NSFOCUS_Product Support Service_Product Upgrade

NSFOCUS NIPS(IPS)Rulerule5.6.11_v2 Upgrade List

Name： eoi.unify.allrulepatch.ips.2.0.0.40493.rule	Version：2.0.0.40493
MD5：7b1500fb5f7a9f50c15c32052a6e090a	Size：41.07M
Description： This upgrade package is the Zealot 2.0 intrusion protection signature library/application identification signature library upgrade package, which only supports engine version V56R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.40493. The new/improved rules of this upgrade package are: new rules: 1. threat[28948]:Apache Solr Velocity template injection_1 (CVE-2019-17558) 2. threat[32161]:XAMPP 5.6.8 SQL Injection Vulnerability(CVE-2019-8923) 3. threat[28949]:XAMPP 5.6.8 Cross-site Scripting Injection Vulnerability(CVE-2019-8924) 4. threat[42459]:BlackNET Remote Control Trojan Online 5. threat[42460]:BlackNET Remote Control Trojan Obtain Remote Control Instructions 6. threat[42461]:BlackNET Remote Control Trojan Receive Remote Control Instructions 7. threat[32166]:webTareas Unauthorized Reading of File List Directory Vulnerability(CVE-2020-25734) 8. threat[32165]:Sangfor SSL VPN Client Remote File Download Vulnerability 9. threat[32164]:Seeyon A6 reloadData.jsp User Sensitive Information Disclosure Vulnerability 10. threat[32163]:Apache Tomcat Information Disclosure Vulnerability(CVE-2016-6816) 11. threat[32162]:WordPress Simple Ads Manager Plugin Information Disclosure Vulnerability(CVE-2015-2826) 12. threat[28950]:Globiz Solutions Snowfox CMS selectlanguage.class.php Open Redirect Vulnerability(CVE-2014-9343) 13. threat[42463]:Lazarus APT Uses MagicRAT For C2 Communication 14. threat[32167]:Ivanti Avalanche ResourceFilter doFilter Directory Traversal Vulnerability(CVE-2024-47011) 15. threat[28952]:vLLM PyNcclPipe Communication Service pickle Deserialization Vulnerability (CVE-2025-47277) 16. threat[28951]:Microsoft Windows Management Console Remote Code Execution Vulnerability(CVE-2024-43572) 17. threat[42462]:Discover Server-Side Request ForgeryBypass Attack Behavior 18. threat[42464]:Remcos RAT C2 Communication 19. threat[42465]:APT-C-23 TimerRAT Online 20. threat[42466]:APT-C-23 TimerRAT C2 Communication 21. threat[32168]:Apache Shiro Permission Bypass Vulnerability (CVE-2020-13933) 22. threat[42467]:Ngioweb Botnet Communication 23. threat[42474]:SideWinder WarHawk Backdoor Gathered File Manager Infomation 24. threat[32170]:Lingdang CRM getActionList Interface SQL Injection Vulnerability(CVE-2024-11121) 25. threat[32169]:Lingdang CRM system interface pdf.php Arbitrary File Read Vulnerability 26. threat[28955]:SolarWinds Web Help Desk Deserialization Vulnerability (CVE-2024-28986) 27. threat[32171]:Delta Electronics DIAEnergie SQL Injection Vulnerability (CVE-2024-42417) 28. threat[28956]:AnythingLLM Path Traversal Vulnerability(CVE-2024-13059) 29. threat[42468]:APT-C-35 Spyder Downloader Collect Information 30. threat[42469]:APT-C-35 Spyder Downloader Download Component 31. threat[32172]:OpenEMR SQL Injection Vulnerability(CVE-2024-22611) 32. threat[28957]:MinIO Unauthorized SSRF Vulnerability (CVE-2021-21287) 33. threat[32173]:DB-GPT Arbitrary file deletion Vulnerability(CVE-2025-0452) 34. threat[42470]:SideWinder WarHawk Backdoor Gathered System Information 35. threat[42475]:SideWinder WarHawk Backdoor Upload Files 36. threat[42472]:SideWinder WarHawk Backdoor Task Completion 37. threat[32175]:DedeCMS Arbitrary File Deletion Vulnerability (CVE-2024-33749) 38. threat[28958]:DedeCMS Remote Code Execution Vulnerability (CVE-2024-6940) 39. threat[32174]:NetMizer Log Management System dirlist.php Directory Traversal Vulnerability(CNVD-2017-37549) 40. threat[28959]:ReCrystallize Server Authentication Bypass Vulnerability(CVE-2024-26331) 41. threat[28961]:Grafana Cross-Site Scripting Injection Vulnerability (CVE-2025-4123) 42. threat[28960]:WordPress Plugin Like Button Rating LikeBtn Cross-site Error Code Vulnerability(CVE-2021-24945) 43. threat[28962]:Llama_Index duckdb_retriever SQL Injection Vulnerability(CVE-2024-11958) 44. threat[42473]:SideWinder WarHawk Backdoor Command Execution 45. threat[28940]:Cisco Smart Licensing Utility Unauthorized Access Vulnerability(CVE-2024-20440) update rules: 1. threat[42149]:SSRF Pseudo-Protocol Attacks Exist In Suspected Request Parameters 2. threat[42449]:Raccoon Stealer v1 C2 Communication 3. threat[10510]:Apache Tomcat WebSocket Infinite Loop Denial of Service Vulnerability(CVE-2020-13935) 4. threat[26389]:Ruijie NBR 1300G Router Ultra Vires CLI Command Execution Vulnerability 5. threat[24465]:Confluence Remote Code Execution Vulnerability (CVE-2019-3396) 6. threat[31510]:HTTP SQL Injection Attempt Type Nine 7. threat[25845]:ysoserial deserialization utilization 8. threat[42322]:Crimson RAT info Command Obtains System Information 9. threat[42323]:Crimson RAT getavs Command Obtains Process Information 10. threat[42454]:Suspected HTTP Requests Exists XSS Injection Common Event Function 11. threat[28715]:Vllm pickle Deserialization Vulnerability(CVE-2024-9052/CVE-2025-32444) 12. threat[42055]:Redis Remote File Deletion (Suspected Cleaning Traces) 13. threat[25946]:Redis Shell Reverse Command Execution 14. threat[63249]:HTTP /etc/passwd Access Attempt 15. threat[41499]:HTTP Request Sensitive Path Access Attempt 16. threat[24915]:Oracle Business Intelligence BIRemotingServlet AMF Insecure Deserialization(CVE-2020-2950) 17. threat[60992]:HTTP URL Param Cross Site Scripting Type Attemp 18. threat[27588]:Minio Authentication Bypass Vulnerability (CVE-2021-41266) 19. threat[31672]:Lingdang CRM System getOrderList Interface SQL Injection Vulnerability 20. threat[24384]:Mitel Connect ONSITE and Mitel ST conferencing Remote Code Execution(CVE-2018-5782) 21. threat[26010]:Alibaba Nacos Authentication Bypass Vulnerability (CVE-2021-29441) 22. threat[42388]:Mythic C2 Framework Online 23. threat[28240]:PHP webshell access Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-05-30 14:17:57

Name： eoi.unify.allrulepatch.ips.2.0.0.40398.rule	Version：2.0.0.40398
MD5：3761b89b3a884c50662a500a448e6d32	Size：41.02M
Description： This upgrade package is the Zealot 2.0 intrusion protection signature library/application identification signature library upgrade package, which only supports engine version V56R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.40398. The new/improved rules of this upgrade package are: new rules: 1. threat[32149]:Panabit Panalog singleuser_action.php Arbitrary User Creation Vulnerability 2. threat[28925]:PHPMyWind 5.6 Command Injection Vulnerability(CVE-2021-39503) 3. threat[28926]:TensorFlow YAML Arbitrary Code Execution Vulnerability(CVE-2021-37678) 4. threat[28924]:Weaver OA9 uploadimage Arbitrary File Upload Vulnerability 5. threat[28927]:MongoDB Unauthorized Access 6. threat[10602]:TensorFlow AudioSpectrogram Denial of Service Vulnerability(CVE-2023-25666) 7. threat[32152]:EasyImage down.php Arbitrary File Read Vulnerability 8. threat[28928]:DataEase JWT Arbitrary Forgery Vulnerability (CVE-2024-52295) 9. threat[32153]:China Mobile Yu Router ExportSettings.sh Sensitive Information Leakage Vulnerability(CNVD-2020-67110) 10. threat[42453]:GTalkTrojan C2 Communication 11. threat[28929]:Ivanti Endpoint Manager EventHandler.asmx RecordBrokenApp SQL Injection Vulnerability(CVE-2024-29825) 12. threat[42454]:Suspected HTTP Requests Exists XSS Injection Common Event Function 13. threat[42452]:Network Tunneling Tool Regeorg Communication _3 14. threat[28930]:MCMS 5.2.5 content/list SQL Injection Vulnerability(CVE-2022-23898) 15. threat[28931]:MCMS 5.2.5 search.do SQL Injection Vulnerability (CVE-2022-23899) 16. threat[32154]:LiveNVR Streaming Service Software channeltree Unauthorized Access Vulnerability 17. threat[42455]:HTTPBrowser RAT C2 Communication 18. threat[42456]:HTTPBrowser RAT Send Command 19. threat[28933]:Ivanti Endpoint Manager Mobile Authentication Bypass and Remote Code Execution Vulnerability(CVE-2025-4427/CVE-2025-4428) 20. threat[28932]:MQTT Unauthorized Vulnerability 21. threat[28934]:BEESCMS admin_book.php SQL Injection Vulnerability 22. threat[42457]:Lumma Stealer Trojan C2 Communication 23. threat[28935]:Netgear ProSAFE NMS300 UpLoadServlet Unrestricted File Upload Vulnerability(CVE-2024-5247) 24. threat[28936]:TOTOLINK NR1800X Command Injection Vulnerability (CVE-2022-41518/CVE-2022-44249/CVE-2022-44250/CVE-2022-44251) 25. threat[28937]:langchain-experimental arbitrary code execution vulnerability (CVE-2024-21513) 26. threat[42458]:Redline Stealer Trojan Data Active Online Behavior 27. threat[28938]:D-Link DIR-820L Command Injection Vulnerability (CVE-2022-26258) 28. threat[32155]:CLTPHP Database.php Any File Deletion Vulnerability 29. threat[28943]:Centreon Web updateServiceHost_MC SQL Injection Vulnerability(CVE-2024-32501) 30. threat[28942]:Cisco Smart Licensing Utility Trust Management Issue Vulnerability(CVE-2024-20439) 31. threat[28941]:WordPress Plugin Order Delivery Date Privilege Escalation Vulnerability(CVE-2025-2907) 32. threat[28939]:Bootstrap Cross-Site Scripting Vulnerability(CVE-2025-47204) 33. threat[28947]:Cacti Group Cacti links.php Console Section Name Stored Cross-Site Scripting Vulnerability(CVE-2024-43365) 34. threat[28944]:Kemp LoadMaster read_pass Command Injection Vulnerability(CVE-2024-7591) 35. threat[28945]:Ivanti Endpoint Manager serverMotherboard LoadSlotsTable SQL Injection Vulnerability(CVE-2024-34783) 36. threat[32156]:D-link Dir-605 B2 Information Disclosure Vulnerability(CVE-2021-40654) 37. threat[32157]:Huawei DG8045 deviceinfo Information Leakage Vulnerability 38. threat[32158]:MediaWiki CSS Extension Path Traversal Vulnerability(CVE-2024-47841) 39. threat[28946]:NVIDIA TensorRT-LLM pickle deserialization Vulnerability(CVE-2025-23254) 40. threat[32159]:Apache Axis2 1.4.1 Local File Inclusion Vulnerability 41. threat[32160]:MetaCRM mcc_login.jsp SQL Injection Vulnerability update rules: 1. threat[28872]:Microsoft Exchange Server Remote Code Execution Vulnerability Attack (CVE-2021-34473)_2 2. threat[30888]:Yongyou CHANJET T+ Ufida.T.SM.UIP.MultiCompanyController,Ufida.T.SM.UIP.ashx SQL Injection Vulnerability 3. threat[25740]:Linux Shell Reverse Hidden Command Execution 4. threat[42083]:Exchange Server Server Request Forgery Information Leakage Vulnerability 5. threat[25689]:Jenkins Rundeck Plugin Stored Cross-Site Scripting Vulnerability(CVE-2022-30956) 6. threat[25218]:JBoss 5.x and 6.x Deserialization Vulnerabilities (CVE-2017-12149) 7. threat[31425]:Glodon OA GetAllUsersXml Information Disclosure Vulnerability 8. threat[28077]:Horde Groupware Webmail Edition Remote Command Execution Vulnerability 9. threat[42221]:Lumma Stealer Trojan Online Requests 10. threat[42222]:Lumma Stealer Trojan Negotiating Configuration Information 11. threat[42223]:Lumma Stealer Trojan Sends Cryptic Messages 12. threat[41887]:Ngrok Intranet Penetration Tool Communication 13. threat[24302]:Suspicious XML External Entity(XXE) Injection Attempt 14. threat[24908]:Mikrotik Router Monitoring System 1.2.3 SQL Injection(CVE-2020-13118) Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-05-23 18:14:28

Name： eoi.unify.allrulepatch.ips.2.0.0.40295.rule	Version：2.0.0.40295
MD5：565c38ce02fac84ef3b02741e97d9041	Size：40.97M
Description： This upgrade package is the Zealot 2.0 intrusion protection signature library/application identification signature library upgrade package, which only supports engine version V56R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.40295. The new/improved rules of this upgrade package are: new rules: 1. threat[28894]:LDAP Injection Attack Attempt 2. threat[28895]:WordPress plugin Tawk.To Live Chat Cross-site Request Forgery Vulnerability(CVE-2021-24914) 3. threat[28896]:Craft CMS Remote Code Execution Vulnerability(CVE-2025-32432) 4. threat[32145]:GLPI Pre-Authentication SQL Injection Vulnerability(CVE-2025-24799) 5. threat[28897]:GLPI Pre-Authentication Remote Code Execution Vulnerability (CVE-2025-24801) 6. threat[28899]:PyTorch Distributed RPC Framework Remote Code Execution Vulnerability(CVE-2024-5480) 7. threat[42440]:Telnet Server NTLM Authentication Bypass Vulnerability 8. threat[28900]:Microsoft Telnet Server Guest User Login Bypass Vulnerability 9. threat[28902]:Jumpserver Arbitrary Password Reset Vulnerability (CVE-2023-42820) 10. threat[32146]:WordPress plugin Advanced Access Manager aam-media=wp-config.php Arbitrary File Read Vulnerability 11. threat[28898]:ThinkPHP Deserialization Arbitrary Command Execution Vulnerability (CVE-2024-48112) 12. threat[28901]:EyouCMS v.1.6.5 Cross-site Scripting Attack Vulnerability(CVE-2024-22927) 13. threat[28903]:PyTorch Distributed RPC Framework RemoteModule Deserialization Vulnerability(CVE-2024-48063) 14. threat[28905]:Ketuo Total Intelligent Parking Charging System DoubtCarNoListFrom.aspx SQL Injection Vulnerability 15. threat[28907]:DedeCMS SSTI Template Injection Remote Code Execution Vulnerability 16. threat[28906]:HP Integrated Lights-Out 4 Remote Command Execution Vulnerability(CVE-2017-12542) 17. threat[28908]:Kentico CMS Remote Code Execution Vulnerability(CVE-2019-10068) 18. threat[28909]:Ruijie-EWEB patch.php Command Injection Vulnerability 19. threat[28910]:Apache Pinot Authentication Bypass Vulnerability(CVE-2024-56325) 20. threat[42441]:Sorillus C2 Tool Communication Behavior 21. threat[42442]:Prometei Botnet Connects To The C2 Server 22. threat[42443]:DragonOK Backdoor Uploads Files 23. threat[28904]:Erlang/OTP SSH Remote Code Execution Vulnerability(CVE-2025-32433) 24. threat[28911]:SonicWALL SSLVPN Security Vulnerability(CVE-2024-53704) 25. threat[42444]:DragonOK Backdoor Download Files 26. threat[28912]:Simple Chatbot Application SystemSettings.php Remote Code Execution Vulnerability 27. threat[28913]:TOTOLINK A7100RU Command Injection Vulnerability(CVE-2022-28583) 28. threat[28914]:Joomla Component GMapFP Arbitrary File Upload Vulnerability(CNVD-2020-19945) 29. threat[28915]:D-Link D-View executeWmicCmd Command Injection Vulnerability(CVE-2024-5297) 30. threat[28916]:Ivanti Avalanche FileStoreConfig Arbitrary File Upload Vulnerability(CVE-2024-29848) 31. threat[42445]:PlugX Worm Communicate 32. threat[42447]:Raccoon Stealer v2 C2 Communication 33. threat[28917]:Tongda OA v11.2 upload.php Background Arbitrary File Upload Vulnerability 34. threat[42446]:Suspected GTP Protocol False Message Communication 35. threat[42448]:Raccoon Stealer v2 Sent Infomation To C2 Server 36. threat[28923]:openBI /screen/exportLarge code issue vulnerability(CVE-2024-1032) 37. threat[28919]:Razer Sila Genie Magic Box Router Command Injection Vulnerability (CVE-2022-29013) 38. threat[28918]:openBI ploadIcon Arbitrary File Upload Vulnerability(CVE-2024-1035) 39. threat[32147]:NSFOCUS SAS Bastion Host local_user.php Permission Bypass Vulnerability 40. threat[28920]:NSFOCUS SAS Bastion Exec Remote Command Execution Vulnerability 41. threat[32148]:NSFOCUS SAS Bastion Machine GetFile Arbitrary File Read Vulnerability 42. threat[28921]:F5 BIG-IP iControl REST Command Injection Vulnerability(CVE-2025-31644) 43. threat[42450]:Ccremote C2 Tool Communication Behavior 44. threat[42451]:Dwsercice Remote Control Tool Communication Behavior 45. threat[28922]:openBI /websocket/Setting/set Command Execution Vulnerability(CVE-2024-1115) update rules: 1. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228/CVE-2021-45046) 2. threat[42179]:Suspected malicious file download 3. threat[25771]:ThinkPHP multilingual function Remote Code Execution Vulnerability(CVE-2022-47945) 4. threat[25727]:Linux/Windows Sample Download Command Execution 5. threat[25598]:VMware Spring Cloud Function SpEL Code Injection Vulnerability(CVE-2022-22963) 6. threat[41499]:HTTP Request Sensitive Path Access Attempt 7. threat[24434]:Supervisord Remote Command Execution Vulnerability(CVE-2017-11610) 8. threat[27718]:TOTOLINK A6000R webcmd Remote Command Execution Vulnerability 9. threat[31608]:Yonyou U8 Cloud FileServlet Arbitrary File Read Vulnerability 10. threat[42147]:HTTP Sensitive Parameters Execute Arbitrary Command Attempt 11. threat[10510]:Apache Tomcat WebSocket Infinite Loop Denial of Service Vulnerability(CVE-2020-13935) 12. threat[60993]:HTTP Cross Site Generic Scripting Attempt 13. threat[26397]:ESAFENET UploadFileFromClientServiceForClient Arbitrary File Upload Vulnerability(CNVD-2023-59471) 14. threat[24502]:Reflective XSS injection attack 15. threat[26873]:Dahua Smart Park Integrated Management Platform poi Arbitrary File Upload Vulnerability 16. threat[31510]:HTTP SQL Injection Attempt Type Nine 17. threat[63682]:HTTP SQL Injection Attempt Type Three 18. threat[27759]:Livebos Uploadimage.Do Arbitrary File Upload Vulnerability 19. threat[30963]:Qi'anxin vpn Unauthorized Management User Traversal Vulnerability 20. threat[62201]:HTTP SQL Injection Attempt Type two 21. threat[26317]:Huatian Power OA Version 8000 WorkFlowService SQL Injection Vulnerability 22. threat[31442]:Glodon OA Emailaccountorguserservice SQL Injection Vulnerabilities 23. threat[60245]:HTTP SQL Injection Attempt Type Eight 24. threat[31434]:Weaver E-Mobile System Interface cdnfile Arbitrary File Read Vulnerability 25. threat[23522]:TOTOLINK Routers formSysCmd Remote Command Execution Vulnerability(CVE-2020-25499) 26. threat[31502]:Simple School Managment System SQL Injection Vulnerability(CVE-2024-25304) 27. threat[31503]:Simple School Managment System SQL Injection Vulnerability(CVE-2024-25306) 28. threat[26363]:Jeecg-boot JDBC testConnection arbitrary code execution vulnerability 29. threat[25121]:SaltStack Salt API SSH Client Command Injection Vunlerability (CVE-2020-16846) 30. threat[27349]:LiveBos crm ScriptVariable.jsp Remote Code Execution Vulnerability 31. threat[24538]:Xstream Deserializable Remote Code Execution Vulnerability(CVE-2013-7285/CVE-2019-10173) Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-05-15 13:52:14

Name： eoi.unify.allrulepatch.ips.2.0.0.40168.rule	Version：2.0.0.40168
MD5：72434ec8817a2dd06743ff7afc02dc2b	Size：41.01M
Description： This upgrade package is the Zealot 2.0 intrusion protection signature library/application identification signature library upgrade package, which only supports engine version V56R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.40168. The new/improved rules of this upgrade package are: new rules: 1. threat[42437]:APT-C-35 Spyder Downloader Heartbeat Detection_1 2. threat[42438]:APT-C-35 Spyder Downloader Heartbeat Detection_2 3. threat[32139]:LyLme Spage SQL Injection Vulnerability (CVE-2023-45951) 4. threat[42439]:NimPlant C2 Framework Communication 5. threat[32140]:Citrix Application report Privilege Bypass Vulnerability 6. threat[32141]:WordPress RegistrationMagic Authentication Bypass Vulnerability(CVE-2021-4073) 7. threat[28882]:WordPress Data Access Plugin SQL Injection Vulnerability(CVE-2021-24866) 8. threat[32142]:Taocms path Arbitrary File Read Delete Vulnerability(CVE-2021-46203) 9. threat[28883]:Tenda AC9 SetSysTimeCfg Command Injection Vulnerability(CVE-2022-36273) 10. threat[28885]:Weaver OA ReceiveTodoRequestByXml XML Entity Injection Vulnerability 11. threat[28884]:Tenda AC9 SetIPTVCfg Remote Command Execution Vulnerability(CVE-2022-25438) 12. threat[10601]:Apache Log4j Denial of Service Vulnerability (CVE-2021-45105) 13. threat[28888]:ZoneMinder Remote Command Execution Vulnerability (CVE-2023-26035) 14. threat[28886]:SSI Command Injection Attack 15. threat[28889]:Contao Remote Code Execution Vulnerability(CVE-2022-26265) 16. threat[28890]:Suspected HTTP request exists Python Jinja2 template injection _2 17. threat[28891]:Totolink Routers X5000R and A7000R Command Injection Vulnerability(CVE-2022-27004) 18. threat[28892]:D-Link Command Inject Vulnerability(CVE-2022-28573) 19. threat[32143]:74cms Arbitrary File Read Vulnerability 20. threat[28887]:Adobe ColdFusion Access Control Vulnerability(CVE-2023-38205) 21. threat[32144]:Tsinghua Unigroup Archives Management System Directory Traversal Vulnerability (CVE-2025-0225/CVE-2025-0226/CVE-2025-0227) 22. threat[28893]:WordPress plugin Temporary Login Without Password Cross-Site Request Forgery Vulnerability(CVE-2021-24836) update rules: 1. threat[27694]:Fanwei E-Mobile system installOperate interface SSRF vulnerability 2. threat[60471]:HTTP Directory Traversal Access /etc/passwd 3. threat[42434]:APT-C-35 Spyder Downloader Online_2 4. threat[62203]:HTTP Command Injection Attempt 5. threat[40958]:Backdoor/Trojan Webshell Detection 6. threat[68655]:Suspicious Webshell Backdoor Access and Control 7. threat[27402]:Java FreeMarker template injection exists in the suspected request parameter 8. threat[27402]:Suspected HTTP request exists Java FreeMarker template injection 9. threat[28843]:Langflow Remote Code Execution Vulnerability(CVE-2025-3248) 10. threat[50652]:XML External Entity Injection (XXE)-(HTML Entity Encoding/UTF-16/UTF-7) 11. threat[28526]:ZZZCMS zzzphp Remote Command Injection Vulnerability(CVE-2022-23881) 12. threat[27399]:Python Jinja2 template injection exists in the suspected request parameter 13. threat[27399]:Suspected HTTP request exists Python Jinja2 template injection 14. threat[27396]:Suspected HTTP requests exists PHP Twig template injection 15. threat[25740]:Linux Shell Reverse Hidden Command Execution 16. threat[25748]:Linux Information Collection Hidden Command Execution 17. threat[27107]:Linux Information Collection Command Type Three 18. threat[63249]:HTTP /etc/passwd Access Attempt 19. threat[31510]:HTTP SQL Injection Attempt Type Nine 20. threat[63682]:HTTP SQL Injection Attempt Type Three 21. threat[60245]:HTTP SQL Injection Attempt Type Eight 22. threat[25727]:Linux/Windows Sample Download Command Execution 23. threat[26701]:Expression Injection Attack-Expression Evaluation 24. threat[28059]:Kingdee EAS /easportal/tools/appUtil.jsp Arbitrary File Upload Vulnerability 25. threat[25703]:Craft CMS SEOmatic Server-Side Template Injection Vulnerability(CVE-2020-9757) 26. threat[24300]:Remote command execution vulnerability of GPON Home Gateway (cve-2018-10561/cve-2018-10562) 27. threat[24645]:AVTECH video surveillance device adcommand.cgi remote command execution vulnerability 28. threat[24255]:Web Service Remote Command Execution Attack 29. threat[27106]:Windows Information Collection Command Type Three 30. threat[25747]:Windows Information Collection Command Execution 31. threat[25746]:Linux Information Collection Command Execution (Request Parameters) 32. threat[25780]:Apache Airflow Code Injection Vulnerability (CVE-2022-40127) 33. threat[27088]:JumpServer Remote Code Execution Vulnerability (CVE-2024-29202/CVE-2024-40629) Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-05-09 17:11:09

Name： eoi.unify.allrulepatch.ips.2.0.0.40103.rule	Version：2.0.0.40103
MD5：d2e77b382da43dfacf3da0660a9a3e90	Size：40.98M
Description： This upgrade package is the Zealot 2.0 intrusion protection signature library/application identification signature library upgrade package, which only supports engine version V56R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.40103. The new/improved rules of this upgrade package are: new rules: 1. threat[32126]:BlogEngine CMS Open Redirect Vulnerability(CVE-2023-33405) 2. threat[28872]:Microsoft Exchange Server Remote Code Execution Vulnerability Attack (CVE-2021-34473)_2 3. threat[28873]:Angular Expressions Sandbox Escape Arbitrary Code Execution Vulnerability (CVE-2024-54152) 4. threat[42432]:Suo5 Tunnel Tool Communication_3 5. threat[32127]:Bazaar Arbitrary File Read Vulnerability (CVE-2024-40348) 6. threat[32128]:Docassemble Arbitrary File Read Vulnerability (CVE-2024-27292) 7. threat[28874]:Yonyou U8 Cloud ServiceDispatcherServlet Deserialization Vulnerability_2 8. threat[32130]:ipTIME A2004 Information Disclosure Vulnerability (CVE-2024-54763/CVE-2024-54764) 9. threat[32129]:Yonyou U8 CRM timeoutlogin interface Unauthorized access Vulnerability 10. threat[28876]:Bacardi CMS Micro Mall Command Injection(CNVD-2021-12798) 11. threat[32131]:Baijia CMS Microstore File Deletion Vulnerability(CNVD-2021-16017) 12. threat[28877]:Baidu WebUploader component arbitrary file upload Vulnerability(CNVD-2018-26054) 13. threat[32132]:Oracle Fusion Middleware Information Disclosure Vulnerability (CVE-2019-2616) 14. threat[32133]:pyLoad Information Disclosure Vulnerability (CVE-2024-21644) 15. threat[32134]:RaidenMAILD Mail Server Directory Traversal Vulnerability (CVE-2024-32399) 16. threat[32105]:Tenda AC1200 Authentication Bypass Vulnerability (CVE-2022-40843) 17. threat[32135]:Maple Wireless Management System exportConfigByHttp Information Disclosure Vulnerability 18. threat[42433]:Patchwork APT Spyder Downloader Online 19. threat[28878]:Ketuo Total Intelligent Parking Charging System T_SellFrom.aspx SQL Injection Vulnerability 20. threat[32138]:Suzhou Kedar Technology Multimedia Recording System Information Leakage Vulnerability 21. threat[42434]:Patchwork APT Spyder Downloader Online_2 22. threat[42435]:Patchwork APT Spyder Downloader Online_3 23. threat[32136]:SimpleHelp Directory Traversal Vulnerability (CVE-2024-57727) 24. threat[32137]:Wyrestorm Apollo VX20 Information Disclosure Vulnerability (CVE-2024-25735) 25. threat[28879]:NoSQL Injection Attack 26. threat[28880]:SAP NetWeaver Visual Composer Metadata Uploader Arbitrary File Upload Vulnerability (CVE-2025-31324) 27. threat[28881]:JizhiCMS website builder system backend SQL injection vulnerability(CVE-2022-36578) 28. threat[28875]:Commvault Command Center Remote Code Execution Vulnerability(CVE-2025-34028) update rules: 1. threat[28798]:Shenzhou Digital DCME-520 mon_merge_stat_hist.php Command Injection Vulnerability(CVE-2025-3002) 2. threat[24302]:Suspicious XML External Entity(XXE) Injection Attempt 3. threat[27786]:Zhenyun SRM Cloud Platform Public SpEL Expression Injection Vulnerability 4. threat[42067]:lockerBot Botnet Communication 5. threat[27513]:Yonyou U8 Cloud ServiceDispatcherServlet Deserialization Vulnerability 6. threat[26357]:Jeecg-Boot Freemarker Template Injection Vulnerability(CVE-2023-4450) 7. threat[32111]:Tenda AC1200 Password Exposure Vulnerability (CVE-2022-40845) 8. threat[31452]:Shibang Communications IP Network Intercom Broadcasting System rj_get_token.php Arbitrary File Reading Vulnerability 9. threat[32055]:WordPress StopBadBots Plugin SQL Injection Vulnerability (CVE-2021-24727) 10. threat[28771]:CrushFTP Authentication Bypass Vulnerability (CVE-2025-2825) 11. threat[24474]:Oracle Business Intelligence XML Publisher 12.2.1.4.0 - XML External Entity Injection Vulnerability 12. threat[10596]:5G Infrastructure GTP-U In GTP-U Denial Of Service Vulnerability(CVE-2021-45462) 13. threat[28823]:NoSQL Injection Attack Behavior Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-05-03 16:29:58

