t r o c m s mss #1 - virtual security operations center · pdf fileresearch and intelligence...
TRANSCRIPT
ii
©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
RESEARCH AND INTELLIGENCE REPORT
RELEASE DATE: FEBRUARY 26, 2015
BY: DAVID MCMILLEN, SENIOR THREAT RESEACHER
IBM MSS THE RISKS OF CONTENT MANAGEMENT SYSTEMS ATTACHMENT #1
iii
©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
TABLE OF CONTENTS
RECOMMENDATIONS/MITIGATION TECHNIQUES ............................................................................................... 1
IDPS SIGNATURES AND/OR SIEM RULES ............................................................................................................................. 1 Akamai .................................................................................................................................................................................... 1 Checkpoint ............................................................................................................................................................................... 1 Cisco ASA ................................................................................................................................................................................. 6 Cisco IDS .................................................................................................................................................................................. 6 Fortinet .................................................................................................................................................................................... 9 IBM ........................................................................................................................................................................................ 16 Intrushield .............................................................................................................................................................................. 18 ISS .......................................................................................................................................................................................... 19 McAfee .................................................................................................................................................................................. 19 Netscreen .............................................................................................................................................................................. 19 Palo Alto ................................................................................................................................................................................ 21 Snort ...................................................................................................................................................................................... 22 Sourcefire............................................................................................................................................................................... 23 Tipping Point ......................................................................................................................................................................... 24 Trendmicro ............................................................................................................................................................................ 25
DISCLAIMER ..................................................................................................................................................... 25
1
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
RECOMMENDATIONS/MITIGATION TECHNIQUES
Always run the latest version of any CMS.
Update CMS systems regularly. Look specifically for vulnerability patches and bug fixes.
Always use trusted sources for themes and plugins. Never use free themes and plugins.
Never use default settings. Change the default “ADMIN” name. Rename default database prefixes to
prevent SQL Injection.
Reduce credentials. The administrator account should only be needed for performing updates or
adding/changing themes and plugins. Those that are editing posts or writing articles should never need to
be at an administrator level.
Always utilize strong passwords.
Protect the .htaccess file. The following code, added within the .htaccess file will prevent anyone from
reading or writing any files that begin with “hta”. (see “Securing .htaccess” in the References section)
Use a Cloud-Based Security Service. Solutions such as Cloudflare and Akamai act as a shield in front of
your website. These services block bad user agents and offer some protection against SQL Injection and
DDoS attacks.
Backup your CMS installations at regular intervals and design a robust disaster recovery plan.
IDPS SIGNATURES AND/OR SIEM RULES
AKAMAI
Detect Attempts to Access the Wordpress Pingback API
CHECKPOINT
Fast Wordpress Index Changer
Joomla and Wordpress Mass Defacer Tool
W3-Total-Cache Wordpress-plugin Username and Hash Extract
Wordpress Ajax Store Locator Arbitrary File Download
WordPress Backdoor iz Parameter Passthru - Ver2
2
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
WordPress Complete Gallery Manager Plugin Arbitrary Code Execution - Ver2
Wordpress Download Manager Plugin Arbitrary File Upload
WordPress FancyBox Plugin Code Injection
WordPress Gmedia Gallery Shell Upload
WordPress HTTP Brute Force Login Attempt
WordPress MailPoet Newsletters Unauthenticated File Upload
Wordpress Mini Mail Dashboard Widget Remote File Inclusion
WordPress OptimizePress Theme File Upload Remote Code Execution
WordPress Pingback Distributed Denial of Service
WordPress Plugin AdRotate SQL Injection
WordPress Plugin Google Document Embedder Arbitrary File Disclosure
WordPress RSS Feed Generator self_link HTTP_HOST Cross Site Scripting
WordPress RSS feed Generator self_link HTTP_HOST Cross-Site Scripting
WordPress Slider Revolution Plugin Local File Inclusion
WordPress Symposium Plugin Unauthenticated Shell Upload
Wordpress Timthumb WebShot Vulnerability Code Execution
Wordpress Top Quark Architecture Arbitrary File Upload Code Execution
WordPress VideoWhisper Live Streaming Integration Plugin Unrestricted File Upload
Wordpress W3 Total Cache PHP Code Execution
Joomla and Wordpress Mass Defacer Tool
Joomla Community com_comprofiler SQL Injection
Joomla Component com_5starhotels SQL Injection
Joomla Component com_acooldebate Local File Inclusion
Joomla Component com_acprojects SQL Injection
Joomla Component com_acstartseite SQL Injection
Joomla Component com_acteammember SQL Injection
Joomla Component com_adsmanager Remote File Inclusion
