Signature update version 53
New signatures rules are generated for the vulnerabilities identified in the week 2020-11-10. You can download and configure these signature rules to protect your appliance from security vulnerable attacks.
Signature version
Signature version 53 is compatible with the following software versions of Citrix Application Delivery Controller (ADC) 11.1, 12.0, 12.1, 13.0 and 13.1.
Citrix ADC version 12.0 has reached end of life (EOL). For more information, see release life cycle page.
Note:
Enabling Post body and Response body signature rules might affect Citrix ADC CPU.
Common Vulnerability Entry (CVE) insight
Following is a list of signature rules, CVE IDs, and its description.
Signature rule | CVE ID | Description |
---|---|---|
999411 | WEB-WORDPRESS WordPress plug-in wpDiscuz 7.0.0 Up To 7.0.4 - Unauthenticated Arbitrary File Upload Vulnerability | |
999412 | WEB-WORDPRESS Quiz & Survey Master - cross-site scripting Vulnerability in Questions Feature | |
999413 | WEB-WORDPRESS WordPress plug-in File Manager Prior To 6.9 - Unauthenticated elFinder Commands Execution Vulnerability | |
999414 | CVE-2020-11700 | WEB-MISC Titan SpamTitan Prior To 7.08 - Information Disclosure Vulnerability (CVE-2020-11700) |
999415 | CVE-2020-9446 | WEB-MISC Apache OFBiz 17.12.03 - XML-RPC Unsafe Deserialization Vulnerability (CVE-2020-9446) |
999416 | CVE-2020-9446 | WEB-MISC Apache OFBiz 17.12.03 - XML-RPC Cross-Site Scripting Vulnerability (CVE-2020-9446) |
999417 | CVE-2020-9047 | WEB-MISC exacqVision Web Service Up To 20.06.3.0 - OS Command Injection Vulnerability (CVE-2020-9047) |
999418 | CVE-2020-8866 | WEB-MISC Horde Groupware Webmail Edition 5.2.22 - Unrestricted Upload of File Vulnerability Via edit.php (CVE-2020-8866) |
999419 | CVE-2020-8866 | WEB-MISC Horde Groupware Webmail Edition 5.2.22 - Unrestricted Upload of File Vulnerability Via add.php (CVE-2020-8866) |
999420 | CVE-2020-8865 | WEB-MISC Horde Groupware Webmail Edition 5.2.22 - Arbitrary File Inclusion Vulnerability Via edit.php (CVE-2020-8865) |
999421 | CVE-2020-8816 | WEB-MISC Pi-hole Prior To 4.3.2 - Remote Code Execution Vulnerability Via removestatic (CVE-2020-8816) |
999422 | CVE-2020-8816 | WEB-MISC Pi-hole Prior To 4.3.2 - Remote Code Execution Vulnerability Via AddMAC (CVE-2020-8816) |
999423 | CVE-2020-8243 | WEB-MISC Pulse Connect Secure Prior To 9.1R8.2 - Remote Code Execution Vulnerability (CVE-2020-8243) |
999424 | CVE-2020-8218 | WEB-MISC Pulse Connect Secure Prior To 9.1R8 - Remote Code Execution Vulnerability (CVE-2020-8218) |
999425 | CVE-2020-6143, CVE-2020-6144 | WEB-MISC OS4Ed OpenSIS - Code Injection Vulnerability Via /install/Ins1.php (CVE-2020-6143, CVE-2020-6144) |
999426 | CVE-2020-6142 | WEB-MISC OS4Ed OpenSIS - Path Traversal Vulnerability Via modname (CVE-2020-6142) |
999427 | CVE-2020-6141 | WEB-MISC OS4Ed OpenSIS Prior to 7.4 - Unauthenticated SQLi Vulnerability Via USERNAME (CVE-2020-6141) |
999428 | CVE-2020-6140 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - Unauthenticated SQLi Vulnerability Via username_stn_id (CVE-2020-6140) |
999429 | CVE-2020-6139 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - Unauthenticated SQLi Vulnerability Via username_stf_email (CVE-2020-6139) |