Name： eoi.unify.allrulepatch.ips.2.0.0.40024.rule	Version：2.0.0.40024
MD5：ab6568cad1fd3cc9ae7f0f90b9920f43	Size：41.63M
Description： This upgrade package is the Zealot 2.0 intrusion protection signature library/application identification signature library upgrade package, which only supports engine version V56R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.40024. The new/improved rules of this upgrade package are: new rules: 1. threat[32083]:Smart Office Web 20.28 - Information Disclosure Vulnerability(CVE-2022-47075) 2. threat[32084]:JeecgBoot SQL Injection Vulnerability(CVE-2024-57606) 3. threat[32081]:OpenCATS Open Redirect Vulnerability (CVE-2023-27292) 4. threat[32082]:Uncanny Toolkit for LearnDash URL Redirect Vulnerability (CVE-2023-34020) 5. threat[28845]:Mura CMS Authentication Bypass Vulnerability (CVE-2022-47003) 6. threat[42424]:Microsoft Skype for Business Server Server-Side Request Forgery Vulnerability (CVE-2023-41763) 7. threat[32087]:Securepoint Unified Threat Management Information Disclosure Vulnerability (CVE-2023-22620) 8. threat[28846]:MSNSwitch Firmware Authentication Bypass (CVE-2022-32429) 9. threat[28847]:modoboa Email Management Platform Improper Authorization Vulnerability (CVE-2023-2227) 10. threat[42425]:Suo5 Tunnel Tool Communication _2 11. threat[32085]:Payment Gateway for Telcell Open Redirect Vulnerability (CVE-2023-6786) 12. threat[32086]:WordPress Paytm Payment Gateway Plugin Server-Side Request Forgery Vulnerability (CVE-2022-45362) 13. threat[50672]:Todesk Remote Control Tool Connection Establishment Behavior 14. threat[28848]:Drogon Access Control Error Vulnerability(CVE-2022-25297) 15. threat[32088]:Wordpress Autoptimize Information Disclosure Vulnerability(CVE-2022-4057) 16. threat[32089]:SearchWP Live Ajax Search Unauthenticated Information Disclosure Vulnerability(CVE-2022-2535) 17. threat[32090]:PHPIPAM Unauthorized Vulnerability(CVE-2023-0678) 18. threat[32091]:WordPress Plugin WPQA Builder Information Disclosure Vulnerability (CVE-2022-1598) 19. threat[32092]:WordPress Simple Ajax Chat Sensitive Information Disclosure Vulnerability(CVE-2022-27849) 20. threat[28849]:PowerJob Arbitrary User Registration Vulnerability(CVE-2023-29922) 21. threat[32070]:WordPress Download Monitor Sensitive Information Disclosure(CVE-2022-45354) 22. threat[32093]:WordPress Prime Mover Sensitive Data Leak Vulnerability(CVE-2023-6505) 23. threat[32094]:Reprise License Manager Information Disclosure Vulnerability(CVE-2022-28365) 24. threat[28850]:Reprise Software Reprise License Manager Cross-Site Scripting Vulnerability(CVE-2022-28363) 25. threat[32095]:WordPress Popup by Supsystic Subscriber Email Address Disclosure Vulnerability(CVE-2022-0424) 26. threat[32096]:WordPress Simply Schedule Appointments Information Disclosure Vulnerability(CVE-2022-2373) 27. threat[32099]:WordPress Sitemap by click5 Unauthorized Vulnerability(CVE-2022-0952) 28. threat[32098]:PMB Open Redirect Vulnerability (CVE-2023-24735) 29. threat[32097]:WordPress Easy Student Results Improper Authorization Vulnerability(CVE-2022-2379) 30. threat[32100]:WordPress Redux framework sensitive information leakage vulnerability(CVE-2021-38314) 31. threat[28851]:SAP Knowledge Warehouse Cross-Site Scripting Vulnerability(CVE-2021-42063) 32. threat[32101]:PowerCreator Interface OpenPublicCourse.aspx SQL Injection Vulnerability 33. threat[32102]:PowerCreator Interface CatalogCourse.aspx SQL Injection Vulnerability 34. threat[32103]:PowerCreator ShowResourceSkillComment.aspx SQL Injection Vulnerability 35. threat[32104]:WordPress Toolbar Plugin Open Redirect Vulnerability (CVE-2023-6389) 36. threat[28853]:Apache Commonscollections Deserialization Command Injection Vulnerability (CC10) 37. threat[32106]:Weaver E-Mobile Data/downfile.chp arbitrary file read vulnerability 38. threat[28854]:Apache Commonscollections Deserialization Command Injection Vulnerability (CC11) 39. threat[32107]:Dolibarr Information Disclosure Vulnerability (CVE-2023-33568) 40. threat[32112]:WordPress Plugin External Media without Import Backend Server Request Forgery Vulnerability (CVE-2022-1398) 41. threat[32066]:WordPress Fusion Builder Server-Side Request Forgery Vulnerability (CVE-2022-1386) 42. threat[32111]:Tenda AC1200 Password Exposure Vulnerability (CVE-2022-40845) 43. threat[28858]:Tenda AC1200 Command Execution Vulnerability (CVE-2022-40847) 44. threat[28857]:Xunyi Technology 74cms SQL Injection Vulnerability (CVE-2020-22210) 45. threat[32113]:WordPress Plugin Formcraft Background Server Request Forgery Vulnerability (CVE-2022-0591) 46. threat[28859]:Tenda AC1200 Command Execution Vulnerability(CVE-2022-41396) 47. threat[28860]:Tenda AC1200 Command Injection Vulnerability(CVE-2022-41395) 48. threat[42429]:Upload The Sensitive Script File _Filename RFC2047 Encoding Bypass 49. threat[42430]:Sensitive Script File Upload - Multi-Form Upload Bypass 50. threat[28862]:TP-Link Command Injection Vulnerability(CVE-2021-41653) 51. threat[28861]:Langsu ERP System UploadAjaxAPI.ashx File Upload Vulnerability(CVE-2025-1646) 52. threat[28863]:OnJet ERP cwsqry.asmx SQL Injection Vulnerability 53. threat[32115]:iSpy Authentication Bypass Vulnerability (CVE-2022-29775) 54. threat[28864]:OnJet ERP cwsapprove.asmx SQL Injection Vulnerability 55. threat[28865]:Yonyou NC-Cloud fs Server Authentication Bypass Vulnerability 56. threat[28866]:Monthly Club ERP Management Cloud Platform Handler.ashx Arbitrary File Upload Vulnerability 57. threat[32116]:Wordpress Shareaholic Information Leak Vulnerability (CVE-2022-0594) 58. threat[28867]:Jolokia Agent JNDI Injection Vulnerability (CVE-2018-1000130) 59. threat[42431]:Bore Tunnel Tool Communication Behavior 60. threat[32117]:WordPress plugin Metform Sensitive Information Disclosure Vulnerability(CVE-2022-1442) 61. threat[32118]:MLFlow Sensitive Information Disclosure Vulnerability(CVE-2023-43472) 62. threat[28868]:WordPress All-In-One Video Gallery Server-Side Request Forgery Vulnerability(CVE-2022-2633) 63. threat[32119]:PHP Scripts Mall Schools Alert Management Script Arbitrary File Read Vulnerability (CVE-2018-12054) 64. threat[28869]:Kavita Server-Side Request Forgery Vulnerability (CVE-2022-2756) 65. threat[32120]:WAVLINK WN530HG4 Improper Access Control Vulnerability(CVE-2022-34047) 66. threat[32121]:WordPress Page Builder KingComposer Plugin Open Redirect Vulnerability(CVE-2022-0165) 67. threat[28852]:Huang Yaoshi Pharmaceutical Management Software XSDService.asmx File Upload Vulnerability(CVE-2024-56829) 68. threat[28855]:GuangZhou Tucron Library Management System Logic Bypass Vulnerability 69. threat[32108]:Interlib Library System downLoad Any File Reading Vulnerability 70. threat[32109]:HONGFAN OA UserForm.asmx SQL Injection Vulnerability 71. threat[28856]:HONGFAN OA imgupload.aspx Arbitrary File Upload Vulnerability 72. threat[32110]:HONGFAN OA /anon/list SQL Injection Vulnerability 73. threat[32114]:WordPress Transposh Information Disclosure Vulnerability(CVE-2022-2462) 74. threat[32122]:Fangzheng Media Editorial System getUserInfo.do Interface Information Leakage Vulnerability 75. threat[32123]:Hunan Construction Engineering Research Quality Inspection System InstrumentUsageRecordExport Arbitrary File Read Vulnerability 76. threat[32125]:Oracle E-Commerce Suite lcmServiceController.jsp SSRF Vulnerability(CVE-2018-3167) 77. threat[28871]:Anyscale Ray Server Request Forgery Vulnerability (CVE-2023-48023) 78. threat[28870]:WiseGiga NAS group.php Remote Command Execution Vulnerability 79. threat[32124]:WiseGiga NAS down_data.php Arbitrary File Download Vulnerability 80. threat[28839]:Digital Watchdog DW MEGApix IP Cross-site Scripting Vulnerability(CVE-2022-34537) 81. threat[50251]:Remote Control Tool TeamViewer Connection Control update rules: 1. threat[26283]:Sophos Firewall Code Execution Vulnerability (CVE-2022-1040) 2. threat[50652]:XML External Entity Injection (XXE)-(HTML Entity Encoding/UTF-16/UTF-7) 3. threat[28837]:llama.cpp rpc_tensor arbitrary address write Vulnerability(CVE-2024-42479) 4. threat[24481]:Oracle WebLogic Server FileDistributionServlet Information Disclosure(CVE-2019-2615) 5. threat[26429]:u5cms URL Redirection Vulnerability (CVE-2022-32444) 6. threat[25396]:JBoss Application Server JMXInvokerServlet Deserialization Vulnerability(CVE-2015-7501) 7. threat[60588]:PHP Arbitrary File Location Upload Vulnerability 8. threat[28483]:NUUO webcam upload.php interface Arbitrary File Upload Vulnerability(CVE-2018-11523) 9. threat[25437]:WordPress Automattic WooCommerce Blocks Plugin SQL Injection Vulnerability(CVE-2021-32789) 10. threat[28823]:NoSQL Injection Attack Behavior 11. threat[26047]:XStream Deserialization File Deletion Vulnerability (CVE-2021-21343) 12. threat[26048]:XStream Deserialization Command Injection Vulnerability (CVE-2020-26217) 13. threat[26049]:XStream Deserialization Server Request Forgery Vulnerability (CVE-2021-21342) 14. threat[26007]:XStream Deserialization Remote Code Execution Vulnerability (CVE-2021-39144) 15. threat[26008]:XStream Deserialization Remote Code Execution Vulnerability (CVE-2021-39149) 16. threat[28059]:Kingdee EAS /easportal/tools/appUtil.jsp Arbitrary File Upload Vulnerability 17. threat[26023]:XStream Deserialization Remote Code Execution Vulnerability (CVE-2021-39147) 18. threat[26018]:XStream Deserialization Remote Code Execution Vulnerability (CVE-2021-39145) 19. threat[26022]:XStream Deserialization Remote Code Execution Vulnerability (CVE-2021-39146/CVE-2021-39154) 20. threat[26024]:XStream Deserialization Remote Code Execution Vulnerability (CVE-2021-39148) 21. threat[26046]:XStream Deserialization Server Request Forgery Vulnerability (CVE-2021-21349) 22. threat[10544]:XStream Denial of Service Vulnerability (CVE-2021-21341) 23. threat[10545]:XStream Denial of Service Vulnerability (CVE-2021-21348) 24. threat[26219]:XStream Deserialization Remote Code Execution Vulnerability (CVE-2021-39139) 25. threat[10546]:XStream Denial of Service Vulnerability (CVE-2021-39140) 26. threat[26223]:XStream Deserialization Code Execution Vulnerability (CVE-2021-39141) 27. threat[26224]:XStream Deserialization SSRF Vulnerability (CVE-2021-39150) 28. threat[26225]:XStream Deserialization Code Execution Vulnerability (CVE-2021-39151) 29. threat[26226]:XStream Deserialization SSRF Vulnerability (CVE-2021-39152) 30. threat[26231]:XStream Deserialization Code Execution Vulnerability (CVE-2021-39153) 31. threat[26325]:Tongda OA gateway foreground deserialization vulnerability 32. threat[28153]:Calibre Remote Code Execution Vulnerability (CVE-2024-6782) 33. threat[42222]:Lumma Stealer Trojan Negotiating Configuration Information 34. threat[42223]:Lumma Stealer Trojan Sends Cryptic Messages 35. threat[28768]:Dell EMC iDRAC7 and iDRAC8 Code Injection Vulnerability (CVE-2018-1207) 36. threat[31735]:Easy Appointments Information Disclosure Vulnerability(CVE-2022-0482) 37. threat[25932]:Beanshell Deserialization Code Injection Vulnerability 38. threat[25923]:JDK 7u21 deserialization code injection vulnerability 39. threat[25924]:JDK 8u20 Deserialization Code Injection Vulnerability 40. threat[25845]:ysoserial deserialization utilization 41. threat[26932]:Landray OA sysSearchMain.do XMLdecode Deserialization Vulnerability 42. threat[30759]:Zoho ManageEngine Applications Manager UploadAction Arbitrary File Upload Vulnerability (CVE-2020-14008) 43. threat[32054]:Apache Solr on Windows Path Discovery Vulnerability(CVE-2024-52012) 44. threat[28859]:Tenda AC1200 Command Injection Vulnerability(CVE-2022-41396) 45. threat[31374]:Hitachi Vantara Pentaho Information Breach Vulnerability (CVE-2021-31601) 46. threat[26314]:Wangshen SecSSL 3600 Secure Access Gateway System Arbitrary Password Modification Vulnerability 47. threat[31891]:Ivanti-EPM Absolute Path Traversal Vulnerability (CVE-2024-13159) 48. threat[31891]:Ivanti-EPM Absolute Path Traversal Vulnerability (CVE-2024-13159/CVE-2024-13161) 49. threat[31649]:Zabbix SQL Injection Vulnerability (CVE-2024-42327) 50. threat[31292]:Jquery FileTree Path Traversal Vulnerability (CVE-2017-1000170) 51. threat[28799]:JSONPath Plus Security Vulnerability(CVE-2025-1302) 52. threat[26502]:Juniper Networks Junos OS EX Arbitrary File Read Vulnerability (CVE-2023-36845) 53. threat[27389]:Seeyon OA fileUpload.do Foreground File Upload Bypass Vulnerability 54. threat[26543]:XXL-JOB Background Task Command Execution Vulnerability (CVE-2022-40929/CVE-2023-48089) 55. threat[25930]:Oracle E-Business Suite Unauthenticated RCE(CVE-2022-21587) Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-04-25 15:25:04

Name： eoi.unify.allrulepatch.ips.2.0.0.39851.rule	Version：2.0.0.39851
MD5：207fa611826b1cfd4db0372d74953a6a	Size：41.65M
Description： This upgrade package is the Zealot 2.0 intrusion protection signature library/application identification signature library upgrade package, which only supports engine version V56R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.39851. The new/improved rules of this upgrade package are: new rules: 1. threat[28807]:WordPress Contact Form 7 Plugin Cross-site Scripting Vulnerability(CVE-2022-0595) 2. threat[32045]:Atlassian Jira Gantt-Chart Cross-Site Scripting Vulnerability(CVE-2020-15944) 3. threat[32044]:webTareas Cross-Site Script Injection Vulnerability (CVE-2022-44957) 4. threat[28812]:Leadshop Arbitrary Code Execution Vulnerability (CVE-2022-4136) 5. threat[28811]:Liferay Portal Deserialization Vulnerability(CVE-2019-16891) 6. threat[28808]:WordPress Elementor Website Builder Plugin Remote Code Execution Vulnerability(CVE-2022-1329) 7. threat[28809]:Rukovoditel Cross-site Scripting Vulnerability(CVE-2022-44949) 8. threat[28810]:Wordpress Stock Ticker Plugin Cross-Site Scripting Vulnerability(CVE-2022-45365) 9. threat[28813]:Redash Default Hardcoding Vulnerability (CVE-2021-41192) 10. threat[28815]:Tinyproxy HTTP Connection Headers Use-After-Freevulnerability (CVE-2023-49606) 11. threat[28814]:Apple Products WebKit Component Buffer Error Vulnerability (CVE-2019-8684) 12. threat[32046]:WordPress plugin Elementor Website Cross-site Scripting Injection Vulnerability (CVE-2022-29455) 13. threat[28816]:Typecho install.php Deserialization Vulnerability 14. threat[28817]:Mozilla PDF.js Code Execution vulnerability (CVE-224-4367) 15. threat[28818]:ESAFENET Electronic Document Security Management System Injection Vulnerability(CVE-2025-1841) 16. threat[32052]:ESAFENET Electronic Document Security Management System SQL Injection Vulnerability(CVE-2024-10134) 17. threat[32051]:ESAFENET Electronic Document Security Management System SQL Injection Vulnerability(CVE-2024-10133) 18. threat[32050]:ESAFENET Electronic Document Security Management System SQL Injection Vulnerability(CVE-2024-10072) 19. threat[32049]:ESAFENET Electronic Document Security Management System SQL Injection Vulnerability(CVE-2024-10071) 20. threat[32048]:ESAFENET Electronic Document Security Management System SQL Injection Vulnerability(CVE-2024-10070) 21. threat[32047]:ESAFENET Electronic Document Security Management System SQL Injection Vulnerability(CVE-2024-10069) 22. threat[28819]:Weaver E-Office submit.php File Overwrite Vulnerability 23. threat[28820]:Weaver OA clusterupgrade Frontend File Upload Vulnerability 24. threat[32053]:Ivanti Endpoint Manager XML External Entity Injection Vulnerability (CVE-2024-37397) 25. threat[28821]:lollms-webui Arbitrary file upload Vulnerability(CVE-2024-9920) 26. threat[28822]:Yapi /api/interface/up has a NoSQL Injection Vulnerability 27. threat[28823]:NoSQL Injection Attack Behavior 28. threat[28827]:D-Link DIR-816L Improper Access Control Vulnerability(CVE-2022-28955) 29. threat[28826]:CData RSB Connect code issue vulnerability(CVE-2023-24243) 30. threat[28825]:CasaOS Authentication Bypass Vulnerability(CVE-2023-37265) 31. threat[28824]:Cacti Arbitrary File Creation Leads to Remote Code Execution Vulnerability(CVE-2025-24367) 32. threat[32054]:Apache Solr on Windows Path Discovery Vulnerability(CVE-2024-52012) 33. threat[28828]:CrushFTP Authentication Permission Bypass Vulnerability(CVE-2023-43177) 34. threat[28829]:Coremail Mail System Arbitrary File Upload Vulnerability 35. threat[28832]:Zhiyuan OA zip file upload govdocGBManager ofd background decompression Vulnerability 36. threat[32055]:Drawio Server Request Forgery Vulnerability (CVE-2022-1713) 37. threat[32056]:Drawio Server Request Forgery Vulnerability (CVE-2022-1815) 38. threat[28833]:Adobe ColdFusion WDDX Deserialization Gadgets (CVE-2023-44353) 39. threat[28830]:WordPress Bricks Builder 1.9.6 Remote Code Execution Vulnerability 40. threat[28831]:ZZCMS Cross-Site Scripting Vulnerability(CVE-2025-1949) 41. threat[10600]:Ivanti Connect Secure and Other Multi-Product Stack Overflow Vulnerability(CVE-2025-22457) 42. threat[32057]:Free5gc Information Leak Vulnerability _1(CVE-2022-38870) 43. threat[32058]:Free5gc Information Leak Vulnerability _2(CVE-2022-38870) 44. threat[32059]:Free5gc Information Leak Vulnerability_3(CVE-2022-38870) 45. threat[42402]:WordPress Plugin Analytics Insights for Google Open Redirect Vulnerability (CVE-2024-0250) 46. threat[28835]:Apache Commonscollections Deserialization Command Injection Vulnerability (CC9) 47. threat[32060]:HashiCorp Consul/Consul Enterprise Server-Side Request Forgery Vulnerability (CVE-2022-29153) 48. threat[32062]:Travelpayouts Redirection Vulnerability(CVE-2024-0337) 49. threat[32061]:WordPress Integrate Google Drive Plugin Missing Authorization Vulnerability(CVE-2023-32117) 50. threat[32063]:Terramaster TOS Permission License and Access Control Issues Vulnerability(CVE-2020-28185) 51. threat[28785]:Zoho ManageEngine ADSelfService Plus File Upload Vulnerability(CVE-2021-40539) 52. threat[32068]:WordPress plugin Active Directory Integration unauthenticated log leak (CVE-2023-5003) 53. threat[42415]:Suspected BloodHound Download 54. threat[28836]:Apache Commonscollections Deserialization Command Injection Vulnerability (K1/K2) 55. threat[32067]:WordPress PhonePe Payment Solutions Plugin Server-Side Request Forgery Vulnerability (CVE-2022-45835) 56. threat[28838]:Apache Commonscollections Deserialization Command Injection Vulnerability (K3/K4) 57. threat[42375]:sessionRAT Send Control Instruction 58. threat[42413]:XWiki Platform Open Redirect Vulnerability (CVE-2023-32068) 59. threat[32065]:XWiki Platform Information Disclosure Vulnerability (CVE-2023-50719) 60. threat[32064]:XWiki Platform Information Disclosure Vulnerability (CVE-2023-50720) 61. threat[32069]:SpringBoot Actuator heapdump Sensitive Information Leakage Vulnerability 62. threat[32071]:Windows Kerberos Security Feature Bypass Vulnerability(CVE-2025-29809) 63. threat[32073]:MeterSphere Server-Side Request Forgery Vulnerability (CVE-2022-23544) 64. threat[42376]:DarkVision RAT C2 Communication 65. threat[28840]:Digital Watchdog DW MEGApix IP Operating System Command Injection Vulnerability(CVE-2022-34540) 66. threat[28841]:Digital Watchdog DW MEGApix IP Operating System Command Injection Vulnerability(CVE-2022-34539) 67. threat[28842]:Digital Watchdog DW MEGApix IP Operating System Command Injection Vulnerability(CVE-2022-34538) 68. threat[28843]:Langflow Remote Code Execution Vulnerability(CVE-2025-3248) 69. threat[28844]:D-Link DNS-320 Network Command Injection Vulnerability(CVE-2019-16057) 70. threat[32072]:SpringBlade Default SIGN_KRY JWT Authentication Flaw Vulnerability(CVE-2021-44910) 71. threat[32074]:Microweber Information Disclosure Vulnerability (CVE-2022-0660) 72. threat[32075]:WAVLINK WN530HG4 Information Disclosure Vulnerability (CVE-2022-34045) 73. threat[32076]:WAVLINK WN533A8 Information Disclosure Vulnerability (CVE-2022-34046) 74. threat[32077]:Keystone 6 Login Page Open Redirect Vulnerability(CVE-2022-0087) 75. threat[32078]:Lin CMS Spring Boot Default JWT Token Vulnerability(CVE-2022-32430) 76. threat[32079]:Login as User or Customer Privilege Escalation Vulnerability(CVE-2022-4305) 77. threat[32080]:Masa CMS Authentication Bypass Vulnerability (CVE-2022-47002) update rules: 1. threat[24840]:jboss deserialization vulnerability(CVE-2017-7504) 2. threat[42375]:sessionRAT Send Control Instruction 3. threat[42376]:DarkVision RAT C2 Communication 4. threat[25475]:Apache Log4j2 Remote Code Execution Vulnerability(CVE-2021-44228/CVE-2021-45046) 5. threat[31478]:Wordpress Plugin Superstorefinder SQL Injection Vulnerability 6. threat[26957]:Gopher Protocol - Server Side Request Forgery(SSRF) 7. threat[25577]:Oracle Access Manager OpenSSO Agent Insecure Deserialization(CVE-2021-35587) 8. threat[28686]:Ollama Improperly Configured Unauthorized Access Vulnerability (CNVD-2025-04094) 9. threat[26148]:Fastjson 1.2.47 Deserialization Vulnerability(CNVD-2019-22238) 10. threat[26149]:Fastjson 1.2.62 Deserialization Vulnerability 11. threat[26140]:Fastjson 1.2.24 Deserialization Vulnerability(CNVD-2017-02833) 12. threat[26144]:Fastjson 1.2.41 Deserialization Vulnerability 13. threat[26145]:Fastjson 1.2.42 Deserialization Vulnerability 14. threat[26146]:Fastjson 1.2.43 Deserialization Vulnerability 15. threat[26147]:Fastjson 1.2.45 Deserialization Vulnerability 16. threat[26151]:Fastjson 1.2.66 Deserialization Vulnerability 17. threat[26153]:Fastjson 1.2.68 Deserialization Vulnerability 18. threat[27981]:Weaver OA e-cology Action.jsp MobileAppUploadAction File Upload Vulnerability 19. threat[42044]:Suspected PHP file inclusion using pseudo-protocols in request parameters 20. threat[25910]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC2) 21. threat[25921]:Apache CommonsBeanutils Deserialization Command Injection Vulnerability (CB1) 22. threat[23426]:Allegro Software RomPager 'Fortune Cookie' Unspecified HTTP Authentication Bypass (CVE-2014-9222) 23. threat[25909]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC1) 24. threat[25911]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC3) 25. threat[25912]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC4) 26. threat[25913]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC5) 27. threat[27427]:Yonyou U9 PatchFile.asmx Arbitrary File Upload Vulnerability 28. threat[25397]:Adobe ColdFusion Deserialization Vulnerability(CVE-2017-3066) 29. threat[30865]:Spring Boot Actuator Endpoint Unauthorized Access to Sensitive Information Vulnerability 30. threat[30814]:E-offcie mysql_config.ini Information Disclosure Vulnerability 31. threat[31133]:Apache Solr Environment Variable Information Disclosure Vulnerability(CVE-2023-50290) 32. threat[25914]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC6) 33. threat[25915]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC7) 34. threat[28645]:Discover the ShiroAttack2 Tool Memory Injection Behavior 35. threat[26192]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC8) 36. threat[28785]:Zoho ManageEngine ADSelfService Plus File Upload Vulnerability(CVE-2021-40539) 37. threat[50083]:RDP Remote Desktop Protocol Service Terminal Service User Login Attempt 38. threat[24309]:Apache ActiveMQ Fileserver File Upload Directory Traversal Vulnerability(CVE-2016-3088) 39. threat[28735]:Metasploit Meterpreter linux/x64/meterpreter_reverse_http Trojan Connection Attempts 40. threat[28668]:XWiki Platform Remote Code Execution Vulnerability(CVE-2025-24893) 41. threat[26359]:Landray OA sysUiExtend file upload vulnerability 42. threat[27423]:Laravel ser Deserialisation Command Execution Vulnerability(CNVD-2022-44351) 43. threat[41708]:Host in an AD Domain Enumerate Domain Users Information 44. threat[60993]:HTTP Cross Site Generic Scripting Attempt 45. threat[25945]:Spring Deserialization Code Injection Vulnerability 46. threat[23277]:Web Service Cross-Site Scripting 47. threat[24469]:Oracle WebLogic wls9-async Component Deserialization RCE Vulnerability(CVE-2019-2725/CVE-2019-2729) 48. threat[28228]:Apache Airflow Unauthorized Access Vulnerability (CVE-2020-13927) 49. threat[24286]:WebLogic Arbitrary File Upload Remote Code Execution Vulnerability(CVE-2018-2894) 50. threat[26448]:Oracle WebLogic Server Deserialization Vulnerability (CVE-2019-2725) 51. threat[31831]:Windows Kerberos Security Feature Bypass Vulnerability(CVE-2025-21299) 52. threat[24207]:Oracle WebLogic Server Remote Code Execution Vulnerability（CVE-2017-10271/CVE-2017-3506） 53. threat[25170]:Apache Druid Remote Code Execution Vulnerability(CVE-2021-25646) 54. threat[27931]:SOURCEFORGE Adminer Server Request Forgery SSRF Vulnerability (CVE-2021-21311) 55. threat[26276]:Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability (CVE-2023-35078) 56. threat[25930]:Oracle E-Business Suite Unauthenticated RCE(CVE-2022-21587) Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-04-18 11:23:37

