CVE-2020-2010
published 2020-05-13CVE-2020-2010: An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root…
PriorityP349high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
2.25%
80.7th percentile
An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | — | — |
| palo_alto_networks | pan-os | >= 8.1 < 8.1.14 | 8.1.14 |
| palo_alto_networks | pan-os | >= 9.0 < 9.0.7 | 9.0.7 |
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | 7.1.0 – 7.1.26 | — |
| paloaltonetworks | pan-os | 8.0.0 – 8.0.20 | — |
| paloaltonetworks | pan-os | 8.1.0 – 8.1.13 | — |
| paloaltonetworks | pan-os | 9.0.0 – 9.0.6 | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-862c-64g7-8p44: An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root
ghsa_unreviewed·2022-05-24
CVE-2020-2010 [HIGH] GHSA-862c-64g7-8p44: An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root
An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7.
Palo Alto
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-09-04·CVSS 6.0
CVE-2022-22965 [MEDIUM] PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2010-1622, CVE-2015-7552, CVE-2018-16840, CVE-2019-7639, CVE-2020-17049, CVE-2020-7774, CVE-2021-0131, CVE-2021-0132, CVE-2021-0133, CVE-2021-0134, CVE-2021-4044, CVE-2021-4160, CVE-2021-41773, CVE-2022-1343, CVE-2022-21449, CVE-2022-2274, CVE-2022-22963, CVE-2022-22965, CVE-2022-24697, CVE-2022-32207, CVE-2022-3358, CVE-2022-3996, CVE-2022-40664, CVE-2022-44792, CVE-2022-44793, CVE-2023-1255, CVE-2023-22809, CVE-2023-23919, CVE-2023-3341, CVE-2023-4236, CVE-2023-4863, CVE-2023-51767
Affected products: PAN-OS
Palo Alto
PAN-OS: Authenticated user command injection vulnerability
vendor_paloalto·2020-05-13·CVSS 7.2
CVE-2020-2010 [HIGH] CWE-78 PAN-OS: Authenticated user command injection vulnerability
PAN-OS: Authenticated user command injection vulnerability
An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges.
Affected products: PAN-OS
Solution: This issue is fixed in PAN-OS 8.1.14, PAN-OS 9.0.7, PAN-OS 9.1.0, and all later PAN-OS versions.
PAN-OS 8.0 is now end-of-life as of October 31, 2019, and is no longer covered by our Product Security Assurance policies.
PAN-OS 7.1 is on extended support until June 30, 2020, and is only being considered for critical security vulnerability fixes.
Workaround: This issue affects the management interface of PAN-OS and is strongly mitigated by following best practices for securing the PAN-OS management interface. Please review the Best P
Suricata
ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine ADSelfService Captcha Bypass Attempt
suricata·2011-06-09
CVE-2010-3272 ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine ADSelfService Captcha Bypass Attempt
ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine ADSelfService Captcha Bypass Attempt
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine ADSelfService Captcha Bypass Attempt"; flow:established,to_server; http.method; content:"POST"; nocase; http.uri; content:"/accounts/ValidateAnswers?methodToCall=validateAll"; nocase; fast_pattern; http.request_body; content:"&Hide_Captcha=0"; nocase; content:"&LOGIN_NAME="; nocase; distance:0; content:"&quesList="; nocase; distance:0; reference:url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities; reference:cve,2010-3272; classtype:web-application-attack; sid:2012979; rev:4; metadata:created_at 2011_06_09, cve CVE_2010_3272, confidence Medium, signature_severity Major, updated_at 2020_1
Suricata
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1434 [HIGH] ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id UNION SELECT
ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id UNION SELECT"; flow:established,to_server; http.uri; content:"/userdetail.php?"; nocase; content:"id="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-1434; reference:url,www.securityfocus.com/bid/22911; classtype:web-application-attack; sid:2004350; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_A
Suricata
ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat INSERT
suricata·2010-07-30·CVSS 6.5
CVE-2007-0122 [MEDIUM] ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat INSERT
ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat INSERT"; flow:established,to_server; http.uri; content:"/albmgr.php?"; nocase; content:"cat="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-0122; reference:url,www.securityfocus.com/bid/21894; classtype:web-application-attack; sid:2005843; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acc
Suricata
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost2 UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6927 [HIGH] ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost2 UPDATE
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost2 UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost2 UPDATE"; flow:established,to_server; http.uri; content:"/searchoption.asp?"; nocase; content:"cost2="; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2006-6927; reference:url,www.securityfocus.com/bid/21191; classtype:web-application-attack; sid:2005753; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T
Suricata
ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6155 [HIGH] ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url DELETE
ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url DELETE"; flow:established,to_server; http.uri; content:"/addrating.php?"; nocase; content:"url="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6155; reference:url,www.frsirt.com/english/advisories/2006/4689; classtype:web-application-attack; sid:2007413; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_
Suricata
ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- printview.php topic SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1163 [HIGH] ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- printview.php topic SELECT
ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- printview.php topic SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- printview.php topic SELECT"; flow:established,to_server; http.uri; content:"/printview.php?"; nocase; content:"topic="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-1163; reference:url,www.milw0rm.com/exploits/3351; classtype:web-application-attack; sid:2004748; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techniqu
