Comodo ModSecurity update 1.76

Nowe regułki dla Apache, LiteSpeed, nginx, IIS.

- SQL Injection vulnerability in the WordPress plugin Easy2Map-photos v1.0.9 (CVE-2015-4615)
- Directory Traversal Vulnerability in the WordPress plugin Easy2map-photos v1.0.9 (CVE-2015-4617)
- XSS vulnerabilities in the WordPress plugin Catergory-grid-view-gallery v2.3.1 (CVE-2013-4117)
- XSS vulnerabilities in the WordPress plugin Ooorl v3.1.1 (CVE-2014-4542)
- Open redirect vulnerability in Novius OS 5.0.1 (Elche) (CVE-2015-5354)
- CSRF vulnerability in Piwigo before 2.6.2 (CVE-2014-4614)
- XSS vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal (CVE-2015-7307)
- XSS Vulnerability in TYPO3 Versions 6.2.0 to 6.2.18 (CVE-2016-4056)
- XSS vulnerability in Kajona before 4.6.3 (CVE-2015-0917)
- XSS vulnerability in Serendipity before 2.0-rc2 (CVE-2014-9432)
- XSS & SQL injection vulnerabilities in the TestLink 1.9.11 (CVE-2014-5308)
- SQL injection vulnerability in Cacti 0.8.8f and earlier (CVE-2015-8604)
- XSS vulnerability in Exponent CMS v2.3.0 (CVE-2014-6635)
- Open redirect vulnerability in Drupal 6.x before 6.38 (CVE-2016-3167)
- Multiple XSS vulnerabilities in OSClass before 3.4.2 (CVE-2014-6280)
- XSS vulnerability in e107 v2.0 alpha2 (CVE-2014-4734)
- XSS vulnerability in Textpattern CMS before 4.5.7 (CVE-2014-4737)
- SQL injection vulnerability in the Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 (CVE-2014-9115)
- The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter (CVE-2016-3187)
- XSS vulnerability in Open Web Analytics before 1.5.6 (CVE-2014-1456)
- XSS vulnerability in the concrete5 5.7.2.1, 5.7.2, and earlier (CVE-2014-9526)
- XSS vulnerability in the MODX Revolution 2.3.2-pl (CVE-2014-8992)
- CSRF vulnerability in MODX Revolution 2.x before 2.2.15 (CVE-2014-8773 & CVE-2014-8775)
- XSS vulnerability in the MODX Revolution 2.3.1-pl and earlier (CVE-2014-5451 & CVE-2014-2080)
- XSS & SQL injection vulnerability in the MODX Revolution before 2.2.14 (CVE-2014-2736)
- XSS vulnerability in the MODX Revolution 2.x before 2.2.15 (CVE-2014-8774)
- XSS vulnerability in the Revive Adserver before 3.0.6 (CVE-2014-8793)
- bl_domains update
- few FPs fixed

Wróć