Joomla Component com_ajaxchat Remote File Inclusion
Joomla Component com_alameda SQL Injection
Joomla Component com_artlinks Remote File Inclusion
Joomla Component com_avosbillets SQL Injection
Joomla Component com_beamospetition Remote SQL Injection
Joomla component com_bearleague SQL Injection
Joomla Component com_bfsurvey Local File Inclusion
Joomla Component com_biblestudy Local File Inclusion
Joomla Component com_billyportfolio SQL Injection
Joomla Component com_books SQL Injection
Joomla Component com_brightweblinks SQL Injection
Joomla Component com_cartweberp Local File Inclusion
Joomla Component com_category SQL Injection
3
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
Joomla Component com_ccnewsletter Local File Inclusion
Joomla Component com_ckforms Local File Inclusion
Joomla Component com_clan SQL Injection
Joomla Component com_clanlist SQL Injection
Joomla Component com_communitypolls Local File Inclusion
Joomla Component com_contact Info SQL Injection
Joomla Component com_content SQL Injection
Joomla Component com_dailymeals Local File Inclusion
Joomla Component com_dashboard Directory Traversal
Joomla Component com_dateconverter SQL Injection
Joomla Component com_dbquery Remote File Inclusion
Joomla Component com_digifolio SQL Injection
Joomla Component com_doqment SQL Injection
Joomla Component com_dshop SQL Injection
Joomla Component com_DTRegister Remote SQL Injection
Joomla Component com_equipment SQL Injection
Joomla Component com_equotes Remote SQL Injection
Joomla component com_estateagent SQL Injection
Joomla Component com_event Multiple vulnerability
Joomla Component com_expshop SQL Injection
Joomla Component com_ezautos SQL Injection
Joomla Component com_ezine Remote File Inclusion
Joomla Component com_ezstore Remote SQL Injection
Joomla component com_fastball SQL Injection
Joomla Component com_flippingBook SQL Injection
Joomla Component com_galeria SQL Injection
Joomla Component com_ganalytics Local File Inclusion
Joomla Component com_gcalendar Remote SQL Injection
Joomla Component com_gigcal SQL Injection
Joomla Component com_gurujibook SQL Injection
Joomla Component com_hmcommunity SQL Injection
Joomla Component com_huruhelpdesk SQL Injection
Joomla Component com_ice SQL Injection
Joomla Component com_idoBlog Remote SQL Injection
Joomla Component com_ignitegallery SQL Injection
Joomla Component com_ijoomla_archive SQL Injection
Joomla Component com_img Local File Inclusion
Joomla Component com_ionfiles File Disclosure
Joomla component com_iproperty SQL Injection
Joomla Component com_jabode Remote SQL Injection
4
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
Joomla Component com_janews Local File Inclusion
Joomla Component com_jashowcase Remote SQL Injection
Joomla Component com_jbudgetsmagic SQL Injection
Joomla Component com_jeauto Local File Inclusion
Joomla Component com_jeemasms Multiple vulnerability
Joomla Component com_jefaqpro SQL Injection
Joomla Component com_jejob SQL Injection
Joomla Component com_jepoll SQL Injection
Joomla Component com_jequoteform Local File Inclusion
Joomla Component com_jgen SQL Injection
Joomla Component com_Jobline SQL Injection
Joomla Component com_joomlaDate SQL Injection
Joomla Component com_joomlaradio Remote File Inclusion
Joomla Component com_joomnik SQL Injection
Joomla Component com_jotloader SQL Injection
Joomla Component com_jpad SQL Injection
Joomla Component com_jphoto SQL Injection
Joomla Component com_jpodium SQL Injection
Joomla component com_jp_jobs SQL Injection
Joomla Component com_jradio Local File Inclusion
Joomla Component com_jsjobs SQL Injection
Joomla Component com_kochsuite Remote File Inclusion
Joomla Component com_linkdirectory Remote File Inclusion
Joomla Component com_linkr Local File Inclusion
Joomla Component com_listing SQL Injection
Joomla Component com_liveticker SQL Injection
Joomla Component com_lyftenbloggie Remote SQL Injection
Joomla Component com_mambowiki Remote File Inclusion
Joomla Component com_marketplace SQL Injection
Joomla Component com_markt SQL Injection
Joomla Component com_mdigg SQL Injection
Joomla Component com_mojo Remote File Include
Joomla Component com_netinvoice SQL Injection
Joomla Component com_newsflash Remote SQL Injection
Joomla Component com_obSuggest Local File Inclusion
Joomla Component com_otzivi Local File Inclusion
Joomla Component com_ownbiblio SQL Injection
Joomla Component com_oziogallery SQL Injection
Joomla Component com_pccookbook Remote File Inclusion
Joomla Component com_people Local File Inclusion
5
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
Joomla Component com_performs Remote File Inclusion
Joomla Component com_phocadocumentation Remote SQL Injection
Joomla Component com_phocagallery SQL Injection
Joomla Component com_photoblog alpha 3 SQL Injection
Joomla Component com_photoblog SQL Injection
Joomla component com_ponygallery SQL Injection
Joomla Component com_portfol SQL Injection
Joomla Component com_prayercenter SQL Injection
Joomla Component com_productbook SQL Injection
Joomla Component com_projectfork Local File Inclusion
Joomla Component com_qcontacts SQL Injection
Joomla Component com_quickfaq SQL Injection
Joomla Component com_realestatemanager Remote File Inclusion
Joomla Component com_redshop SQL Injection
Joomla Component com_rokdownloads Local File Inclusion
Joomla Component com_rsappt_pro2 Local File Inclusion
Joomla Component com_rsfiles Directory traversal
Joomla Component com_rwcards Local File Inclusion
Joomla Component com_s5clanroster SQL Injection
Joomla Component com_sectionex Local File Inclusion
Joomla Component com_seminar SQL Injection
Joomla Component com_simpleshop SQL Injection
Joomla Component com_simple_review Injection SQL Injection
Joomla Component com_spidercalendar SQL Injection
Joomla Component com_team SQL Injection
Joomla Component com_techfolio SQL Injection
Joomla Component com_tupinambis SQL Injection
Joomla Component com_virtuemart SQL Injection
Joomla Component com_webring Remote File Inclusion
Joomla Component com_wmtpic SQL Injection
Joomla Component com_xevidmegahd Remote SQL Injection
Joomla Component com_xewebtv SQL Injection
Joomla Component com_xgallery Local File Inclusion
Joomla Component com_xmovie Local File Inclusion
Joomla Component com_ybggal SQL Injection
Joomla Component com_yellowpages SQL Injection
Joomla Component com_youtube SQL Injection
Joomla Component com_yvcomment SQL Injection
Joomla Component ds_syndicate SQL Injection
Joomla Component JE Media Player Arbitrary File Upload
6
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
Joomla Component jeeventcalendar SQL Injection
Joomla Component JESectionFinder Directory traversal
Joomla Component Jw_allVideos Remote File Download
Joomla Component Scriptegrator File Inclusion
Joomla com_casino_blackjack SQL Injection
