEBAPP Quest KACE Systems Management Appliance download_agent_installer.php command injection attempt
201947042 SERVER-WEBAPP Quest KACE Systems Management Appliance download_agent_installer.php command injection attempt SERVER-WEBAPP Quest KACE Systems Management Appliance download_agent_installer.php command injection attempt
201947348 SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt
201947349 SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt
201947386 SERVER-WEBAPP Oracle WebLogic Server unauthenticated modified JSP access attempt SERVER-WEBAPP Oracle WebLogic Server unauthenticated modified JSP access attempt
201947387 SERVER-WEBAPP Oracle WebLogic Server potential unauthenticated reconnaissance attempt SERVER-WEBAPP Oracle WebLogic Server potential unauthenticated reconnaissance attempt
201947388 SERVER-WEBAPP Oracle WebLogic Server potential precursor to keystore attack attempt SERVER-WEBAPP Oracle WebLogic Server potential precursor to keystore attack attempt
201947389 SERVER-WEBAPP Oracle WebLogic Server arbitrary JSP file upload attempt SERVER-WEBAPP Oracle WebLogic Server arbitrary JSP file upload attempt
201947390 SERVER-WEBAPP Oracle WebLogic Server arbitrary JSP file upload attempt SERVER-WEBAPP Oracle WebLogic Server arbitrary JSP file upload attempt
201947391 SERVER-WEBAPP QNAP QCenter API set_VM_network command injection attempt SERVER-WEBAPP QNAP QCenter API set_VM_network command injection attempt
201947392 SERVER-WEBAPP QNAP QCenter API set_VM_network command injection attempt SERVER-WEBAPP QNAP QCenter API set_VM_network command injection attempt
201947393 SERVER-WEBAPP QNAP QCenter API command injection attempt SERVER-WEBAPP QNAP QCenter API command injection attempt
201947423 SERVER-WEBAPP QNAP QCenter API date_config command injection attempt SERVER-WEBAPP QNAP QCenter API date_config command injection attempt
201947497 SERVER-WEBAPP Joomla CheckList extension SQL injection attempt SERVER-WEBAPP Joomla CheckList extension SQL injection attempt
201947498 SERVER-WEBAPP Joomla CheckList extension SQL injection attempt SERVER-WEBAPP Joomla CheckList extension SQL injection attempt
201947501 SERVER-WEBAPP Joomla ProjectLog search SQL injection attempt SERVER-WEBAPP Joomla ProjectLog search SQL injection attempt
201947502 SERVER-WEBAPP Joomla ProjectLog search SQL injection attempt SERVER-WEBAPP Joomla ProjectLog search SQL injection attempt
201947506 SERVER-WEBAPP Sitecore CMS default.aspx directory traversal attempt SERVER-WEBAPP Sitecore CMS default.aspx directory traversal attempt
201947507 SERVER-WEBAPP Sitecore CMS default.aspx directory traversal attempt SERVER-WEBAPP Sitecore CMS default.aspx directory traversal attempt
201947508 SERVER-WEBAPP Sitecore CMS default.aspx directory traversal attempt SERVER-WEBAPP Sitecore CMS default.aspx directory traversal attempt
201947514 SERVER-WEBAPP Quest NetVault Backup Server checksession authentication bypass attempt SERVER-WEBAPP Quest NetVault Backup Server checksession authentication bypass attempt
201947543 SERVER-WEBAPP MicroFocus Secure Messaging Gateway enginelist.php SQL injection attempt SERVER-WEBAPP MicroFocus Secure Messaging Gateway enginelist.php SQL injection attempt
201947544 SERVER-WEBAPP MicroFocus Secure Messaging Gateway enginelist.php SQL injection attempt SERVER-WEBAPP MicroFocus Secure Messaging Gateway enginelist.php SQL injection attempt
201947545 SERVER-WEBAPP MicroFocus Secure Messaging Gateway command injection attempt SERVER-WEBAPP MicroFocus Secure Messaging Gateway command injection attempt
201947576 SERVER-WEBAPP Cobub Razor channel name SQL injection attempt SERVER-WEBAPP Cobub Razor channel name SQL injection attempt
201947577 SERVER-WEBAPP Cobub Razor channel name SQL injection attempt SERVER-WEBAPP Cobub Razor channel name SQL injection attempt
201947579 SERVER-WEBAPP Joomla Aist id SQL injection attempt SERVER-WEBAPP Joomla Aist id SQL injection attempt