Suricata
ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6187 [HIGH] ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby ASCII
ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby ASCII"; flow:established,to_server; http.uri; content:"/gallery.asp?"; nocase; content:"orderby="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6187; reference:url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded; classtype:web-application-attack; sid:2007257; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_ta
Suricata
ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php name DELETE
suricata·2010-07-30·CVSS 6.8
CVE-2007-1304 [MEDIUM] ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php name DELETE
ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php name DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php name DELETE"; flow:established,to_server; http.uri; content:"/add2.php?"; nocase; content:"name="; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2007-1304; reference:url,www.securityfocus.com/bid/22820; classtype:web-application-attack; sid:2004496; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mi
Suricata
ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6923 [HIGH] ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk UPDATE
ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk UPDATE"; flow:established,to_server; http.uri; content:"/newsletters/edition.php?"; nocase; content:"tk="; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2006-6923; reference:url,www.securityfocus.com/bid/20996; classtype:web-application-attack; sid:2005771; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190,
Suricata
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6927 [HIGH] ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area INSERT
ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area INSERT"; flow:established,to_server; http.uri; content:"/searchmain.asp?"; nocase; content:"area="; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2006-6927; reference:url,www.securityfocus.com/bid/21191; classtype:web-application-attack; sid:2005725; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mi
Suricata
ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm newsId ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6776 [HIGH] ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm newsId ASCII
ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm newsId ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm newsId ASCII"; flow:established,to_server; http.uri; content:"/index.cfm?"; nocase; content:"newsId="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6776; reference:url,www.securityfocus.com/bid/21727; classtype:web-application-attack; sid:2006193; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_t
Suricata
ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-7170 [HIGH] ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk SELECT
ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk SELECT"; flow:established,to_server; http.uri; content:"/product_review.php?"; nocase; content:"sk="; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2006-7170; reference:url,www.securityfocus.com/bid/21072; classtype:web-application-attack; sid:2004283; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techniqu
Suricata
ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- admin.php uploadimage SELECT
suricata·2010-07-30·CVSS 6.0
CVE-2007-1255 [MEDIUM] ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- admin.php uploadimage SELECT
ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- admin.php uploadimage SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- admin.php uploadimage SELECT"; flow:established,to_server; http.uri; content:"/admin.php?"; nocase; content:"uploadimage="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-1255; reference:url,www.milw0rm.com/exploits/3352; classtype:web-application-attack; sid:2004705; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_
Suricata
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6234 [HIGH] ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid SELECT
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid SELECT"; flow:established,to_server; http.uri; content:"/modules.php?"; nocase; content:"cid="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6234; reference:url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded; classtype:web-application-attack; sid:2006927; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initia
Suricata
ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6842 [HIGH] ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id DELETE
ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id DELETE"; flow:established,to_server; http.uri; content:"/admin/admin_acronyms.php?"; nocase; content:"id="; nocase; content:"DELETE"; nocase; pcre:"/DELETE.+FROM/i"; reference:cve,CVE-2006-6842; reference:url,www.milw0rm.com/exploits/3033; classtype:web-application-attack; sid:2005970; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_08, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_te
Suricata
ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6835 [HIGH] ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w UNION SELECT
ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w UNION SELECT"; flow:established,to_server; http.uri; content:"/journal.php?"; nocase; content:"w="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6835; reference:url,www.securityfocus.com/archive/1/archive/1/455495/100/0/threaded; classtype:web-application-attack; sid:2005974; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11,
Suricata
ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php ASCII
suricata·2010-07-30·CVSS 6.5
CVE-2007-3140 [MEDIUM] ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php ASCII
ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php ASCII"; flow:established,to_server; http.uri; content:"/xmlrpc.php?"; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-3140; reference:url,www.milw0rm.com/exploits/4039; classtype:web-application-attack; sid:2004658; rev:8; metadata:affected_product Web_Server_Applications, affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, tag Wordpress, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name