Name： eoi.unify.allrulepatch.ips.2.0.0.39682.rule	Version：2.0.0.39682
MD5：84a0cb641f022f1531cc16c6de7c698b	Size：41.52M
Description： This upgrade package is the Zealot 2.0 intrusion protection signature library/application identification signature library upgrade package, which only supports engine version V56R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.39682. The new/improved rules of this upgrade package are: new rules: 1. threat[42389]:VenomRAT TCP Communication 2. threat[32021]:Open-webui prompt_tokens Stored Cross-Site Scripting Vulnerability(CVE-2024-8017) 3. threat[28771]:CrushFTP Authentication Bypass Vulnerability (CVE-2025-2825) 4. threat[28806]:pgAdmin Remote Code Execution Vulnerability (CVE-2025-2945)_2 5. threat[42377]:Zloader Trojan C2 Communication 6. threat[32022]:SpringCloud Eureka Unauthorized Access Vulnerability 7. threat[28773]:OctoberCMS Remote Code Execution Vulnerability (CVE-2022-21705) 8. threat[28772]:SpringBoot Actor SnakeYAML Remote Command Execution Vulnerability 9. threat[42378]:JanelaRAT C2 Check-in 10. threat[32043]:QNAP Systems Photo Station Path Traversal Vulnerability(CVE-2019-7195) 11. threat[42380]:SystemBC Trojan C2 Communication 12. threat[42381]:Chaos Backdoor TCP Traffic Signaling 13. threat[42382]:Panora Backdoor HTTP Traffic Signaling 14. threat[42383]:SILENTTRINITY C2 Communication 15. threat[28774]:SharePonit Remote Code Execution Vulnerability (CVE-2020-1181) 16. threat[32023]:YesWiki Path Traversal Vulnerability(CVE-2025-31131) 17. threat[32024]:WordPress plugin WP01 path traversal vulnerability(CVE-2025-30567) 18. threat[28777]:HashiCorp Consul Service API Remote Command Execution Vulnerability 19. threat[28778]:XML External Entity Injection (XXE)-(URL Encoding) 20. threat[32028]:WSO2 Multi-Product Cross-Site Scripting Injection Vulnerability (CVE-2022-29548) 21. threat[32029]:Vite Any File Read Vulnerability (CVE-2025-31486) 22. threat[28775]:Hanta Technology Internet Behavior Management System cappkt.php Command Injection Vulnerability 23. threat[28776]:Hanta Technology Internet Behavior Management System tracert.php Command Injection Vulnerability 24. threat[32025]:YonYou NC viewPsnCard/download SQL Injection Vulnerability 25. threat[32026]:YonYou NC portalpage/importPml SQL Injection Vulnerability 26. threat[32027]:YonYou NC pkevalset SQL Injection Vulnerability 27. threat[42384]:Tular APT Penquin Trojan UDP Traffic Signaling 28. threat[32030]:Red Hat Keycloak Server Request Forgery Vulnerability (CVE-2020-10770) 29. threat[42385]:APT29 CobaltStrike Online 30. threat[32031]:Zabbix CApiService.php SQL Injection Vulnerability(CVE-2024-36465) 31. threat[28779]:Tenda Router uploadWewifiPic Background RCE Vulnerability 32. threat[28780]:TongWeb /console/service Remote Code Execution Vulnerability 33. threat[28781]:QVIS NVR Camera Management System Deserialization Arbitrary Code Execution Vulnerability (CVE-2021-41419) 34. threat[42386]:SquidLoader CobaltStrike C2 Request 35. threat[42387]:SquidLoader CobaltStrike C2 Communication 36. threat[28782]:Zyxel USG/ZyWALL Authorization Issue Vulnerability(CVE-2022-0342) 37. threat[28783]:Zoho ManageEngine SAML Arbitrary Code Execution Vulnerability (CVE-2022-47966) 38. threat[32032]:TP-Link TL-R600VPN Directory Traversal Vulnerability (CVE-2018-3949) 39. threat[28784]:Royal Event Management System SQL Injection Vulnerability (CVE-2022-28080) 40. threat[42369]:Suspected FRP Intranet Penetration Tool QUIC Communication 41. threat[32033]:Wordpress Website File Changes Monitor Plugin SQL Injection Vulnerability (CVE-2022-2269) 42. threat[28786]:VMware Workspace ONE Access OAuth2 Bypass Authentication Bypass Leads To Remote Command Execution Vulnerability(CVE-2022-22955) 43. threat[28805]:Western Digital MyCloud NAS Command Injection Vulnerability(CVE-2016-10108) 44. threat[10598]:open-webui pdf Denial of Service (DoS) Vulnerability(CVE-2024-8053) 45. threat[28788]:Zabbix 5.0.17 Remote Code Execution Vulnerability 46. threat[32034]:School Dormitory Management System Cross-Site Script Injection Vulnerability (CVE-2022-30513) 47. threat[32035]:School Dormitory Management System Cross-Site Script Injection Vulnerability (CVE-2022-30514) 48. threat[28789]:Zabbix setup.php path has an authentication bypass vulnerability(CVE-2022-23134) 49. threat[32036]:ESAFENET Electronic Document Security Management System SQL Injection Vulnerability(CVE-2025-1158) 50. threat[32037]:WordPress plugin Yawave SQL injection vulnerability(CVE-2025-1648) 51. threat[28790]:Tenda FH1201 Overflow Vulnerability(CVE-2024-41463) 52. threat[28791]:Tenda Buffer Overflow Vulnerability(CVE-2024-41464) 53. threat[28792]:Tenda Buffer Overflow Vulnerability(CVE-2024-41460) 54. threat[28793]:Tenda QuickIndex Buffer Overflow Vulnerability(CVE-2024-2989/CVE-2024-3007/CVE-2024-34943/CVE-2024-41466) 55. threat[28794]:Tenda DhcpListClient Buffer Overflow Vulnerability(CVE-2024-41462/CVE-2024-3910/CVE-2024-34946/CVE-2022-46548/CVE-2024-2814) 56. threat[28795]:Tenda DhcpListClient Buffer Overflow Vulnerability(CVE-2024-34944/CVE-2024-41461) 57. threat[28796]:D-Link set_prohibiting command injection vulnerability(CVE-2025-29635) 58. threat[28797]:D-Link diag_nslookup Command Injection Vulnerability(CVE-2025-2717) 59. threat[42388]:Mythic C2 Framework Online 60. threat[10599]:open-webui format Denial of Service (DoS) Vulnerability(CVE-2024-12537) 61. threat[32040]:Ignite Realtime Openfire Server Request Forgery Vulnerability (CVE-2019-18394) 62. threat[32041]:Zhiyuan Internet FE Collaborative Office Platform addUser.jsp SQL Injection Vulnerability(CVE-2025-2030) 63. threat[28803]:Zhongbang Technology CRMEB Open Source E-Commerce System Java XXE Vulnerability (CVE-2025-2365) 64. threat[32039]:WordPress WooCommerce Plugin Local File Inclusion Vulnerability(CVE-2025-1661) 65. threat[28801]:Apache Camel Arbitrary Command Execution Vulnerability(CVE-2025-27636) 66. threat[28800]:Apache Camel Arbitrary Command Execution Vulnerability(CVE-2025-29891) 67. threat[28799]:JSONPath Plus Security Vulnerability(CVE-2025-1302) 68. threat[32038]:ChurchCRM System EditEventTypes.php newCountName Parameter SQL Injection Vulnerability(CVE-2025-1023) 69. threat[28798]:Shenzhou Digital DCME-520 mon_merge_stat_hist.php Command Injection Vulnerability(CVE-2025-3002) 70. threat[32042]:WordPress Updraftplus Plugin XSS Vulnerability 71. threat[28804]:lollms-webui upload_app Arbitrary File Delete Vulnerability(CVE-2024-8581) 72. threat[28802]:pgAdmin Remote Code Execution Vulnerability (CVE-2025-2945) update rules: 1. threat[42204]:Sliver Infiltration Attack Tool Beacon Connection _2 2. threat[42322]:Crimson RAT info Command Obtains System Information 3. threat[42323]:Crimson RAT getavs Command Obtains Process Information 4. threat[28735]:Metasploit Meterpreter linux/x64/meterpreter_reverse_http Trojan Connection Attempts 5. threat[28738]:kkFileView onlinePreview Cross-Site Scripting Vulnerability(CVE-2022-29349/CVE-2022-40879) 6. threat[28739]:kkFileView picturesPreview Cross-Site Scripting Vulnerability(CVE-2022-35151/CVE-2022-46934) 7. threat[25549]:Spring Boot Eureka XStream Deserializable Remote Code Execution Vulnerability 8. threat[27823]:Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-38856) 9. threat[24302]:Suspicious XML External Entity(XXE) Injection Attempt 10. threat[24779]:Horde Groupware Webmail Edition 5.2.22 Remote Code Execution Vulnerability (CVE-2020-8518) 11. threat[28205]:Harbor Permission Permission And Access Control Issue Vulnerability (CVE-2019-16097) 12. threat[50652]:XML External Entity Injection (XXE)-(HTML Entity Encoding/UTF-16/UTF-7) 13. threat[31292]:Jquery FileTree Path Traversal Vulnerability (CVE-2017-1000170) 14. threat[24154]:Intel Active Management Technology Remote Privilege Escalation Vulnerability(CVE-2017-5689) 15. threat[25930]:Oracle E-Business Suite Unauthenticated RCE(CVE-2022-21587) 16. threat[28183]:Maccms 8.X Index.Php Vod-Search Command Execution Vulnerability (CVE-2017-17733) 17. threat[26296]: TOTOLINK setUpgradeFW Command Injection Vulnerability (CVE-2022-28494/CVE-2022-26210) 18. threat[24263]:Apache Hadoop YARN ResourceManager Remote Command Execution Vulnerability 19. threat[60471]:HTTP Directory Traversal Access /etc/passwd 20. threat[24868]:TP-LINK Cloud Cameras NCXXX Bonjour Command Injection(CVE-2020-12109) 21. threat[30951]:WeChat Work Privatized Version agentinfo interface unauthorized vulnerability 22. threat[26840]:ZOHO ManageEngine Password Manager Pro Deserialization Vulnerability (CVE-2022-35405) 23. threat[26969]:ZOHO ManageEngine Desktop Central MSP Authorization Vulnerability (CVE-2021-44515) 24. threat[42371]:Remcos RAT TCP Communication 25. threat[31301]:QNAP Systems QTS and QuTS hero SQL Injection Vulnerability (CVE-2022-27596) 26. threat[31357]:Wordpress Wp-Google-Maps Plugin SQL Injection Vulnerability(CVE-2019-10692) 27. threat[31348]:VICIdial Information Disclosure Vulnerability (CVE-2021-28854) 28. threat[31495]:Oracle E-Business Suite /OA_HTML/jtfwrepo.xml Sensitive Information Leakage Vulnerability 29. threat[26557]:Smartbi token Callback To Obtain Login Credentials Vulnerability 30. threat[27649]:Tenda QuickIndex Stack Overflow Vulnerability (CVE-2022-37815/CVE-2024-0922/CVE-2024-2486/CVE-2024-2808/CVE-2024-2891/CVE-2024-2977/CVE-2024-2985/CVE-2024-2993/CVE-2024-3011/CVE-2024-3906/CVE-2024-30636) 31. threat[25746]:Linux Information Collection Command Execution (Request Parameters) 32. threat[27320]:Palo Alto Networks PAN-OS Command Injection Vulnerability (CVE-2021-3060/CVE-2019-1579) 33. threat[42104]:XXL-JOB Default accesstoken vulnerability 34. threat[42204]:Sliver Infiltration Attack Tool Beacon Connection _2 Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-04-11 09:25:36

Name： eoi.unify.allrulepatch.ips.2.0.0.39524.rule	Version：2.0.0.39524
MD5：5fbb8c5f549eeeee1f5124d61486219d	Size：40.79M
Description： This upgrade package is the Zealot 2.0 intrusion protection signature library/application identification signature library upgrade package, which only supports engine version V56R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.39524. The new/improved rules of this upgrade package are: new rules: 1. threat[42371]:Remcos RAT TCP Communication 2. threat[28766]:ThinkPHP 6.0.12 Deserialization Arbitrary Code Execution Vulnerability (CVE-2022-33107) 3. threat[42372]:AsyncRAT Loader Connection Request 4. threat[32020]:Vite Any File Read Vulnerability (CVE-2025-31125) 5. threat[28767]:open-webui doc Arbitrary file Upload Vulnerability(CVE-2024-6707) 6. threat[28768]:Dell EMC iDRAC7 and iDRAC8 Code Injection Vulnerability (CVE-2018-1207) 7. threat[32015]:RAGFlow document Unauthorized Access Vulnerability(CVE-2024-53450) 8. threat[32016]:Purple File Management System editPass SQL Injection Vulnerability 9. threat[28769]:Purple File Management System WorkFlow Arbitrary File Upload Vulnerability 10. threat[28770]:RAGFlow add_llm Remote code execution Vulnerability(CVE-2024-10131) 11. threat[32018]:Argus Surveillance DVR Directory Traversal Vulnerability (CVE-2018-15745) 12. threat[32019]:Fastjson 1.2.73 - 1.2.80 Arbitrary File Read Vulnerability 13. threat[42373]:SilverFox Trojan Aes encrypted communication 14. threat[32017]:ActiveUC iactiveEnterMeeting Information Leakage Vulnerability 15. threat[10597]:open-webui markdown Denial of Service (DoS) Vulnerability(CVE-2024-7983) 16. threat[42374]:Workviner Trojan DHT CommunicationAnnouncements: update rules: 1. threat[31846]:Purple eRecords Management System Login Information Disclosure Vulnerability 2. threat[23811]:Apache APR_PSPrintf Memory Corruption Vulnerability 3. threat[41499]:HTTP Request Sensitive Path Access Attempt 4. threat[28764]:Kubernetes ingress-nginx Remote Code Execution Vulnerability (CVE-2025-1974) 5. threat[28632]:Microsoft .NET Framework DataSetTypeSpoof Deserialization Arbitrary Command Execution Vulnerability 6. threat[23991]:Fastjson Remote Code Execution Vulnerability 7. threat[25704]:Apache Commons JXPath Remote Code Execution Vulnerability(CVE-2022-41852) 8. threat[27119]:Apache Zeppelin shell Arbitrary Command Execution Vulnerability (CVE-2024-31861) 9. threat[24862]:SaltStack Remote Command Execution Vulnerability(CVE-2020-11651/CVE-2020-11652) 10. threat[28686]:Ollama Improperly Configured Unauthorized Access Vulnerability (CNVD-2025-04094) 11. threat[28736]:Rsync Unauthorized Access Vulnerability 12. threat[30865]:Spring Boot Actuator Endpoint Unauthorized Access to Sensitive Information Vulnerability 13. threat[28447]:HTTP Python Code Execution Type Two 14. threat[42226]:BITTER Steal Files With Specific Extensions 15. threat[42099]:Empire Rear Penetration Tool Backdoor Communication 2 16. threat[42134]:Bitter-SplinterRAT Malicious Communication 17. threat[27219]:Jeecg-boot SQL Injection Vulnerability (CVE-2022-47105/CVE-2022-45205) 18. threat[42106]:Njrat C2 Agent Transmission Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-04-02 20:41:36

Name： eoi.unify.allrulepatch.ips.2.0.0.39457.rule	Version：2.0.0.39457
MD5：6659b6bc60aa55384b01448518288c0e	Size：40.74M
Description： This upgrade package is the Zealot 2.0 intrusion protection signature library/application identification signature library upgrade package, which only supports engine version V56R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.39457. The new/improved rules of this upgrade package are: new rules: 1. threat[42367]:OceanLotus Uses MST To Deliver Remote Trojan 2. threat[10596]:5G Infrastructure GTP-U In GTP-U Denial Of Service Vulnerability 3. threat[42368]:OceanLotus KSRAT RAT C2 Communication 4. threat[32013]:open-webui embedding/update Information Leakage Vulnerability(CVE-2024-7038) 5. threat[28763]:open-webui pipelines/upload Arbitrary file write/delete Vulnerability(CVE-2024-7037) 6. threat[42370]:OceanLotus Uses Cobalt Strike MASK Encryption Communication 7. threat[28764]:Kubernetes ingress-nginx Remote Code Execution Vulnerability (CVE-2025-1974) 8. threat[28765]:open-webui transcriptions Arbitrary file overwriting Vulnerability(CVE-2024-8060) update rules: 1. threat[60464]:HTTP Directory Traversal Vulnerability 2. threat[62105]:HTTP Directory Traversal Request Attempt 3. threat[24309]:Apache ActiveMQ Fileserver File Upload Directory Traversal Vulnerability(CVE-2016-3088) 4. threat[26153]:Fastjson 1.2.68 Deserialization Vulnerability 5. threat[41499]:HTTP Request Sensitive Path Access Attempt 6. threat[30913]:Volans Online Behavior Management System Information Disclosure Vulnerability 7. threat[28299]:AntSword Webshell Management Tool Connection and Control_3 Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-03-28 09:19:26

Name： eoi.unify.allrulepatch.ips.2.0.0.39421.rule	Version：2.0.0.39421
MD5：e03e18cd3aec56879c3bdd814d63d55e	Size：48.01M
Description： This upgrade package is the Zealot 2.0 intrusion protection signature library/application identification signature library upgrade package, which only supports engine version V56R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.39421. The new/improved rules of this upgrade package are: new rules: 1. threat[31988]:SMTP Protocol SQL Injection Behavior 2. threat[31999]:Weaver E-office runimgflow.php SQL Injection Vulnerability 3. threat[31998]:Weaver E-office notify.wsdl.php SQL Injection Vulnerability 4. threat[31997]:Wanhue zOFFICE selectCommentField.jsp SQL Injection Vulnerability 5. threat[31996]:Weaver E-office sms.wsdl.php SQL Injection Vulnerability 6. threat[31995]:Weaver E-office user.wsdl.php SQL Injection Vulnerability 7. threat[31994]:Weaver E-office mobile.wsdl.php SQL Injection Vulnerability 8. threat[31993]:Weaver E-office list.wsdl.php SQL Injection Vulnerability 9. threat[31992]:Weaver E-office dept.wsdl.php SQL Injection Vulnerability 10. threat[31991]:Weaver E-office email.wsdl.php SQL Injection Vulnerability 11. threat[31990]:EKing-Management Easy FileDownload.ihtm Arbitrary File Reading Vulnerability 12. threat[42365]:Patchwork APT BADNEWS Trojan C2 Communication 13. threat[28758]:College Management System SQL Injection Vulnerability (CVE-2022-28079) 14. threat[32000]:Weaver E-office freerunimgflow.php SQL Injection Vulnerability 15. threat[32001]:Weaver E-office word_update.php SQL Injection Vulnerability 16. threat[32002]:Weaver E-office block_content.php SQL Injection Vulnerability 17. threat[32003]:Weaver E-office content_-4.php SQL Injection Vulnerability 18. threat[32004]:Weaver E-office validate_sort.php SQL Injection Vulnerability 19. threat[32005]:Weaver E-office online_person.wsdl.php SQL Injection Vulnerability 20. threat[32006]:Weaver E-office attendance.wsdl.php SQL Injection Vulnerability 21. threat[28759]:SolarWinds Web Help Desk Hard-Coded Vulnerability(CVE-2024-28987) 22. threat[32007]:Yonyou U8 Cloud console.loadRes.d Arbitrary File Read Vulnerability 23. threat[28756]:FortiOS/FortiProxy Authentication Bypass Vulnerability (CVE-2024-55591) 24. threat[31989]:litellm transcriptions Arbitrary file delete Vulnerability(CVE-2024-4888) 25. threat[42366]:SideWinder APT ModuleInstaller Sample C2 Communication 26. threat[28761]:litellm update SQL Injection Vulnerability(CVE-2024-4890) 27. threat[32011]:Baiyi Cloud Asset Management System anyUserBoundHouse.php SQL Injection Vulnerability(CVE-2025-1797) 28. threat[32010]:Landray EKP sys/webservice/elecPsealUseWebService file reading vulnerability 29. threat[32009]:Baiyi Cloud Asset Management System admin.house.collect.php SQL Injection Vulnerability(CVE-2025-1464) 30. threat[28760]:Synway SMG Gateway Management Software 9-12ping.php Remote Code Execution Vulnerability (CVE-2025-1448) 31. threat[32008]:Landray EKP System fl_define_edit.aspx SQL Injection Vulnerability 32. threat[28762]:litellm SAVE_CONFIG_TO_DB Remote Code Execution Vulnerability(CVE-2024-4889) 33. threat[28757]:Yonyou NC importTemplate XML Entity Injection Vulnerability 34. threat[42343]:Merlin Communication with the C2 servers update rules: 1. threat[24840]:jboss deserialization vulnerability(CVE-2017-7504) 2. threat[28754]:Backdrop CMS Cross-Site Scripting Vulnerability (CVE-2022-42094/CVE-2022-42096) 3. threat[25035]:Coremail XT5 Remote Code Execution Vulnerability 4. threat[31890]:Apache HTTP Server Server Request Forgery Vulnerability (CVE-2024-38472) Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-03-27 17:14:24

Name： eoi.unify.allrulepatch.ips.2.0.0.39379.rule	Version：2.0.0.39379
MD5：535cb6ef2fa84e9fe367d8838fc076be	Size：40.70M
Description： This upgrade package is the Zealot 2.0 intrusion protection signature library/application identification signature library upgrade package, which only supports engine version V56R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.39379. The new/improved rules of this upgrade package are: new rules: 1. Attack [26938]: Microsoft SharePoint Server Web Remote Code Execution Vulnerability (CVE-2020-1181) 2. Attack [31984]: Open Audit Community Cross Site Script Injection Vulnerability (CVE8-14493) 3. Attack [31985]: Alibaba Canal config Cloud Key Sensitive Information Leakage Vulnerability 4. Attack [28752]: QAnything delete_files SQL injection vulnerability (CVE-2024-7099) 5. Attack [42363]: Platypus TCP communication 6. Attack [31986]: Supplemental Razdc WebUI Cross Site Script Injection Vulnerability (CVE8-15550) 7. Attack [42364]: NPS HTTP intranet proxy connection_2 8. Attack [28753]: Apache Tika tika server command injection vulnerability (CVE8-1335) _2 9. Attack [25982]: Pentaho Unauthorized Access Vulnerability (CVE-2021-31602) 10. Attack [28754]: Backdrop CMS Cross Site scripting vulnerability (CVE-222-42094) 11. Attack [28755]: NextJS Middleware authentication bypass vulnerability (CVE-225-29927) 12. Attack [31987]: Comfyui image cross site scripting vulnerability (CVE-224-10099) update rules: 1. threat[26835]:Ruiqiyun Arbitrary File Reading Vulnerability 2. threat[42039]:Immortal Soul Webshell Upload 3. threat[63682]:HTTP SQL Injection Attempt Type Three 4. threat[25021]:Apache DolphinScheduler Remote Code Execution Vulnerability(CVE-2020-11974) 5. threat[42149]:SSRF Pseudo-Protocol Attacks Exist In Suspected Request Parameters 6. threat[42147]:HTTP Sensitive Parameters Execute Arbitrary Command Attempt 7. threat[23426]:Allegro Software RomPager 'Fortune Cookie' Unspecified HTTP Authentication Bypass (CVE-2014-9222) 8. threat[24302]:Suspicious XML External Entity(XXE) Injection Attempt 9. threat[25303]:Apache Cocoon XML External Entity Injection Vulnerability (CVE-2020-11991) 10. threat[24577]:Atlassian Confluence Server PackageResourceManager Information Disclosure Vulnerability(CVE-2019-3394) 11. threat[25715]:Atlassian Confluence Questions Hardcoded Password Vulnerability(CVE-2022-26138) 12. threat[25182]:nps http proxy connection Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-03-27 09:46:58