Joomla com_joomgalaxy SQL Injection
Joomla com_na_newsdescription SQL Injection
Joomla Content Editor Malicious User Agent Code Execution
Joomla DJ Classifieds SQL Injection
Joomla Media Manager File Upload Code Execution
Joomla ofc_upload_image.php Unrestricted File Upload
Joomla Remote File Inclusion
Joomla Unauthorized File Upload Remote Code Execution
Joomla Webring Component adminwebringdocsphp component_dir Parameter PHP Code Execution - Ver2
Joomla! HTTP-Referrer XSS
Joomla! Jobline Component 'search' Parameter SQL Injection
Joomla! JomSocial Input Validation Remote Code Execution
Joomla! Path Traversal
Web Servers Joomla Remote File Inclusion
Dries Buytaert Drupal Core OpenID Module Information Disclosure
Drupal Core XML-RPC Endpoint xmlrpc.php Internal Entity Expansion Denial of Service
Drupal Core XML-RPC Endpoint xmlrpc.php Tags Denial of Service
CISCO ASA
WordPress Installation Brute Forcing Attempt
WordPress OptimizePress Theme File Upload Vulnerability
Joomla 1.5.12 TinyBrowser File Upload Code Execution
Joomla Media Manager File Upload
CISCO IDS
WordPress Cookie cache_lastpostdate Overflow
HTTP WordPress Colormix Theme Cross Site Scripting Vulnerability
Newsletter Plugin For Wordpress Cross-Site Scripting Vulnerability
NextGEN Gallery Plugin For WordPress Json.php Path Disclosure Vulnerability
Rlswordpresssearch Plugin For Wordpress Register.Php SQL Injection Vulnerability
Snazzy Archives Plugin For Wordpress Tagcloud.Swf Cross-Site Scripting Vulnerability
WordPress 2.1.1 Backdoor IX Parameter Injection Detection
WordPress 2.1.1 Backdoor IZ Parameter Injection Detection
WordPress ABC Test Plugin Id Parameter XSS Vulnerability
7
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
WordPress Age Verification Plugin Redirect_to Parameter URI Redirection Vulnerability
WordPress Ambience Theme Src Parameter Cross Site Scripting Vulnerability
Wordpress Attack Scanner Plugin For Wordpress Path Information Disclosure Vulnerability
WordPress Bradesco Gateway Plugin Cross Site Scripting Vulnerability
WordPress Caching Plugins Remote PHP Code Execution
WordPress Category Grid View Gallery Plugin ID Parameter Cross-Site Scripting Vulnerability
WordPress Chocolate WP Theme Cross Site Scripting Vulnerability
WordPress Church_Admin Id Parameter XSS Vulnerability
WordPress Ck-processkarma.php Security Bypass Vulnerability
WordPress Ck-processkarma.php SQL Injection Vulnerability
WordPress Comment Extra Fields Plugin Cross Site Scripting Vulnerability
WordPress CommentLuv Plugin _ajax_nonce Parameter Cross-Site Scripting Vulnerability
WordPress Cookie cache_lastpostdate Overflow
WordPress Count Per Day Plugin Counter.php CSRF Vulnerability
WordPress Count Per Day Plugin Datemin Parameter XSS Vulnerability
WordPress Count Per Day Plugin Page Parameter XSS Vulnerability
WordPress Crayon Syntax Highlighter Wp_load Remote File Include
WordPress Cross Site Request Forgery Vulnerability
WordPress Cross Site Scripting Vulnerability
Wordpress Cross-Site Request Forgery
WordPress Denial of Service Vulnerability
WordPress Design Approval System Plugin XSS Vulnerability
WordPress Duplicator Plugin Cross-Site Scripting Vulnerability
WordPress Easy Webinar Plugin Wid Parameter SQL Injection
WordPress FAQs Manager Plugin Admin-ajax.php Cross-Site Scripting Vulnerability
WordPress Featurific For WordPress Plugin Snum Parameter XSS Vulnerability
WordPress Feedweb Plugin Wp_post_id Parameter Cross Site Scripting Vulnerability
WordPress FlagEm Plugin CID Parameter Cross Site Scripting Vulnerability
WordPress Flashnews Theme Src Parameter DoS
WordPress Flashnews Theme Src Parameter Remote Code Execution
WordPress Flashnews Theme Src Parameter XSS Vulnerability
WordPress Flashnews Theme Test.php Parameter XSS Vulnerability
WordPress Floating Tweets Plugin Directory Traversal
WordPress Floating Tweets Plugin Full Path Disclosure
WordPress Floating Tweets XSS Vulnerability
WordPress Foxypress Plugin Cross Site Request Forgery
WordPress Foxypress Plugin HTML Injection
WordPress Foxypress Plugin Information Disclosure
WordPress G-Lock Double Opt-In Manager Plugin SQL Injection
WordPress Gallery Plugin Filename_1 Parameter Remote Arbitrary File Access Vulnerability
8
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
Wordpress HD Webplayer Plugin Config.php SQL Injection
Wordpress HD Webplayer Plugin Config.php SQL Injection Vulnerability
WordPress Host Header Processing Cross-Site Scripting
WordPress IndiaNIC Cross Site Request Forgery Vulnerability
Wordpress Indianic Faqs Manager Plugin 1.0 XSRF Vulnerability
Wordpress Indianic Faqs Manager Plugin 1.0 XSS Vulnerability
Wordpress InfusionSoft Plugin Upload
WordPress Installation Brute Forcing Attempt
WordPress Integrator Redirect_to Parameter Cross-Site Scripting Vulnerability
WordPress Mb.MiniAudioPlayer Plugin Cross Site Scripting Vulnerability
WordPress Monsters Editor For WP Super Edit Plugin Arbitrary File Upload Vulnerability
WordPress Newsletter Preview.php File Disclosure Vulnerability
WordPress Notices Ticker Plugin Cross Site Request Forgery
WordPress OptimizePress Theme File Upload Vulnerability
WordPress Pinboard Theme Tab Parameter Cross Site Scripting Vulnerability
WordPress Pingback Denial of Service Attack
WordPress Platinum SEO XSS Vulnerability
Wordpress Podpress Plugin Playerid Parameter Cross Site Scripting Vulnerability
WordPress Portable phpMyAdmin Plugin Authentication Bypass
WordPress Pretty Link Plugin XSS Vulnerability
WordPress ProPlayer Plugin Id Parameter SQL Injection
WordPress Rich Widget Plugin Arbitrary File Upload Vulnerability
WordPress RokNewsPager Denial of Service
WordPress RokNewsPager Plugin XSS
WordPress Sahifa Theme Cross Site Request Forgery Vulnerability
WordPress Securimage-WP Plugin Siwp_test.php Cross Site Scripting Vulnerability
WordPress Sharebar Cross Site Scripting Vulnerability
Wordpress Slideshow Plugin Cross Site Scripting Vulnerability
Wordpress Slideshow Plugin Multiple Cross Site Scripting Vulnerability
WordPress Smart Flv Plugin Cross Site Scripting Vulnerability
WordPress SolveMedia 1.1.0 Cross Site Request Forgery
WordPress Spicy Blogroll Plugin Remote File Include Vulnerability
WordPress Spider Catalog Plugin AllImagesQ Cross Site Scripting Vulnerability
WordPress TimThumb Plugin Cross Site Scripting Vulnerability
WordPress Token Manager Plugin Tid Parameter XSS Vulnerability
WordPress Traffic Analyzer Plugin aoid Parameter XSS Vulnerability
WordPress Video Lead Form Plugin ErrMsg Parameter XSS Vulnerability
WordPress Webplayer Plugin ID Parameter SQL Injection
WordPress WP Socializer Val Parameter XSS Vulnerability
WordPress Wp-ImageZoom File Parameter Remote File Disclosure Vulnerability
9
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
WordPress Wp-ImageZoom Theme ID Parameter SQL Injection
