---------------------------------------------------------------------------------------------------- Update Version 7.9.0.3 Rules Version: 1060 for Tuesday, September 7th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - Adobe ColdFusion Multiple Path Traversal - HP OpenView NNM OvJavaLocale Buffer Overflow - Novell iManager Long TREE Field Off-By-One Denial of Service ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.3 build: 1056 for Sunday, August 15th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - Joomla redSHOP Component index.php SQL Injection - RunCms magpie_debug.php Cross-Site Scripting - FireStats bridge.php Denial of Service - FireStats Multiple Cross-Site Scripting Rule modifications: =================== - Cross-Site Scripting: Improved validation ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.3 build: 1053 for Tuesday, August 10th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - SPIP spip.php Cross-Site Scripting ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.3 build: 1046 for Monday, August 2nd 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - Apache Tomcat Weak Default Administrative Account Credentials ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.3 build: 1042 for Wednesday, July 27th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - Pligg search Cross-Site Scripting - WordPress WP-UserOnline Plugin Cross-Site Scripting - ECShop search.php SQL Injection - Flash Tag Cloud control for ASP.NET Cross-Site Scripting - Apache Axis2/Java Cross-Site Scripting ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.2 build: 1033 for Sunday, July 18th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - Joomla Canteen Component index.php Path Traversal - IBM BladeCenter Advanced Management Module Multiple Cross-Site Scripting - IBM BladeCenter Advanced Management Module cindefn.php Path Traversal - IBM BladeCenter Advanced Management Module Information Leakage ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.2 build: 1029 for Monday, July 12th 2010 ---------------------------------------------------------------------------------------------------- Rule modifications: =================== - Cross-Site Scripting: Improved mutation ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.2 build: 1017 for Sunday, July 4th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - Juniper IVE URL Redirection ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.2 build: 1016 for Thursday, July 1st 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - MODx "a" parameter (index.php) SQL Injection - MODx "id" parameter (index.php) SQL Injection ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.2 build: 1007 for Thursday, June 24th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - WebSphere Application Server Administration Console Link Injection (facilitates Cross-Site Request Forgery) ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.2 build: 1003 for Thursday, June 17th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - Joomla Dione Form Wizard Component index.php Path Traversal - Saurus CMS edit.php Cross-Site Scripting Rule modifications: =================== - Cross-Site Scripting: Improved validation ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.2 build: 996 for Sunday, June 13th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - TYPO3 Cumulus Tagcloud Extension tagcloud.swf Cross-Site Scripting - TYPO3 Cumulus Tagcloud Extension Path Disclosure - e107 contact.php PHP Code Execution - WordPress NextGEN Gallery Plugin media-rss.php Cross-Site Scripting - Caucho Resin resin-admin Cross-Site Scripting ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.2 build: 989 for Sunday, June 6th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - Microsoft SharePoint Server / SharePoint Services help.aspx Cross-Site Scripting - Scratcher projects.php SQL Injection - Scratcher projects.php Cross-Site Scripting Rule modifications: =================== - SQL Injection Command Execution: Modified mutation & validation - eShoplifting: Improved detection ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.2 build: 971 for Sunday, May 2nd 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - WebSphere Multiple Cross-Site Scripting in Administrator Console - WebSphere Multiple Phishing through Administrator Console - WebSphere Multiple Link Injection through Administrator Console - TANDBERG Video Communication Server Path Traversal ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.1 build: 965 for Sunday, April 25th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - OSSIM Cross-Site Scripting in Path - OSSIM index.php URL Redirection - Apache OFBiz Multiple Cross-Site Scripting ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.1 build: 964 for Thursday, April 22th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - TUTOS cmd.php Command Execution - eFront language.php Path Traversal - MoinMoin Despam Cross-Site Scripting Rule modifications: =================== - SQL Injection: Improved validation - Cross-Site Scripting: New variant for XML response - Cross-Site Scripting: Improved mutation - Phishing Through Frames: New variant for XML response - Parameter System Call Code Injection: new variant - Web Application Source Code Disclosure Pattern Found: Improved validation ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.1 build: 955 for Thursday, April 16th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - IBM ENOVIA SmarTeam V5 LoginPage.aspx Cross-Site Scripting - xbtit index.php SQL Injection - Joomla! GCalendar Component index.php Path Traversal - DirectAdmin CMD_DB_VIEW Cross-Site Scripting ---------------------------------------------------------------------------------------------------- Update Version 7.91.0.1 build: 946 for Sunday, April 4th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - IBM WebSphere Portal Server and Lotus Web Content Management Cross-Site Scripting - Dojo Toolkit Multiple Cross-Site Scripting - Dojo Toolkit URL Redirection - Bash Shell History File Retrieval ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.1 build: 938 for Sunday, March 14th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - WampServer index.php Cross-Site Scripting - vBulletin Multiple Cross-Site Scripting (Version 4.0.2) - Sparta Systems TrackWise TeamAccess Multiple Cross-Site Scripting in Path - bbsmax post.aspx Cross-Site Scripting ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.1 build: 935 for Thursday, March 11th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - Comptel Provisioning and Activation index.jsp Cross-Site Scripting - Joomla MyBlog Component index.php Path Traversal - ePublisher WebWorks Help Cross-Site Scripting ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.1 build: 933 for Thursday, March 4th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - HP System Management Homepage Cross-Site Scripting - Nikira Fraud Management System "prompt" Cross-Site Scripting - SilverStripe form.php Cross-Site Scripting - Oracle Siebel Loyalty Management start.swe Cross-Site Scripting Rule modifications: =================== - Link Injection: Improved validation ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.1 build: 926 for Thursday, February 18th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - Dojo Multiple Cross-Site Scripting - Joomla! AllVideos Plugin download.php Path Traversal - osTicket ajax.php SQL Injection - osTicket ajax.php Cross-Site Scripting Rule modifications: =================== - Multiple Joomla! Components SQL Injection ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.1 build: 913 for Monday, February 1st 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - LineWeb index.php Path Traversal - dotProject index.php SQL Injection - Joomla ccNewsletter Component index.php Path Traversal Rule modifications: =================== - Multiple Joomla! Components SQL Injection ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.1 build: 911 for Sunday, January 10th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - Snitz Forums 2000 pop_send_to_friend.asp Cross-Site Scripting - McAfee Network Security Manager Cross-Site Scripting - F5 Data Manager Multiple Path Traversal ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.1 build: 909 for Monday, January 4th 2010 ---------------------------------------------------------------------------------------------------- New Rules: ========== - cPanel dofileop.html Cross-Site Scripting - Zen Cart curltest.php Local File Inclusion ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.1 build: 908 for Monday, December 28th 2009 ---------------------------------------------------------------------------------------------------- New Rules: ========== - Geeklog profiles.php Cross-Site Scripting - Open Virtual Desktop Session Manager Cross-Site Scripting ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.0 build: 903 for Thursday, December 3rd 2009 ---------------------------------------------------------------------------------------------------- New Rules: ========== - Vivvo CMS files.php File Retrieval ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.0 build: 898 for Thursday, November 19th 2009 ---------------------------------------------------------------------------------------------------- New Rules: ========== - WordPress Trackback Denial of Service Rule modifications: =================== - Application Error: Improved validation ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.0 build: 897 for Sunday, November 15th 2009 ---------------------------------------------------------------------------------------------------- New Rules: ========== - Joomla AjaxChat Component Remote File Inclusion ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.0 build: 895 for Sunday, November 8st 2009 ---------------------------------------------------------------------------------------------------- New Rules: ========== - User-Agent Header Cross-Site Scripting - phpList index.php Path Traversal - CuteNews index.php Cross-Site Scripting ---------------------------------------------------------------------------------------------------- Update Version 7.9.0.0 build: 892 for Sunday, November 1st 2009 ---------------------------------------------------------------------------------------------------- New Rules: ========== - MoinMoin Cross-Site Scripting - MKPortal handler_image.php Cross-Site Scripting - Simple Machines Forum Mod Seo4SMF SQL Injection - SAP Products Cfolders Engine Multiple Cross-Site Scripting - Jetty Cross-Site Scripting in Path - webSPELL getlang.php SQL Injection - Project Woodstock UTF-7 "404 Page Not Found" Cross-Site Scripting - TemaTres Multiple Cross-Site Scripting - Coppermine Photo Gallery showdoc.php Cross-Site Scripting (Version 1.4.22) - Glassfish Multiple Cross-Site Scripting - VBS Files Source Disclosure Rule modifications: =================== - Cross-Site Scripting: Improved validation - Temporary File Download: improved detection - SQL Injection using DECLARE, CAST and EXEC: fixed mutation - Javascript Hijacking: improved mutation