Suricata
ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6521 [HIGH] ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa SELECT
ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa SELECT"; flow:established,to_server; http.uri; content:"/lire-avis.php?"; nocase; content:"aa="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2006-6521; reference:url,www.securityfocus.com/bid/21513; classtype:web-application-attack; sid:2006345; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techniq
Suricata
ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0826 [HIGH] ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid INSERT
ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid INSERT"; flow:established,to_server; http.uri; content:"/forum.asp?"; nocase; content:"forumid="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-0826; reference:url,www.exploit-db.com/exploits/3278/; classtype:web-application-attack; sid:2004981; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access
Suricata
ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6208 [HIGH] ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID UNION SELECT
ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID UNION SELECT"; flow:established,to_server; http.uri; content:"/ad.asp?"; nocase; content:"AD_ID="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6208; reference:url,www.securityfocus.com/bid/21192; classtype:web-application-attack; sid:2007043; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Ini
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login SELECT
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login SELECT"; flow:established,to_server; http.uri; content:"/process.php?"; nocase; content:"login="; nocase; content:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006975; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_n
Suricata
ET WEB_SPECIFIC_APPS LiveCMS SQL Injection Attempt -- categoria.php cid DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-3293 [HIGH] ET WEB_SPECIFIC_APPS LiveCMS SQL Injection Attempt -- categoria.php cid DELETE
ET WEB_SPECIFIC_APPS LiveCMS SQL Injection Attempt -- categoria.php cid DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS LiveCMS SQL Injection Attempt -- categoria.php cid DELETE"; flow:established,to_server; http.uri; content:"/categoria.php?"; nocase; content:"cid="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-3293; reference:url,www.exploit-db.com/exploits/4082/; classtype:web-application-attack; sid:2006476; rev:11; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_i
Suricata
ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin SELECT
suricata·2010-07-30·CVSS 6.5
CVE-2007-1254 [MEDIUM] ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin SELECT
ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin SELECT"; flow:established,to_server; http.uri; content:"/index.php?"; nocase; content:"p_skin="; nocase; fast_pattern; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-1254; reference:url,www.milw0rm.com/exploits/3352; classtype:web-application-attack; sid:2004711; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_
Suricata
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6234 [HIGH] ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid ASCII
ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid ASCII"; flow:established,to_server; http.uri; content:"/modules.php?"; nocase; content:"cid="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6234; reference:url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded; classtype:web-application-attack; sid:2006931; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initia
Suricata
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-2862 [HIGH] ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php ASCII
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php ASCII"; flow:established,to_server; http.uri; content:"/cart.inc.php?"; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-2862; reference:url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded; classtype:web-application-attack; sid:2004039; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T
Suricata
ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6932 [HIGH] ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id INSERT
ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id INSERT"; flow:established,to_server; http.uri; content:"/dispimage.asp?"; nocase; content:"id="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-6932; reference:url,www.securityfocus.com/bid/21131; classtype:web-application-attack; sid:2005641; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mit
Suricata
ET WEB_SPECIFIC_APPS BasicForum SQL Injection Attempt -- edit.asp id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6193 [HIGH] ET WEB_SPECIFIC_APPS BasicForum SQL Injection Attempt -- edit.asp id DELETE
ET WEB_SPECIFIC_APPS BasicForum SQL Injection Attempt -- edit.asp id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS BasicForum SQL Injection Attempt -- edit.asp id DELETE"; flow:established,to_server; http.uri; content:"/edit.asp?"; nocase; content:"id="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-6193; reference:url,www.milw0rm.com/exploits/2848; classtype:web-application-attack; sid:2007214; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_te
Suricata
ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6195 [HIGH] ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid ASCII
ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid ASCII"; flow:established,to_server; http.uri; content:"/showfile.asp?"; nocase; content:"fid="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2006-6195; reference:url,www.securityfocus.com/bid/21282; classtype:web-application-attack; sid:2007198; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_n
Suricata
ET WEB_SPECIFIC_APPS PHP Labs JobSitePro SQL Injection Attempt -- search.php salary UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-1428 [HIGH] ET WEB_SPECIFIC_APPS PHP Labs JobSitePro SQL Injection Attempt -- search.php salary UPDATE