WordPress WP-SendSMS Plugin Cross Site Request Forgery Vulnerability
WordPress WP-Table Reloaded Plugin ID Parameter Cross Site Scripting Vulnerability
WordPress Wysija Newsletters Plugin SQL Injection
Wordpress Zeroclipboard.Swf Cross Site Scripting Vulnerability
Googlemaps Joomla! Pluging Cross-Site Scripting Vulnerability
Googlemaps Plugin For Joomla! Plugin_Googlemap3_Kmlprxy.Php DOS Vulnerability
Joomla 1.5 Password Token Bypass
Joomla 1.5.12 TinyBrowser File Upload Code Execution
Joomla Component JCE File Upload Remote Code Execution
Joomla Cross-Site Scripting Vulnerability
Joomla Media Manager File Upload
Joomla VirtueMart Component SQL Injection
Rsfiles Component For Joomla Cid Parameter SQL Injection Vulnerability
Drupal Core xmlrpc.php Internal Entity Expansion Denial of Service
FORTINET
WordPress.Slider.Revolution.File.Inclusion
Backdoor.WordPress.ix.Code.Execution
Backdoor.WordPress.iz.Command.Execution
Cafe.Wordpress.SQL.Injection
FeedList.Plugin.for.WordPress.Parameter.XSS
FireStats.WordPress.Plugin.Multiple.XSS.Authentication.Bypass
Fuctweb.CapCC.Plugin.For.WordPress.CAPTCHA.Security.Bypass
PHP.phpWordPress.SQL.Injection
PHP.WordPress.Cookie.Data.Code.Injection
Pretty.Link.Lite.WordPress.Plugin.Cross.Site.Scripting.Vuln
Twitter.Feed.for.WordPress.Plugin.XSS.Vulnerability
web_app: PHP.phpWordPress.SQL.Injection
web_app: PHP.phpWordPress.Sql.Injection.A
WordPress.Advance.Dewplayer.Plugin.Information.Disclosure.Vuln
WordPress.All-in-One.Event.Calendar.Plugin.XSS.Vulnerabilities
WordPress.AllWebMenus.Plugin.Remote.File.Inclusion.Vuln
WordPress.Asset.Manager.Plugin.Arbitrary.File.Upload
WordPress.BackWPup.Plugin.Directory.Traversal.Vulnerabilities
WordPress.Booking.System.Plugin.SQL.Injection.Vulnerability
WordPress.Calendar.Plugin.Cross-Site.Request.Forgery.Vuln
WordPress.cformsII.Plugin.rs.and.rsargs.XSS
WordPress.Code.SQL.Injection
10
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
WordPress.Complete.Gallery.Manager.plugin.Arbitrary.File.Upload
WordPress.Contact.Bank.Plugin.Label.Tag.HTML.Injection.Vuln
WordPress.Content.Slide.Plugin.Cross-site.Request.Forgery.Vulne
WordPress.Contextual.Related.Posts.Plugin.Cross-Site.Vuln
Wordpress.Count-Per-Day.Plugin.Directory.Traversal.Vuln
Wordpress.Count.per.Day.Plugin.Multiple.XSS.Vulns
WordPress.Count.Per.Day.Plugin.XSS
WordPress.Cross-site.Request.Forgery.Vulnerability
WordPress.CSS.Style.Cross-Site.Scripting.Vulnerability
Wordpress.Default.Theme.Admin.XSS
WordPress.Digg-Digg.Plugin.Cross-Site.Request.Forgery.Vuln
Wordpress.Download.Manager.Unauthenticated.File.Upload
WordPress.Download.Manager.wpdm_upload_icons.Code.Execution
WordPress.Fast.Secure.Contact.Form.Plugin.URL.Cross-Site.Script
WordPress.File.Upload.Script.Insertion.Vulnerabilities
Wordpress.Forums.Plugin.File.Disclosure.Vulnerability
WordPress.Foxypress.Plugin.Arbitrary.File.Upload
WordPress.Foxypress.Plugin.Uploadify.Arbitrary.File.Upload
Wordpress.Gallery.Plugin.File.Inclusion.Vulnerability
WordPress.Information.Disclosure
Wordpress.InfusionSoft.Code.Generator.PHP.Code.Injection
Wordpress.is_human.Plugin.Remote.Command.Injection
WordPress.Jetpack.Plugin.Security.Bypass.Vulnerability
WordPress.jRSS.Widget.url.Parameter.Information.Disclosure
WordPress.KSES.Multiple.Cross-site.Scripting.Vulnerabilities
WordPress.LeagueManager.Plugin.SQL.Injection
Wordpress.Login.Brute.Force
Wordpress.Mac.Photo.Gallery.Plugin.Arbitrary.File.Upload
WordPress.Mail.On.Update.Plugin.Cross-Site.Request.Forgery.Vuln
Wordpress.MailPoet.Newsletters.Unauthenticated.File.Upload
WordPress.MailPoet/WYSIJA.Newsletters.Remote.File.Upload.Vuln
WordPress.mb.miniAudioPlayer.Plugin.XSS.Vulnerabilities
WordPress.META-Generator.Header.Indicates.Vulnerable.Version
Wordpress.MM.Forms.Community.Plugin.Arbitrary.File.Upload
WordPress.MobileChief.Plugin.Cross-Site.Scripting.Vulnerability
WordPress.MU.Prior.to.2.7.Cross-site.Scripting.Vuln
WordPress.Multiple.Security.Vulnerabilities
WordPress.Multiple.Themes.Cross-site.Scripting.Vulnerabilities
Wordpress.Multiple.Vulnerabilities
WordPress.myEASYbackup.Plugin.Directory.Traversal.Vulnerability
11
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
Wordpress.Newsletter.Plugin.Cross-site.Scripting.Vulnerability
WordPress.Newsletter.Preview.php.File.Disclosure
WordPress.Occasions.Plugin.XSS
WordPress.OptimizePress.Theme.Arbitrary.File.Upload
Wordpress.Page-Flip-Image-Gallery.Plugins.Arbitrary.File.Upload
WordPress.Participants.Database.Plugin.SQL.Injection.Vuln
WordPress.Photo.Album.Plus.Error.Log.XSS
Wordpress.PHP.Application.XSS
Wordpress.Pica.Photo.Gallery.Plugin.Arbitrary.File.Upload
WordPress.Platinum.SEO.Pack.Plugin.s.Parameter.XSS.Vuln
WordPress.Plugin.Advanced.Custom.Fields.Remote.File.Inclusion
WordPress.Plugin.BackWPup.Remote.File.Inclusion.Vulnerability
WordPress.Plugin.Comment.Rating.id.Parameter.SQL.Injection
WordPress.Plugin.DZS.Video.Gallery.File.Disclosure
WordPress.Plugin.GDE.Arbitrary.File.Disclosure
WordPress.Plugin.Sniplets.File.Inclusion
WordPress.Plugin.W3.Total.Cache.Remote.PHP.Code.Execution
Wordpress.Poll.Plugin.SQL.Injection.Vulnerability
Wordpress.Portable.PHPmyadmin.Auth.Bypass.Vulnerability
WordPress.post.php.XSS
Wordpress.Posts.SQL.Injection.Vulnerability
WordPress.Privileges.Multiple.Information.Disclosure.Vuln
WordPress.Processing.Embed.Plugin.Cross-site.Scripting.Vuln
WordPress.Property.Plugin.Arbitrary.File.Upload
WordPress.Quick.Page/Post.Redirect.Plugin.Multiple.Vuln
WordPress.Related.Posts.by.Zemanta.Plugin.Cross.Site.Vuln
WordPress.Related.Posts.Plugin.Cross-Site.Request.Vuln
Wordpress.Reset.Password.Security.Bypass
WordPress.RSS.Feed.Generator.self_link.HTTP_HOST.XSS
WordPress.RSS.Feed.Reader.Plugin.Cross-site.Scripting.Vuln
WordPress.RSS.META-Generator.Header.Indicates.Is.Vulnerable
WordPress.S3.Video.Plugin.Cross-Site.Scripting.Vulnerability
WordPress.Safe.Search.Plugin.Cross-site.Scripting.Vulnerability
WordPress.Security.Bypass.And.Unspecified.Vulnerabilities
WordPress.Simply.Poll.Plugin.XSS
WordPress.Slider.Revolution.File.Inclusion
Wordpress.Spicy.Blogroll.Plugin.Remote.File.Inclusion
WordPress.Stream.Video.Player.Plugin.CSRF.Vulnerability
WordPress.template.functions.category.SQL.Injection
WordPress.Theme.Tuner.Plugin.Remote.File.Inclusion.Vuln
12
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
Wordpress.TimThumb.PHP.Command.Injection
WordPress.TinyMCE.Color.Picker.Plugin.XSS.and.Bypass.Vuln
WordPress.Tinymce.Thumnail.Gallery.Plugin.File.Disclosure
WordPress.Traffic.Analyzer.Plugin.aoid.Parameter.XSS.Vuln
Wordpress.Unauthenticated.Administrator.Password.Reset
Wordpress.User.Enumeration.Brute.Forcer
WordPress.user_login.Column.SQL.Truncation.Vuln
WordPress.wp-admin.and.admin.php.Module.Conf.Security.Bypass
WordPress.wp-config.php.Backup.Is.Readable
WordPress.wp-config.php.NumberSign.Backup.Is.Readable
WordPress.wp-content.plugins.Directory.is.Listable