201947580 SERVER-WEBAPP Joomla Aist id SQL injection attempt SERVER-WEBAPP Joomla Aist id SQL injection attempt
201947581 SERVER-WEBAPP GitStack unauthenticated REST API add user attempt SERVER-WEBAPP GitStack unauthenticated REST API add user attempt
201947582 SERVER-WEBAPP GitStack unauthenticated REST API repository modification attempt SERVER-WEBAPP GitStack unauthenticated REST API repository modification attempt
201947583 SERVER-WEBAPP GitStack unauthenticated REST API repository modification attempt SERVER-WEBAPP GitStack unauthenticated REST API repository modification attempt
201947649 SERVER-WEBAPP Apache Struts remote code execution attempt SERVER-WEBAPP Apache Struts remote code execution attempt
201947655 SERVER-WEBAPP Joomla PostInstall Message SQL injection attempt SERVER-WEBAPP Joomla PostInstall Message SQL injection attempt
201947672 SERVER-WEBAPP TerraMaster NAS logtable.php command injection attempt SERVER-WEBAPP TerraMaster NAS logtable.php command injection attempt
201947767 SERVER-WEBAPP ClipBucket file_uploader command injection attempt SERVER-WEBAPP ClipBucket file_uploader command injection attempt
201947768 SERVER-WEBAPP ClipBucket beats_uploader arbitrary PHP file upload attempt SERVER-WEBAPP ClipBucket beats_uploader arbitrary PHP file upload attempt
201947769 SERVER-WEBAPP ClipBucket photo_uploader arbitrary PHP file upload attempt SERVER-WEBAPP ClipBucket photo_uploader arbitrary PHP file upload attempt
201947770 SERVER-WEBAPP ClipBucket edit_account arbitrary PHP file upload attempt SERVER-WEBAPP ClipBucket edit_account arbitrary PHP file upload attempt
201947771 SERVER-WEBAPP ClipBucket vote_channel SQL injection attempt SERVER-WEBAPP ClipBucket vote_channel SQL injection attempt
201947772 SERVER-WEBAPP ClipBucket commonAjax SQL injection attempt SERVER-WEBAPP ClipBucket commonAjax SQL injection attempt
201947794 SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
201947795 SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
201947796 SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
201947797 SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
201947799 SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
201947800 SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt SERVER-WEBAPP Trend Micro Email Encryption Gateway SQL injection attempt
201947817 SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt
201947818 SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt
201947819 SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt SERVER-WEBAPP SoftNAS StorageCenter snserv.php command injection attempt
201947858 SERVER-WEBAPP Joomla CW Tags Searchtext SQL injection attempt SERVER-WEBAPP Joomla CW Tags Searchtext SQL injection attempt
201947859 SERVER-WEBAPP Joomla CW Tags Searchtext SQL injection attempt SERVER-WEBAPP Joomla CW Tags Searchtext SQL injection attempt
201947861 SERVER-WEBAPP Opsview Web Management Console testnotification command injection attempt SERVER-WEBAPP Opsview Web Management Console testnotification command injection attempt
201947863 SERVER-WEBAPP Opsview Web Management Console test_rancid_connection command injection attempt SERVER-WEBAPP Opsview Web Management Console test_rancid_connection command injection attempt
201947864 SERVER-WEBAPP Opsview Web Management Console test_rancid_connection command injection attempt SERVER-WEBAPP Opsview Web Management Console test_rancid_connection command injection attempt
201947865 SERVER-WEBAPP Opsview Web Management Console test_rancid_connection command injection attempt SERVER-WEBAPP Opsview Web Management Console test_rancid_connection command injection attempt
201948004 SERVER-WEBAPP Navigate CMS login.php SQL injection attempt SERVER-WEBAPP Navigate CMS login.php SQL injection attempt
201948061 SERVER-WEBAPP pfSense status_interfaces.php command injection attempt SERVER-WEBAPP pfSense status_interfaces.php command injection attempt