999430 | CVE-2020-6138 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - Unauthenticated SQLi Vulnerability Via uname (CVE-2020-6138) |
999431 | CVE-2020-6137 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - Unauthenticated SQLi Vulnerability Via password_stf_email (CVE-2020-6137) |
999432 | CVE-2020-6125 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via GetSchool.php and u Parameter (CVE-2020-6125) |
999433 | CVE-2020-6124 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via EmailCheckOthers.php (CVE-2020-6124) |
999434 | CVE-2020-6123 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via EmailCheck.php and p_id Parameter (CVE-2020-6123) |
999435 | CVE-2020-6123 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via EmailCheck.php and email Parameter (CVE-2020-6123) |
999436 | CVE-2020-6122 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via CheckDuplicateStudent.php and mn Parameter (CVE-2020-6122) |
999437 | CVE-2020-6121 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via CheckDuplicateStudent.php and ln Parameter (CVE-2020-6121) |
999438 | CVE-2020-6120 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via CheckDuplicateStudent.php and fn Parameter (CVE-2020-6120) |
999439 | CVE-2020-6119 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via CheckDuplicateStudent.php and byear Parameter (CVE-2020-6119) |
999440 | CVE-2020-6118 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via CheckDuplicateStudent.php and bmonth Parameter (CVE-2020-6118) |
999441 | CVE-2020-6117 | WEB-MISC OS4Ed OpenSIS Prior to 7.5 - SQLi Vulnerability Via CheckDuplicateStudent.php and bday Parameter (CVE-2020-6117) |
999442 | CVE-2020-5780 | WEB-WORDPRESS WordPress plug-in Email Subscribers And Newsletters Prior To 4.5.6 - Email Forgery Vulnerability (CVE-2020-5780) |
999443 | CVE-2020-4280 | WEB-MISC IBM QRadar SIEM 7.3 and 7.4 - Insecure Java Deserialization Vulnerability Via JSON-RPC (CVE-2020-4280) |
999444 | CVE-2020-4280 | WEB-MISC IBM QRadar SIEM 7.3 and 7.4 - Insecure Java Deserialization Vulnerability Via remoteMethod (CVE-2020-4280) |
999445 | CVE-2020-4280 | WEB-MISC IBM QRadar SIEM 7.3 and 7.4 - Insecure Java Deserialization Vulnerability Via remoteJavaScript (CVE-2020-4280) |
999446 | CVE-2020-4280 | WEB-MISC IBM QRadar SIEM 7.3 and 7.4 - Insecure Java Deserialization Vulnerability Via JSON-RPC (CVE-2020-4280) |
999447 | CVE-2020-4280 | WEB-MISC IBM QRadar SIEM 7.3 and 7.4 - Insecure Java Deserialization Vulnerability Via remoteMethod (CVE-2020-4280) |
999448 | CVE-2020-4280 | WEB-MISC IBM QRadar SIEM 7.3 and 7.4 - Insecure Java Deserialization Vulnerability Via remoteJavaScript (CVE-2020-4280) |
999449 | CVE-2020-24786 | WEB-MISC Zoho ManageEngine ADManager Plus 7.0 Prior to Build 55 - Improper Authentication Vulnerability (CVE-2020-24786) |
999450 | CVE-2020-24389 | WEB-WORDPRESS Drag and Drop Multiple File Uploader plug-in Prior To 1.3.5.5 - Security Bypass Vulnerability (CVE-2020-24389) |
999451 | CVE-2020-24046 | WEB-MISC TitanHQ SpamTitan Gateway 7.08 - Privilege Escalation Vulnerability (CVE-2020-24046) |