WordPress.WP-Cumulus.Plugin.tagcloud.swf.XSS
WordPress.WP-Forum.Plugin.Multiple.SQL.Injections
Wordpress.Wp-login.PHP.HTTP.Response.Splitting.Vuln
WordPress.WP-Syntax.Plugin.Remote.Code.Execution
WordPress.WP.Banners.Lite.Plugin.XSS
WordPress.WP.Custom.Pages.Plugin.Directory.Traversal.Vuln
WordPress.Wp.Download.Manager.Arbitrary.File.Upload
WordPress.WP.E.Commerce.Plugin.cart.message.XSS
WordPress.Wp.ImageZoom.file.Parameter.File.Disclosure
Wordpress.WP.Marketplace.Plugin.Arbitrary.File.Upload
WordPress.WP.Symposium.Arbitrary.File.Upload
WordPress.WP.Symposium.Plugin.Cross-site.Scripting.Vuln
Wordpress.wp.trackback.SQL.Injection
WordPress.WP.Ultimate.Email.Marketer.Plugin.Multiple.Vulns
Wordpress.wpStoreCart.Plugin.Arbitrary.File.Upload
Wordpress.wpStoreCart.Plugin.Unrestricted.File.Upload.Vuln
WordPress.Wptitle.XSS
Wordpress.WPTouch.Authenticated.File.Upload
WordPress.WPtouch.Plugin.Cross-site.Scripting.Vulnerability
WordPress.XML-RPC.Remote.Publishing.Interface.Security.Vuln
Wordpress.Xml.Quadratic.Blowup.DoS
WordPress.xmlrpc.php.wp.getUsersBlogs.Brute.Force
WordPress.xmlrpc.Pingback.DoS
WordPress.XSS.HTML.Injection.SQL.Injection
WordPress.XSS.SQL.Injection
WordPress.XSS.Vulnerability
Wordpress_File.Upload
WP-Forum.WordPress.Plugin.Multiple.SQL.Injection
Yoast.Google.Analytics.For.WordPress.Plugin.XSS
13
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
Acajoom.Component.for.Joomla.3.2.6.Backdoor
Agile.Joomla.Components.Parameter.Local.File.Inclusion
AvReloaded.Plugin.for.Joomla!.SQL.Injection.Vulnerability
EOL.Software.Joomla!.1.5.x.Detected
Huru.Helpdesk.Joomla.Component.cid.Parameter.SQL.Injection.Vuln
Joomla!.1.5.Multiple.Vulnerabilities
Joomla!.1.5.Password.Reset.Vulnerability
Joomla!.1.6.Multiple.Cross-Site.Scripting.Vulnerabilities
Joomla!.1.6.Multiple.Vulnerabilities
Joomla!.administrator.Section.Information.Disclosure.Vuln
Joomla!.AJAX.Shoutbox.Component.jal_lastID.SQL.Injection.Vuln
Joomla!.AlphaRegistration.Component.SQL.Injection
Joomla!.and.Mambo.gigCalendar.Component.SQL.Injection.Vuln
Joomla!.BF.Survey.Pro.Component.SQL.Injection.Vulnerability
Joomla!.Blind.SQL.Injection.Vulnerability
Joomla!.com_contact.Cross-site.Scripting.Vulnerability
Joomla!.com_contact.Multiple.Cross-site.Scripting.Vuln
Joomla!.com_jsjobs.Component.Multiple.SQL.Injection.Vuln
Joomla!.Cross-Site.Scripting.Vulnerability
Joomla!.eXtplorer.Component.Cross-site.Scripting.Vuln
Joomla!.GCalendar.Component.SQL.Injection.Vulnerability
Joomla!.GigCalendar..Component.SQL.Injection.Vulnerability
Joomla!.Google.Maps.Plugin.Multiple.Vulnerabilities
Joomla!.Host.HTTP.Header.Cross.Site.Scripting.Vulnerability
Joomla!.Information.Disclosure.Vulnerability
Joomla!.ja_purity.Cross-site.Scripting.Vulnerability
Joomla!.JA_Purity.Template.XSS.Vulnerability
Joomla!.Jumi.Component.SQL.Injection.Vulnerability
Joomla!.JV.Comment.Component.id.Parameter.SQL.Injection.Vuln
Joomla!.JVideo!.Component.SQL.Injection.Vulnerability
Joomla!.Komento.Component.Multiple.XSS.Vuln
Joomla!.Language.Switcher.Module.Cross-site.Scripting.Vuln
Joomla!.Multi.Calendar.Component.Cross-site.Scripting.Vuln
Joomla!.Multiple.Cross-Site.Scripting.Vulnerabilities
Joomla!.Multiple.Information.Disclosure.Vulnerabilities
Joomla!.ordering.Parameter.Cross-site.Scripting.Vulnerability
Joomla!.Password.Change.and.Privilege.Escalation.Vuln
Joomla!.Prior.to.1.5.12.Multiple.Cross-site.Scripting.Vuln
Joomla!.Prior.to.2.5.5.Multiple.Vulnerabilities
Joomla!.Properties.Component.for.SQL.Injection.Vulnerability
14
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
Joomla!.remember.php.PHP.Object.Injection.Vulnerability
Joomla!.SQL.Injection.Vulnerability
Joomla!.Unauthorised.Upload.File.Vulnerability
Joomla!.Update.Manager.Cross-site.Scripting.Vulnerability
Joomla!.XStandard.Component.Directory.Traversal.Vulnerability
Joomla!.Youtube.Gallery.Component.videofile.XSS.Vuln
Joomla.Admin.Joomlaradiov5.PHP.File.Inclusion
Joomla.Akeeba.Kickstart.Unserialize.Remote.Code.Execution
Joomla.ArtForms.Multiple.SQL.Injection.Vulnerabilities
Joomla.Barter.Sites.Component.SQL.Injection.Vulnerability
Joomla.BF.Quiz.Component.SQL.Injection.Vulnerability
Joomla.Clickjacking.Security.Bypass.Vulnerability
Joomla.Com.User.Component.Password.Reset
Joomla.Component.RWCards.Remote.SQL.Injection
Joomla.com_jimtawl.Component.Local.File.Include.Vulnerability
Joomla.com_kp.Local.File.Include.Vuln
Joomla.com_maianmedia.Component.SQL.Injection.Vulnerability
Joomla.com_xobbix.component.SQL.Injection.Vuln
Joomla.Cross-site.Scripting.Multiple.Vulnerabilities
Joomla.Currency.Converter.Module.XSS.Vulnerability
Joomla.Estate.Agent.Component.SQL.Injection.Vulnerability
Joomla.Google.Maps.Plugin.DDOS
Joomla.highlight.php.Multiple.Remote.Vulnerabilities
Joomla.JCE.Extension.Remote.File.Upload
Joomla.language.Search.Component.Cross-Site.Scripting.Vuln
Joomla.Lyftenbloggie.XSS.Vulnerability
Joomla.Media.Manager.Arbitrary.File.Upload
Joomla.Multiple.SQL.Injection.Vulnerabilities
Joomla.Multiple.XSS.and.Information.Disclosure.Vulns
Joomla.Prior.to.1.6.4.Multiple.XSS
Joomla.RSfiles.Component.SQL.Injection
Joomla.searchword.Parameter.Process.Code.Injection
Joomla.Teams.Component.SQL.Injection.Vulnerability
Joomla.TinyBrowser.Multiple.Vulnerabilities
Joomla.TinyMCE.Arbitrary.File.Upload
Joomla.Upload.Code.Execution
Joomla.URI.Index.php.XSS
Joomla.Webring.Remote.File.Inclusion
Mambo.Joomla!Multiple.Components.Controller.Para.Local.File
Mambo.Joomla!Multiple.Components.View.Para.Local.File.Inclusion
15
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
Mambo.Joomla.DoS
Mambo/Joomla!.Remote.File.Inclusion.Vulnerability
Obsolete.Software:.Joomla!.3.0.x.Detected
Obsolete.Software:.Joomla!.3.1.x.Detected
Obsolete.Software:Joomla!.1.7.x.Detected
Scriptegrator.Plugin.for.Joomla.files.Parameter.Remote.File.
TinyBrowser.Joomla.Component.folders.php.Local.File.Inclusion
web_app: Joomla.Webring.Remote.File.Inclusion
Debian.Security.Update.Drupal6.DSA-1930
Debian.Update.drupal6.DSA-1808-1
Drupal
Drupal.BlogAPI.Code.Execution
Drupal.Core.Access.Bypass.And.Arbitrary.Code.Execution.Vulns
Drupal.Core.Access.Bypass.Vulnerability.SA-CORE-2011-002
Drupal.Core.Access.Bypass.Vulnerability.SA-CORE-2011-003
Drupal.Core.Cross-site.Scripting.Vuln.SA-CORE-2011-001
Drupal.Core.database.inc.expandArguments.SQL.Injection
Drupal.Core.Information.Disclosure.Vuln.SA-CORE-2014-002
Drupal.Core.Multiple.Remote.Vulnerabilities
Drupal.Core.Multiple.Vulnerabilities.SA-CORE-2012-002
Drupal.Core.Multiples.Vulnerabilities.SA-CORE-2012-003
Drupal.Core.OpenID.Module.Information.Disclosure
Drupal.Core.XML-RPC.Endpoint.xmlrpc.php.Tags.DoS
Drupal.Core.xmlrpc.php.Internal.Entity.Expansion.DoS
Drupal.Cross-site.Scripting.Multiple.Vulnerabilities
Drupal.Cross.Site.Scripting.Code.Injection.and.Info.Disclosure