Name： eoi.unify.allrulepatch.ips.2.0.0.39338.rule	Version：2.0.0.39338
MD5：4ff3ab6fe7a31b2f6f520a2686610e38	Size：40.69M
Description： This upgrade package is the Zealot 2.0 intrusion protection signature library/application identification signature library upgrade package, which only supports engine version V56R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.39338. The new/improved rules of this upgrade package are: new rules: 1. threat[27749]:Qunjie seal IoT Management Platform Password Reset Behavior 2. threat[28709]:H2O-3 Parse Arbitrary File Overwrite Vulnerability(CVE-2024-5986) 3. threat[41590]:phpMyAdmin User Password Brute Force Attack 4. threat[31981]:DedeCMS update_guide.php path traversal Vulnerability(CVE-2024-3686) 5. threat[28711]:ShiKongZhiYou ERP system uploadStudioFile File Upload Vulnerability 6. threat[28712]:Baiyi Cloud Asset Management System admin.ticket.close.php SQL Injection Vulnerability 7. threat[31980]:Huang Yaoshi Pharmaceutical Management Software XSDService.asmx SQL Injection Vulnerability 8. threat[28708]:WordPress GDPR Plugin Cross-site Scripting Vulnerability(CVE-2022-0220) 9. threat[31955]:WordPress Fontsy Plugin SQL Injection Vulnerability(CVE-2022-4447) 10. threat[28710]:WordPress Embed Swagger Plugin Cross-site Scripting Vulnerability(CVE-2022-0381) 11. threat[28713]:ZZCMS system interface ad_list.php SQL injection vulnerability (CVE-2024-11242) 12. threat[31956]:Thermal Network Wireless Monitoring System frmSaveChartImage Arbitrary File Reading Vulnerability 13. threat[31957]:CanXingYun Digital Catering Service System Information Leakage Vulnerabilities 14. threat[28714]:JEEWMS dynamicDataSourceController.do JDBC Deserialization Vulnerability 15. threat[28715]:Vllm pickle Deserialization Vulnerability(CVE-2024-9052) 16. threat[28734]:Hadoop YARN REST API Unauthorized Access Vulnerability 17. threat[31978]:Netgear WN604 siteSurvey.php Unauthorized Access Vulnerability(CVE-2024-7153) 18. threat[31979]:Mankebao Smart Canteen System selectUserByOrgId Unauthorized Access Vulnerability 19. threat[28716]:FlowiseAI Flowise Arbitrary File Upload Vulnerability(CVE-2025-26319) 20. threat[31958]:ChangJieTong T+ Getdecallusers Interface Sensitive Information Leakage Vulnerability 21. threat[31960]:MyBB New Threads Plugin Cross-Site Scripting Vulnerability (CVE-2018-14392) 22. threat[31959]:Dahua Intelligent Internet Of Things Integrated Management Platform Personinfo Information Leakage Vulnerability 23. threat[28717]:Vllm MessageQueue pickle Deserialization Vulnerability(CVE-2024-11041) 24. threat[42311]:APT37 RokRat Trojan C2 Communication 25. threat[42312]:Cobalt Strike TaoWu Reverse HTTP C2 Communication 26. threat[28720]:PrestaShop SQL Injection Vulnerability (CVE-2023-45375) 27. threat[31966]:Streamlit directory traversal vulnerability(CVE-2022-35918) 28. threat[28719]:FUEL CMS Remote Code Execution Vulnerability(CVE-2018-16763) 29. threat[28721]:FUEL CMS /preview Remote Code Execution Vulnerability 30. threat[31967]:FUEL CMS /pages/items SQL Injection Vulnerability 31. threat[28722]:litellm update Remote Code Execution Vulnerability(CVE-2024-4264) 32. threat[42313]:Ant-Sword Webshell Trojan Upload (php_assert_script) 33. threat[42314]:Ant-Sword Webshell Trojan Upload (php_create_function_script) 34. threat[28723]:litellm api_key SQL Injection Vulnerability(CVE-2024-5225) 35. threat[42315]:Ant-Sword Webshell Trojan Upload (php_custom_script_for_mysql) 36. threat[28724]:ImageMagick Arbitrary File Read Vulnerability (CVE-2022-44268) _2 37. threat[42316]:Ant-Sword Webshell Trojan Upload (php_eval_rsa_script) 38. threat[42317]:Ant-Sword Webshell Trojan Upload(asp_eval_xxxx_script) 39. threat[31969]:Yonyou U9 Interface TransWebService Unauthorized Access Vulnerability 40. threat[31961]:Anmei Digital Hotel Broadband Operation System(HiBOS) get_user_enrollment.php SQL injection vulnerability 41. threat[31962]:Anmei Digital Hotel Broadband Operation System(HiBOS) get_ip.php SQL injection vulnerability 42. threat[31963]:Anmei Digital Hotel Broadband Operation System(HiBOS) list_qry.php SQL injection vulnerability 43. threat[31964]:WordPress Plugin Icegram-Express Unauthenticated SQL Injection Vulnerability(CVE-2024-4295) 44. threat[28718]:WordPress plugin radio SSRF vulnerability(CVE-2024-54385) 45. threat[31965]:WordPress plugin WP-Guru arbitrary file read vulnerability(CVE-2024-12849) 46. threat[31968]:Wanhu OA Unauthorized Access Vulnerability 47. threat[42318]:Ant-Sword Webshell Trojan Upload(asp.net_custom_script_for_odbc) 48. threat[42319]:Ant-Sword Webshell Trojan Upload (asp.net_eval_script) 49. threat[28725]:litellm Remote Code Execution Vulnerability(CVE-2024-5751) 50. threat[28727]:Edimax IC-7100 IP Camera Command Inject Vulnerability(CVE-2025-1316) 51. threat[28726]:Cacti Remote Code Execution Vulnerability (CVE-2024-25641) 52. threat[31970]:Zhongke Zhiyuan Technology Comprehensive Supervision Cloud Platform Camera Information Leakage Vulnerability 53. threat[31971]:ActiveMQ Information Disclosure Vulnerability(CVE-2017-15709) 54. threat[42320]:Antsword Webshell Trojan Upload (jsp_custom_script_for_mysql/oracle) 55. threat[28728]:Apache Solr Unauthorized Access Vulnerability 56. threat[31973]:Casbin get-users Account Password Leakage Vulnerability 57. threat[42321]:Antsword Webshell Trojan Upload (jsp_defineclass_script) 58. threat[31974]:Anwang Intelligent AC Management System Information Disclosure Vulnerability 59. threat[28730]:Glodon OA GetSSOStamp Interface Arbitrary User Login Vulnerability 60. threat[42324]:Ant-Sword Webshell Trojan Upload (jsp_defineclass_zlib_deflated_script) 61. threat[42322]:Crimson RAT info Command Obtains System Information 62. threat[42323]:Crimson RAT getavs Command Obtains Process Information 63. threat[28729]:Apache Spark Unauthorized Access Vulnerability 64. threat[42326]:AllaKore RAT Communication 65. threat[42325]:FRP Websocket Default Communication Behavior 66. threat[42327]:Hancitor Malware C2 Communication 67. threat[42328]:Intranet Tunneling Tool Pivotnacci Connection Behavior_2 68. threat[28731]:Go-fastdfs GetClientIp Unauthorized Access Vulnerability 69. threat[28732]:Digiton Cloud Platform Cookie Login Bypass Vulnerability 70. threat[50669]:DockerUI Default Password Login Attempts 71. threat[28735]:Metasploit Meterpreter linux/x64/meterpreter_reverse_http Trojan Connection Attempts 72. threat[42329]:HTTP request headers carry suspected command injection payloads 73. threat[28733]:Spring Web UriComponents Builder URL Resolution Inappropriate Vulnerability (CVE-224-22243/CVE-2024-22259) 74. threat[31975]:Nacos configs Unauthorized download of configuration information 75. threat[31977]:Ruisconda Wireless Controller main.asp Unauthorized Access Vulnerability 76. threat[42331]:Raccoon Stealer C2 Communication 77. threat[28736]:Rsync Unauthorized Access Vulnerability 78. threat[31976]:Memcached Information Disclosure Vulnerability 79. threat[28751]:Python Tornado template injection in suspected request parameters 80. threat[28742]:Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-28482) 81. threat[28743]:Apache DolphinScheduler Arbitrary User Password Modification Vulnerability (CVE-2020-13922) 82. threat[28744]:Digital China Cloud DCME-520 Command Execution Vulnerability (CNVD-2021-47186) 83. threat[28745]:OneBlog Blog Shiro Deserializes Remote Command Execution Vulnerability 84. threat[28741]:Beijing Shenzhou Triage Calling System doctor Arbitrary File Upload Vulnerability 85. threat[31982]:Cloud Spacetime Socialized Business ERP System User/Online Identity Authentication Bypass Vulnerability 86. threat[28746]:ESAFENET logincontroller Remote Command Execution Vulnerability 87. threat[28747]:Laike E-Commerce Management System t_comment File Upload Vulnerability 88. threat[28738]:kkFileView onlinePreview Cross-Site Scripting Vulnerability(CVE-2022-29349) 89. threat[28739]:kkFileView picturesPreview Cross-Site Scripting Vulnerability(CVE-2022-35151) 90. threat[28740]:Aruba ClearPass Policy Manager Remote Code Execution Vulnerability(CVE-2020-7115) 91. threat[28748]:litellm post_call_rules Remote Code Execution Vulnerability(CVE-2024-6825) 92. threat[28749]:Sangfor EDR Arbitrary User Login Vulnerability 93. threat[28750]:SAP NetWeaver AS JAVA inadvertent access vulnerability (CVE-2020-6287) 94. threat[31983]:litellm api_base Server Request Forgery(SSRF) Vulnerability(CVE-2024-6587) 95. threat[10595]:XML External Entity Injection (XXE)- Multi-Layer Structured Nested Denial Of Service Attack 96. threat[42332]:Agent Tesla C2 Com over HTTP 97. threat[42281]:Iodine DNS Tunneling Tool Communication _2 update rules: 1. threat[26887]:Hongfan OA udfmr.asmx SQL Injection Vulnerability 2. threat[28609]:Microsoft .NET Framework SettingsPropertyValue Deserialization Arbitrary Command Execution Vulnerability 3. threat[30743]:Weaver ecology OA DBconfigReader.jsp Database Configuration Information Leakage Vulnerability 4. threat[30878]:Weaver Emobile messageType.do Remote Command Execution Vulnerability(CNVD-2021-25287) 5. threat[26311]:Glodon OA Collaborative Office System ConfigService.asmx SQL injection Vulnerabilities 6. threat[30879]:Weaver E-mobile client SQL Injection Vulnerability(CNVD-2021-25287) 7. threat[27754]:TRS-MAS uploadThumb Arbitrary File Upload Vulnerability 8. threat[26314]:Wangshen SecSSL 3600 Secure Access Gateway System Arbitrary Password Modification Vulnerability 9. threat[27402]:Java FreeMarker template injection exists in the suspected request parameter 10. threat[27399]:Python Jinja2 template injection exists in the suspected request parameter 11. threat[27684]:Ketuoquan Intelligent Parking Toll System Webservice.asmx Arbitrary File Upload Vulnerability 12. threat[26659]:Qizhi/H3C SecParh Bastion Host gui_detail_view.php Arbitrary User Login Vulnerability 13. threat[26035]:E-office uploadify.php File Upload Vulnerability(CVE-2023-2648) 14. threat[25495]:Yonyou NC6.5 FileReceiveServlet Arbitrary File Upload Vulnerability(CNVD-2023-85593) 15. threat[31254]:Huatian Power OA hrApplicationFormService Information Disclosure Vulnerability 16. threat[27476]:Zhejiang University Ente Customer Resource Management System T0140_editAction.entweb SQL Injection Vulnerability 17. threat[27129]:Java Code Execution (URI) 18. threat[27131]:Java code execution (request parameters) 19. threat[27150]:Java Code Execution (Request Body) 20. threat[26327]:Yongyou KSOA QueryService SQL Injection Vulnerability 21. threat[28594]:PHICOMM K2 Router Command Injection Vulnerability (CVE-2023-40796) 22. threat[28662]:Cisco VPN Routers Unauthorized Arbitrary File Upload Vulnerability (CVE-2023-20073) 23. threat[30954]:Jinpan WeChat Management Platform getsysteminfo Unauthorized Access Vulnerability 24. threat[31849]:Wordpress Plugin Quttera Web Malware Scanner Sensitive Information Disclosure Vulnerability (CVE-2023-6065) 25. threat[30868]:Hongjing Human System codesettree SQL Injection Vulnerability (CNVD-2023-08743) 26. threat[26833]:Finesoft Report V8 get_geo_json Arbitrary File Reading Vulnerability(CNVD-2018-04757) 27. threat[26935]:seeyon M1 userTokenService Code Execution Vulnerability 28. threat[23907]:HTTP Code Injection Attack 29. threat[28165]:Seacms 6.4.5search.php Remote Command Execution Vulnerability 30. threat[25003]:Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated) Vulnerability(CVE-2020-17463) 31. threat[26977]:Apache Solr Backup/Restore APIs Remote Command Execution Vulnerability (CVE-2023-50386) 32. threat[63682]:HTTP SQL Injection Attempt Type Three 33. threat[24494]:Spring Cloud Config 2.1.x Path Traversal Vulnerability(CVE-2019-3799) 34. threat[28645]:Discover the ShiroAttack2 Tool Memory Injection Behavior 35. threat[28576]:Discovering Neoreg 5.0 Communication Traffic 36. threat[28618]:Label Studio Cross-Site Scripting Vulnerability (CVE-2023-47115) 37. threat[10593]:InvokeAI board_name Denial of Service (DoS) Vulnerability(CVE-2024-11043) 38. threat[10594]:Uploading large file names causes Denial of Service(DoS) 39. threat[25752]:Linux Information Collection Command Execution Success 40. threat[28174]:JimuReport Cumulus Report list Privilege Bypass Vulnerability(CVE-2024-44893) 41. threat[25560]:Apache CouchDB Remote Code Execution Vulnerability(CVE-2022-24706) 42. threat[42079]:Suo5 Tunnel Tool Communication 43. threat[24578]:Zabbix Authentication Bypass Vulnerability(CVE-2019-17382) 44. threat[31510]:HTTP SQL Injection Attempt Type Nine 45. threat[42149]:SSRF Pseudo-Protocol Attacks Exist In Suspected Request Parameters 46. threat[31695]:ShengQiao ERP System SingleRowQueryConvertor SQL Injection Vulnerability 47. threat[31698]:ShengQiao ERP System getSupplyQueryKeyword SQL Injection Vulnerability 48. threat[31699]:ShengQiao ERP System queryForMapWithDefaultValues SQL Injection Vulnerability 49. threat[28419]:ShengQiao ERP System uploadFile.action File Upload Vulnerability 50. threat[42146]:HTTP request parameters carry suspected command injection payloads 51. threat[41499]:HTTP Request Sensitive Path Access Attempt 52. threat[42146]:HTTP request parameters carry suspected command injection payloads 53. threat[31254]:Huatian Power OA hrApplicationFormService Information Disclosure Vulnerability 54. threat[25746]:Linux Information Collection Command Execution (Request Parameters) 55. threat[50652]:XML External Entity Injection (XXE)-(HTML Entity Encoding/UTF-16/UTF-7) 56. threat[62201]:HTTP SQL Injection Attempt Type two 57. threat[25450]:GitLab Remote Command Execution Vulnerability(CVE-2021-22205) 58. threat[25290]:Apache Shiro 1.7.1 Authentication Bypass Vulnerability (CVE-2020-17523) 59. threat[26708]:Fortinet FortiNAC RCE Vulnerability (CVE-2022-39952) 60. threat[26402]:Wanhu collaboration office platform interface wpsservlet file upload vulnerability(CNVD-2021-76461) 61. threat[42322]:Crimson RAT info Command Obtains System Information 62. threat[42323]:Crimson RAT getavs Command Obtains Process Information 63. threat[28645]:Discover the ShiroAttack2 Tool Memory Injection Behavior 64. threat[24302]:Suspicious XML External Entity(XXE) Injection Attempt 65. threat[28717]:Vllm MessageQueue pickle Deserialization Vulnerability(CVE-2024-11041) 66. threat[28736]:Rsync Unauthorized Access Vulnerability 67. threat[30992]:Casdoor Platform SQL Injection (CVE-2022-24124) 68. threat[31700]:ShengQiao ERP System queryForString SQL Injection Vulnerability Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-03-21 14:44:15

Name： eoi.unify.allrulepatch.ips.2.0.0.39062.rule	Version：2.0.0.39062
MD5：6432ff8843d61ba2e3e1e3edd66d6231	Size：40.35M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.39062. The rules for adding/improving this upgrade package include: new rules: 1. threat[31943]:Wangshen Secgate3600 Firewall Libcommon Information Leakage Vulnerability 2. threat[31945]:Zimbra Collaboration Cross-Site Scripting Vulnerability(CVE-2024-50599) 3. threat[31946]:Veertu Anka Build service Directory Traversal Vulnerability(CVE-2024-41163) 4. threat[28690]:Microsoft .NET Framework BaseActivationFactory Deserialization Arbitrary DLL Loading Vulnerability 5. threat[31944]:Zhongcheng Online Order System o_sa_order.ashx SQL Injection Vulnerability 6. threat[28691]:Huizhi ERP /nssys/common/Upload.aspx File Upload Vulnerability 7. threat[28692]:GONICUS Gosa Cross-Site Scripting Injection Vulnerability (CVE-2018-1000528) 8. threat[31940]:YiBao OA GetProductInv SQL Injection Vulnerability 9. threat[42291]:Stealc Stealer Trojan Sends Cryptic Messages 10. threat[31947]:Samsung Web Viewer for Samsung DVR Smart Viewer Cross-site Scripting Injection Vulnerability (CVE-2018-11689) 11. threat[28693]:WordPress Plugin Aajoda Testimonials Cross-site Scripting Vulnerability(CVE-2023-2178) 12. threat[28694]:SuperAGI update_agent_template Remote code execution Vulnerability(CVE-2024-9439) 13. threat[28696]:SuperAGI add Arbitrary File Upload Vulnerability(CVE-2024-9415) 14. threat[31948]:LVS Lean Value Management System Lvs.Web.Ashx SQL Injection Vulnerability 15. threat[28697]:Weaver Operation And Maintenance Platform Arbitrary User Creation Vulnerability 16. threat[28699]:Composio Arbitrary Read-Write Write Vulnerability(CVE-2024-8958) 17. threat[28698]:Microsoft .NET Framework XamlAssemblyLoadFromFile Deserialization Arbitrary Command Execution Vulnerability 18. threat[28700]:Longteng CMS /Api/File/Multidownload Remote File Writing Vulnerability 19. threat[31949]:Yonyou CRM help.php Arbitrary File Reading Vulnerability 20. threat[31950]:Composio BROWSERTOOL Server Request Forgery(SSRF) Vulnerability(CVE-2024-8955) 21. threat[42301]:Observer Stealer Active Reporting Behavior 22. threat[42300]:Observer Stealer Data Exfiltration Behavior 23. threat[42296]:Phemedrone Stealer Telegram Exfiltration Behavior 24. threat[42297]:Glutton Trojan init_task Encryption Key Detection 25. threat[42298]:Glutton Trojan init_task Sends Stolen Information 26. threat[42299]:Glutton Trojan Download client_loader 27. threat[31951]:Kexun Card Management System DataService.asmx get_sb_guanli SQL Injection Vulnerability 28. threat[28701]:Composio mathematical_calculator Remote code execution Vulnerability(CVE-2024-8953) 29. threat[28702]:Zichuan Technology PEPM Management System Remote Code Execution Vulnerability_2 30. threat[28705]:Onyx connector Arbitrary File Overwrite Vulnerability(CVE-2024-7957) 31. threat[28703]:Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813) 32. threat[28704]:Apache Tomcat Remote Code Execution Vulnerability_1 (CVE-2025-24813) 33. threat[42303]:Glutton Trojan PHP Backdoor UDP Communication 34. threat[42304]:Glutton Trojan PHP Backdoor TCP Communication 35. threat[31952]:H2O-3 Arbitrary File Overwrite Vulnerability(CVE-2024-6854) 36. threat[28707]:Northeast Normal University Ideal Software Intelligent Education Cloud Platform Arbitrary User Login Vulnerability 37. threat[28706]:Label Studio Front-End XSS Vulnerability(CVE-2025-25296) 38. threat[31953]:Weaver E-office OA login.wsdl.php SQL Injection Vulnerability(CNVD-2022-43246) 39. threat[31954]:Weaver E-office OA officeserver.php SQL Injection Vulnerability 40. threat[31918]:Jinhe C6 DownLoadBgImage.aspx Arbitrary File Read Vulnerability 41. threat[28661]:Microweber Cross-Site Scripting Vulnerability(CVE-2022-0963) update rules: 1. threat[26780]:Esafenet Electronic Document Security Management System Arbitrary File Read Vulnerability(CNVD-2023-09184) 2. threat[10108]:Microsoft Windows 2000 RPC DCOM Interface Denial of Service 3. threat[26783]:Weaver e-office OA UserSelect Interface SQL Injection Vulnerability 4. threat[30979]:Hangzhou Synway SMG Gateway Management Software down.php Arbitrary File Read Vulnerability 5. threat[25896]:Ueditor Editor.net version arbitrary file upload vulnerability(CNVD-2017-20077) 6. threat[25559]:Dolibarr ERP and CRM Code Injection Vulnerability(CVE-2022-0819/CVE-2022-40871) 7. threat[28647]:Microsoft .NET Framework DataSetOldBehaviour Deserialization Arbitrary Command Execution Vulnerability 8. threat[62055]:Suspicious HTTP Data URI Scheme Data Upload 9. threat[24599]:RConfig v3.9.2 unauthorized RCE vulnerability(CVE-2019-16662) 10. threat[27907]:Kingtowin HKMP Smart Business Software queryPrintTemplate SQL Injection Vulnerability 11. threat[26120]:D-Link Series Router Command Injection Vulnerability (CVE-2022-46476/CVE-2023-26822/CVE-2024-7357) 12. threat[25914]:Apache CommonsCollections Deserialization Command Injection Vulnerability (CC6) 13. threat[28550]:Microsoft .NET Framework GetterSecurityException Deserialization Arbitrary Command Execution Vulnerability Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-03-13 16:42:36

Name： eoi.unify.allrulepatch.ips.2.0.0.38895.rule	Version：2.0.0.38895
MD5：a965b25279a3997e1426ffee290d10f5	Size：40.16M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.38895. The rules for adding/improving this upgrade package include: new rules: 1. threat[31911]:GitLab Community and Enterprise Edition OAuth page Stored Cross-Site Scripting Vulnerability(CVE-2024-6530) 2. threat[28657]:Cacti Group Cacti installer.php setPaths Log Path Arbitrary File Write Vulnerability(CVE-2024-43363) 3. threat[28658]:Weaver E-Office Command Injection Vulnerability (CVE-2023-2647) 4. threat[28659]:Citrix Storefront Cross-Site Scripting Vulnerability (CVE-2023-5914) 5. threat[28660]:Atutor Cross-Site Scripting Vulnerability (CVE-2023-27008) 6. threat[28662]:Cisco VPN Routers Unauthorized Arbitrary File Upload Vulnerability (CVE-2023-20073) 7. threat[28655]:WordPress iThemes Security (better-wp-security) Plugin SQL injection vulnerability (CVE-2018-12636) 8. threat[28663]:Microweber 跨站脚本攻击漏洞(CVE-2022-0378) 9. threat[28664]:Wordpress Plugin SEO By 10Web Cross-Site Scripting Vulnerability (CVE-2023-2224) 10. threat[28665]:Wordpress Plugin Tablesome Cross-Site Scripting Vulnerability (CVE-2023-1890) 11. threat[31912]:JetBrains TeamCity Backup History Stored Cross-Site Scripting Vulnerability(CVE-2024-47950) 12. threat[28666]:Ivanti Endpoint Manager ETask WasPreviouslyMapped SQL Injection Vulnerability(CVE-2024-8191) 13. threat[28667]:Vmware Aria Operations For Networks Remote Code Execution Vulnerability (CVE-2023-20888) 14. threat[28669]:ZOHO ManageEngine ADAudit Plus SQL Injection Vulnerability (CVE-2024-5467) 15. threat[31916]:Gradio data Arbitrary File Read Vulnerability(CVE-2024-0964) 16. threat[31913]:Vitest Path Traversal Vulnerability(CVE-2025-24963) 17. threat[28668]:XWiki Platform Remote Code Execution Vulnerability(CVE-2025-24893) 18. threat[31914]:Komtera KLog Server Path Traversal Vulnerability(CVE-2025-1035) 19. threat[28670]:DocsGPT Unauthorized Remote Code Execution Vulnerability(CVE-2025-0868) 20. threat[31915]:RuiYou Tianyi Application Virtualization System RAPAgent.XGI SQL Injection Vulnerability 21. threat[28672]:Apache Solr Command Execution Vulnerability (CNVD-2023-34111) 22. threat[31910]:Gradio Arbitrary File Read Vulnerability(CVE-2024-4941) 23. threat[28673]:Seeyon OA rest Interface Administrator Account Password Reset Vulnerability 24. threat[31917]:Open-webui Stored Cross-Site Scripting Vulnerability(CVE-2024-7990) 25. threat[28671]:Wazuh Security Monitoring Platform Deserialization Vulnerability (CVE-2025-24016) 26. threat[31920]:Knowledge I Love Pure Version Of Small Program System Leibiao SQL Injection Vulnerability 27. threat[31921]:Open-webui upload file Stored Cross-Site Scripting Vulnerability(CVE-2024-7044) 28. threat[31922]:Zentao 20.7 Background Arbitrary File Reading Vulnerability 29. threat[28674]:Microsoft .NET Framework ActivitySurrogateSelector Deserialization Arbitrary Command Execution Vulnerability 30. threat[31919]:NAKIVO Backup&Replication Any File Read Vulnerability(CVE-2024-48248) 31. threat[42280]:Suspected Gost Tunnel Agent Tool Communication Behavior 32. threat[28678]:Open-webui models/upload Arbitrary File Write Vulnerability(CVE-2024-7034) 33. threat[28679]:Open-webui models/download Arbitrary File Write Vulnerability(CVE-2024-7033) 34. threat[28675]:osCommerce Cross Site Scripting Vulnerability(CVE-2024-4348) 35. threat[28676]:RHUB TurboMeeting Command Injection Vulnerability(CVE-2024-38288) 36. threat[31929]:Apache DolphinScheduler Arbitrary File Read Vulnerability(CVE-2024-30188) 37. threat[28677]:Apache DolphinScheduler File Upload Vulnerability(CVE-2024-30188) 38. threat[31923]:JeeWMS cgformTemplateController.do Arbitrary File Read Vulnerability(CVE-2024-27765) 39. threat[31924]:JeeWMS graphReportController.do SQL Injection Vulnerability(CVE-2025-0392) 40. threat[31925]:JeeWMS cgFormBuildController.do SQL Injection Vulnerability(CVE-2025-0391) 41. threat[31926]:JeeWMS cgReportController.do SQL Injection Vulnerability(CVE-2024-57760) 42. threat[31927]:JeeWMS commonController.do File Upload Causes RCE Vulnerability(CVE-2024-57761) 43. threat[31928]:JeeWMS cgReportController.do SQL Injection Vulnerability(CVE-2024-11251) 44. threat[28680]:NUUO Camera handle_config.php Remote Command Execution Vulnerability(CVE-2025-1338) 45. threat[28681]:NUUO Camera handle_site_config.php Remote Command Execution Vulnerability 46. threat[28656]:Open edX Cross-Site Scripting Vulnerability(CVE-2022-32195) 47. threat[28684]:Scan2Net Platform Remote Command Execution Vulnerability(CVE-2024-28138) 48. threat[42284]:Meduza Stealer Exfiltration Behavior 49. threat[28682]:Zabbix Background Ping Script Command Injection Vulnerability(CVE-2024-22116) 50. threat[31930]:WordPress Plugin Swift Performance Lite Unauthenticated Access Vulnerability(CVE-2023-6289) 51. threat[28683]:WordPress Plugin Elementor File Upload Vulnerability(CVE-2023-48777) 52. threat[42283]:Suspected Cross-Boundary Port Forwarding Tool Communication Behavior 53. threat[28686]:Ollama Improperly Configured Unauthorized Access Vulnerability (CNVD-2025-04094) 54. threat[28685]:Microsoft .NET Framework ObjRef deserialization request remote server objects 55. threat[28649]:Landray OA admin.do JNDI Injection Vulnerability 56. threat[31906]:ChuanhuChatGPT Server Request Forgery(SSRF) Vulnerability(CVE-2025-0188) 57. threat[28650]:Wordpress Plugin Stock Ticker Cross-Site Scripting Vulnerability (CVE-2023-40208) 58. threat[31908]:Prestashop Advancedpopupcreator SQL Injection Vulnerability (CVE-2023-27032) 59. threat[31907]:ChuanhuChatGPT Arbitrary folder creation Vulnerability(CVE-2024-6037) 60. threat[28651]:Microsoft .NET Framework ActivitySurrogateDisableTypeCheck Deserialization Arbitrary Command Execution Vulnerability 61. threat[28652]:Microweber Cross-Site Scripting Vulnerability (CVE-2023-5244) 62. threat[28653]:Structurizr On-Premises Cross-Site Scripting Vulnerability (CVE-2023-5556) 63. threat[31909]:ChuanhuChatGPT Unauthorized Access Vulnerability(CVE-2024-3404) 64. threat[28654]:WordPress Pie Register Plugin SQL Injection Vulnerability(CVE-2018-10969) update rules: 1. threat[28576]:Discovering Neoreg 5.0 Communication Traffic 2. threat[27999]:WordPress Plugin Gift Cards SQL Injection Vulnerability (CVE-2023-28662) 3. threat[24343]:Zoho ManageEngine OpManager setManaged SQL Injection Vulnerability(CVE-2018-17283) 4. threat[31785]:Eqccd OA svc.asmx SQL Injection Vulnerability 5. threat[27147]:Primeton EOS Platform eos.jmx Remote Code Execution Vulnerability 6. threat[27180]:Ruiyou Tianyi Application Virtualization System AgentBoard.XGI Remote Code Execution Vulnerability 7. threat[26318]:Huatian Power OA Collaborative Office System ntkoupload.jsp Arbitrary File Upload Vulnerability(CNVD-2022-54886) 8. threat[27778]:Weaver e-cology HrmService SQL Injection Vulnerability 9. threat[28298]:Baolande BES Middleware spark BesEJB Remote Code Execution Vulnerability 10. threat[28046]:JeecgBoot Block Report jmreport Aviator SSTI Arbitrary Code Execution Vulnerabilities 11. threat[28284]:D-Link-DNS Multiple Products sc_mgr.cgi Remote Command Execution Vulnerability 12. threat[28290]:Jinhua Diga Live Large Screen Interactive System mobile.do.php Arbitrary File Upload Vulnerability 13. threat[24274]:Advantech WebAccess Node chkLogin2 SQL Injection Vulnerability(CVE-2018-5443) 14. threat[24432]:Nexus Repository Manager 3 Remote Command Execution Vulnerability(CVE-2019-7238) 15. threat[25599]:Landray-OA Arbitrary File Read Vulnerability(CNVD-2021-28277) 16. threat[31906]:ChuanhuChatGPT Server Request Forgery(SSRF) Vulnerability(CVE-2025-0188/CVE-2024-5822) 17. threat[28646]:Mlflow Improper Access Control Vulnerability(CVE-2024-4263) 18. threat[25310]:Apache Druid JDBC connection properties Remote Code Execution Vulnerability(CVE-2021-26919) 19. threat[27464]:CHANJET T+ Ufida.T.SM.Login.UIP.LoginManager SQL Injection Vulnerability(CNVD-2021-12845) 20. threat[25697]:Microsoft Exchange Server Server-Side Request Forgery Vulnerability(CVE-2022-41040) Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-03-07 10:20:32