999452 | CVE-2020-17506 | WEB-MISC Artica Web Proxy 4.30.000000 - PreAuth SQL Injection Vulnerability Via Apikey Parameter (CVE-2020-17506) |
999453 | CVE-2020-17505 | WEB-MISC Artica Web Proxy 4.30.000000 - OS Command Injection Vulnerability Via Service-cmds-peform Parameter (CVE-2020-17505) |
999454 | CVE-2020-17463 | WEB-MISC Fuel CMS 1.4.8 - SQLi Vulnerability Via /fuel/users/items (CVE-2020-17463) |
999455 | CVE-2020-17463 | WEB-MISC Fuel CMS 1.4.8 - SQLi Vulnerability Via /fuel/sitevariables/items (CVE-2020-17463) |
999456 | CVE-2020-17463 | WEB-MISC Fuel CMS 1.4.8 - SQLi Vulnerability Via /fuel/permissions/items (CVE-2020-17463) |
999457 | CVE-2020-17463 | WEB-MISC Fuel CMS 1.4.8 - SQLi Vulnerability Via /fuel/pages/items (CVE-2020-17463) |
999458 | CVE-2020-17463 | WEB-MISC Fuel CMS 1.4.8 - SQLi Vulnerability Via /fuel/navigation/items (CVE-2020-17463) |
999459 | CVE-2020-17463 | WEB-MISC Fuel CMS 1.4.8 - SQLi Vulnerability Via /fuel/logs/items (CVE-2020-17463) |
999460 | CVE-2020-17463 | WEB-MISC Fuel CMS 1.4.8 - SQLi Vulnerability Via /fuel/blocks/items (CVE-2020-17463) |
999461 | CVE-2020-16875 | WEB-MISC Microsoft Exchange Server - DLP Policy Remote Code Execution Vulnerability (CVE-2020-16875) |
999462 | CVE-2020-16171 | WEB-MISC Acronis Cyber Backup Prior To 12.5 Build 16342 - SSRF Via Shard Header Vulnerability (CVE-2020-16171) |
999463 | CVE-2020-14947 | WEB-MISC OCS Inventory Prior to 2.8 - OS Command Injection Vulnerability Via SNMP_MIB_DIRECTORY (CVE-2020-14947) |
999464 | CVE-2020-14947 | WEB-MISC OCS Inventory Prior to 2.8 - OS Command Injection Vulnerability Via mib_file (CVE-2020-14947) |
999465 | CVE-2020-14008 | WEB-MISC Zoho ManageEngine Applications Manager Up To 14710 - Remote Code Execution Vulnerability (CVE-2020-14008) |
999466 | CVE-2020-13925 | WEB-MISC Apache Kylin Prior To 3.1.0 - Remote Code Execution Vulnerability Via Job (CVE-2020-13925) |
999467 | CVE-2020-13925 | WEB-MISC Apache Kylin Prior To 3.1.0 - Remote Code Execution Vulnerability Via Project (CVE-2020-13925) |
999468 | CVE-2020-13854 | WEB-MISC Artica Pandora FMS - Privilege Escalation Vulnerability (CVE-2020-13854) |
999469 | CVE-2020-13405 | WEB-MISC Microweber Prior to 1.1.20 - Unauthenticated Information Disclosure Vulnerability (CVE-2020-13405) |
999470 | CVE-2020-13376 | WEB-MISC SecurEnvoy SecurMail 9.3.503 - SecurEnvoyReply Cookie Path Traversal Vulnerability (CVE-2020-13376) |
999471 | CVE-2020-13159 | WEB-MISC Artica Web Proxy Prior to 4.30.000000 - OS Command Injection Vulnerability Via domain (CVE-2020-13159) |
999472 | CVE-2020-13159 | WEB-MISC Artica Web Proxy Prior to 4.30.000000 - OS Command Injection Vulnerability Via netbiosname (CVE-2020-13159) |
999473 | CVE-2020-13159 | WEB-MISC Artica Web Proxy Prior to 4.30.000000 - OS Command Injection Vulnerability Via alias (CVE-2020-13159) |
999474 | CVE-2020-13159 | WEB-MISC Artica Web Proxy Prior to 4.30.000000 - OS Command Injection Vulnerability Via hostname (CVE-2020-13159) |
999475 | CVE-2020-13159 | WEB-MISC Artica Web Proxy Prior to 4.30.000000 - OS Command Injection Vulnerability Via dhclient_server (CVE-2020-13159) |
999476 | CVE-2020-13159 | WEB-MISC Artica Web Proxy Prior to 4.30.000000 - OS Command Injection Vulnerability Via dhclient_interface (CVE-2020-13159) |