Drupal.Denial.of.Service.Vulnerability.SA-CORE-2013-002
Drupal.DoS.Vulnerability.SA-CORE-2013-002
Drupal.Forum.XSS
Drupal.HTML.Injection.and.Information.Disclosure.Vulns
Drupal.IMCE.Module.Arbitrary.File.Deletion
Drupal.Information.Disclosure.Multiple.Vuln.SA-CORE-2012-003
Drupal.Multiple.XSS.and.Access.Bypass.Vulns.SA-CORE-2013-001
Drupal.Script.sites.default.settings.php.Found
Drupal.Services.Module.Key-Based.Access.Authentication.Bypass
Drupal.Theme.System.Template.File.Local.File.Include
Drupal_Login
Fedora.Drupal.Update
Fedora.drupal.Update.FEDORA.2009.0678
Fedora.Drupal.Update.FEDORA.2009.7362.and.7406.and.7315
16
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
Fedora.Update.drupal-date.FEDORA-2009-8162.2009-8184
Fedora.Update.drupal.FEDORA-2009-13291.FEDORA-2009-13364
Fedora.Update.for.drupal-cck.FEDORA-2010-10200
Fedora.Update.for.drupal-views.FEDORA-2010-10215
Fedora.Update.for.Drupal.FEDORA-2010-12753
Fedora.Update.for.Drupal.FEDORA-2010-3640
Simplenews.Statistics.Module.for.Drupal.Open.Redirect.Vuln
IBM
phpWordPress_SQL_Injection
WordPressTrackbackDoS
WordPress_Adserve_Plugin_SQL_Injection
WordPress_All-in-One_Event_Calendar_Plugin_Multiple_Cross-Site_Scripting
WordPress_Count_Per_Day_Plugin_notes.php_SQL_Injection
WordPress_Cover_WP_Theme_Cross-Site_Scripting
Wordpress_Cross-Site_Scripting
WordPress_Daily_Maui_Photo_Widget_Plugin_wp-dailymaui-widget-control.php_Cross-Site_Scripting
WordPress_edit-post-rows.php_Cros-Site_Scripting
WordPress_feed.php_PHP_Function_Execution
WordPress_FeedList_Plugin_handler_image.php_Cross-Site_Scripting
WordPress_GBK/Big5_Character_Set_SQL_Injection
WordPress_index.php_Information_Leakage
WordPress_invites.php_Cross-Site_Scripting
WordPress_Multiple_base64_Redirection_Cross-Site_Scripting
WordPress_Multiple_Cross-Site_Scripting
WordPress_MU_wpmu-blogs.php_Cross-Site_Scripting
WordPress_myGallery_Plugin_Remote_File_Inclusion
WordPress_Newsletter_Plugin_stnl_iframe.php_SQL_Injection
WordPress_NextGEN_Gallery_Plugin_media-rss.php_Cross-Site_Scripting
WordPress_Organizer_Plugin_admin.php_Cross-Site_Scripting
Wordpress_Page_Flip_Image_Gallery_Plugin_getConfig.php_Path_Traversal
WordPress_Permalinks_Migration_Plugin_Cross-Site_Scripting
WordPress_PHP_SELF_Cross-Site_Scripting
WordPress_Pool_Theme_Cross-Site_Scripting_in_Path
WordPress_Pretty_Link_Plugin_pretty-bar.php_Cross-Site_Scripting
WordPress_p_SQL_Injection
WordPress_Redoable_Theme_index.php_Cross-Site_Scripting
WordPress_Search_Function_SQL_Injection
17
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
WordPress_SEO_Tools_Plugin_get_download.php_Path_Traversal
WordPress_SQL_Injection
WordPress_templates.php_Cross-Site_Scripting
WordPress_theme.php_Command_Execution
WordPress_Twitter_Feed_Plugin_magpie_debug.php_Cross-Site_Scripting
WordPress_upload.php_Cross-Site_Scripting
WordPress_Upload_File_Plugin_wp-uploadfile.php_SQL_Injection
WordPress_Whois_Search_Plugin_wp-whois-ajax.php_Cross-Site_Scripting
WordPress_wp-comments-post.php_Cross-Site_Scripting
Wordpress_WP-DB_Backup_Plugin_edit.php_Path_Traversal
WordPress_WP-Forum_Plugin_user_parameter_SQL_Injection
WordPress_WP-StarsRateBox_Plugin_wp-starsratebox.php_Cross-Site_Scripting
WordPress_WP-StarsRateBox_Plugin_wp-starsratebox.php_SQL_Injection
WordPress_wp-Table_Plugin_wptable-button.php_Remote_File_Inclusion
WordPress_WP-UserOnline_Plugin_Cross-Site_Scripting
WordPress_WP_Comment_Remix_Plugin_Cross-Site_Scripting
WordPress_WP_Comment_Remix_Plugin_SQL_Injection
WordPress_WP_e-Commerce_Plugin_SQL_Injection
WordPress_WP_Featured_Post_with_Thumbnail_Plugin_timthumb.php_Cross-Site_Scripting
WordPress_WP_Forum_Server_Plugin_feed.php_SQL_Injection
WordPress_WP_Photo_Album_Plugin_wppa.php_Cross-Site_Scripting
WordPress_WP_Survey_And_Quiz_Tool_Plugin_create.php_Cross-Site_Scripting
Joomla MyBlog Component index.php Path Traversal
Joomla! AllVideos Plugin download.php Path Traversal
Joomla! GCalendar Component index.php Path Traversal
Joomla!GCalendarComponentindex.phpPathTraversal
Joomla!_AllVideos_Plugin_download.php_Path_Traversal
Joomla!_Barter_Component_SQL_Injection
Joomla!_Comlantis_Visitors_Google_Map_Component_map_data.php_SQL_Injection
Joomla!_file_upload.php_Remote_File_Inclusion
Joomla!_Gcalendar_Component_index.php_Path_Traversal
Joomla!_Graphics_Component_index.php_Path_Traversal
Joomla!_Highslide_JS_Component_index.php_Path_Traversal
Joomla!_index.php_Cross-Site_Scripting
Joomla!_index.php_Remote_Command_Execution
Joomla!_index.php_Remote_File_Inclusion
Joomla!_ionFiles_Component_download.php_Path_Traversal
Joomla!_joomlaradio_Component_Remote_File_Inclusion
Joomla!_Media_Mall_Factory_Component_index.php_SQL_Injection
Joomla!_NeoRecruit_Component_index.php_SQL_Injection
18
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
Joomla!_PicSell_Component_index.php_Path_Traversal
Joomla!_pollwindow.php_SQL_Injection
Joomla!_SmartSite_Component_index.php_Path_Traversal
Joomla!_TimeTrack_Component_index.php_SQL_Injection
Joomla!_Time_Track_Component_index.php_SQL_Injection
Joomla_AjaxChat_Component_Remote_File_Inclusion
Joomla_Canteen_Component_index.php_Path_Traversal
Joomla_ccNewsletter_Component_index.php_Path_Traversal
Joomla_Dada_Mail_Manager_Component_config.dadamail.php_Remote_File_Inclusion
Joomla_Dione_Form_Wizard_Component_index.php_Path_Traversal
Joomla_Jgrid_Component_index.php_Path_Traversal
Joomla_Joomla!12Pictures_Component_Remote_File_Inclusion
Joomla_Joomla!FlashFun_Component_Remote_File_Inclusion
Joomla_MyBlog_Component_index.php_Path_Traversal
Joomla_Nice_Talk_Component_index.php_SQL_Injection
Joomla_Pro_Desk_Component_index.php_Path_Traversal
Joomla_redSHOP_Component_index.php_SQL_Injection
Joomla_VirtueMart_Google_Base_Component_admin.googlebase.php_Remote_File_Inclusion
Mambo/Joomla_Multiple_Remote_File_Inclusion
Mambo/Joomla_New_Article_Component_com_articles.php_Remote_File_Inclusion
Multiple_Joomla!_Components_SQL_Injection
Drupal_Ajax_Checklist_Module_SQL_Injection
Drupal_Brilliant_Gallery_Module_SQL_Injection
Drupal_keys_Path_Disclosure
HTTP_Drupal_POST_Form_PHP_Injection
HTTP_Drupal_POST_Form_SQL_Injection
INTRUSHIELD
HTTP: Cross Site Scripting - WordPress RSS Feed Generator self_link HTTP_HOST XSS Scripting
HTTP: PHP Include - Wordpress PHP File Include Vulnerability
HTTP: WordPress Asset-Manager PHP File Upload Vulnerability
HTTP: WordPress cache_lastpostdate Arbitrary Code Execution
HTTP: WordPress FoxyPress Plugin Arbitrary File Upload PHP Code Execution
HTTP: Wordpress PHP File Include Vulnerability
HTTP: WordPress Plugin Advanced Custom Fields Remote File Inclusion
HTTP: WordPress WP-Property PHP File Upload Vulnerability
HTTP: Joomla 1.5.12 TinyBrowser File Upload Code Execution
HTTP: Joomla Akeeba Kickstart Unserialize Remote Code Execution
HTTP: Joomla Component JCE File Upload Remote Code Execution
19
