Loading...
Security Resources

Software Updates

Trustwave Web Application Firewall 4.55

Trustwave Spiderlabs is pleased to announce the release of CorSigs version 4.55 for Trustwave Web Application Firewall (WAF) versions 8.5 and 9.0. These rules are written to detect attacks or classes of attacks on web applications and their components.

Release Summary

This release includes an out of date rules cleanup and the following new signatures inclusion:

  • CVE-2018-6398: Joomla! Component Advertisement Board 3.1.0 SQLi

The Advertisement Board 3.1.0 component allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

The Aist 2.0 component allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

The AllVideos Reloaded component allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

The DT Register 3.2.7 component allows a remote user to execute arbitrary SQL commands via the vulnerable parameter.

The Fastball 2.5 component allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

The Form Maker 3.6.12 component allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

The Gallery WD 1.3.6 component allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

The SIGE 3.2.3 Component allows remote attackers to inject arbitrary web script or HTML via the vulnerable parameter

  • CVE-2018-6396: Joomla! Component Google Map Landkarten 4.2.3 SQLi

The Google Map Landkarten 4.2.3 component allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

  • CVE-2018-6004: Joomla! Component File Download Tracker 3.0 SQLi

The File Download Tracker 3.0 component allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

The Unserialization PreAuth 5.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the vulnerable parameter.

  • WordPress Duplicator 0.5.24 XSS

The Duplicator 0.5.24 component allows authenticated administrator to inject html/js code

  • WordPress All-In-One Security 3.9.6 XSS

The All-In-One Security 3.9.6 component allows authenticated administrator to inject html/js code

  • WordPress Display Widgets 2.03 XSS

The Content History component allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

  • WordPress Gravity Forms 1.8.19 Plugin Arbitrary File Upload

The Gravity Forms 1.8.19 plugin allows a remote user to upload arbitrary file via the vulnerable parameter

The JV Comment 3.0.2 component allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

  • Joomla! Component AJAX Shoutbox 1.6 SQLi

The AJAX Shoutbox 1.6 component allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

The Youtube Gallery 4.1.7 component allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

The Youtube Gallery 3.4.0 component allows remote attackers to inject arbitrary web script or HTML via the vulnerable parameter

The Freichat 9.4 component allows remote attackers to inject arbitrary web script or HTML via the vulnerable parameter

  • Joomla! Component com_macgallery 1.5 LFI

The com_macgallery 1.5 component allows local file inclusion via the vulnerable parameter

  • Joomla! Component com_facegallery 1.0 LFI

Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via the vulnerable parameter

  • Microsoft Internet Information Services (IIS) INDEX_ALLOCATION Auth Bypass Attempt

The IIS 6/0 service allows a remote user to bypass access restrictions

  • WordPress REST API Content Injection

The Rest API prior to 4.7.2 component allows a remote, unauthenticated user to modify page content by manipulating a parameter payload.

  • WordPres User Access Manager Plugin userGroupDescription and userGroupName Parameter XSS

The User Access Manager Plugin allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

The isMail transport in PHPMailer before 5.2.20 allows a remote user to execute arbitrary code by passing extra parameters to the mail command

The Struts 1 plugin in Apache Struts 2.3.x allows a remote user to execute malicious code via the vulnerable parameter

  • WordPress Plugin E-Commerce LFI

The e-Commerce plugin allows a remote user to read arbitrary files via the vulnerable parameter

 

The Ajax Pagination 1.1 plugin allows a remote user to read arbitrary files via the vulnerable parameter

  • WordPress Theme LineNity 1.20 wp-content/themes/linenity/functions/download.php imgurl Parameter LFI

The LineNity 1.20 theme allows remote attackers to read arbitrary files via the vulnerable parameter

  • WordPress Theme Elegance - /elegance/lib/scripts/dl-skin.php LFI

The Elegance theme allows remote attackers to read arbitrary files via the vulnerable parameter

  • WordPress Theme Infocus - /infocus/lib/scripts/dl-skin.php  LFI

The Infocus theme allows remote attackers to read arbitrary files via the vulnerable parameter

The ShortCode 0.2.3 plugin allows remote attackers to read arbitrary files via the vulnerable parameter

The Themes Divi theme allows remote attackers to read arbitrary files via the vulnerable parameter

component allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

The mTouch Quiz plugin allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

  • WordPress Simple Retail Menus - includes/actions.php SQLi

The Simple Retail Menus plugin allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

The Video Gallery 2.5 plugin allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

The Gallery Objects 0.4 plugin allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

 

  • CVE-2014-6242: WordPress Plugin All In One WP Security 3.8.2 SQLi

The All In One WP Security 3.8.2 plugin allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

  • Joomla! Component JTAG Calendar 6.2.4 SQLi

The JTAG Calendar 6.2.4 component allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

  • WordPress Plugin FormBuilder Plugin fbid Parameter SQLi

The FormBuilder plugin allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

  • Joomla! Component Modern Booking 1.0 coupon parameter SQLi

The Modern Booking 1.0 component allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