999477 | CVE-2020-13159 | WEB-MISC Artica Web Proxy Prior to 4.30.000000 - OS Command Injection Vulnerability Via dhclient_mac (CVE-2020-13159) |
999478 | CVE-2020-13158 | WEB-MISC Artica Web Proxy Prior to 4.30.000000 - Path Traversal Vulnerability Via popup (CVE-2020-13158) |
999479 | CVE-2020-12851 | WEB-MISC Pydio Cells Prior to 2.0.7 - Arbitrary File Write Vulnerability (CVE-2020-12851) |
999480 | CVE-2020-12848 | WEB-MISC Pydio Cells Prior to 2.0.7 - Login as Temporary Shared User Vulnerability (CVE-2020-12848) |
999481 | CVE-2020-11699 | WEB-MISC Titan SpamTitan Prior To 7.08 - Remote Code Execution Vulnerability (CVE-2020-11699) |
999482 | CVE-2020-11579 | WEB-MISC PHPKBV9 - File Exfiltration Vulnerability (CVE-2020-11579) |
999483 | CVE-2020-10818 | WEB-MISC Artica Web Proxy 4.26 - OS Command Injection Vulnerability Via fw.system.info.php (CVE-2020-10818) |
999484 | CVE-2020-10228 | WEB-MISC Vtenext CE Prior to Version 20 - Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-10228) |
999485 | CVE-2020-10204 | WEB-MISC Sonatype Nexus Repository Manager Prior to 3.21.2 - RCE Vulnerability Via coreui_User roles (CVE-2020-10204) |
999486 | CVE-2020-10204 | WEB-MISC Sonatype Nexus Repository Manager Prior to 3.21.2 - RCE Vulnerability Via coreui_Role privileges (CVE-2020-10204) |
999487 | CVE-2020-10204 | WEB-MISC Sonatype Nexus Repository Manager Prior to 3.21.2 - RCE Vulnerability Via coreui_Role roles (CVE-2020-10204) |
999488 | CVE-2020-10199 | WEB-MISC Sonatype Nexus Repository Manager Prior to 3.21.2 - RCE Vulnerability Via REST Endpoint /bower/group (CVE-2020-10199) |
999489 | CVE-2020-10199 | WEB-MISC Sonatype Nexus Repository Manager Prior to 3.21.2 - RCE Vulnerability Via REST Endpoint /go/group (CVE-2020-10199) |
999490 | CVE-2020-10199 | WEB-MISC Sonatype Nexus Repository Manager Prior to 3.21.2 - RCE Vulnerability Via REST Endpoint /docker/group (CVE-2020-10199) |
999491 | CVE-2019-19699 | WEB-MISC Centreon Up To 19.10 - Remote Code Execution Vulnerability (CVE-2019-19699) |
999492 | CVE-2019-19499 | WEB-MISC Apache Grafana Up To 6.4.3 - Arbitrary File Read Vulnerability (CVE-2019-19499) |
999493 | CVE-2019-18394 | WEB-MISC Ignite Realtime Openfire Up To 4.4.2 - FaviconServlet Server Side Request Forgery Vulnerability (CVE-2019-18394) |
999494 | CVE-2019-18393 | WEB-MISC Ignite Realtime Openfire Up To 4.4.2 - plug-inServlet Directory Traversal Vulnerability (CVE-2019-18393) |
999495 | CVE-2019-16759 | WEB-MISC vBulletin Prior to 5.6.2 - Remote Code Execution Vulnerability Via Nested Template (CVE-2019-16759) |
999496 | CVE-2019-15715 | WEB-MISC MantisBT Prior to 1.3.20 and 2.22.1 - Remote Code Execution Vulnerability Via neato_tool (CVE-2019-15715) |
999497 | CVE-2019-15715 | WEB-MISC MantisBT Prior to 1.3.20 and 2.22.1 - Remote Code Execution Vulnerability Via dot_tool (CVE-2019-15715) |
999498 | CVE-2019-11043 | WEB-MISC PHP-FPM Multiple Versions - Out-Of-Bounds Write Vulnerability Allows Arbitrary Code Execution (CVE-2019-11043) |
999499 | WEB-WORDPRESS WordPress plug-in Autoptimize Up To 2.7.6 - Authenticated Arbitrary File Upload Vulnerability |