Name： eoi.unify.allrulepatch.ips.2.0.0.38742.rule	Version：2.0.0.38742
MD5：c9815752c307466ebc7feb51419e0602	Size：40.09M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.38742. The rules for adding/improving this upgrade package include: new rules: 1. threat[42272]:Suspected FRP Intranet Penetration Tool SSL Communication 2. threat[31896]:Lunary-ai SAML IdP XML Cross-Site Scripting Vulnerability(CVE-2025-0281) 3. threat[28636]:Citrix ADC And Citrix Gateway Remote Code Execution Vulnerability (CVE-2023-3519)_2 4. threat[31897]:WordPress Block and Stop Bad Bots Plugin SQL Injection Vulnerability(CVE-2022-0949) 5. threat[28638]:WordPress Related Posts Plugin Stored Cross Site Scripting Vulnerability(CVE-2022-3506) 6. threat[31898]:Comfyui Server Request Forgery(SSRF) Vulnerability(CVE-2024-12882) 7. threat[28639]:WordPress White Label MS Plugin Cross-Site Scripting Vulnerability(CVE-2022-0422) 8. threat[31899]:WordPress WP Fundraising Donation and Crowdfunding Platform SQL Injection Vulnerability(CVE-2022-0788) 9. threat[31900]:MasterSAM interface downloadService arbitrary file read vulnerability(CVE-2024-55457) 10. threat[31895]:Jinpan Mobile Library System/Jinpan Mobile Library System download.jsp Any file read vulnerability 11. threat[31893]:ZichenVision Hotel Smart Marketing IPTV System userlogin.php sql injection Vulnerability 12. threat[31894]:Jinan Shangbang Electronic Document Security Management System V6.0 Interface Backup Arbitrary File Download Vulnerability 13. threat[28635]:Jinpan Mobile Library System upload Any File Upload Vulnerability 14. threat[28640]:Gogs Remote Command Execution Vulnerability(CVE-2022-0415) 15. threat[28643]:Flatpress Cross-Site Scripting Vulnerability(CVE-2022-40047) 16. threat[28644]:Microsoft .NET Framework DataSet Deserialization Arbitrary Command Execution Vulnerability 17. threat[28642]:Dify sanbox code injection Vulnerability(CVE-2024-10252) 18. threat[42273]:Wireguard Indicates Tunnel Communication Behavior 19. threat[31902]:Lunary-ai Unauthorized Access Vulnerability(CVE-2024-10272) 20. threat[28645]:Discover the ShiroAttack2 Tool Memory Injection Behavior 21. threat[28647]:Microsoft .NET Framework DataSetOldBehaviour Deserialization Arbitrary Command Execution Vulnerability 22. threat[31903]:Mlflow dbfs Arbitrary File Read Vulnerability(CVE-2024-8859) 23. threat[31901]:Mlflow Arbitrary File Read Vulnerability(CVE-2023-6018) 24. threat[28646]:Mlflow Improper Access Control Vulnerability(CVE-2024-4263) 25. threat[42274]:Godzilla AES_BASE64_ASMX Webshell Connect 26. threat[28648]:Chamilo LMS Remote Command Execution Vulnerability (CVE-2023-3368) 27. threat[31905]:Jinhe OA C6 System Interface IncentivePlanFulfillAppprove.aspx SQL Injection Vulnerability 28. threat[31890]:Apache HTTP Server Server Request Forgery Vulnerability (CVE-2024-38472) 29. threat[10585]:H3C Magic B1STV100R012 Buffer Error Vulnerability (CVE-2023-34929) 30. threat[10586]:H3C Magic B1STV100R012 Buffer Error Vulnerability (CVE-2023-34930) 31. threat[10587]:H3C Magic B1STV100R012 Buffer Error Vulnerability (CVE-2023-34931) 32. threat[10588]:H3C Magic B1STV100R012 Buffer Error Vulnerability (CVE-2023-34932) 33. threat[10589]:H3C Magic B1STV100R012 Buffer Error Vulnerability (CVE-2023-34933) 34. threat[10590]:H3C Magic B1STV100R012 Buffer Error Vulnerability (CVE-2023-34935) 35. threat[10591]:H3C Magic B1STV100R012 Buffer Error Vulnerability (CVE-2023-34936) 36. threat[10592]:H3C Magic B1STV100R012 Buffer Error Vulnerability (CVE-2023-34937) 37. threat[42270]:AtlasCross APT Send Malicious Macro Document 38. threat[31891]:Ivanti-EPM Absolute Path Traversal Vulnerability (CVE-2024-13159) 39. threat[31892]:CuppaCMS v1.0 SQL Injection Vulnerability(CVE-2023-47990) 40. threat[31882]:WordPress JoomSport Plugin SQL Injection Vulnerability(CVE-2022-4050) update rules: 1. threat[27352]:Landray OA dataxml.jsp Remote Code Execution Vulnerability 2. threat[26911]:Goanyon-mft Deserialization Vulnerability (CVE-2023-0669) 3. threat[27788]:TOTOLINK N600R Command Injection Vulnerability(CVE-2022-26186) 4. threat[27187]:Yonyou U8 Cloud XChangeServlet XML External Entity Injection Vulnerability 5. threat[28641]:RAGFlow web_crawl Arbitrary File Read Vulnerability(CVE-2024-12450) 6. threat[28632]:Microsoft .NET Framework DataSetTypeSpoof Deserialization Arbitrary Command Execution Vulnerability 7. threat[26611]:CraftCMS Remote Code Execution Vulnerability (CVE-2023-41892) 8. threat[27027]:Cloudpanel makefile Arbitrary File Upload Vulnerability (CVE-2023-35885) 9. threat[31889]:Apache HTTP Server Server Request Forgery Vulnerability (CVE-2024-38472) Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-02-28 13:39:14

Name： eoi.unify.allrulepatch.ips.2.0.0.38636.rule	Version：2.0.0.38636
MD5：d30cfcb08ef0167a9dbb41e7a7c88470	Size：40.03M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.38636. The rules for adding/improving this upgrade package include: new rules: 1. threat[28621]:Netentsec NS-ASG Application Security Gateway list_crl_conf.php SQL Injection(CVE-2024-3040) 2. threat[28622]:Netentsec NS-ASG Application Security Gateway listloginfo.php SQL Injection(CVE-2024-3041) 3. threat[31868]:H3C http Server web/login SQL Injection Vulnerability 4. threat[31863]:Yulong Video Audio Comprehensive Management Platform RelMedia/FindById SQL Injection Vulnerability 5. threat[31871]:Hospital Management System SQL Injection Vulnerability(CVE-2022-24263) 6. threat[31872]:CuppaCMS v1.0 SQL Injection Vulnerability(CVE-2022-24264) 7. threat[31873]:CuppaCMS v1.0 SQL Injection Vulnerability(CVE-2022-24265) 8. threat[28624]:Ava Video Cloud Platform Videocover.Aspx Arbitrary File Upload Vulnerability 9. threat[28625]:Ava Video Cloud Platform Uploadfile.Aspx File Upload Vulnerability 10. threat[31869]:Jeecg-Boot Any File Read Vulnerability(CVE-2023-41578) 11. threat[28623]:JeecgBoot executeSelectApi SSRF Vulnerability 12. threat[31876]:Jeecg-Boot check SQL Injection Vulnerability(CVE-2023-41543/CVE-2023-38905/CVE-2023-1741/CVE-2022-45206) 13. threat[31877]:Jeecg-Boot qurestSql SQL Injection Vulnerability(CVE-2023-41542) 14. threat[31878]:Jeecg-Boot putRecycleBin SQL Injection Vulnerability(CVE-2022-45208) 15. threat[31879]:Jeecg-Boot qurestSql SQL Injection Vulnerability(CVE-2022-45210) 16. threat[31880]:Jeecg-Boot queryUserComponentData SQL Injection Vulnerability(CVE-2022-22881) 17. threat[31874]:CuppaCMS v1.0 SQL Injection Vulnerability(CVE-2022-24266) 18. threat[31875]:CuppaCMS v1.0 SQL Injection Vulnerability(CVE-2022-27984) 19. threat[28626]:CuppaCMS v1.0 File Upload Vulnerability(CVE-2022-38296) 20. threat[28627]:Axigen Webmail Cross-Site Scripting Vulnerability (CVE-2023-40355) 21. threat[31884]:Eyoucms Information Disclosure Vulnerability (CVE-2023-37645) 22. threat[28628]:QNAP QTS And Quts Hero Command Injection Vulnerability (CVE-2023-47218) 23. threat[28629]:Baota Cloud WAF clear_cache backend command injection vulnerability 24. threat[31886]:Rudder Server SQL Injection Vulnerability (CVE-2023-30625) 25. threat[28630]:Wordpress Plugin Custom 404 Pro Cross-Site Scripting Vulnerability (CVE-2023-2023) 26. threat[31885]:Tongda OA td_listview.php Cross Site Scripting Vulnerability 27. threat[31881]:WordPress Nirweb Support Plugin SQL Injection Vulnerability(CVE-2022-0781) 28. threat[31883]:WordPress Order Listener for WooCommerce Plugin SQL Injection Vulnerability(CVE-2022-0948) 29. threat[28632]:Microsoft .NET Framework DataSetTypeSpoof Deserialization Arbitrary Command Execution Vulnerability 30. threat[28634]:74CMS Arbitrary File Upload Vulnerability (CVE-2024-2561) 31. threat[31889]:Apache HTTP Server Server Request Forgery Vulnerability (CVE-2024-38472) 32. threat[10584]:H3C Magic B1STV100R012 Buffer Error Vulnerability (CVE-2023-34928) 33. threat[28631]:SmartNode SN200 Command Injection Vulnerability(CVE-2023-41109) 34. threat[31887]:Adobe Connect Local File Disclosure Vulnerability(CVE-2023-22232) 35. threat[31888]:Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability(CVE-2025-21377) 36. threat[28633]:Sitecore Remote Code Execution Vulnerability(CVE-2023-35813) 37. threat[28078]:Cassia Networks Gateway Remote Code Execution Vulnerability(CVE-2023-31446) update rules: 1. threat[28620]:Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108) 2. threat[24302]:Suspicious XML External Entity(XXE) Injection Attempt 3. threat[26363]:Jeecg-boot JDBC testConnection arbitrary code execution vulnerability 4. threat[26346]:Jeegg Boot/jmreport/show has an SQL injection vulnerability(CVE-2023-34659/CVE-2023-42268) 5. threat[27413]:MLflow Arbitrary File Read Vulnerability(CVE-2023-1177/CVE-2023-6977) 6. threat[26757]:Sophos Web Appliance Remote Code Execution Vulnerability (CVE-2023-1671) 7. threat[27737]:Landray EIS Smart Collaboration Platform ShowUserInfo.aspx SQL Injection Vulnerability 8. threat[27639]:Landray OA front-end code execution vulnerability 9. threat[30981]:GDidees 3.9.1 Arbitrary File Read Vulnerability(CVE-2023-27179) 10. threat[26589]:Juniper SRX Firewall/EX Switch Remote Code Execution Vulnerability(CVE-2023-36844) 11. threat[26178]:TOTOLINK A7000R Router Command Execution Vulnerability (CVE-2022-37076/CVE-2022-41518CVE-2022-36486/CVE-2023-46574) 12. threat[60991]:HTTP Request XSS Cross Site Scripting Attempt 13. threat[27076]:VMware Aria Operations for Networks exportPDF Code Injection Vulnerability(CVE-2023-20889) 14. threat[30846]:Joomla Unauthorized Access Vulnerability(CVE-2023-23752) 15. threat[24999]:Spring Boot Actuator Information Disclosure Vulnerability 16. threat[26932]:Landray OA sysSearchMain.do XMLdecode Deserialization Vulnerability 17. threat[25308]:H3C IMC Intelligent Management Center primefaces expression Code Execution Vulnerability 18. threat[67469]:Postgres Login Error 19. threat[42267]:Evilnum APT PyVil RAT Connect the C2 Server Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-02-21 13:05:21

Name： eoi.unify.allrulepatch.ips.2.0.0.38565.rule	Version：2.0.0.38565
MD5：c32dbb0623533a4e2495cb9669bc4271	Size：40.00M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.38565. The rules for adding/improving this upgrade package include: new rules: 1. threat[31860]:Officeweb365 wordfix Index arbitrary file read vulnerability 2. threat[28617]:Ivanti Cloud Services Appliance tripwire Command Injection Vulnerability(CVE-2024-9380) 3. threat[28618]:Label Studio Cross-Site Scripting Vulnerability (CVE-2023-47115) 4. threat[28620]:Palo Alto Networks PAN-OS Authentication Bypass Vulnerability (CVE-2025-0108) 5. threat[28619]:Adobe ColdFusion GetArgumentCollection Insecure Deserialization Vulnerability(CVE-2024-41874) 6. threat[31867]:pearProjectApi System organizationCode SQL Injection Vulnerability(CVE-2023-27113) 7. threat[31866]:pearProjectApi System projectCode SQL Injection Vulnerability(CVE-2023-27112) 8. threat[31865]:ESAFENET Electronic Document Security Management System NetSecConfigAjax SQL Injection Vulnerability 9. threat[31864]:ESAFENET Electronic Document Security Management System MultiServerAjax SQL Injection Vulnerability 10. threat[42265]:Evilnum APT ddpp.exe Connect the C2 Server 11. threat[42266]:Evilnum APT fplayer.exe Connect the C2 Server 12. threat[42267]:Evilnum APT PyVil RAT Connect the C2 Server update rules: 1. threat[31435]:OfficeWeb365 wordfix/Index Arbitrary File Read Vulnerability 2. threat[42254]:Patchwork APT Protego Remote Control Trojan download Instruction Download file 3. threat[42255]:Patchwork APT Protego Remote Control Trojan download Instruction Downloaded Successfull 4. threat[26514]:VMware Aria Operations for Logs Deserialization Vulnerability (CVE-2023-20864) 5. threat[27626]:Wanhu OA ezOffice RhinoScriptEngineService Command Execution Vulnerability 6. threat[26019]:Tongda OA v11.9 getdata Arbitrary Command Execution Vulnerability 7. threat[31860]:Baota Cloud WAF get_stite_stus SQL injection vulnerability Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-02-13 21:41:17

Name： eoi.unify.allrulepatch.ips.2.0.0.38548.rule	Version：2.0.0.38548
MD5：9d0b96837280682405c287b004413bec	Size：39.97M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.38548. The rules for adding/improving this upgrade package include: new rules: 1. threat[31832]:Gradio Uploadbutton File Reading Vulnerability (CVE-2024-1728) 2. threat[42254]:Patchwork APT Protego Remote Control Trojan download Instruction Download file 3. threat[42255]:Patchwork APT Protego Remote Control Trojan download Instruction Downloaded Successfull 4. threat[31834]:Love Digital AnyShare Intelligent Content Management Platform SMTP_GetConfig Information Disclosure Vulnerability 5. threat[31833]:Love Digital AnyShare Intelligent Content Management Platform Usrm_GetAllUsers Information Disclosure Vulnerability 6. threat[28584]:Pi-Hole SSRF Server Request Forgery Vulnerability (CVE-2024-34361) 7. threat[31835]:Seeyon Internet Analysis Cloud getolapconnectionlist Logic Vulnerability 8. threat[31836]:Jumpserver Ansible Playbook Arbitrary File Reading Vulnerability (CVE-2024-40628) 9. threat[31839]:Jiusi OA_del.js arbitrary file read vulnerability 10. threat[28558]:WordPress Plugin Wux-Blog-Editor Front-end Override Vulnerability(CVE-2024-9932) 11. threat[31837]:Enterprise Internet Solutions System srm getuserinfo Information Leakage Vulnerability 12. threat[28585]:Lock Group Management System key.aspx Default Cookie Login Vulnerability 13. threat[28586]:Hunan Jianyan Information Engineering Quality Inspection System admintool Arbitrary File Upload Vulnerability 14. threat[28587]:Hunan Jianyan Information Engineering Quality Inspection System upload.ashx File Upload Causes RCE Vulnerability 15. threat[31840]:Boyou Technology School Yingjia Financial Fee Management Platform getstudent Information Disclosure Vulnerability 16. threat[28588]:Neixunbao Interprise Training Platform upload/scorm File Upload RCE Vulnerability 17. threat[31841]:Huhui Software Emergency Medicine Comprehensive Management Platform ServicePage.aspx Arbitrary File Read Vulnerability 18. threat[31842]:AcrelCloud Environmental Electricity Supervision Cloud Platform GetEnterpriseInfoY SQL Injection Vulnerability 19. threat[28426]:Tongxiang Human Resources Management System ActiveXConnector.asmx Information Leak Vulnerability 20. threat[28589]:Ivanti Endpoint Manager SQL Injection Vulnerability(CVE-2024-29827) 21. threat[31847]:TOTOLINK CP450 product.ini Sensitive Information Disclosure Vulnerability (CVE-2024-7332) 22. threat[42256]:APT-C-59 Backdoor Program Send Infomation To C2 23. threat[42257]:APT-C-59 Backdoor Program Download Package 24. threat[42258]:APT-C-59 Backdoor Program Send Screen Shots To C2 25. threat[42259]:APT-C-59 Backdoor Program Executes Commands 26. threat[28591]:ZOHO Manageengine Opmanager Directory Traversal File Upload Vulnerability (CVE-2023-47211) 27. threat[31849]:Wordpress Plugin Quttera Web Malware Scanner Sensitive Information Disclosure Vulnerability (CVE-2023-6065) 28. threat[28593]:Wordpress Plugin Ninja Forms Contact Form Cross-Site Scripting Vulnerability (CVE-2023-1835) 29. threat[31843]:AcrelCloud Environmental Power Supervision Cloud Platform GetEnterpriseInfoById SQL Injection Vulnerability 30. threat[28590]:AcrelCloud Environmental Protection Cloud Platform uploadworld Arbitrary File Upload Vulnerability 31. threat[31844]:Purple File Management System mergeFile SQL Injection Vulnerability 32. threat[31845]:Purple File Management System selectFileRemote SQL Injection Vulnerability 33. threat[31846]:Purple eRecords Management System Login Information Disclosure Vulnerability 34. threat[31848]:AJ-Report pageList Information Disclosure Vulnerability(CVE-2024-5350) 35. threat[28592]:AJ-Report /dataSet/testTransform Command Execution Vulnerability 36. threat[31850]:AJ-Report /dataSet/testTransform SQL Injection Vulnerabilit (CVE-2024-5356) 37. threat[28594]:PHICOMM K2 Router Command Injection Vulnerability (CVE-2023-40796) 38. threat[31851]:AJ-Report detailByCode Information Disclosure Vulnerability(CVE-2024-5354) 39. threat[31852]:Zhihua Software openfile.aspx Interface Arbitrary File Read Vulnerability 40. threat[28597]:YiBao OA System getStockInRequestPrintDetail Interface SQL Injection Vulnerability 41. threat[28598]:Moosocial V.3.1.8 Cross-Site Scripting Vulnerability (CVE-2023-44813) 42. threat[42260]:Lazarus APT Andariel Sample Connects C2 43. threat[42261]:Lazarus APT Andariel Sample Upload Host Information 44. threat[28601]:Dataease Cross-Site Scripting Vulnerability (CVE-2023-28435) 45. threat[28602]:Netentsec NS-ASG Application Security Gateway vpn web interface SQL Injection Vulnerability 46. threat[28600]:Microsoft .NET Framework WindowsClaimsIdentity Deserialization Arbitrary Command Execution Vulnerability 47. threat[28603]:CyberPanel Remote Code Execution Vulnerability (CVE-224-53376) 48. threat[28599]:Windows Remote Desktop Licensing Service Arbitrary File Deletion Vulnerability (CVE-2024-43454) 49. threat[28604]:Microsoft .NET Framework PSObject Deserialization Arbitrary Command Execution Vulnerability 50. threat[31853]:WeGIA salvar_tag.php SQL Injection Vulnerability(CVE-2025-24958) 51. threat[31854]:WeGIA get_detalhes_socio.php SQL Injection Vulnerability(CVE-2025-24957) 52. threat[31855]:WeGIA get_detalhes_cobranca.php SQL Injection Vulnerability(CVE-2025-24906) 53. threat[31856]:WeGIA get_codigobarras_cobranca.php SQL Injection Vulnerability(CVE-2025-24905) 54. threat[31857]:WeGIA salvar_cargo.php SQL Injection Vulnerability(CVE-2025-24902) 55. threat[31858]:WeGIA deletar_permissao.php SQL Injection Vulnerability(CVE-2025-24901) 56. threat[28605]:Netentsec NS-ASG Application Security Gateway singlelogin.php Interface SQL Injection Vulnerability 57. threat[31859]:Infinity Software GetUserInfoByUserID Interface Information Disclosure Vulnerability 58. threat[42262]:Suspected Fake Jar Package Upload Behavior 59. threat[28606]:WordPress Backuply Plugin SQL Injection Vulnerability (CVE-2024-8669) 60. threat[50667]:Sensitive File Upload _ Command Execution File 61. threat[42263]:Suspected Compressed Package Directory Traversal Attack Behavior 62. threat[31861]:Clickhouse API Unauthorized Access Vulnerability 63. threat[28608]:Churchcrm Cross-Site Scripting Vulnerability (CVE-2023-26842) 64. threat[28609]:Microsoft .NET Framework SettingsPropertyValue Deserialization Arbitrary Command Execution Vulnerability 65. threat[31862]:Gibbon Local File Contains Vulnerability (CVE-2023-34598) 66. threat[28607]:Synjones Smart Campus Information Management System Upload Arbitrary File Upload Vulnerability 67. threat[28613]:Nodebb XML-RPC Request XML Code Injection (CVE-2023-43187) 68. threat[28615]:Online Piggery Management System File Upload Vulnerability (CVE-2023-37629) 69. threat[28616]:Microsoft .NET Framework GenericPrincipal Deserialization Arbitrary Command Execution Vulnerability 70. threat[28614]:Aviatrix Controller Operating System Unauthorized Remote Code Execution Vulnerability(CVE-2024-50603) 71. threat[28612]:Yulong Video Audio Comprehensive Management Platform Third/TimeSyn Remote Command Execution Vulnerability 72. threat[28611]:FLIR-AX8 Thermal Imager palette.php Remote Command Execution Vulnerability(CVE-2022-4364） 73. threat[28610]:FLIR-AX8 Thermal Imager applyfirmware Remote Command Execution Vulnerability 74. threat[28473]:Netgear RAX43 Command Injection Vulnerability (CVE-2021-20167) update rules: 1. threat[31831]:Windows Kerberos Security Feature Bypass Vulnerability(CVE-2025-21299) 2. threat[27592]:WordPress Dokan Pro plugin SQL Injection Vulnerability (CVE-2024-3922) 3. threat[28405]:Apache OFBiz SSRF Remote Code Execution Vulnerability (CVE-2024-45507) 4. threat[42244]:BITTER taskhostv Sample Send Host Information 5. threat[42246]:ZIZI Stealer Connects To The C2 Server 6. threat[42247]:ZIZI Stealer Sends Stolen Messages 7. threat[31795]:Mingyuan Real Estate ERP Service.asmx X-Forwarded-For SQL Injection Vulnerability 8. threat[28120]:YonYou-TPlus FileUploadHandler.ashx Arbitrary File Upload Vulnerability 9. threat[27088]:JumpServer Remote Code Execution Vulnerability (CVE-2024-29202) 10. threat[31367]:Apache Tomcat Information Leakage Vulnerability (CVE-2024-21733) 11. threat[31580]:Jiusi OA dl.jsp Arbitrary File Reading Vulnerability 12. threat[31839]:Weaver OA e-office 11.0 SQL data SQL injection vulnerability 13. threat[28346]:Ivanti Endpoint Manager VulCore.asmx GetDBPatches SQL Injection Vulnerability(CVE-2024-29826) 14. threat[26930]:Jenkins File Reading vulnerability (CVE-2024-23897) 15. threat[28266]:Nextgen Mirth Connect XStreamSerializer Insecure Deserialization Vulnerability(CVE-2023-43208) 16. threat[26534]:Adobe ColdFusion Insecure Deserialization Vulnerability(CVE-2023-38204) 17. threat[31753]:Imgproxy Cross-Site Scripting(XSS) Vulnerability(CVE-2023-1496) 18. threat[42250]:Patchwork APT Protego Remote Control Trojan Upload Host Application Information 19. threat[25760]:pgAdmin4 validate_binary_path Remote Code Execution Vulnerability(CVE-2022-4223/CVE-2024-3116) 20. threat[27911]:Ebao OA BasicService.asmx arbitrary file upload vulnerability 21. threat[26359]:Landray OA sysUiExtend file upload vulnerability 22. threat[25705]:Apache Commons-Text Remote Code Execution Vulnerability (CVE-2022-42889) Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-02-13 17:34:04

Name： eoi.unify.allrulepatch.ips.2.0.0.38421.rule	Version：2.0.0.38421
MD5：50654b419a98a4bd1f99e1a397586f38	Size：39.92M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.38421. The rules for adding/improving this upgrade package include: new rules: 1. threat[28581]:TOTOLINK setParentalRules Command Injection Vulnerability (CVE-2024-24325) 2. threat[42253]:Chunk-Proxy Tunnel Proxy Tool - Memory Trojan Communication 3. threat[28582]:D-Link DAR-7000 OS Command Injection Vulnerability(CNVD-2024-39257) 4. threat[31830]:Prison Management System SQL Injection Vulnerability (CVE-2024-33288) 5. threat[31831]:Windows Kerberos Security Feature Bypass Vulnerability(CVE-2025-21299) 6. threat[28583]:Caseaware A360inc Cross-Site Scripting Attack (CVE-2024-25669) update rules: 1. threat[28280]:Fortinet FortiOS Code Execution Vulnerability (CVE-2024-21762) 2. threat[26438]:RuoYi list SQL Injection Vulnerability 3. threat[28429]:AEGON-LIFEv1.0 SQL Injection Vulnerability(CVE-2024-36597) 4. threat[31130]:YonYou GRP-U8 userInfoWeb SQL Injection Vulnerability 5. threat[24271]:Microsoft Windows SNMP service denial of Service Vulnerability (CVE-2018-0967) Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-02-06 21:47:13

Name： eoi.unify.allrulepatch.ips.2.0.0.38400.rule	Version：2.0.0.38400
MD5：c76dbc392d8bc7f31c6f565f608f8d26	Size：39.90M
Description： This upgrade package is the Zealot 2.0 intrusion protection signature library/application identification signature library upgrade package, which only supports engine version V56R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.38400. The new/improved rules of this upgrade package are: new rules: 1. threat[28574]:AnHeng Mingyu Web Application Firewall report.php Arbitrary Login Vulnerability 2. threat[31827]:Cratedb Database Arbitrary File Read Vulnerability (CVE-2024-24565) 3. threat[28575]:1Panel Command Injection Vulnerability (CVE-2024-2352) 4. threat[28576]:Discovering Neoreg 5.0 Communication Traffic 5. threat[42246]:ZIZI Stealer Connects To The C2 Server 6. threat[42247]:ZIZI Stealer Sends Stolen Messages 7. threat[31828]:Gradio component_server Arbitrary File Read Vulnerability (CVE-2024-1561) 8. threat[31829]:Semcms SEMCMS_Seoandtag.Php SQL Injection Vulnerability (CVE-2024-52725) 9. threat[28579]:Tenda AC6 Fromsetsystime Arbitrary Code Execution Vulnerability (CVE-2024-52714) 10. threat[28578]:Microsoft .NET Framework WindowsIdentity Deserialization Arbitrary Command Execution Vulnerability 11. threat[42248]:Patchwork APT Protego Remote Control Trojan Online Request 12. threat[42249]:Patchwork APT Protego Remote Control Trojan Upload Host Information 13. threat[42250]:Patchwork APT Protego Remote Control Trojan Upload Host Application Information 14. threat[28580]:Wordpress Plugin Base64 Encoder_Decoder Cross-Site Scripting Attack (CVE-2024-3822) 15. threat[42252]:Patchwork APT Protego Remote Control Trojan Return dir Command Result 16. threat[42251]:Patchwork APT Protego Remote Control Trojan Send dir Instruction update rules: 1. threat[26338]:Yongyou KSOA/Jinhe OA imagefield SQL Injection Vulnerability 2. threat[27377]:Apache HugeGraph-Server Remote Command Execution In Gremlin(CVE-2024-27348) 3. threat[28215]:Palo Alto Networks Expedition Remote Command Execution Vulnerability(CVE-2024-9463) 4. threat[41900]:FastTunnel Intranet Penetration Tool Communication 5. threat[25987]:Kingdee EAS uploadLogo.action Arbitrary File Upload Vulnerability 6. threat[27727]:TOTOLINK setWanCfg Function Command Execution Vulnerability(CVE-2024-22942) 7. threat[27746]:TOTOLINK setParentalRules Function Buffer Overflow Vulnerability(CVE-2024-24325) 8. threat[31437]:DLINK DAP-1620 Directory Traversal Vulnerability(CVE-2021-46381) 9. threat[21374]:Apache Struts2 Remote Command Execution Vulnerability 10. threat[25119]:Struts2 Remote Code Execution Vulnerability(S2-061/062)(CVE-2020-17530/CVE-2021-31805) 11. threat[25531]:Spring Framework spring-bean Remote Code Execution Vulnerability(CVE-2022-22965) 12. threat[23002]:Apache Struts2 (CVE-2014-0094)(S2-020) Vulnerability Repair Bypass Vulnerability 13. threat[27746]:TOTOLINK setParentalRules Function Buffer Overflow Vulnerability(CVE-2022-44259) 14. threat[28408]:Cleo Remote Code Execution Vulnerability(CVE-224-50623) 15. threat[27513]:Yonyou U8 Cloud ServiceDispatcherServlet Deserialization Vulnerability Notes: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose a suitable time to upgrade.
Release Time：2025-01-30 19:34:58