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
HTTP: Joomla Media Manager File Upload Vulnerability
HTTP: Joomla Webring Component admin.webring.docs.php component_dir Parameter PHP File Include
HTTP: Dries Buytaert Drupal CoreOpenID Module Information Disclosure
HTTP: Drupal Core database.inc Abstraction API SQL Injection
ISS
Wordpress brute-force login attempt
WordPress.BackWPup.Plugin.Directory.Traversal.Vulnerabilities
WordPress.Content.Slide.Plugin.Cross-site.Request.Forgery.Vulne
WordPress.Related.Posts.Plugin.Cross-Site.Request.Vuln
Joomla Component com_virtuemart SQL Injection
Joomla! GCalendar Component index.php Path Traversal
Joomla.Cross-site.Scripting.Multiple.Vulnerabilities
Mambo/Joomla!.Remote.File.Inclusion.Vulnerability
Drupal.Core.Access.Bypass.And.Arbitrary.Code.Execution.Vulns
HTTP_Drupal_POST_Form_PHP_Injection
HTTP_Drupal_POST_Form_SQL_Injection
XML_RPC_Entity_DoS
MCAFEE
HTTP: Wordpress PHP File Include Vulnerability
NETSCREEN
HTTP: WordPress Generic \"ID\" Parameter SQL Injection
HTTP: WordPress Slider Revolution Responsive Plug-In Arbitrary File Download
HTTP: WordPress \"wp-includes\" Path Remote Access
HTTP:PHP:WORDPRESS-COOKIE-INJ
HTTP:PHP:WORDPRESS-JQUERY-LFI
HTTP:PHP:WORDPRESS-MUL-FL-GAL
HTTP:PHP:WORDPRESS-MUL-GND-ALBM
HTTP:PHP:WORDPRESS-OPS-LFI
HTTP:PHP:WORDPRESS-SPEED-RCE
HTTP:PHP:WORDPRESS-SPELCHECK-FI
HTTP:PHP:WORDPRESS-UPLOAD
HTTP:PHP:WORDPRESS-USER-INJ
HTTP:PHP:WORDPRESS-WPCUSTOM-LFI
HTTP:SQL:INJ:WORDPRESS-ID
HTTP:SQL:INJ:WORDPRESS-WP-FRM
20
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
HTTP:WORDPRESS-W3PLUGIN-RCE
HTTP:INFO-LEAK:JOOMLA-SQLREPORT
HTTP:JOOMLA-MEDIAMGR-FILEUPLOAD
HTTP:JOOMLA-WEBRING-RFI
HTTP:PHP:JOOMLA-ADMIN-SCAN
HTTP:PHP:JOOMLA-COM-COLLECTOR
HTTP:PHP:JOOMLA-COM-PHOCADL-LFI
HTTP:PHP:JOOMLA-DIR-TRAV
HTTP:PHP:JOOMLA-FILE-LISTER
HTTP:PHP:JOOMLA-JCE-FILE-UPLOAD
HTTP:PHP:JOOMLA-JE-STORY-LFI
HTTP:PHP:JOOMLA-JMSFILESELL-LFI
HTTP:PHP:JOOMLA-JOOMTOUCH-LFI
HTTP:PHP:JOOMLA-LOC-FILE
HTTP:PHP:JOOMLA-OBSUGGEST-LFI
HTTP:PHP:JOOMLA-PHP-OBJ-INJ
HTTP:PHP:JOOMLA-XCLONER
HTTP:SQL:INJ:JOOMLA-AD-DJ
HTTP:SQL:INJ:JOOMLA-ALLCINEVID
HTTP:SQL:INJ:JOOMLA-ALPHA-EMAIL
HTTP:SQL:INJ:JOOMLA-AVRELOADED
HTTP:SQL:INJ:JOOMLA-CALCBUILDER
HTTP:SQL:INJ:JOOMLA-CBCONTACT
HTTP:SQL:INJ:JOOMLA-COM-CCBOARD
HTTP:SQL:INJ:JOOMLA-COM-CLAN
HTTP:SQL:INJ:JOOMLA-COM-JCE
HTTP:SQL:INJ:JOOMLA-COM-JOOMNIK
HTTP:SQL:INJ:JOOMLA-COM-SHOP
HTTP:SQL:INJ:JOOMLA-COMHOSPITAL
HTTP:SQL:INJ:JOOMLA-COMTEAM
HTTP:SQL:INJ:JOOMLA-CONTROLLER
HTTP:SQL:INJ:JOOMLA-FAQ-BOOK
HTTP:SQL:INJ:JOOMLA-FILTERORDER
HTTP:SQL:INJ:JOOMLA-FOTO
HTTP:SQL:INJ:JOOMLA-JUICY-PICID
HTTP:SQL:INJ:JOOMLA-MAPLOCATOR
HTTP:SQL:INJ:JOOMLA-MORFEOSHOW
HTTP:SQL:INJ:JOOMLA-NEWSSEARCH
HTTP:SQL:INJ:JOOMLA-QUESTION
HTTP:SQL:INJ:JOOMLA-RESTAURANTE
21
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
HTTP:SQL:INJ:JOOMLA-VIRTUAL-MEM
HTTP:SQL:INJ:JOOMLA-VIRTUEMART
HTTP:XSS:JOOMLA-CITY
HTTP:XSS:JOOMLA-COM-RESMAN
HTTP:DOS:DRUPAL-XML-RPC-IEE
HTTP:DOS:DRUPAL-XMLRPC-TAGS
HTTP:PHP:DRIES-BUYTRT-DRUPAL-ID
HTTP:XSS:DRUPAL-CUMULAS
PALO ALTO
myGallery Plugin for WordPress Remote File Inclusion Vulnerability
myGallery Plugin for WordPress Remote File Inclusion Vulnerability(33330)
WordPress Asset Manager Plugin File Upload Vulnerability
WordPress Caching Plugins Remote Code Execution Vulnerability
Wordpress Command Execution Backdoor Vulnerability
Wordpress Command Execution Backdoor Vulnerability(31933)
WordPress Cookie Data PHP Code Injection Vulnerability
WordPress Cookie Data PHP Code Injection Vulnerability(30095)
WordPress Cuckootap Theme Arbitrary File Download Vulnerability
WordPress Cuckootap Theme Arbitrary File Download Vulnerability(37363)
Wordpress Download Manager Plugin Unauthenticated File Upload Vulnerability
Wordpress FormCraft Plugin SQL Injection Vulnerability
WordPress Foxypress Plugin uploadify.php Arbitrary File Upload Vulnerability
WordPress Foxypress Plugin uploadify.php Arbitrary File Upload Vulnerability(34864)
Wordpress InfusionSoft Add-On Arbitrary File Upload Vulnerability
Wordpress MailPoet Newsletters Unauthenticated File Upload Vulnerability
Wordpress MailPoet Newsletters Unauthenticated File Upload Vulnerability(37105)
WordPress OptimizePress Arbitrary File Upload Vulnerability
WordPress Pingback XMLRPC Function Denial of Service Vulnerability
WordPress Pingback XMLRPC Function Denial of Service Vulnerability(36873)
WordPress Plugin Quick Post Widget1.9.1 Cross Site Scripting Vulnerability
WordPress PluginQuick Post Widget1.9.1 Cross-site scripting
WordPress RSS Feed Generator self_link HTTP_HOST Cross-Site Scripting Vulnerability
WordPress RSS Feed Generator self_link HTTP_HOST Cross-Site Scripting Vulnerability(32033)
Wordpress Slideoptinprox Plugin Cross Site Scripting Vulnerability
WordPress WP Symposium Plugin PHP Code Injection Vulnerability
WordPress WP-Property Plugin File Upload Vulnerability
Wordpress WPTouch Authenticated File Upload Vulnerability
Joomla Akeeba Unserialize Remote Code Injection Vulnerability
22
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
Joomla RequestURI index.php URL Parsing Cross-Site Scripting Vulnerability
Joomla TinyBrowser Arbitrary File Upload Vulnerability
Joomla TinyBrowser Arbitrary File Upload Vulnerability(32623)
Joomla Token Authentication Bypass Vulnerability
Joomla Token Authentication Bypass Vulnerability(31982)
Joomla Visites Component Remote File Include Vulnerability
Joomla Visites Component Remote File Include Vulnerability(34439)
Joomla Webring component_dir Parameter PHP File Include Vulnerability
Joomla Webring component_dir Parameter PHP File Include Vulnerability(35010)
Drupal Core API SQL Injection Vulnerability
Drupal Core API SQL Injection Vulnerability(36972)
Drupal Core XML-RPC Endpoint xmlrpc.php Denial of Service Vulnerability
SNORT
BACKDOOR Wordpress backdoor feed.php code execution attempt
BACKDOOR Wordpress backdoor theme.php code execution attempt
DELETED SERVER-WEBAPP Potential hostile executable served from local compromised or malicious WordPress site
INDICATOR-COMPROMISE Wordpress Invit0r plugin non-image file upload attempt
INDICATOR-COMPROMISE Wordpress Request for html file in fgallery directory
INDICATOR-COMPROMISE Wordpress Request for php file in fgallery directory
MALWARE-BACKDOOR Wordpress backdoor feed.php code execution
MALWARE-BACKDOOR Wordpress backdoor theme.php code execution
MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site
SERVER-OTHER Wordpress linenity theme LFI attempt
SERVER-WEBAPP Potential hostile executable served from local compromised or malicious WordPress site
SERVER-WEBAPP W3 Total Cache for Wordpress access - likely information disclosure
SERVER-WEBAPP Wordpress brute-force login attempt
SERVER-WEBAPP Wordpress cache_lastpostdate code injection attempt
SERVER-WEBAPP wordpress cat parameter arbitrary file execution attempt