201948070 SERVER-WEBAPP WP plugin Wechat Broadcast directory traversal attempt SERVER-WEBAPP WP plugin Wechat Broadcast directory traversal attempt
201948071 SERVER-WEBAPP WP plugin Wechat Broadcast remote file inclusion attempt SERVER-WEBAPP WP plugin Wechat Broadcast remote file inclusion attempt
201948097 SERVER-WEBAPP D-Link DIR-816 syslogIp command injection attempt SERVER-WEBAPP D-Link DIR-816 syslogIp command injection attempt
201948098 SERVER-WEBAPP D-Link DIR-816 syslogIp command injection attempt SERVER-WEBAPP D-Link DIR-816 syslogIp command injection attempt
201948099 SERVER-WEBAPP D-Link DIR-816 syslogIp command injection attempt SERVER-WEBAPP D-Link DIR-816 syslogIp command injection attempt
201948126 SERVER-WEBAPP Joomba component Timetable Schedule 3.6.8 SQL injection attempt SERVER-WEBAPP Joomba component Timetable Schedule 3.6.8 SQL injection attempt
201948141 SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt
201948142 SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt
201948143 SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt SERVER-WEBAPP D-Link DIR-816 diagnosis command injection attempt
201948161 SERVER-WEBAPP Joomba component Article Factory Manager SQL injection attempt SERVER-WEBAPP Joomba component Article Factory Manager SQL injection attempt
201948165 SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt
201948166 SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt SERVER-WEBAPP Joomla Component Swap Factory SQL injection attempt
201948172 SERVER-WEBAPP D-Link DIR-816 form2systime.cgi command injection attempt SERVER-WEBAPP D-Link DIR-816 form2systime.cgi command injection attempt
201948173 SERVER-WEBAPP D-Link DIR-816 form2systime.cgi command injection attempt SERVER-WEBAPP D-Link DIR-816 form2systime.cgi command injection attempt
201948174 SERVER-WEBAPP D-Link DIR-816 form2systime.cgi command injection attempt SERVER-WEBAPP D-Link DIR-816 form2systime.cgi command injection attempt
201948193 SERVER-WEBAPP Joomba component AlphaIndex Dictionaries SQL injection attempt SERVER-WEBAPP Joomba component AlphaIndex Dictionaries SQL injection attempt
201948194 SERVER-WEBAPP Joomba component AlphaIndex Dictionaries SQL injection attempt SERVER-WEBAPP Joomba component AlphaIndex Dictionaries SQL injection attempt
201948195 SERVER-WEBAPP Joomla Component Collection Factory SQL injection attempt SERVER-WEBAPP Joomla Component Collection Factory SQL injection attempt
201948196 SERVER-WEBAPP Joomla component Reverse Auction Factory SQL injection attempt SERVER-WEBAPP Joomla component Reverse Auction Factory SQL injection attempt
201948256 SERVER-WEBAPP Rubedo CMS Directory Traversal Attempt directory traversal attempt SERVER-WEBAPP Rubedo CMS Directory Traversal Attempt directory traversal attempt
201948263 SERVER-WEBAPP Blueimp jQuery File Upload arbitrary PHP file upload attempt SERVER-WEBAPP Blueimp jQuery File Upload arbitrary PHP file upload attempt
201948266 SERVER-WEBAPP Teltonika RUT9XX autologin.cgi command injection attempt SERVER-WEBAPP Teltonika RUT9XX autologin.cgi command injection attempt
201948267 SERVER-WEBAPP Teltonika RUT9XX autologin.cgi command injection attempt SERVER-WEBAPP Teltonika RUT9XX autologin.cgi command injection attempt
201948268 SERVER-WEBAPP Teltonika RUT9XX hotspotlogin.cgi command injection attempt SERVER-WEBAPP Teltonika RUT9XX hotspotlogin.cgi command injection attempt
201948269 SERVER-WEBAPP Teltonika RUT9XX hotspotlogin.cgi command injection attempt SERVER-WEBAPP Teltonika RUT9XX hotspotlogin.cgi command injection attempt
201948270 SERVER-WEBAPP Teltonika RUT9XX autologin.cgi command injection attempt SERVER-WEBAPP Teltonika RUT9XX autologin.cgi command injection attempt
201948271 SERVER-WEBAPP Teltonika RUT9XX hotspotlogin.cgi command injection attempt SERVER-WEBAPP Teltonika RUT9XX hotspotlogin.cgi command injection attempt
201948273 SERVER-WEBAPP Cockpit CMS media API directory traversal attempt SERVER-WEBAPP Cockpit CMS media API directory traversal attempt