Name： eoi.unify.allrulepatch.ips.2.0.0.38358.rule	Version：2.0.0.38358
MD5：3a172ad84fa50499c6f95db315090f7d	Size：39.89M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.38358. The rules for adding/improving this upgrade package include: new rules: 1. threat[42235]:SPP Tunnel Proxy Tool_HTTP Connection 2. threat[28567]:seeyonOA v8 File Upload Vulnerability(CVE-2024-29276) 3. threat[28568]:Microsoft .NET Framework WindowsPrincipal Deserialization Arbitrary Command Execution Vulnerability 4. threat[42236]:Sniper Webshell Management Tool Communication 5. threat[28569]:Metasploit Meterpreter php Trojan Connection Attempts 6. threat[42237]:SPP Tunnel Proxy Tool_TCP Connection 7. threat[42238]:Kraken Webshell Management Tool Communication 8. threat[42239]:Doughnuts Webshell Management Tool Communication 9. threat[28573]:Rsync Buffer Overflow Vulnerability (CVE-2024-12084) 10. threat[42241]:SPP Tunnel Proxy Tool_UDP Connection 11. threat[42240]:Godzilla JAVA_Cshap_BASE64 Webshell Connect 12. threat[50666]:Discover Tailscale Tools Communication 13. threat[28571]:Weaver e-Office backend test SQL interface SQL Injection Vulnerability 14. threat[31815]:Xiezhong OA System CheckLoginQrCode SQL Injection Vulnerability 15. threat[31816]:Shikong Logistics Transportation Management System SysData-SysDataBase Sensitive Information Disclosure Vulnerability 16. threat[31817]:Landy EKP System sysFormMainDataInsystemWebservice Arbitrary File Read Vulnerability 17. threat[31814]:Netis Multiple Router Information Leak Vulnerability(CVE-2024-48455) 18. threat[28572]:Netis Multiple Router Remote Code Execution Vulnerability (CVE-2024-48456) 19. threat[42242]:Fragtunnel Indicates The Tunnel Proxy Tool 20. threat[28570]:Powershell Download Nishang Suspicious Scripts 21. threat[42243]:Chunk-Proxy Tunnel Proxy Tool 22. threat[31818]:Landy EKP System thirdImSyncForKKWebService Arbitrary File Read Vulnerability 23. threat[31819]:Landray EKP System sysTagWebService Arbitrary File Read Vulnerability 24. threat[31820]:Landray EKP System sysNotifyTodoWebService Arbitrary File Read Vulnerability 25. threat[31821]:Landray EKP System kmImeetingBookWebService Arbitrary File Read Vulnerability 26. threat[31822]:Landray EKP System kmImeetingResWebService Arbitrary File Read Vulnerability 27. threat[31823]:Landray EKP System loginWebserviceService Arbitrary File Read Vulnerability 28. threat[31824]:Landray EKP System wechatWebserviceService Arbitrary File Read Vulnerability 29. threat[31825]:Landray EKP System sysNotifyTodoWebServiceEkpj Arbitrary File Read Vulnerability 30. threat[31826]:Landray EKP System sysSynchroGetOrgWebService Arbitrary File Read Vulnerability 31. threat[42244]:BITTER taskhostv Sample Send Host Information 32. threat[42245]:BITTER taskhostv Samples ID parameter Send Host Information update rules: 1. threat[28533]:NI Instrumentstudio FLXPROJ File Parsing Deserialization Vulnerability (CVE-2024-4044) 2. threat[10390]:Net-SNMP GETBULK Request Remote Memory Consumption DoS 3. threat[41499]:HTTP Request Sensitive Path Access Attempt 4. threat[42140]:Godzilla JAVA_AES_BASE64 Webshell Connect_3 5. threat[26232]:Weaver ecology deleteUserRequestInfoByXml-ReceiveCCRequestByXml-RequestInfoByXml XXE Vulnerability(CVE-2023-2806) 6. threat[28564]:Linksys E1700 Remote Code Execution Vulnerability(CVE-2024-22544) 7. threat[28565]:Linksys E1000 Buffer Overflow Vulnerability(CVE-2024-28283) 8. threat[28566]:Linksys E2500 Remote Code Execution Vulnerability(CVE-2024-40495) 9. threat[27878]:SeaCMS Background admin_smtp.php Remote Code Execution Vulnerability(CVE-2024-40519) Announcements: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-01-23 18:23:41

Name： eoi.unify.allrulepatch.ips.2.0.0.38302.rule	Version：2.0.0.38302
MD5：3d6ca8898c93cfc23d59a92a90ce99a4	Size：39.86M
Description： This upgrade package is an intrusion prevention feature library upgrade package, which only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.38302. The rules for adding/improving this upgrade package include: new rules: 1. Attack [28533]: NI Instrumental Studio FLXPROJ file parsing deserialization vulnerability (CVE-224-4044) 2. Attack [28534]: Discovered Shootback communication behavior of internal network penetration tool 3. Attack [28536]: PaperCut NG/MF server request forgery vulnerability (CVE-224-1884) 4. Attack [28538]: Microsoft. NET Framework AxHostState deserializes arbitrary command execution vulnerability 5. Attack [28537]: Netgear ProSAFE NMS300 UpLoadServlet file upload vulnerability (CVE-224-5505) 6. Attack [31797]: Centralon Web updateServiceHost SQL injection vulnerability (CVE-224-5723) 7. Attack [28540]: Belkin LINKSYS WRT160NL command injection vulnerability (CVE-2021-25310) 8. Attack [28541]: Wordpress Backup Guard plugin arbitrary file upload vulnerability (CVE-2021-24155) 9. Attack [28539]: Microsoft. NET Framework ClaimsIdentity deserialization arbitrary command execution vulnerability 10. Attack [49066]: Ollama parseFromZipFile file upload vulnerability (CVE-24-44536) 11. Attack [42228]: APT28 Zebrocy Nim downloader sends stolen information to C2 12. Attack [42229]: APT28 Zebrocy GO downloader sends stolen information to C2 13. Attack [42230]: APT28 Zebrocy Delphi downloader sends stolen information to C2 14. Attack [42231]: APT28 Zebrocy Delphi backdoor sends stolen information to C2 15. Attack [28542]: Discovery of using Webshell management tool for wandering souls (connecting backdoors) 16. Attack [42232]: BITTER ASMS Trojan sends stolen information 17. Attack [28544]: WordPress Images plugin arbitrary file upload vulnerability (CVE-2021-24236) 18. Attack [28545]: Discovered the use of Webshell management tool for wandering souls (communicating with the server) 19. Attack [28547]: Microsoft. NET Framework ClaimsPincipal deserializes arbitrary command execution vulnerability 20. Attack [28548]: Ivanti Multi Product Buffer Overflow Vulnerability (CVE-225-0282) 21. Attack [28546]: Wordpress Modern Events Calendar Lite plugin arbitrary file upload vulnerability (CVE-2021-24145) 22. Attack [31799]: Wordpress Modern Events Calendar Lite plugin information leak vulnerability (CVE-2021-24146) 23. Attack [31801]: WordPress Plugin Duplicator backup download vulnerability (CVE-222-2551) 24. Attack [28550]: Microsoft. NET Framework GetterSafeException deserializes arbitrary command execution vulnerability 25. Attack [31795]: Mingyuan Real Estate ERP Service.amx X-Forwarded-For SQL Injection Vulnerability 26. Attack [31796]: UFIDA NC Cloud checkekey SQL injection vulnerability 27. Attack [31798]: Oracle E-commerce Suite bispgraph.js path traversal vulnerability 28. Attack [28543]: Cacti insecure deserialization vulnerability (CVE-23-30534) 29. Attack [31800]: Beijing Shenzhou Digital Cloud Technology DCN Firewall online_ist.chp Any file read vulnerability 30. Attack [28549]: Array Networks APV application delivery system ping_costs remote command execution vulnerability 31. Attack [28551]: GetMenuItem SQL injection vulnerability in the wireless monitoring system of the heating network 32. Attack [28552]: Black Mamba C2 Traffic Heartbeat Detection 33. Attack [31806]: kkFileView getCorsFile server request forgery (SSRF) vulnerability (CVE-222-43140) 34. Attack [31807]: Centralon centralionGraph.class.class.finitCurveList SQL injection vulnerability (CVE-224-5725) 35. Attack [28555]: Discovery of Deimos C2 framework communication traffic 36. Attack [10582]: Django get-supported-language_mariant Denial of Service Attack (CVE-224-39614) 37. Attack [31803]: UpdOpuserPw SQL Injection Vulnerability in Guangzhou Tuchuang Library Cluster Management System 38. Attack [31802]: WebBookNew SQL injection vulnerability in Guangzhou Tuchuang Library cluster management system 39. Attack [31804]: SysLib SQL injection vulnerability in Guangzhou Tuchuang Library cluster management system (CVE-224-10946) 40. Attack [31805]: BatchOrder SQL injection vulnerability in Guangzhou Tuchuang Library cluster management system (CVE-224-10947) 41. Attack [28553]: Guns upload backend arbitrary file upload vulnerability 42. Attack [28554]: JeecgBoot system interface passwordChange arbitrary user password reset vulnerability 43. Attack [31808]: Login. ashx SQL injection vulnerability in the DuTe online order management system 44. Attack [31809]: DuTe Online Order Management System getUserImage.ahx SQL Injection Vulnerability 45. Attack [31810]: OpenWrt LuCi arbitrary file read vulnerability 46. Attack [10583]: GitLab Community and Enterprise Edition glm_source Denial of Service Vulnerability (CVE-224-8124) 47. Attack [28556]: Microsoft. NET Framework XamlImageInfo deserializes arbitrary command execution vulnerability 48. Attack [28557]: WordPress Ultimate Member plugin privilege escalation vulnerability (CVE-2023-3460) 49. Attack [28560]: WordPress WooCommerce Payments plugin privilege escalation vulnerability (CVE-23-28121) 50. Attack [28559]: WordPress WooCommerce Checkout Field Manager plugin arbitrary file upload vulnerability (CVE-222-4328) 51. Attack [42233]: Microsoft Windows SCF NFT Relay Vulnerability 52. Attack [42234]: Suspicious Webshell Script File Upload Behavior 2 53. Attack [28561]: Microsoft Exchange Server Remote Code Execution Vulnerability _ Exploiting GetClient Access Token (CVE-2021-42321/CVE-22377) 54. Attack [28562]: Apache httpd mod_cgi code execution vulnerability (CVE-24-38476) 55. Attack [31811]: W&Jsoft-D-Security Data Impersonation Leakage System (DLP) sys_des_logfile-displaylog.jsp arbitrary file read vulnerability 56. Attack [28564]: Linksys E1700 Remote Code Execution Vulnerability (CVE-224-22544) 57. Attack [28565]: Linksys E1000 buffer overflow vulnerability (CVE-224-28283) 58. Attack [28566]: Linksys E2500 Remote Code Execution Vulnerability (CVE-2024-40495) 59. Attack [28563]: Remote Code Execution by Microsoft Windows VBScript Engine (CVE8-8373) 60. Attack [31812]: Ruoyi export SQL injection vulnerability update rules: 1. Attack [25766]: UFIDA Space KSOA ImageUpload file upload vulnerability 2. Attack [23736]: NETGEAR ProSafe Network Management System 300 arbitrary file upload vulnerability (CVE6-1525) 3. Attack [60991]: HTTP request XSS cross site scripting attack attempt 4. Attack [27389]: Zhiyuan OA fileUpload.do front-end file upload bypass vulnerability 5. Attack [26581]: MobileIron Sentry command execution vulnerability (CVE-23035) 6. Attack [30724]: Access to sensitive information of general services 7. Attack [26239]: MS14-068 permission bypass vulnerability attack (CVE4-6324) 8. Attack [25578]: Spring Security authentication bypass vulnerability (CVE-22978) 9. Attack [68654]: Suspicious Webshell Script File Upload Behavior 10. Attack [49052]: Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-42321/CVE-22377) 11. Attack [42100]: HTTP SQL Stack Injection Attack Attempt 12. Attack [41805]: Characteristics of Chisel's internal network communication tool matters needing attention: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-01-17 16:04:04

Name： eoi.unify.allrulepatch.ips.2.0.0.38205.rule	Version：2.0.0.38205
MD5：4d3323d02409e353fc2c87b1a7abc03a	Size：39.79M
Description： This upgrade package is an intrusion prevention feature library upgrade package, which only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.38205. The rules for adding/improving this upgrade package include: New rules: 1. Attack [28507]: Barracuda CloudGen WAN Command Injection Vulnerability (CVE-23-26213) 2. Attack [31776]: WordPress Director plugin contains vulnerability in local files (CVE-2023-2252) 3. Attack [28508]: Apache Traffic Control SQL injection vulnerability (CVE-24-45387) 4. Attack [42221]: Lumma Stealer Trojan online request 5. Attack [42222]: Lumma Stealer Trojan negotiates configuration information 6. Attack [42223]: Lumma Stealer Trojan sends confidential information 7. Attack [28509]: Microsoft. NET Framework TextFormattingRunProperties deserializes arbitrary command execution vulnerability 8. Attack [28510]: Craft CMS Remote Code Execution Vulnerability (CVE-224-56145) 9. Attack [28511]: Tenda AC1200 command injection vulnerability (CVE-222-42053) 10. Attack [28512]: Tenda W6 command execution vulnerability (CVE-222-45497) 11. Attack [42224]: Sensitive script file upload _ suffix line break bypass 12. Attack [42225]: Sensitive script file upload, filename, line break bypass 13. Attack [28515]: Microsoft. NET Framework Toolboxイntainer deserializes arbitrary command execution vulnerability 14. Attack [28514]: Delta Electronics DVW-W02W2-E2 command injection vulnerability (CVE-222-42139) 15. Attack [28516]: Delta Electronics DX-2100RW-WW command injection vulnerability (CVE-222-42140) 16. Attack [28513]: FileUploadApi. ashx file upload vulnerability in Langsu ERP system 17. Attack [31781]: Wordpress Narnoo Distributor plugin contains vulnerabilities in arbitrary files (CVE-222-0679) 18. Attack [28518]: WordPress Crypto Plugin Authentication Bypass Vulnerability (CVE-224-9989) 19. Attack [28517]: Kingdee Apusic Application Server Create Data Source JDBC Injection Vulnerability 20. Attack [31784]: Full process cloud OA ajax.ashx SQL injection vulnerability 21. Attack [31783]: Zhibang ERP downfile.asp arbitrary file read vulnerability 22. Attack [31785]: Full process cloud OA svc.asmx SQL injection vulnerability 23. Attack [50665]: HTTP request does not comply with RFC specifications 24. Attack [31787]: WordPress plugin RSVP unauthorized access vulnerability (CVE-222-1054) 25. Attack [28519]: Microsoft. NET Framework TypeConfeseDelegate deserializes arbitrary command execution vulnerability 26. Attack [31788]: Myscan vulnerability scanning tool 27. Attack [31789]: Reactive Vector Maps arbitrary file read vulnerability (CVE-2021-24947) 28. Attack [28520]: dst admin command injection vulnerability (CVE-2023-0646) 29. Attack [28521]: dst admin command injection vulnerability (CVE-2023-0647) 30. Attack [28522]: dst admin command injection vulnerability (CVE-2023-0648) 31. Attack [28523]: dst admin command injection vulnerability (CVE-2023-0649) 32. Attack [28524]: Microsoft. NET Framework Sessions Security Token deserializes arbitrary command execution vulnerability 33. Attack [31790]: Vulmap vulnerability scanning tool 34. Attack [28525]: Dahua Intelligent IoT Integrated Management Platform GetClassValue.jsp Remote Code Execution Vulnerability 35. Attack [28526]: ZZZCMS zzzphp remote command injection vulnerability (CVE-228-23881) 36. Attack [28527]: Microsoft. NET Framework SessionViewStateHistoryItem deserializes arbitrary command execution vulnerability 37. Attack [10581]: TP Link WR2041 buffer overflow vulnerability (CVE-2021-26827) 38. Attack [28529]: Microsoft. NET Framework RoleParty deserializes arbitrary command execution vulnerability 39. Attack [31791]: Vulnerability of Sensitive Information Leakage in the ReportServer of the Human Resources Management System of Yipuxing University 40. Attack [28528]: Linksys WRT120N tmUnblock.cgi buffer overflow vulnerability 41. Attack [31792]: Suspected Yasso scanning tool winrm scan 42. Attack [28530]: NETGEAR Nighthawk buffer overflow vulnerability (CVE-23-27853) 43. Attack [31786]: Kingdee OA server-side/folders directory traversal vulnerability 44. Attack [28531]: Dahua DSS City Security Monitoring Platform logid_init.action Interface Command Execution Vulnerability 45. Attack [31793]: SQL injection vulnerability in the Blue Ling EIS intelligent collaborative platform fi_cessage_deceiver.asp (CVE-22214) 46. Attack [31794]: Deep Kote SKTMAX LEAN MES system SMTLoadingMaterial.ahx SQL injection vulnerability 47. Attack [28532]: Langsu ERP UEditorAjaxApi.ahx SSRF vulnerability 48. Attack [42226]: BITTER steals files with specific suffixes 49. Attack [42227]: BITTER steals victim host information 50. Attack [31725]: Nessus vulnerability scanning tool UDP host discovery behavior Update rules: 1. Attack [31685]: Sensitive script file upload, filename deformation bypass 2. Attack [25578]: Spring Security authentication bypass vulnerability (CVE-22978) 3. Attack [31782]: Information leakage vulnerability of StandardLogin Action_getAllUser on Tongtianxing CMSV6 car mounted video surveillance platform 4. Attack [31780]: Point_manage/merge SQL injection vulnerability in Tongtianxing CMSV6 vehicle mounted video surveillance platform 5. Attack [31779]: Tianxing CMSV6 car mounted video surveillance platform StandardReportMediaAction_getImage.action arbitrary file reading vulnerability 6. Attack [31778]: Download Logger.action vulnerability for arbitrary file reading on Tongtianxing CMSV6 vehicle mounted video surveillance platform 7. Attack [31777]: UFIDA NC Cloud/U9C/CS/Office/TransWebService. asp SQL injection vulnerability 8. Attack [27313]: Fangzheng Changxiang Full Media News Editing System ImageProxy. do Arbitrary File Reading Vulnerability 9. Attack [31510]: HTTP SQL injection attempt type nine 10. Attack [62201]: HTTP SQL Injection Attempt Type 2 11. Attack [26117]: TP-LINK Archer/TL-WR840N Remote Code Execution Vulnerability (CVE-2021-44827/CVE-225064) 12. Attack [10520]: OpenSSL service renegotiation handling null pointer reference vulnerability (CVE-2021-3449) 13. Attack [31222]: kkFileView getCorsFile arbitrary file read vulnerability (CVE-2021-43734) matters needing attention: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-01-10 15:23:01

Name： eoi.unify.allrulepatch.ips.2.0.0.38159.rule	Version：2.0.0.38159
MD5：952104a86b0ba017dfff05ea28f1a52e	Size：39.77M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.38159. The rules for adding/improving this upgrade package include: New rules: 1. Attack [10580]: Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability (CVE-224-49113) matters needing attention: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-01-06 22:22:49

Name： eoi.unify.allrulepatch.ips.2.0.0.38090.rule	Version：2.0.0.38090
MD5：4fb9c882feabfb226ac8614be2a65e92	Size：39.73M
Description： This upgrade package is an intrusion prevention feature library upgrade package, which only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.38090. The rules for adding/improving this upgrade package include: New rules: 1. Attack [31771]: WAVLINK Unauthorized Sensitive Information Leakage Vulnerability (CVE-222-31847) 2. Attack [31767]: DoAction SQL injection vulnerability in the supply chain management system of Miaoyou Technology 3. Attack [31758]: WordPress File Upload plugin arbitrary file read vulnerability (CVE-224-9047) 4. Attack [31759]: WordPress Tutor LMS plugin SQL injection vulnerability (CVE-224-10400) 5. Attack [28475]: TOTOLINK setWiFiGuesthouse Cfg buffer overflow vulnerability (CVE-24-37633) 6. Attack [28476]: TOTOLINK setWiFiEasyCfg buffer overflow vulnerability (CVE-224-37634) 7. Attack [28477]: TOTOLINK setWiFiBasicCfg buffer overflow vulnerability (CVE-24-37635) 8. Attack [28478]: TOTOLINK setWizardCfg buffer overflow vulnerability (CVE-24-37637) 9. Attack [28479]: TOTOLINK setWiFiEasyGuest Cfg buffer overflow vulnerability (CVE-24-37640) 10. Attack [28480]: ExploitEmotingService. NET Remote Service Attack Tool 11. Attack [31760]: Using Friend Count to aggregate CPAS audit management system V4 getCurserIfAllowLogin SQL injection vulnerability 12. Attack [31761]: Use Friend Count to aggregate CPAS audit management system V4 downPlugs for arbitrary file read vulnerability 13. Attack [31762]: XSStrike Cross Site Script Vulnerability Scanning Tool 14. Attack [28481]: MitraStar GPT-2541GNAC command execution vulnerability (CVE-224-9977) 15. Attack [28482]: ExploitEmotingService.net Remote Service Attack Tool_2 16. Attack [28483]: NUUO camera upload.chp interface arbitrary file upload vulnerability 17. Attack [28488]: Typecho install. php deserialization vulnerability 18. Attack [28484]: TOTOLINK X5000R addBlacklist command injection vulnerability (CVE-2024-42736) 19. Attack [28485]: TOTOLINK X5000R delBlacklist command injection vulnerability (CVE-2024-42737) 20. Attack [28486]: TOTOLINK X5000R setDmzCfg command injection vulnerability (CVE-24-42738) 21. Attack [28487]: TOTOLINK X5000R setAccessDeviceCFG command injection vulnerability (CVE-24-42739) 22. Attack [31763]: KesionEDU CheckOrder SQL injection vulnerability in KeXun Online School 23. Attack [31764]: Razer Sila Gaming Router arbitrary file contains vulnerability (CVE-22022014) 24. Attack [28490]: TOTOLINK X5000R setL2tpServerCfg command injection vulnerability (CVE-24-42741) 25. Attack [28489]: TOTOLINK X5000R seturlFilterRules command injection vulnerability (CVE-2024-42742) 26. Attack [28491]: TOTOLINK X5000R setSyslogCfg command injection vulnerability (CVE-24-42743) 27. Attack [28492]: TOTOLINK X5000R setModifierVpnUser command injection vulnerability (CVE-24-42744) 28. Attack [28493]: TOTOLINK X5000R setUPnPCfg command injection vulnerability (CVE-24-42745) 29. Attack [28494]: TOTOLINK X5000R setWanIeCfg command injection vulnerability (CVE-24-42747) 30. Attack [28495]: TOTOLINK X5000R setWiFiWpsCfg command injection vulnerability (CVE-24-42748) 31. Attack [31765]: Selea Targa IP OCR-ANPR Camera test_mackup_Server server request forgery vulnerability 32. Attack [28498]: UTCMS Remote Code Execution Vulnerability (CVE-2024-9917) 33. Attack [28500]: Remote Code Execution Vulnerability (CVE-2021-23132) 34. Attack [31766]: WAVLINK WN530HG4 Unauthorized Information Leakage Vulnerability (CVE-222-34049) 35. Attack [28496]: Tenda G3 formSetUSBPartitionUmount command injection vulnerability (CVE-24-50852) 36. Attack [28497]: Tenda G3 setDebug Cfg command injection vulnerability (CVE-24-50853) 37. Attack [28499]: Ocean CMS phome.chp command execution vulnerability (CVE-224-55461) 38. Attack [28501]: SolarView Compact command injection vulnerability (CVE-22-40881) 39. Attack [28503]: WAVLINK Router Command Injection Vulnerability (CVE-222-35538) 40. Attack [28502]: SQL injection vulnerability in fsscCommonPortlet.do of LanLing EKP system 41. Attack [28504]: Wavlink WL-WN575A3 Operating System Command Injection Vulnerability (CVE-222-37149) 42. Attack [31772]: WAVLINK AEROAL X 1200M information leak vulnerability (CVE-222-31308) 43. Attack [31775]: Short video matrix marketing system poihuoqu arbitrary file reading vulnerability 44. Attack [31774]: A vulnerability in the get_crl file reading of a short video live streaming tipping system 45. Attack [31773]: A vulnerability in the front-end file reading of a video knowledge payment system request_cy_curl in a certain short video system 46. Attack [31770]: ZksrService SQL injection vulnerability in Yunlian POS-ERP management system 47. Attack [31769]: Cloud connected POS ERP management system downloadFile arbitrary file read vulnerability 48. Attack [31768]: Feiyu Star router htpasswd sensitive information leakage vulnerability Update rules: 1. Attack [31685]: Sensitive Script File Upload_3 2. Attack [26026]: TOTOLink download.cgi remote command execution vulnerability (CVE-22022-25084) 3. Attack [25313]: Microsoft Exchange Server Side Request Forgery (SSRF) vulnerability (CVE-2021-26855/CVE-2021-26858) 4. Attack [25549]: Spring Boot Eureka XStream deserialization remote code execution vulnerability 5. Attack [25746]: Linux information collection command execution 6. Attack [28403]: UploadImgNoCheck file upload vulnerability in Guanjia Po Ordering Easy Online Mall 7. Attack [60464]: HTTP service directory traversal vulnerability 8. Attack [60993]: HTTP Cross Site Script Generic Attack Attempt 9. Attack [27928]: Lianda Power OA UpLoadFile/uploadLogo/uploadImg.asp Multiple Interface Arbitrary File Upload Vulnerability 10. Attack [24242]: Microsoft Office Remote Memory Stack Overflow Vulnerability (CVE8-0802) 11. Attack [25516]: Spring Cloud Gateway Remote Code Execution Vulnerability (CVE-22947) 12. Attack [25705]: Apache Commons Text remote command execution vulnerability (CVE-222-42889) 13. Attack [26065]: nltest AD domain attack command execution 14. Attack [25388]: VMware vCenter Server Remote Code Execution Vulnerability (CVE-2021-21985) 15. Attack [26658]: Microsoft Office security feature bypass vulnerability (CVE-2023-36413) matters needing attention: 1. The upgrade package will not restart the data communication engine and will not affect the network after the upgrade; The detection engine will automatically restart and take effect, without causing session interruption. Please choose an appropriate time to upgrade
Release Time：2025-01-03 17:52:41