SERVER-WEBAPP Wordpress Invit0r plugin php upload attempt
SERVER-WEBAPP WordPress login denial of service attempt
SERVER-WEBAPP WordPress Quick-Post Widget GET request using Body cross-site scripting
SERVER-WEBAPP WordPress Quick-Post Widget POST request cross-site scripting
SERVER-WEBAPP WordPress Super Cache & W3 Total Cache remote code execution attempt
SERVER-WEBAPP Wordpress timthumb.php theme remote file include attack attempt
SERVER-WEBAPP Wordpress wp-banners-lite plugin cross site scripting attempt
SERVER-WEBAPP WordPress XMLRPC potential port-scan attempt
SERVER-WEBAPP WordPress XSS fs-admin.php injection attempt
WEB-PHP Wordpress cache_lastpostdate code injection attempt
23
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
WEB-PHP wordpress cat parameter arbitrary file execution attempt
SERVER-OTHER Joomla media.php arbitrary file upload attempt
SERVER-OTHER Joomla media.php arbitrary file upload vulnerability
SERVER-WEBAPP JCE Joomla module vulnerable directory traversal or malicious file upload attempt
SERVER-WEBAPP Joomla invalid token administrative password reset attempt
SERVER-WEBAPP Joomla komento extension cross site scripting attempt
SERVER-WEBAPP Joomla media.php file.upload direct administrator access attempt
SERVER-WEBAPP Joomla Remote File Include upload attempt
SERVER-WEBAPP Joomla simple RSS reader admin.rssreader.php remote file include attempt
SERVER-WEBAPP Joomla weblinks-categories SQL injection attempt
WEB-PHP Joomla invalid token administrative password reset attempt
SERVER-WEBAPP Drupal Core OpenID information disclosure attempt
SERVER-WEBAPP Drupal VideoWhisper Webcam plugin XSS attempt
SOURCEFIRE
BACKDOOR Wordpress backdoor feed.php code execution attempt
BACKDOOR Wordpress backdoor theme.php code execution attempt
BLACKLIST DNS request for known malware domain blog.wordpress-catalog.com - Win.Trojan.Soraya
INDICATOR-COMPROMISE Potential Redirect from Compromised WordPress site to Fedex - Spammed Malware
Download attempt
INDICATOR-COMPROMISE Wordpress Request for html file in fgallery directory
INDICATOR-COMPROMISE Wordpress Request for php file in fgallery directory
MALWARE-BACKDOOR Wordpress backdoor feed.php code execution
MALWARE-BACKDOOR Wordpress backdoor theme.php code execution
MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials
MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site
SERVER-OTHER Wordpress linenity theme LFI attempt
SERVER-WEBAPP Potential hostile executable served from local compromised or malicious WordPress site
SERVER-WEBAPP Wordpress brute-force login attempt
SERVER-WEBAPP Wordpress Invit0r plugin php upload attempt
SERVER-WEBAPP Wordpress MailPoet plugin successful theme file upload detected
SERVER-WEBAPP Wordpress MailPoet plugin theme file upload attempt
SERVER-WEBAPP WordPress pingback gethostbyname heap buffer overflow attempt
SERVER-WEBAPP WordPress Super Cache & W3 Total Cache remote code execution attempt
SERVER-WEBAPP Wordpress timthumb.php theme remote file include attack attempt
SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt
SERVER-WEBAPP Wordpress wp-banners-lite plugin cross site scripting attempt
SERVER-WEBAPP WordPress XMLRPC potential port-scan attempt
SPECIFIC-THREATS Wordpress Request for html file in fgallery directory
24
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
SPECIFIC-THREATS Wordpress Request for php file in fgallery directory
WEB-PHP Wordpress timthumb.php theme remote file include attack attempt
SERVER-OTHER Joomla media.php arbitrary file upload attempt
SERVER-OTHER Joomla media.php arbitrary file upload vulnerability
SERVER-WEBAPP JCE Joomla module vulnerable directory traversal or malicious file upload attempt
SERVER-WEBAPP Joomla invalid token administrative password reset attempt
SERVER-WEBAPP Joomla media.php file.upload direct administrator access attempt
SERVER-WEBAPP Joomla Remote File Include upload attempt
WEB-PHP Joomla invalid token administrative password reset attempt
TIPPING POINT
10895: HTTP: WordPress Plugin Comment Rating SQL Injection Vulnerability
11566: HTTP: Wordpress TimThumb Plugin Remote Code Execution
12373: HTTP: WordPress admin Login
12423: HTTP: WordPress Login
3910: HTTP: Wordpress Command Injection
4406: HTTP: Wordpress PHP Carriage Return Injection
5181: HTTP: Wordpress 2.1.1 Backdoor Access
5296: HTTP: Wordpress XMLRPC SQL Injection
5413: HTTP: WordPress SQL Injection Vulnerability
5421: HTTP: Wordpress XMLRPC SQL Injection
6408: HTTP: Wordpress SQL Column Truncation Vulnerability
9671: HTTP: WordPress Comment Author URL Cross Site Scripting
HTTP: WordPress SQL Injection Vulnerability
HTTP: Wordpress XMLRPC SQL Injection
12019: HTTP: Joomla XBall SQL Injection Vulnerability
12499: HTTP: Joomla hwdVideoShare Component Arbitrary File Upload Vulnerability
12595: HTTP: Joomla Privilege Escalation Vulnerability
12676: HTTP: Joomla Administrator Login
5513 HTTP: Joomla Search Component Command Execution
5513: HTTP: Joomla Search Component Command Execution
5528 HTTP: Firestorm Joomla com_gmaps SQL Injection
5528: HTTP: Firestorm Joomla com_gmaps SQL Injection
6312: HTTP: Joomla Token Input Validation Vulnerability
6312: HTTP: Joomla Token SQL Injection Vulnerability
6549: HTTP: Joomla Components SQL Injection Vulnerability
6641: HTTP: Joomla Live Chat SQL Injection Vulnerability
9669: HTTP: Joomla RWCards Components File Inclusion Vulnerability
9740: HTTP: Joomla Multi-Venue RestaurantManager SQL Injection Vulnerability
25
©Copyright IBM Corporation 2015. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,
other countries or both. Other company, product or service names may be trademarks or service marks of others.
TRENDMICRO
Identified Access To WordPress Sensitive Files
Identified Too Many WordPress XML-RPC Pingback Requests
Identified Wordpress Mailpoet Newsletter Plugin Malicious File Upload
WordPress Caching Plugins Remote PHP Code Execution Vulnerability
WordPress Denial Of Service Vulnerability (CVE-2014-9034)
WordPress RSS feed Generator self_link HTTP_HOST Cross-Site Scripting
WordPress Slider Revolution Responsive/Showbiz Pro Responsive Teaser Multiple Security Bypass
Vulnerabilities
Wordpress TimThumb WebShot Remote Code Execution Vulnerability
Wordpress WP Symposium Shell Upload Vulnerability
Wordpress XML-RPC Pingback gethostbyname Heap-based Buffer Overflow Vulnerability
Wordpress XML-RPC XML Denial Of Service Vulnerability
Joomla JCE Extension Multiple Vulnerabilities
DISCLAIMER
This document is intended to inform clients of IBM Security Services of a threat or discovery by IBM Managed
Security Services and measures undertaken or suggested by IBM Security Service Teams to remediate the threat.
The data contained herein describing tactics, techniques and procedures is classified Confidential for the
consumption of IBM MSS clients only.