201948274 SERVER-WEBAPP Cockpit CMS media API directory traversal attempt SERVER-WEBAPP Cockpit CMS media API directory traversal attempt
201948413 SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt
201948414 SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt
201948415 SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt SERVER-WEBAPP ManageEngine Applications Manager editDisplaynames.do SQL injection attempt
201948443 SERVER-WEBAPP Nagios XI magpie_debug.php command argument injection attempt SERVER-WEBAPP Nagios XI magpie_debug.php command argument injection attempt
201948744 SERVER-WEBAPP TRENDnet TEW-673GRU apply.cgi start_arpping command injection attempt SERVER-WEBAPP TRENDnet TEW-673GRU apply.cgi start_arpping command injection attempt
201948815 SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt
201948837 SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt
201948839 SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt
201948840 SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt SERVER-WEBAPP Wifi-Soft Unibox diagnostic_tools_controller.php command injection attempt
201948843 SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt SERVER-WEBAPP Wifi-Soft Unibox ping.php command injection attempt
201949498 SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt
201949499 SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt
201949537 SERVER-WEBAPP elFinder PHP connector arbitrary PHP file upload attempt SERVER-WEBAPP elFinder PHP connector arbitrary PHP file upload attempt
201949645 SERVER-WEBAPP Wordpress image edit directory traversal attempt SERVER-WEBAPP Wordpress image edit directory traversal attempt
201949646 SERVER-WEBAPP Wordpress image edit directory traversal attempt SERVER-WEBAPP Wordpress image edit directory traversal attempt
201949647 SERVER-WEBAPP Wordpress image edit directory traversal attempt SERVER-WEBAPP Wordpress image edit directory traversal attempt
201949714 SERVER-WEBAPP Horde Groupware Webmail Contact Management add.php arbitrary PHP file upload attempt SERVER-WEBAPP Horde Groupware Webmail Contact Management add.php arbitrary PHP file upload attempt
201949861 SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt
201950168 SERVER-WEBAPP Atlassian Confluence Data Center and Server directory traversal attempt SERVER-WEBAPP Atlassian Confluence Data Center and Server directory traversal attempt
201950170 SERVER-WEBAPP Atlassian Confluence Data Center and Server directory traversal attempt SERVER-WEBAPP Atlassian Confluence Data Center and Server directory traversal attempt
201950275 SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt
201950323 SERVER-WEBAPP Crestron AM platform command injection attempt SERVER-WEBAPP Crestron AM platform command injection attempt
201950324 SERVER-WEBAPP Crestron AM platform command injection attempt SERVER-WEBAPP Crestron AM platform command injection attempt
201950708 SERVER-WEBAPP WordPress Rencontre plugin cross site scripting attempt SERVER-WEBAPP WordPress Rencontre plugin cross site scripting attempt
201950709 SERVER-WEBAPP WordPress Rencontre plugin SQL injection attempt SERVER-WEBAPP WordPress Rencontre plugin SQL injection attempt
201950711 SERVER-WEBAPP WordPress Rencontre plugin SQL injection attempt SERVER-WEBAPP WordPress Rencontre plugin SQL injection attempt
201950732 SERVER-WEBAPP CyberArk Enterprise Password Vault XML external entity injection attempt SERVER-WEBAPP CyberArk Enterprise Password Vault XML external entity injection attempt
2019000513 JavaScript Object Notation (JSON) - Failed to parse Request Body JSON Failed to parse Request Body
2019272501, 2019272502, 2019272503, 2019272504 CVE-2019-2725 and CVE-2019-2729 Oracle WebLogic Remote Code Execution in versions (10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0) Oracle WebLogic remote code execution in versions (10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0) - CVE-2019-2725 - CVE-2019-2729