  • WordPress Plugin Spider Event Calendar 1.5.51 Blind SQLi
  • WordPress Plugin WebDorado Gallery 1.3.29 SQLi
  • WordPress Plugin Wow Forms 2.1 SQLi
  • WordPress Plugin Wow Viral Signups 2.1 SQLi

SQL injection vulnerability in Joomla! 3.7.0 allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

  • Joomla! Component Myportfolio 3.0.2 pid parameter SQLi
  • Joomla! Component Payage 2.05 aid parameter SQLi

The Microsoft Project Server 2010 SP2 and 2013 SP1 allows a remote user to inject arbitrary web script or HTML via the vulnerable parameter

The Page Layout Builder 1.9.3 plugin allows a remote user to inject arbitrary script via the vulnerable parameter

  • CVE-2014-100026: WordPress April's Super Functions before 1.4.8P Reflected XSS

The April's Super Functions pack plugin allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

  • WordPress Plugin intouch Reflected XSS

The intouch plugin allows remote user to inject arbitrary script via the vulnerable parameter

The Social Connect 1.0.4 plugin allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

  • WordPress Plugin Social Ring url parameter XSS

The Social Ring plugin allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

  • WordPress Plugin Manage Calameo Publications attachment_id Parameter XSS

The Manage Calameo Publications plugin allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

The WebEngage plugin allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

  • WordPress Plugin Seo Link Rotator title Parameter XSS

The Seo Link Rotator plugin allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

The Nokia Maps & Places plugin allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

The Photocrati theme 4.x allows a remote user to execute arbitrary SQL commands via the vulnerable parameter

  • WordPress Plugin Mobiloud comments/disqus_count.php shortname Parameter Reflected XSS

The Mobiloud plugin allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

  • WordPress Plugin DZS Video Gallery for ajax.php source Parameter Reflected XSS

The DZS Video Gallery plugin allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

  • WordPress Plugin all_in_one_carousel for (n3rdskwat-mp3player) /tpl/add_carousel.php id Parameter Reflected XSS
  • WordPress Plugin VideoWhisper Live Streaming Integration ls/lb_status.php Mutiple Parameter XSS
  • WordPress Plugin jQuery Spam dynamic.php id Parameter Reflected XSS

The jQuery Spam plugin allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

  • Apache Solr /admin/debug.jsp handler Parameter Reflected XSS

The Apache Solr 1.4.1 and 3.6.2 allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

  • WordPress Plugin Zedity /wp-admin/admin-ajax.php zedity_ajax Action zaction Parameter XSS

The Zedity Plugin allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

  • CVE-2014-1906: WordPress Plugin VideoWhisper Live Streaming Integration ls/channel.php n Parameter Reflected XSS

The VideoWhisper Live Streaming Integration  plugin allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

  • CVE-2014-1906: WordPress Plugin VideoWhisper Live Streaming Integration ls/htmlchat.php n Parameter Reflected XSS
  • CVE-2014-1906: WordPress Plugin VideoWhisper Live Streaming Integration ls/video.php n Parameter Reflected XSS
  • CVE-2014-1906: WordPress Plugin VideoWhisper Live Streaming Integration ls/videotext.php n Parameter Reflected XSS
  • CVE-2014-1906: WordPress Plugin VideoWhisper Live Streaming Integration ls/lb_logout.php message Parameter Reflected XSS
  • CVE-2014-1906: WordPress Plugin VideoWhisper Live Streaming Integration ls/v_status.php ct Parameter Reflected XSS
  • WordPress Plugin Post to PDF /wp-admin/options.php wpptopdf[headerFontSize] Parameter XSS
  • WordPress Plugin Print Friendly /wp-admin/options.php printfriendly_option[custom_image] Parameter XSS

The Print Friendly plugin allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

  • WordPress Plugin Duplicate Post options-general.php post Parameter Reflected XSS

The Duplicate Post plugin allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

  • Wordpress Login Widget With Shortcode /wp-admin/options-general.php custom_style_afo Parameter XSS
  • WordPress Plugin Quiz and Survey Master XSS/CSRF
  • WordPress Plugin MailChimp integration parameter XSS
  • WordPress Plugin Social Pug dpsp_message_class parameter XSS

The Social Pug plugin allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

  • Joomla! Blog Calendar modid XSS

The Blog Calendar component allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

  • WordPress Plugin Tribulant Newsletters 4.6.4.2 XSS

The Tribulant Newsletters 4.6.4.2 allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

  • WordPress Plugin Tribulant Newsletters 4.6.4.2 Admin-Ajax XSS

The Tribulant Newsletters 4.6.4.2 allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

  • WordPress Plugin Tribulant Newsletters 4.6.4.2 newsletters-history XSS

The Tribulant Newsletters 4.6.4.2 allows remote user to inject arbitrary web script or HTML via the vulnerable parameter

How to Update

No action is required by customers running versions 8.5 or 9.0 of Trustwave Web Application Firewall and whom subscribe to the online update feature. Their deployments will update automatically.

Please note that even if blocking actions are defined for a protected site, Simulation Mode for these rules is ON by default in order to allow site managers to inspect the impact of new rules before blocking relevant traffic. If you want to activate blocking actions for this rule, you must update the Actions for this signature in the Policy Manager.