Name： eoi.unify.allrulepatch.ips.2.0.0.38014.rule	Version：2.0.0.38014
MD5：a1fd7e145334058d08f71f95189816e1	Size：39.66M
Description： This upgrade package is an intrusion prevention feature library upgrade package, which only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.38014. The rules for adding/improving this upgrade package include: New rules: 1. Attack [28447]: HTTP Python code execution type 2 2. Attack [31727]: Nessus vulnerability scanning tool MySQL database scanning operation 3. Attack [31726]: DataEase database configuration information leak vulnerability (CVE-224-30269) 4. Attack [31728]: Nessus vulnerability scanning tool Oracle database scanning operation 5. Attack [28438]: D-Link Remote Command Execution Vulnerability (CVE3-1599) 6. Attack [31729]: UFIDA U8 Cloud Release RepMngAction SQL Injection Vulnerability (CNVD-2024-33023) 7. Attack [31730]: UFIDA NC downCourseWare arbitrary file read vulnerability 8. Attack [31731]: Sancho ERP system downloadFile.action arbitrary file read vulnerability 9. Attack [31733]: Nessus vulnerability scanning tool SSDP protocol scanning behavior 10. Attack [31732]: DNN server request forgery vulnerability (CVE7-0929) 11. Attack [28439]: Apache Cassandra Remote Code Execution Vulnerability (CVE-2021-44521) 12. Attack [31734]: CGI bin directory leak 13. Attack [28440]: Remote code execution vulnerability in marine CMS admin_iditplayer.php (CVE-224-42598) 14. Attack [28441]: Remote code execution vulnerability in marine CMS admin_files. php (CVE-224-42599) 15. Attack [31737]: Nessus vulnerability scanning tool Raduis protocol scanning behavior 16. Attack [28443]: XWiki.org XWiki Reflective Cross Site scripting vulnerability (CVE-224-37900) 17. Attack [28444]: Dark Moon MySQL UDF privilege escalation behavior 18. Attack [31735]: Easy Appoints information leak vulnerability (CVE-22-0482) 19. Attack [31736]: Ocean CMS admin_stafe. php arbitrary file read vulnerability (CVE-224-39036) 20. Attack [28442]: Marine CMS admin_ping.php command injection vulnerability (CVE-224-39028) 21. Attack [28446]: Linksys WRT54GL command injection vulnerability (CVE-23-31742) 22. Attack [28445]: Linksys E2000 command injection vulnerability (CVE-2023-31740) 23. Attack [31712]: Nessus vulnerability scanning tool TLS protocol scan 24. Attack [31738]: Flyte Console server request forgery (SSRF) vulnerability (CVE-228-24856) 25. Attack [28449]: WordPress plugin Users Ultra SQL injection vulnerability (CVE-22-0769) 26. Attack [28450]: WordPress plugin Simple Link Directory SQL injection vulnerability (CVE-22-0760) 27. Attack [28451]: WordPress plugin CZ Loan Management SQL injection vulnerability (CVE-224-5975) 28. Attack [31739]: WordPress plugin Quiz Maker information leak vulnerability (CVE-223-6155) 29. Attack [28453]: Discovered uploading and executing ransomware sample xxx.exe 30. Attack [31741]: Nessus vulnerability scanning tool SMB protocol scanning behavior 31. Attack [28454]: CheckMobile SQL injection vulnerability in the pan micro cloud bridge e-bridge system 32. Attack [28452]: TOTOLINK X18 setRemotecfg command injection vulnerability (CVE-2024-10966) 33. Attack [31740]: Guowei HB1910 digital program-controlled telephone exchange generate.php unauthorized RCE vulnerability 34. Attack [28456]: Shanghai Hanta Network Technology Internet Behavior Management System ping.chp Remote Command Execution Vulnerability 35. Attack [42217]: Webshell icesword.xml Trojan Access 36. Attack [31742]: WordPress Import Export Plugin Information Leakage Vulnerability (CVE-222-0236) 37. Attack [31743]: XSS Scanner scanning tool 38. Attack [28455]: TOTOLINK Remote Code Execution Vulnerability (CVE-2024-51228) 39. Attack [28457]: TOTOLINK setUploadSetting command injection vulnerability (CVE-2024-0293) 40. Attack [28458]: TOTOLINK setLanguageCfg stack overflow vulnerability (CVE-224-22660) 41. Attack [28459]: TOTOLINK setStaticDhcpRules command injection vulnerability (CVE-243-24326) 42. Attack [28448]: HTTP Python code execution type one 43. Attack [42219]: Godzilla Webshell ASP Script Upload 44. Attack [31748]: Gogs Server Request Forgery (SSRF) vulnerability (CVE-222-0870) 45. Attack [31749]: ILIAS URL redirection vulnerability (CVE-222-45917) 46. Attack [31745]: Lingdang CRM getMyAmbassar SQL injection vulnerability 47. Attack [28462]: Lingdang CRM uploads file. php file causing RCE vulnerability 48. Attack [31746]: Fangzheng Changxiang's all media news gathering and editing system reportCenter.do SQL injection vulnerability 49. Attack [31747]: Fangzheng Changxiang's all media news gathering and editing system screen.do SQL injection vulnerability 50. Attack [31750]: Cloudlog system interface delete_oqrs_line unauthorized SQL injection vulnerability 51. Attack [31751]: Cloudlog system request_form SQL injection vulnerability 52. Attack [31752]: DEDECMS XSS vulnerability 53. Attack [28460]: TOTOLINK setSSServer command injection vulnerability (CVE-24-32353/CVE-24-32354/CVE-24-32355) 54. Attack [28461]: TOTOLINK setL2tpServerCfg command injection vulnerability (CVE-224-32349/CVE-224-32350/CVE-224-32351/CVE-224-32352) 55. Attack [28463]: TOTOLINK formWlEncrypt buffer overflow vulnerability (CVE-24-33820) 56. Attack [28464]: TOTOLINK setStaticDhcpConfig buffer overflow vulnerability (CVE-24-34207) 57. Attack [28465]: Dongfangtong/deploy/upload arbitrary file upload vulnerability 58. Attack [31753]: Imgproxy Cross Site scripting (XSS) vulnerability (CVE-23-1496) 59. Attack [42220]: Suspected BloodHound/SharpHound for AD domain information collection (SMB) 60. Attack [10571]: TOTOLINK N600R buffer overflow vulnerability (CVE-223-29391) 61. Attack [10572]: TOTOLINK N600R buffer overflow vulnerability (CVE-223-29392) 62. Attack [10573]: TOTOLINK N600R buffer overflow vulnerability (CVE-223-29393) 63. Attack [10574]: TOTOLINK N600R buffer overflow vulnerability (CVE-223-29394) 64. Attack [10575]: TOTOLINK N600R buffer overflow vulnerability (CVE-223-29395) 65. Attack [10576]: TOTOLINK N600R buffer overflow vulnerability (CVE-223-29396) 66. Attack [10577]: TOTOLINK N600R buffer overflow vulnerability (CVE-223-29397) 67. Attack [10578]: TOTOLINK N600R buffer overflow vulnerability (CVE-223-29398) 68. Attack [10579]: TOTOLINK N600R buffer overflow vulnerability (CVE-223-29399) 69. Attack [28469]: Eaton shutdown module command execution vulnerability 70. Attack [31754]: Mingyuan Cloud ERP Report FHIR rpConfig. asp Information Leakage Vulnerability 71. Attack [28467]: TOTOLINK CloudACMunualUpdate command injection vulnerability (CVE-24-34210) 72. Attack [28468]: TOTOLINK setWiFiRepeaterConfig buffer overflow vulnerability (CVE-24-34217) 73. Attack [31755]: Dismap scanning tool HTTP service scan 74. Attack [28466]: ImpressCMS SQL injection vulnerability (CVE-2021-26599) 75. Attack [28470]: TOTOLINK setWiFiExtenderConfig command injection vulnerability (CVE-224-34257) 76. Attack [28471]: Beijing Shenzhou Digital Cloud Technology DCN Firewall customized.php command execution vulnerability (CVE-224-51114) 77. Attack [31756]: Dismap scanning tool Oracle database scan 78. Attack [31757]: Like Button Rating Server Side Request Forgery (SSRF) Vulnerability (CVE-2021-24150) 79. Attack [28472]: TOTOLINK disconnectVPN command injection vulnerability (CVE-24-34921) Update rules: 1. Attack [31712]: Nessus vulnerability scanning tool TLS protocol scan 2. Attack [30650]: Vulnerability scanner Nessus FTP service scanning operation 3. Attack [50632]: PowerShell invoke webrequest remote download command 4. Attack [31073]: Nuclear vulnerability scanning tool 5. Attack [26454]: Oracle WebLogic Server deserialization vulnerability (CVE-2020-2551) 6. Attack [31057]: Wfuzz vulnerability scanning tool 7. Attack [31752]: DEDECMS plus/recommender. php XSS vulnerability 8. Attack [63374]: Tftpd32 DNS Request Name Length Denial of Service Vulnerability matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-12-27 11:21:45

Name： eoi.unify.allrulepatch.ips.2.0.0.37895.rule	Version：2.0.0.37895
MD5：207720e204f40e64db133f39b7c47e07	Size：39.59M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.37895. The rules for adding/improving this upgrade package include: New rules: 1. Attack [28386]: Tenda AX12 operating system command injection vulnerability (CVE-22-45043) 2. Attack [28388]: Tenda AX12 operating system command injection vulnerability (CVE-22-45977) 3. Attack [28389]: Belkin Linksys RE6500 arbitrary command execution vulnerability (CVE-2020-35713) 4. Attack [28390]: Scrapy uploading egg files behavior 5. Attack [28391]: Ivanti EPMM authorization vulnerability (CVE-2023-35082) 6. Attack [28385]: VNet Multiple Products privWizard.cgi username command injection vulnerability (CVE-224-32766) 7. Attack [28387]: Roundcube Webmail SVG Animate stored cross site scripting vulnerability (CVE-24-37383) 8. Attack [28393]: Uploading PHP configuration files behavior 9. Attack [28395]: C-DATA Web Management System Operating System Command Injection Vulnerability (CVE-222-4257) 10. Attack [28392]: Tenda AX1803/1806 command injection vulnerability (CVE-2022-34596/CVE-2022-34597) 11. Attack [28396]: C-DATA FD702XW-X-R430 Operating System Command Injection Vulnerability (CVE-223-29337) 12. Attack [28397]: WordPress Husky Products Filter Plugin woof_author SQL injection vulnerability (CVE-224-6457) 13. Attack [31687]: GeoServer server request forgery vulnerability (CVE-2021-40822) 14. Attack [28394]: TOTOLINK router login bypass vulnerability (CVE-2021-35324) 15. Attack [31688]: SMGSuperAdmin information leakage vulnerability in Sanhui SMG gateway management software 16. Attack [31689]: Anhui Life Harbor Service Configuration Tool Platform Download Arbitrary File Reading Vulnerability 17. Attack [28399]: Beijing Zhongke Juwang Integrated Operation Platform importVisualModule Img file upload vulnerability 18. Attack [28400]: CatchByURL file upload vulnerability on Beijing Zhongke Juwang integrated operation platform 19. Attack [28401]: Beijing Zhongke Juwang Integrated Operation Platform/ue/Word File Upload Vulnerability 20. Attack [28402]: Beijing Zhongke Juwang Integrated Operation Platform Radioupload File Upload Vulnerability 21. Attack [28403]: UploadImgNoCheck file upload vulnerability in Guanjia Po Ordering Easy Online Mall 22. Attack [31685]: Sensitive Script File Upload_3 23. Attack [28404]: Remote code execution vulnerability in marine CMS admin_notify.chp (CVE-2024-30565) 24. Attack [31690]: Ocean Film and Television Management System index. php Interface ac=edit SQL Injection Vulnerability (CVE-224-39027) 25. Attack [28405]: Apache OFBiz SSRF Remote Code Execution Vulnerability (CVE-24-45507) 26. Attack [28408]: Cleo Remote Code Execution Vulnerability (CVE-24-50623) 27. Attack [28410]: Fortinet FortiManager Unauthorized Remote Command Execution Vulnerability (CVE-24-47575) 28. Attack [28406]: Metasploit Meterpreter linux_x86 Trojan connection attempt 29. Attack [28407]: Windows/Linux System Shell Reverse Connection (UDP_1) 30. Attack [28409]: Windows/Linux System Shell Reverse Connection (UDP_2) 31. Attack [31692]: Dahua DSS digital monitoring system attachments. downloadAtt.action arbitrary file read vulnerability 32. Attack [31693]: OAPlusrangedownloadfile file download vulnerability in the Jinhe JC6 collaborative management platform 33. Attack [28412]: KindEditor file upload vulnerability 34. Attack [31691]: Zhongbang CRMEB savebasics arbitrary file read vulnerability (CVE-224-52726) 35. Attack [28411]: Mingfei MCMS uploadTemplate. do file upload vulnerability (CVE-224-42990) 36. Attack [28413]: Mingfei MCMS editor.do file upload vulnerability (CVE-224-42991) 37. Attack [42211]: Windows/Linux System Shell Reverse Connection (TCP_2) 38. Attack [28416]: Ivanti Endpoint Manager deserialization vulnerability (CVE-24-29847) 39. Attack [31694]: Slack scanning tool - Oracle 40. Attack [28415]: Metasploit Meterpreter linux_x86ubind Trojan connection attempt 41. Attack [42212]: BuleHero worm communication behavior 42. Attack [31696]: Slack scanning tool - fastjson 43. Attack [28418]: D-Link GO-RT-AC750 Operating System Command Injection Vulnerability (CVE-2023-34800) 44. Attack [31697]: Froxlor path traversal vulnerability (CVE-2023-3172) 45. Attack [31695]: SingleRowQueryConvertor SQL injection vulnerability in the Saint Qiao ERP system 46. Attack [28414]: Remote Command Execution Vulnerability in the ARP Backend of Anysec Security Gateway in Zhongke Wangwei 47. Attack [28420]: Struts2 Remote Code Execution Vulnerability (CVE-2024-53677) (S2-067) 48. Attack [31701]: WordPress Plugin MiniProgram SQL Injection Vulnerability (CVE-224-8484) 49. Attack [31703]: WordPress Plugin The Events Calenda SQL Injection Vulnerability (CVE-224-8275) 50. Attack [31704]: 1 Panel Server Management Control Panel SQL Injection Vulnerability (CVE-24-39907) 51. Attack [31705]: Information leakage vulnerability in the syn.do interface of Fangzheng All Media News Editing System 52. Attack [31683]: SQL injection vulnerability in the rpt.listreport_definefield.xml intelligent collaboration platform of LanLing EIS 53. Attack [31686]: ALIN MDaemon Security Gateway XML injection vulnerability (CVE-223-25356) 54. Attack [31698]: Saint Qiao ERP system getSupplyQueryKeyword SQL injection vulnerability 55. Attack [31699]: QueryForMapWithDefaultValues SQL injection vulnerability in the Saint Qiao ERP system 56. Attack [31700]: QueryForString SQL injection vulnerability in Shengqiao ERP system 57. Attack [28419]: Saint Qiao ERP system uploadFile.action file upload vulnerability 58. Attack [31702]: NUUO network video recorder css_parser.php arbitrary file reading vulnerability 59. Attack [28424]: Struts2 Remote Code Execution Vulnerability (CVE-2024-53677) (S2-067) 60. Attack [28422]: EKing Management Easy HTML5 Upload Arbitrary File Upload Vulnerability 61. Attack [28427]: TP Link Archer VR1600V Operating System Command Injection Vulnerability (CVE-23-31756) 62. Attack [31709]: Nessus vulnerability scanning tool email service scanning operation (POP \ SMTP \ IMAP) 63. Attack [31707]: Citrix ShareFile Storage Zones arbitrary file read vulnerability (CVE-2020-8982) 64. Attack [28428]: Tenda W30E Operating System Command Injection Vulnerability (CVE-222-45506) 65. Attack [31710]: Nessus vulnerability scanning tool pgSQL database scanning operation 66. Attack [31711]: Nessus vulnerability scanning tool RDP service scan 67. Attack [28398]: XWiki.org XWiki SearchSuggestConfigSheet server-side template injection vulnerability (CVE-224-37901) 68. Attack [28430]: Crocus system RepairRecord.do SQL injection vulnerability 69. Attack [28429]: AEGON-LEFv1.0 SQL injection vulnerability (CVE-24-36597) 70. Attack [31708]: Beijing Asia Control Technology KingPortal client development system img arbitrary file reading vulnerability 71. Attack [28425]: Meite CRM upload.jsp file upload leads to RCE vulnerability (CNVD-2023-06971) 72. Attack [28423]: Misaialization vulnerability in the sync_ emp_ eixin interface of the Meite CRM system 73. Attack [28421]: Metec CRM otherValue FastJson deserialization RCE vulnerability 74. Attack [31706]: WordPress Essential Blocks plugin contains vulnerability in local files (CVE-2023-6623) 75. Attack [31713]: Nessus vulnerability scanning tool SIP protocol scan 76. Attack [31719]: Evolucare Ecsimaging SQL injection vulnerability (CVE-2021-3118) 77. Attack [28433]: EnjoySCM UploadFile arbitrary file upload vulnerability 78. Attack [28432]: Evolucare Ecsimaging new_movie.php remote command execution vulnerability 79. Attack [31718]: Evolucare Ecsimaging download_dats-dicom. php arbitrary file read vulnerability 80. Attack [28431]: Remote command execution vulnerability in imo Cloud Office corpfile.chp 81. Attack [31717]: Imo'DownLoadUI.chp arbitrary file download vulnerability in imo Cloud Office 82. Attack [31716]: Guangdong Century Information and Communication Management System initLogin. ashx SQL Injection Vulnerability 83. Attack [31715]: Guangdong Century Information and Communication Management System Login Form2.px SQL Injection Vulnerability 84. Attack [31714]: Nessus vulnerability scanning tool DNS domain name service scan 85. Attack [31720]: Crocus system Service.do arbitrary file read vulnerability 86. Attack [31721]: Pan Micro Cloud Bridge e-Bridge addTasteJsonp SQL Injection Vulnerability 87. Attack [42215]: MyDoom worm downloads malicious sample Scran.jpg behavior 88. Attack [31722]: Angjie CRM cwsupploadpicture. asmx arbitrary file read vulnerability Update rules: 1. Attack [22654]: OpenEMR PHP file upload vulnerability 2. Attack [42149]: Suspected SSRF pseudo protocol attack in request parameters 3. Attack [27878]: Remote code execution vulnerability in the ocean CMS backend admin_stmtp.php 4. Attack [62105]: HTTP directory traversal request attempt 5. Attack [27513]: Yonyou U8 Cloud ServiceDispatcherServlet deserialization vulnerability 6. Attack [42088]: Merlin C2 tool HTTP communication 7. Attack [26558]: Jenkins Basic authentication bypass vulnerability (CVE8-1999001) 8. Attack [26774]: TOTOLINK setDiagnosisCfg command injection vulnerability (CVE-222-38534/CVE-24-2353/CVE-23487/CVE-2022-36481) 9. Attack [26029]: TOTOLink NR1800X router command execution vulnerability (CVE-22-41525/CVE-22-36485) 10. Attack [26178]: TOTOLINK A7000R Router Command Execution Vulnerability (CVE-22-37076/CVE-2022-41518/CVE-222-36486) 11. Attack [26744]: TOTOLINK X6000R command injection vulnerability (CVE-23-46485/CVE-2022-36487) 12. Attack [62813]: libpng heap overflow vulnerability 13. Attack [31695]: SingleRowQueryConvertor SQL injection vulnerability in the Saint Qiao ERP system 14. Attack [26140]: Fastjson 1.2.24 deserialization vulnerability (CNVD-2017-02833) 15. Attack [26144]: Fastjson 1.2.41 deserialization vulnerability 16. Attack [26145]: Fastjson 1.2.42 deserialization vulnerability 17. Attack [26146]: Fastjson 1.2.43 deserialization vulnerability 18. Attack [26147]: Fastjson 1.2.45 deserialization vulnerability 19. Attack [26148]: Fastjson 1.2.47 deserialization vulnerability 20. Attack [26149]: Fastjson 1.2.62 deserialization vulnerability 21. Attack [26151]: Fastjson 1.2.66 deserialization vulnerability 22. Attack [26153]: Fastjson 1.2.68 deserialization vulnerability 23. Attack [30651]: Nessus/X-Scanner vulnerability scanning tool HTTP service scanning operation 24. Attack [62201]: HTTP SQL Injection Attempt Type 2 matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-12-20 16:31:59

Name： eoi.unify.allrulepatch.ips.2.0.0.37846.rule	Version：2.0.0.37846
MD5：74c192ee272092056d53a84388ae99f0	Size：39.56M
Description： This upgrade package is an intrusion prevention feature library upgrade package, which only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 2.0.0.37846. The rules for adding/improving this upgrade package include: New rules: 1. Attack [28420]: Struts2 Remote Code Execution Vulnerability (CVE-2024-53677) (S2-067) matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-12-17 14:15:35

Name： eoi.unify.allrulepatch.ips.2.0.0.37763.rule	Version：2.0.0.37763
MD5：bcc83d0194219e98fcea11d3c6d7733e	Size：39.50M
Description： This upgrade package is an intrusion prevention feature library upgrade package, which only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 2.0.0.37763. The rules for adding/improving this upgrade package include: New rules: 1. Attack [28356]: LibreNMS api_functions. inc. php list_device order SQL injection vulnerability (CVE-24-32480) 2. Attack [28357]: Logsign Unified SecOps platform lacks authentication vulnerability (CVE-2024-5721) 3. Attack [31657]: Railgun scanning tool - Oracle 4. Attack [31655]: Yibao OA ExecuteQueryNoeResult interface SQL injection vulnerability 5. Attack [31656]: Yibao OA DownloadFile file reading vulnerability 6. Attack [28355]: Yibao OA ExecuteSQL ForDataset interface SQL injection vulnerability 7. Attack [28358]: Yibao OA ExecuteQueryForDataSetBinary interface SQL injection vulnerability 8. Attack [31660]: Angjie CRM system cwsfiledown.amx arbitrary file read vulnerability 9. Attack [31658]: WordPress ElementorPageBuilder plugin arbitrary file read vulnerability (CVE-224-9935) 10. Attack [31659]: Yonyou NC yerfile/down SQL injection vulnerability 11. Attack [31661]: Shunjing ERP Management System TMScmQuote/Getile Arbitrary File Reading Vulnerability 12. Attack [28359]: MySql writing to Webshell behavior 13. Attack [28360]: Unauthorized RCE vulnerability in WordPress Query Console plugin (CVE-24-50498) 14. Attack [31663]: Yibao OA GetUDEFStreamID SQL injection vulnerability 15. Attack [31664]: 123solar file contains vulnerability (CVE-2024-9275) 16. Attack [28363]: Zimbra Collaboration Server Remote Command Execution Vulnerability (CVE-24-45519) 17. Attack [28362]: Chamilo LMS file upload vulnerability (CVE-23-4220) 18. Attack [31665]: X-ray tool scans attack detection _ ttp 19. Attack [31666]: X-ray scanning tool SQL Server TDS user scan 20. Attack [28364]: Adobe Experience Manager XML External Entity Injection Vulnerability (CVE9-8086) 21. Attack [28365]: Xiaomi AX9000 Router Command Injection Vulnerability (CVE-23-26315) 22. Attack [31667]: X-ray tool scans attack detection _ UDP host discovery 23. Attack [28366]: UFIDA U8-CRM interface rellistname.chp SQL injection vulnerability 24. Attack [31668]: Masscan scanning tool-UDP host discovery 25. Attack [31669]: masscan scanning tool_stmtp 26. Attack [28368]: Jiusi OA upload_1.jsp arbitrary file upload vulnerability 27. Attack [31670]: masscan scanning tool_rdp 28. Attack [31671]: Sitecore CMS unauthenticated arbitrary file read vulnerability (CVE-24-46938) 29. Attack [28367]: UFIDA GRP-U8 system taskmanager_login SQL injection vulnerability 30. Attack [28369]: Huawang Cloud Conference Management Platform Conflog-INC SQL Injection Vulnerability 31. Attack [28370]: Huawang Cloud Conference Management Platform confmaner.inc SQL Injection Vulnerability 32. Attack [28371]: SQL injection vulnerability in the deptacelist interface of Huawei Cloud Conference Management Platform 33. Attack [28372]: Huawang Cloud Conference Management Platform myconflist.exe SQL Injection Vulnerability 34. Attack [28377]: Temporal and Spatial WMS Warehouse Fine Management System ImageAdd.ashx File Upload Vulnerability 35. Attack [31672]: SQL injection vulnerability in the getOrderList interface of Lingdang CRM system 36. Attack [31674]: SQL Injection Vulnerability in the Smart Government Workflow Interface of the Digital Fingertip Cloud Platform 37. Attack [28361]: Microsoft Windows Themes security vulnerability (CVE-24-21320) 38. Attack [28375]: Huawei Cloud Meeting Management Platform syslog-INc SQL Injection Vulnerability 39. Attack [28376]: SQL injection vulnerability in the useractionlist interface of Huawei Cloud Conference Management Platform 40. Attack [28373]: Huawang Cloud Conference Management Platform recodemanger.inc SQL Injection Vulnerability 41. Attack [28374]: Huawang Cloud Conference Management Platform recodemangerForUser-INc SQL Injection Vulnerability 42. Attack [28378]: Spatiotemporal WMS - Warehouse Refinement Management System SaveCrash. ashx File Upload Vulnerability 43. Attack [31673]: JieLink+Intelligent Terminal Operating Platform Multiple Interface Sensitive Information Leakage Vulnerability (CVE-2024-7921/CVE-2024-7920/CVE-2024-7919) 44. Attack [31675]: JieLink+intelligent terminal operating platform GetParkController SQL injection vulnerability 45. Attack [31676]: EasyCVR video management platform taillog arbitrary file reading vulnerability 46. Attack [28379]: GSP_UnitDefineWebService. asmx command execution vulnerability in Inspur Cloud financial system 47. Attack [31677]: Mitel MiCollab Enterprise Collaboration Platform Arbitrary File Read Vulnerability (CVE-2024-41713) 48. Attack [31678]: JeecgBoot getDictAtemsByTable SQL injection vulnerability in building block report 49. Attack [31679]: Fumeng Cloud MailAjax.ashx SQL injection vulnerability 50. Attack [31680]: Kscan scanning tool_oracle 51. Attack [28382]: WhatsUp Gold AppProfileImport Unrestricted File Upload Vulnerability (CVE-2024-5008) 52. Attack [28381]: PaperCut NG and NF PrintDeploy Proxy Controller authentication bypass vulnerability (CVE-224-1222) 53. Attack [28380]: Jindouyun HMMP intelligent business software allows any user to add vulnerabilities 54. Attack [28383]: Chapter Manager saveUser.Htm vulnerability created by arbitrary user 55. Attack [31684]: Xiruan Cloud XMS futurehotel/query XML entity injection vulnerability 56. Attack [31590]: fscan scanning tool - Oracle 57. Attack [31681]: SQL injection vulnerability in Kinghui Integrated Management Information System Login Begin.xml 58. Attack [28384]: WhatsUp Gold FHIR WithoutZip directory traversal vulnerability (CVE-2024-4885) 59. Attack [31654]: Hisense Intelligent Public Transport Enterprise Management System AdjusteWorkHours.aspx SQL Injection Vulnerability 60. Attack [31651]: UploadAction SQL Injection Vulnerability in Call OA Office System 61. Attack [31653]: Shunjing ERP System Gets Arbitrary File Reading Vulnerability Update rules: 1. Attack [42146]: There are separators related to command injection in HTTP parameters 2. Attack [26178]: TOTOLINK A7000R Router Command Execution Vulnerability (CVE-22-37076/CVE-2022-41518) 3. Attack [26773]: TOTOLINK LR350 command injection vulnerability (CVE-22-44251/CVE-237-148) 4. Attack [28338]: Ant Sword Webshell infiltrated plugin As Explore memory horse injection 5. Attack [26119]: Tenda AX1803 command injection vulnerability (CVE-22-34595/CVE-225-28572) 6. Attack [60250]: RealNetworks RealPlayer SWF Flash file buffer overflow vulnerability 7. Attack [63383]: Ruby on Rails nested parameter SQL injection vulnerability (CVE2-2694/CVE2-2695) 8. Attack [31078]: Skipfish vulnerability scanning tool 9. Attack [61693]: Microsoft Windows GDI+PNG Remote Code Execution Vulnerability (CVE-2009-2501) 10. Attack [61339]: Microsoft Windows GDI WMF file parsing integer overflow vulnerability (MS08-071) 11. Attack [24162]: Autodesk Design Review BMP biClrUsed buffer overflow vulnerability 12. Attack [28312]: Spring Cloud Data Flow arbitrary file write vulnerability (CVE-224-22263) 13. Attack [27712]: Spring Cloud Data Flow Remote Code Execution Vulnerability (CVE-24-37084) 14. Attack [63682]: HTTP SQL injection attempt type three 15. Attack [27545]: UFIDA U8 Cloud smartweb2.showRPCLoadingTip.d XXE vulnerability 16. Attack [27496]: Dahua DSS loginlogin/user_toLoginPage s2 expression injection vulnerability matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-12-17 14:14:22

