Security Resources

Software Updates

Web Application Security – ModSecurity Commercial Rules, Update for April 2018

ModSecurity Rules from Trustwave SpiderLabs include custom virtual patches for public vulnerabilities.

Release Summary

  • Apache CouchDB 1.7.0 and before 2.1.1 - Remote Privilege Escalation CVE-2017-12635(2180045)
  • Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure CVE-2018-9205(2180047)
  • WordPress Plugin Google Drive 2.2 - RCE (2180064)
  • WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion (2180055)
  • WordPress Simple Fields 0.2 - 0.3.5 LFI (2180056)
  • Wordpress Background Takeover << 4.1.4 - Directory Traversal CVE-2018-9118(2180062)
  • Joomla! Component Alexandria Book Library 3.1.2 SQLi CVE-2018-7312 (2180048)
  • Joomla! Component CheckList 1.1.1 SQLi CVE-2018-7315(2180049)
  • Joomla! Component CW Tags 2.0.6 SQLi' CVE-2018-7313(2180050)
  • Joomla! Component Ek Rishta 2.9 SQLi CVE-2018-7315 (2180051)
  • Joomla! Component JS Jobs 1.2.0 CSRF (2180052)
  • Joomla! Component OS Property Real Estate 3.12.7 SQLi CVE-2018-7319(2180053)
  • Joomla! Component PrayerCenter 3.0.2 SQLi CVE-2018-7314(2180057)
  • Joomla! Component Saxum Astro 4.0.14 SQLi CVE-2018-7180(2180058)
  • Joomla! Component Saxum Numerology 3.0.4 SQLi CVE-2018-7177(2180059)
  • Joomla! Component Saxum Picker 3.2.10 SQLi CVE-2018-7178(2180060)
  • Joomla! Component SquadManagement 1.0.3 SQLi CVE-2018-7179(2180061)
  • Yahei PHP Prober 0.4.7 - XSS CVE-2018-9238(2180065)
  • WordPress Plugin Relevanssi 4.0.4 - XSS CVE-2018-9034(2180054)
  • WordPress File Upload 4.3.3 - Stored XSS CVE-2018-9844(2180063)