ET WEB_SPECIFIC_APPS PHP Labs JobSitePro SQL Injection Attempt -- search.php salary UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP Labs JobSitePro SQL Injection Attempt -- search.php salary UPDATE"; flow:established,to_server; http.uri; content:"/search.php?"; nocase; content:"salary="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-1428; reference:url,www.exploit-db.com/exploits/3455/; classtype:web-application-attack; sid:2004378; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Ac
Suricata
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6215 [HIGH] ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password UNION SELECT
ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password UNION SELECT"; flow:established,to_server; http.uri; content:"/process.php?"; nocase; content:"password="; nocase; content:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/i"; reference:cve,CVE-2006-6215; reference:url,www.frsirt.com/english/advisories/2006/4687; classtype:web-application-attack; sid:2006982; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id
Suricata
ET WEB_SPECIFIC_APPS MyStats SQL Injection Attempt -- mystats.php details UPDATE
suricata·2010-07-30·CVSS 5.0
CVE-2006-6403 [MEDIUM] ET WEB_SPECIFIC_APPS MyStats SQL Injection Attempt -- mystats.php details UPDATE
ET WEB_SPECIFIC_APPS MyStats SQL Injection Attempt -- mystats.php details UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS MyStats SQL Injection Attempt -- mystats.php details UPDATE"; flow:established,to_server; http.uri; content:"/mystats.php?"; nocase; content:"details="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2006-6403; reference:url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2; classtype:web-application-attack; sid:2006632; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial
Suricata
ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0052 [HIGH] ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id UPDATE
ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id UPDATE"; flow:established,to_server; http.uri; content:"/haberdetay.asp?"; nocase; content:"id="; nocase; content:"UPDATE"; nocase; pcre:"/UPDATE.+SET/i"; reference:cve,CVE-2007-0052; reference:url,www.milw0rm.com/exploits/3061; classtype:web-application-attack; sid:2005894; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190,
Suricata
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newmessage SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6880 [HIGH] ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newmessage SELECT
ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newmessage SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newmessage SELECT"; flow:established,to_server; http.uri; content:"/code/guestadd.php?"; nocase; content:"newmessage="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2006-6880; reference:url,www.milw0rm.com/exploits/3017; classtype:web-application-attack; sid:2005901; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre
Suricata
ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6269 [HIGH] ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid INSERT
ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid INSERT"; flow:established,to_server; http.uri; content:"/meal_rest.asp?"; nocase; content:"mealid="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-6269; reference:url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded; classtype:web-application-attack; sid:2006870; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020
Suricata
ET WEB_SPECIFIC_APPS uniForum SQL Injection Attempt -- wbsearch.aspx INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0226 [HIGH] ET WEB_SPECIFIC_APPS uniForum SQL Injection Attempt -- wbsearch.aspx INSERT
ET WEB_SPECIFIC_APPS uniForum SQL Injection Attempt -- wbsearch.aspx INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS uniForum SQL Injection Attempt -- wbsearch.aspx INSERT"; flow:established,to_server; http.uri; content:"/wbsearch.aspx?"; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-0226; reference:url,www.milw0rm.com/exploits/3106; classtype:web-application-attack; sid:2005665; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Explo
Suricata
ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country UPDATE
suricata·2010-07-30·CVSS 6.8
CVE-2007-1302 [MEDIUM] ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country UPDATE
ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country UPDATE"; flow:established,to_server; http.uri; content:"/guestbook.php?"; nocase; content:"country="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-1302; reference:url,www.securityfocus.com/bid/22821; classtype:web-application-attack; sid:2004528; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access,
Suricata
ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- page.asp NewsID INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1548 [HIGH] ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- page.asp NewsID INSERT
ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- page.asp NewsID INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- page.asp NewsID INSERT"; flow:established,to_server; http.uri; content:"/News/page.asp?"; nocase; content:"NewsID="; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-1548; reference:url,www.securityfocus.com/bid/23051; classtype:web-application-attack; sid:2004237; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id
Suricata
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6935 [HIGH] ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid SELECT
ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid SELECT"; flow:established,to_server; http.uri; content:"/simplog/archive.php?"; nocase; content:"pid="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2006-6935; reference:url,www.securityfocus.com/bid/20974/exploit; classtype:web-application-attack; sid:2005627; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_
Suricata
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- wp-trackback.php ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0233 [HIGH] ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- wp-trackback.php ASCII
ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- wp-trackback.php ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- wp-trackback.php ASCII"; flow:established,to_server; http.uri; content:"/wp-trackback.php?"; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2007-0233; reference:url,www.milw0rm.com/exploits/3109; classtype:web-application-attack; sid:2005661; rev:8; metadata:affected_product Web_Server_Applications, affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, tag Wordpress, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_t
Suricata
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-1292 [HIGH] ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids SELECT
ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids SELECT"; flow:established,to_server; http.uri; content:"/inlinemod.php?"; nocase; content:"postids="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-1292; reference:url,www.milw0rm.com/exploits/3387; classtype:web-application-attack; sid:2004666; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_03, mitre_tactic_id TA0001, mitre_tactic_name Initia
Suricata
ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-7118 [HIGH] ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid INSERT
ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid INSERT"; flow:established,to_server; http.uri; content:"/index.asp?"; nocase; content:"mid="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-7118; reference:url,www.securityfocus.com/bid/21064; classtype:web-application-attack; sid:2004685; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initia
Suricata
ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0052 [HIGH] ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id SELECT
ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id SELECT"; flow:established,to_server; http.uri; content:"/haberdetay.asp?"; nocase; content:"id="; nocase; content:"SELECT"; nocase; pcre:"/SELECT.+FROM/i"; reference:cve,CVE-2007-0052; reference:url,www.milw0rm.com/exploits/3061; classtype:web-application-attack; sid:2005889; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190
Suricata
ET WEB_SPECIFIC_APPS Forum Livre SQL Injection Attempt -- info_user.asp user SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0589 [HIGH] ET WEB_SPECIFIC_APPS Forum Livre SQL Injection Attempt -- info_user.asp user SELECT
ET WEB_SPECIFIC_APPS Forum Livre SQL Injection Attempt -- info_user.asp user SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Forum Livre SQL Injection Attempt -- info_user.asp user SELECT"; flow:established,to_server; http.uri; content:"/info_user.asp?"; nocase; content:"user="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-0589; reference:url,www.milw0rm.com/exploits/3197; classtype:web-application-attack; sid:2005176; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techn
Suricata
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6667 [HIGH] ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod ASCII
ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod ASCII"; flow:established,to_server; http.uri; content:"/verify.php?"; nocase; content:"nick_mod="; nocase; content:"SELECT"; nocase; pcre:"/ASCII\(.+SELECT/i"; reference:cve,CVE-2006-6667; reference:url,www.frsirt.com/english/advisories/2006/5059; classtype:web-application-attack; sid:2006301; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_t
Suricata
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-2862 [HIGH] ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php SELECT
ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php SELECT"; flow:established,to_server; http.uri; content:"/cart.inc.php?"; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-2862; reference:url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded; classtype:web-application-attack; sid:2004035; rev:10; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T
Suricata
ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0799 [HIGH] ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp INSERT
ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp INSERT"; flow:established,to_server; http.uri; content:"/badword.asp?"; nocase; content:"INSERT"; nocase; pcre:"/INSERT.+INTO/i"; reference:cve,CVE-2007-0799; reference:url,www.securityfocus.com/bid/22382; classtype:web-application-attack; sid:2005005; rev:8; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Publi
Suricata
ET WEB_SPECIFIC_APPS Digirez SQL Injection Attempt -- info_book.asp book_id ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0128 [HIGH] ET WEB_SPECIFIC_APPS Digirez SQL Injection Attempt -- info_book.asp book_id ASCII
ET WEB_SPECIFIC_APPS Digirez SQL Injection Attempt -- info_book.asp book_id ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Digirez SQL Injection Attempt -- info_book.asp book_id ASCII"; flow:established,to_server; http.uri; content:"/info_book.asp?"; nocase; content:"book_id="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-0128; reference:url,www.milw0rm.com/exploits/3081; classtype:web-application-attack; sid:2005839; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_tech
Suricata
ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- moscomment.php mcname INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-7150 [HIGH] ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- moscomment.php mcname INSERT
ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- moscomment.php mcname INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- moscomment.php mcname INSERT"; flow:established,to_server; http.uri; content:"/moscomment.php?"; nocase; content:"mcname="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2006-7150; reference:url,www.securityfocus.com/bid/20650; classtype:web-application-attack; sid:2004429; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techni
Suricata
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-7071 [HIGH] ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP DELETE
ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP DELETE"; flow:established,to_server; http.uri; content:"/classes/class_session.php?"; nocase; content:"CLIENT_IP="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2006-7071; reference:url,www.milw0rm.com/exploits/2010; classtype:web-application-attack; sid:2004800; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitr
No public exploits indexed.
No writeups or analysis indexed.
2020-05-13
Published