Name： eoi.unify.allrulepatch.ips.2.0.0.37682.rule	Version：2.0.0.37682
MD5：f80237c635831bbff5f70419366d3f73	Size：39.45M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 2.0.0.37682. The rules for adding/improving this upgrade package include: New rules: 1. Attack [31622]: Jiusi OA workflow Sync.getUserStatus ByRole. dwr SQL injection vulnerability 2. Attack [31623]: SAP Enterprise Operations Management Platform apilogin SQL Injection Vulnerability 3. Attack [28340]: UFIDA U8 CRM ajaxgetborrowdata.chp SQL injection leads to RCE vulnerability 4. Attack [31630]: WordPress Formator plugin SQL injection vulnerability (CVE-24-31077) 5. Attack [31625]: Yonyou NC process interface SQL injection vulnerability 6. Attack [28341]: UFIDA U8 CRM Ajax/getufvouchdata.chp SQL injection leads to RCE vulnerability 7. Attack [31626]: Intelligent Cloud Acquisition SRM 2.0 QuickReceiptDetail SQL Injection Vulnerability 8. Attack [31627]: Intelligent Cloud Acquisition SRM2.0 StatusList SQL Injection Vulnerability 9. Attack [31628]: Intelligent Cloud Acquisition SRM2.0 receiptDetail SQL Injection Vulnerability 10. Attack [31629]: SQL injection vulnerability in the network security audit system of Ren Zixing, log_fw_ips.scan_jsondata 11. Attack [31631]: CyberPower PowerPanel Import Profile directory traversal vulnerability (CVE-224-33615) 12. Attack [31632]: Delta Electronics DIAEnergie SQL injection vulnerability (CVE-24-34032) 13. Attack [28342]: ProjectSend authentication bypass vulnerability (CVE-224-11680) 14. Attack [42209]: Sensitive Script File Upload_2 15. Attack [31633]: Goby tool scans for attack detection _ GIOP 16. Attack [28343]: OpenCats XML External Entity Injection Vulnerability (CVE9-13358) 17. Attack [31636]: Topos Media Asset Management System Main.do Sensitive Information Leakage Vulnerability 18. Attack [31635]: SQL Injection Vulnerability in the Client Server of Dahua Smart Park Comprehensive Management Platform 19. Attack [31634]: Online Book System SQL injection vulnerability (CVE-2024-3000) 20. Attack [28344]: UFIDA NC cartobletimeline/doList SQL injection vulnerability 21. Attack [28345]: Phishing download of malicious Batloader.MSI file 22. Attack [31639]: Goby tool scans attack detectability _T3 23. Attack [31641]: Nmap SQL Server TDS User Scanning Behavior 24. Attack [28337]: Ivanti Endpoint Manager UWP ogFileRulesNameUniqueSQL SQL injection vulnerability (CVE-24-29830) 25. Attack [28346]: Ivanti Endpoint Manager VulCore. asmx dDBPatches SQL injection vulnerability (CVE-224-29826) 26. Attack [31642]: SQL injection vulnerability (CVE-224-1698) in WordPress plugin Notify X 27. Attack [31640]: SQL injection vulnerability in WordPress WebDirectory plugin (CVE-224-3552) 28. Attack [31638]: SQL injection vulnerability in WordPress Dropdown CF7 plugin (CVE-224-3495) 29. Attack [31637]: WordPress Automatic Plugin arbitrary file download vulnerability (CVE-224-27954) 30. Attack [31643]: WordPress plugin Recall has SQL injection vulnerability (CVE-224-32709) 31. Attack [28348]: WordPress JS Support Ticket arbitrary file upload vulnerability 32. Attack [31647]: WordPress Dokan SQL injection vulnerability (CVE-222-3915) 33. Attack [31646]: WordPress Wholesale Market plugin arbitrary file read vulnerability (CVE-222-4298) 34. Attack [31645]: SQL injection vulnerability in WordPress Business Directory plugin (CVE-224-4443) 35. Attack [31644]: WordPress plugin Tainacan front-end arbitrary file read vulnerability (CVE-224-7135) 36. Attack [28347]: Kerberoast attack for remote download of Invoke Kerberoast.ps1 37. Attack [28350]: Remote Command Execution Vulnerability in Hande Groovy 38. Attack [31649]: Zabbix SQL injection vulnerability (CVE-224-42327) 39. Attack [42210]: Cisco AnyConnect VPN login connection 40. Attack [28351]: KubePi JWT privilege bypass vulnerability (CVE-224-36111) 41. Attack [31648]: JeecgBoot getTotalData SQL injection vulnerability (CVE-24-48307) 42. Attack [31650]: WordPress Time Clock Remote Code Execution Vulnerability (CVE-224-9593) 43. Attack [28352]: D-Link NAS scan_desk.cgi remote command execution vulnerability 44. Attack [28353]: Contract Lock Electronic Signing Platform Authentication Bypass Vulnerability 45. Attack [28349]: Wordpress Really Simple Security arbitrary user login vulnerability (CVE-2024-10924) 46. Attack [28354]: WeiPHP _ send_fy_group SQL injection vulnerability Update rules: 1. Attack [28338]: Ant Sword Webshell infiltrated plugin As Explore memory horse injection 2. Attack [41588]: PHP Webshell script upload 3. Attack [42113]: Goby tool scans for attack detectability 2 4. Attack [23277]: Web Service Cross Site Script Execution Attack 5. Attack [41924]: Vulnerability Scanner WPScan Scan Detection 6. Attack [27303]: GravCMS Remote Code Execution Vulnerability (CVE-2021-21425) Announcements: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-12-17 14:13:21

Name： eoi.unify.allrulepatch.ips.2.0.0.37574.rule	Version：2.0.0.37574
MD5：fd35947fa475ce4f43667022571fbf85	Size：39.37M
Description： This upgrade package is an intrusion prevention feature library upgrade package, which only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.37574. The rules for adding/improving this upgrade package include: New rule: 1. Attack [42186]: Cobalt Strike penetration attack tool stager transfer (https_stager_x64) 2. Attack [28307]: Palo Alto Networks Expedition Administrator Reset Vulnerability (CVE-224-5910) 3. Attack [42187]: lemon duck remote control communication behavior 4. Attack [31604]: fscan scanning tool - dnslog 5. Attack [28308]: Palo Alto Networks Expedition command injection vulnerability (CVE-224-9464) 6. Attack [31605]: fscan scanning tool - fastcgi 7. Attack [28309]: Fortinet FortiIEM Operating System Command Injection Vulnerability (CVE-224-23108) 8. Attack [28303]: D-Link DI-8100 ip_position asp function buffer overflow vulnerability (CVE-224-52711) 9. Attack [28304]: Command injection vulnerability in D-Link DI-8100 msc_info htm function (CVE-224-7436) 10. Attack [28306]: D-Link DI-8003 upgrade_filter.asp stack overflow vulnerability (CVE-224-11047) 11. Attack [42188]: Discovery of Asynchronous RAT malicious Trojan download 12. Attack [42189]: Discovery of Asynchronous RAT malicious Trojan download_1 13. Attack [42190]: Malicious software StealC downloads communication 14. Attack [42191]: Malicious software StealC download communication_1 15. Attack [31606]: fscan scanning tool - SBMGhost 16. Attack [28310]: Apache NiFi Parameter Context stored cross site scripting vulnerability (CVE-224-37389) 17. Attack [28311]: Centralon Web insertGraphTemplate SQL injection vulnerability (CVE-224-23119) 18. Attack [42192]: QuasarRAT remote control communication 19. Attack [28312]: Spring Cloud Data Flow arbitrary file write vulnerability (CVE-224-22263) 20. Attack [28313]: Article Proxy authentication bypass vulnerability (CVE-2024-2056) 21. Attack [31607]: Delta Electronics DIAEnergie SQL injection vulnerability (CVE-224-25937) 22. Attack [42193]: Discovery of DanaBot Malicious Trojan JS Download 23. Attack [42194]: Discovery of DanaBot Malicious Trojan DLL Download 24. Attack [42195]: Discovery of Dreambot Malicious Trojan Download 25. Attack [42196]: Trojan Dreambot Malicious Communication 26. Attack [42197]: Trojan Dreambot Malicious Communication-1 27. Attack [42198]: Trojan Dreambot Malicious Communication-2 28. Attack [28314]: Open_juese SQL injection vulnerability in Zhixiang OA system 29. Attack [28315]: CertUpload file upload vulnerability in Dongsheng Logistics software 30. Attack [28316]: WordPress Plugin WPvivid Backup \ Migration deserialization code execution vulnerability (CVE-224-3054) 31. Attack [28317]: Wazuh host deny command injection vulnerability (CVE-2023-50260) 32. Attack [28318]: SRM Intelligent Connected Cloud Acquisition Inquiry SQL Injection Vulnerability 33. Attack [28319]: Apache Seata Hessian deserialization vulnerability (CVE-224-22399) 34. Attack [31610]: Voltronic Power ViewPower SQL injection vulnerability (CVE-23-51595) 35. Attack [31611]: Voltronic Power ViewPower SQL injection vulnerability (CVE-23-51595) _2 36. Attack [42199]: Pan micro checkLogin login failed 37. Attack [42200]: Remcos RAT download behavior discovered 38. Attack [42201]: Remcos RAT download behavior_1 discovered 39. Attack [42202]: Discovery of Remcos RAT download behavior_2 40. Attack [42203]: Malicious communication of Trojan Lokibot 41. Attack [42204]: Sliver penetration attack tool Beacon connection_2 42. Attack [28320]: UWSGI Unauthorized Access Vulnerability 43. Attack [31612]: Delta Electronics DIAEnergie SQL injection vulnerability (CVE-224-28891) 44. Attack [28323]: PaperCut NG/MF Cross Site scripting vulnerability (CVE-224-1883) 45. Attack [31613]: Centralon updateGroups SQL injection vulnerability (CVE-224-23115) 46. Attack [28321]: VMware ESXI Remote Code Execution Vulnerability (CVE-2020-3992) 47. Attack [28325]: GitLab Profile Page Cross Site scripting vulnerability (CVE-224-1451) 48. Attack [42205]: Trojan PCRAT/GH0ST malicious communication 49. Attack [28327]: SQL injection vulnerability in Sobey Media's Sc TapMonitoring/rest/task/search 50. Attack [50664]: Green light remote control communication behavior 51. Attack [28322]: Access OA SQL injection vulnerability (CVE-2024-10602) 52. Attack [31614]: Access OA SQL Injection Vulnerability (CVE-224-10601) 53. Attack [31615]: Access OA SQL injection vulnerability (CVE-2023-7180) 54. Attack [31616]: Access OA SQL injection vulnerability (CVE-2023-7023) 55. Attack [31617]: Access OA SQL injection vulnerability (CVE-23-7022) 56. Attack [31618]: Access OA SQL injection vulnerability (CVE-2023-7021) 57. Attack [31619]: Access OA SQL injection vulnerability (CVE-2023-7020) 58. Attack [42206]: Trojan AgentTeslTesla Keylogger FTP upload 59. Attack [42207]: Trojan HawkEye Keylogger FTP upload 60. Attack [31608]: UFIDA U8 Cloud FileServlet arbitrary file read vulnerability 61. Attack [31609]: UFIDA U8-Cloud nc.bs.sm.login2.ReginServlet SQL injection vulnerability Update rules: 1. Attack [10139]: Linux Kernel SNMP NAT Helper Remote Denial of Service Vulnerability (CVE-2006-2444) 2. Attack [28239]: PHP code execution attack - generic functions 3. Attack [24999]: Spring Boot Actor Information Leakage Vulnerability 4. Attack [62201]: HTTP SQL injection attempt type 2 5. Attack [27849]: Jinhe OA jc6 uploadFileForJinht and UploadFile arbitrary file upload vulnerability 6. Attack [26992]: WordPress plugin Bricks Builder remote code execution vulnerability (CVE-24-25600) 7. Attack [31212]: LG LED Assistant directory traversal vulnerability (CVE-224-2863) 8. Attack [31507]: SpectoLabs hoverfly arbitrary file read vulnerability (CVE-24-45388) 9. Attack [42148]: Godzilla Webshell Connection 10. Attack [28299]: Ant Sword Webshell Management Tool Connection Control_3 11. Attack [25895]: Pan Micro OA KtreeUploadAction file upload vulnerability (CNVD-2020-33199) matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-11-29 15:22:04

Name： eoi.unify.allrulepatch.ips.2.0.0.37479.rule	Version：2.0.0.37479
MD5：9a4da167bb91e8d9e92a9dafb77300bd	Size：39.30M
Description： This upgrade package is an intrusion prevention feature library upgrade package, which only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.37479. The rules for adding/improving this upgrade package include: New rule: 1. Attack [28268]: SpEL expression injection vulnerability in DataGear data visualization analysis platform (CVE-224-37759) 2. Attack [28272]: Tenda AC15 AC1900 Operating System Command Injection Vulnerability (CVE-2020-15916) 3. Attack [28271]: LG Simple Editor cropImage directory traversal arbitrary file deletion vulnerability (CVE-2023-40502) 4. Attack [28274]: SonicWALL Analytics/GMS path traversal vulnerability (CVE-2023-34129) 5. Attack [42184]: Discovery of Sekhmet ransomware communication 6. Attack [28275]: LG Simple Editor arbitrary file deletion vulnerability (CVE-23-40494) 7. Attack [28276]: SonicWALL Analytics/GMS path traversal vulnerability (CVE-2023-34129) _2 8. Attack [28277]: mySCADA myPRO operating system command injection vulnerability (CVE-23-28384) 9. Attack [28278]: CRMEB e-commerce system PublicControllers. php deserialization vulnerability (CVE-224-6944) 10. Attack [28279]: JDBC deserialization vulnerability (MySql) 11. Attack [28273]: Monitorr arbitrary file upload vulnerability (CVE-2020-28871/CVE-2024-0713) 12. Attack [28280]: Fortinet Fortios code execution vulnerability (CVE-224-21762) 13. Attack [31558]: Traffic scanning for sensitive Git files 14. Attack [31561]: Nmap versant information scanning behavior 15. Attack [31559]: Rockwell Automation ThinManager path traversal vulnerability (CVE-23-2915) 16. Attack [31563]: Nmap oracl user scan 17. Attack [31562]: ExportReport SQL Injection Vulnerability in Yisi Intelligent Logistics Unmanned System 18. Attack [31564]: Inspur Intelligent Logistics Unmanned System Login SQL Injection Vulnerability 19. Attack [31565]: Yisi Intelligent Logistics Unmanned System DownFile Arbitrary File Reading Vulnerability 20. Attack [31560]: UFIDA Mobile Management System getApp SQL Injection Vulnerability 21. Attack [28281]: Golden Disk Mobile Library System doUpload File Upload Vulnerability 22. Attack [31572]: PolicyAjax SQL injection vulnerability in a certain Saitong electronic document security management system 23. Attack [31571]: Feiqi Internet FE Enterprise Operations Management Platform videotexMonitor.jsp SQL Injection Vulnerability 24. Attack [31570]: Wanhu ezOFFICE wf_printnum.jsp SQL injection vulnerability 25. Attack [31569]: SQL injection vulnerability in Wanhu ezOFFICE wpsservlet 26. Attack [31567]: Wanhu ezOFFICE DocumentEdit_deal.jsp SQL injection vulnerability 27. Attack [31568]: JeePlus Rapid Development Platform ResetPassword and RegisterUser Interface SQL Injection Vulnerability 28. Attack [28285]: Access to OA submenu. php SQL injection vulnerability (CVE-224-10600) 29. Attack [28286]: Spoop EAP Enterprise Adaptation Management Platform Upload.xml arbitrary file upload vulnerability 30. Attack [31566]: Nmap smb Eternal Red vulnerability scan 31. Attack [31579]: F22 Clothing Management Software System Load. ashx Arbitrary File Reading Vulnerability 32. Attack [28282]: F22 Clothing Management Software System UploadHandler. ashx arbitrary file upload vulnerability 33. Attack [28283]: SQL injection vulnerability in the OrgInfoMng.ASPX intelligent public transportation enterprise management system of Hisense 34. Attack [31573]: Accessing Office Anywhere SQL injection vulnerability (CVE-224-4903) 35. Attack [31574]: Accessing Office Anywhere SQL injection vulnerability (CVE-24-25320) 36. Attack [31575]: Accessing Office Anywhere SQL injection vulnerability (CVE-224-1251) 37. Attack [31576]: Accessing Office Anywhere SQL injection vulnerability (CVE-224-10732) 38. Attack [31577]: Accessing Office Anywhere SQL injection vulnerability (CVE-224-10731) 39. Attack [31578]: Accessing Office Anywhere SQL injection vulnerability (CVE-224-10730) 40. Attack [28284]: D-Link DNS Multiple Products sc_cgr.cgi Remote Command Execution Vulnerability 41. Attack [28287]: Paladin bastion machine sslvpnservice. php SQL injection vulnerability 42. Attack [28289]: Apache Hertzbeat SnakeYaml deserialization vulnerability (CVE-2024-42323) 43. Attack [31581]: Access OA SQL injection vulnerability (CVE-224-10658) 44. Attack [31582]: Access OA SQL injection vulnerability (CVE-2024-10657) 45. Attack [31583]: Access OA SQL injection vulnerability (CVE-2024-10656) 46. Attack [31584]: Access OA SQL injection vulnerability (CVE-224-10655) 47. Attack [31585]: Access OA SQL injection vulnerability (CVE-2024-10619) 48. Attack [31586]: Access OA SQL injection vulnerability (CVE-2024-10618) 49. Attack [31587]: Access OA SQL injection vulnerability (CVE-2024-10617) 50. Attack [31588]: Access OA SQL injection vulnerability (CVE-2024-10616) 51. Attack [31589]: Access OA SQL injection vulnerability (CVE-2024-10615) 52. Attack [31591]: VISA VBASE Automation Base XML External Entity Injection Vulnerability (CVE-222-45468) 53. Attack [28291]: UploadHandler. ashx arbitrary file upload vulnerability in Zhongcheng Kexin management system 54. Attack [31593]: Hexo arbitrary file read vulnerability (CVE-23-39584) 55. Attack [31580]: Jiusi OA dl.jsp arbitrary file read vulnerability 56. Attack [28288]: Anke Medical Emergency Office Management System Service. asmx SQL Injection Vulnerability 57. Attack [28290]: Jinhua Dijia Live Large Screen Interactive System Mobile.do.php arbitrary file upload vulnerability 58. Attack [28292]: WordPress Woocommerce Product Design plugin arbitrary file upload vulnerability (CVE-24-50482) 59. Attack [31594]: Altenergy power system control software statis_Zigbee SQL injection vulnerability (CVE-224-11305) 60. Attack [31595]: Access OA SQL injection vulnerability (CVE-2023-6885) 61. Attack [31596]: Access OA SQL injection vulnerability (CVE-2024-0938) 62. Attack [28293]: CyberPanel upgrademysqlstatus remote command execution vulnerability (CVE-2024-51568) 63. Attack [31598]: Access OA SQL Injection Vulnerability (CVE9-9759) 64. Attack [31599]: Renwoxing Collaborative CRM Popular Edition CommonDict/Edit SQL Injection Vulnerability 65. Attack [28294]: CyberPanel getresetstatus remote command execution vulnerability (CVE-2024-51378) 66. Attack [28295]: Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-23-24955) 67. Attack [42185]: Weevey Webshell tool communication _2 68. Attack [28299]: Ant Sword Webshell Management Tool Connection Control_3 69. Attack [28300]: Citrix Systems Virtual Apps and Desktop Remote Code Execution Vulnerability (CVE-2024-8068/CVE-2024-8069) 70. Attack [28298]: Baolande BES middleware Spark BesEJB remote code execution vulnerability 71. Attack [31600]: SQL injection vulnerability in the LexicoyIdit.xml of the commercial hybrid ERP system 72. Attack [31601]: SQL injection vulnerability in Operater_Action.xsp of the commercial hybrid ERP system 73. Attack [31603]: SQL injection vulnerability in TaskCarToQueue.xml of the commercial hybrid ERP system 74. Attack [31602]: SQL injection vulnerability in Stockreceived Edit. asp of the commercial hybrid ERP system 75. Attack [31592]: fscan scanning tool ms17010 76. Attack [28301]: Palo Alto Networks PAN-OS authentication bypass vulnerability (CVE-2024-0012) 77. Attack [28302]: Palo Alto Networks PAN-OS privilege escalation RCE vulnerability (CVE-24-9474) 78. Attack [28227]: Apache Airflow Operating System Command Injection Vulnerability (CVE-2020-11981) 79. Attack [31513]: XSS vulnerability in Exchange mail system Update rules: 1. Attack [23597]: Redis Unauthorized Access Remote Server Access Vulnerability (CNVD-2015-07557) 2. Attack [26507]: curl SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545) 3. Attack [41973]: Discovery of DCOM remote command execution behavior 4. Attack [62201]: HTTP SQL injection attempt type 2 5. Attack [42079]: Suo5 Tunnel Tool Communication 6. Attack [26111]: Nacos Raft protocol deserialization vulnerability (CNVD-2023-45001) 7. Attack [42138]: Ice Scorpion 3.0 Webshell Connection 8. Attack [41943]: Scorpio WebShell Management Tool Communication (aspx ashx) 9. Attack [28224]: Weblogic deserialization command execution vulnerability (CVE-24-21216) _2 10. Attack [27904]: Ant Sword Webshell Management Tool Connection Control_2 11. Attack [42148]: Godzilla Webshell Connection 12. Attack [27141]: Ice Scorpion 4.0 Webshell Connection (asp-php-ashx) 13. Attack [25928]: Ice Scorpion Webshell connection_2 (JSP) 14. Attack [31091]: HTTP/etc/shadow file read successful matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-11-23 01:11:54

Name： eoi.unify.allrulepatch.ips.2.0.0.37374.rule	Version：2.0.0.37374
MD5：b7949980d196f679e9e369ac479229c7	Size：39.24M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 2.0.0.37374. The rules for adding/improving this upgrade package include: New rule: 1. Attack [28237]: PHP code execution attack - encoding 2. Attack [28239]: PHP code execution attack - generic functions 3. Attack [28238]: Apache Solr XXE vulnerability 4. Attack [28240]: PHP webshell access 5. Attack [28241]: SolarWinds Security Event Manager AMF deserialization vulnerability (CVE-2024-0692) 6. Attack [31532]: Baizhuo Byzro Networks Smart S80 SQL Injection Vulnerability (CVE-224-3346) 7. Attack [28242]: Baizhuo Byzoro Network Smart SQL Injection Vulnerability (CVE-224-1254) 8. Attack [28243]: Baizhuo Smart S80 Management Platform updatelib.chp file upload vulnerability (CVE-2023-6274) 9. Attack [28244]: Baizhuo Smart S40 Management Platform updateos.chp file upload vulnerability (CVE-2023-6574) 10. Attack [28245]: Baizhuo Byzro A10 repair. php SQL injection vulnerability (CVE-2023-6575) 11. Attack [28246]: Accessing Office Anywhere SQL injection vulnerability (CVE-224-1252) 12. Attack [31533]: Baizhuo Byzro PatrolFlow 2530Pro path traversal vulnerability (CVE-23-6577) 13. Attack [28232]: WordPress Kadence Blocks Plugin file upload vulnerability 14. Attack [28249]: LG Simple Editor deleteCheckSession directory traversal for arbitrary file deletion vulnerability (CVE-2023-40492) 15. Attack [10570]: GitLab Preview_markdown Denial of Service Vulnerability (CVE-2023-3364) 16. Attack [42178]: Discovery of Sepsis Trojan uploading information 17. Attack [28248]: Shunjing ERP management system FileUpload/Upload arbitrary file upload vulnerability 18. Attack [28247]: UploadInvtSPBuzPlanFile arbitrary file upload vulnerability in Shunjing ERP management system 19. Attack [31534]: Full process cloud OA QCPES.asmx SQL injection vulnerability 20. Attack [31535]: Jenkins Build Monitor View Plugin stores cross site scripting vulnerability (CVE-224-28156) 21. Attack [31538]: HANDLINK ISS-7000v2 gateway login.handler.cgi unauthorized command execution vulnerability 22. Attack [28251]: LG LED Assistant unauthenticated password reset vulnerability (CVE-224-2862) 23. Attack [28217]: JeecgBoot building block report testConnection remote code execution vulnerability 24. Attack [28252]: LG Simple Editor saveXml directory traversal for arbitrary file upload vulnerability (CVE-2023-40497) 25. Attack [28255]: Linux kernel ksmbd buffer overflow vulnerability (CVE-2023-52440) 26. Attack [31536]: Generic Micro E-Cology9 FileDownloadLocation Authentication Bypass Resulting in SQL Injection Vulnerability 27. Attack [28253]: Java AMF3 deserialization of JDBC injection vulnerability 28. Attack [31537]: Suspected Nmap SSL detection behavior 29. Attack [28257]: Java AMF3 deserialization of JDBC injection loop_2 30. Attack [28256]: H3C CVM cas/fileUpload/fd file upload leads to RCE vulnerability (CNVD-2024-14168) 31. Attack [31539]: nmap Docker version scan 32. Attack [28258]: Ivanti Avalanche SmartDeviceServer ConnectServlet XML External Entity Injection Vulnerability (CVE-23-46265) 33. Attack [31540]: Nmap krb5 user scan 34. Attack [31541]: Blue Ling OA-EKP system hrStaffWebService arbitrary file read vulnerability 35. Attack [28259]: Pan Micro E-Cology QRcodeBuildAction SQL Injection Vulnerability 36. Attack [42179]: Suspected malicious file download 37. Attack [31543]: Nmap krb5 user scan_2 38. Attack [28260]: Command injection vulnerability in multiple D-Link DNS products (CVE-2024-10914) 39. Attack [42180]: Discovery of Samas ransomware uploading information 40. Attack [28261]: Apache CloudStack SAML Security Bypass Vulnerability (CVE-2024-41107) 41. Attack [31544]: Suspected Nmap GIOP scanning behavior 42. Attack [31542]: Suspected Nmap DTLS scanning behavior 43. Attack [31545]: Linux kernel ksmbd SetInfo request information leakage vulnerability 44. Attack [31546]: YonBIP R5 Flagship Yonbiprogin arbitrary file read vulnerability 45. Attack [28262]: Hongjing Human Resources Information Management System uploadLogo arbitrary file upload vulnerability 46. Attack [28224]: Weblogic deserialization command execution vulnerability (CVE-24-21216) _2 47. Attack [42181]: Discovery of malicious requests from Monero mining Trojans 48. Attack [42182]: Discovered LollicCrypt ransomware communication 49. Attack [28263]: Remote Command Execution Vulnerability in Newserver of Hexin Chuangtian Cloud Desktop System 50. Attack [28264]: Avtech Network Camera Command Injection Vulnerability (CVE-224-7029) 51. Attack [28265]: Telecom Gateway Configuration Management System upload_channels.chp file upload vulnerability 52. Attack [28266]: Nextgen Mirth Connect XStreamSequencer insecure deserialization vulnerability (CVE-23-43208) 53. Attack [31553]: LG LED Assistant setThumbnailRc directory traversal vulnerability 54. Attack [42183]: Discovery of Eris ransomware communication 55. Attack [31547]: Dongsheng Logistics Software's dDataListCA SQL Injection Vulnerability 56. Attack [31548]: Dongsheng Logistics Software TCodeVoynoAdapter.xz SQL Injection Vulnerability 57. Attack [31549]: Dongsheng Logistics Software SaveUserQuerySetting SQL Injection Vulnerability 58. Attack [31550]: Dongsheng Logistics Software Company sAccountGridSource. asp SQL Injection Vulnerability 59. Attack [31551]: Dongsheng Logistics Software OPEERATORCODEAdapter. asp SQL Injection Vulnerability 60. Attack [31552]: Dongsheng Logistics Software SubCompSeaeDfAdapter.xml SQL Injection Vulnerability 61. Attack [31554]: Dongsheng Logistics Software AttributeAdapter. asp SQL Injection Vulnerability 62. Attack [31555]: Dongsheng Logistics Software VNet ParentModuTreeList SQL Injection Vulnerability 63. Attack [31556]: Expectation Manufacturing ERP System DrawGrid.action SQL Injection Vulnerability 64. Attack [31557]: HookService SQL injection vulnerability in a certain Saitong electronic document security management system (CVE-224-10660) 65. Attack [28267]: Mingyuan Real Estate ERP WFWebService. asmx deserialization RCE vulnerability Update rules: 1. Attack [25752]: Successful execution of Linux information collection command 2. Attack [25839]: Command injection vulnerability in Node.js (CVE-2021-21315) 3. Attack [31320]: Suspected Nmap SIP scanning behavior 4. Attack [60464]: HTTP service directory traversal vulnerability 5. Attack [28033]: Byzoro Smart S85F Management Platform Command Injection Vulnerability (CVE-2023-5683) 6. Attack [31235]: The php MyAdmin file contains a vulnerability (CVE4-8959) 7. Attack [26992]: WordPress plugin Bricks Builder remote code execution vulnerability (CVE-24-25600) 8. Attack [60115]: Microsoft Windows GDI AttemptWrite function remote heap overflow vulnerability (MS07-046) 9. Attack [60991]: HTTP Request XSS Cross Site Script Attack Attempt 10. Attack [27119]: Apache Zeppelin shell arbitrary command execution vulnerability (CVE-24-31861) 11. Attack [26175]: wmiexec tool web execution 12. Attack [25839]: Command injection vulnerability in Node.js (CVE-2021-21315) 13. Attack [25827]: Vulnerabilities in writing arbitrary files in the pan micro E-Office do.exe file 14. Attack [25823]: Pan Micro E-Office E-Office 10 OfficeServer. php file upload vulnerability 15. Attack [25747]: Execution of Windows Information Collection Command 16. Attack [62201]: HTTP SQL Injection Attempt Type 2 matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-11-14 18:40:02

Name： eoi.unify.allrulepatch.ips.2.0.0.37241.rule	Version：2.0.0.37241
MD5：9c6f6ad805b7497e64965293659c75e9	Size：39.16M
Description： This upgrade package is an intrusion prevention feature library upgrade package, which only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 2.0.0.37241. The rules for adding/improving this upgrade package include: New rule: 1. Attack [28218]: FLIR Thermal Camera controllerFlirSystem.exe remote command execution vulnerability 2. Attack [28216]: Aviatrix Controller remote code execution vulnerability (CVE-2021-40870) 3. Attack [28236]: SPIP BigUp Unauthorized Remote Code Execution Vulnerability (CVE-2024-8517) 4. Attack [31524]: BossCMS folder parameter directory traversal vulnerability 5. Attack [10568]: VMware vCenter Server Denial of Service Vulnerability (CVE-222-31698) 6. Attack [28220]: Apache CloudStack code injection vulnerability (CVE-224-38346) 7. Attack [28219]: UFIDA NC6.5 FileReceptServlet arbitrary file upload vulnerability (CNVD-2023-85593) _2 8. Attack [31525]: Discuz faq.php SQL injection vulnerability 9. Attack [28221]: WordPress Fastest Cache plugin is_user_demin SQL injection vulnerability (CVE-2023-6063) 10. Attack [31526]: Reflected Cross Site scripting vulnerability (CVE-24-21726) 11. Attack [28222]: UFIDA U8 Cloud uapbd.refdef.query SQL injection vulnerability 12. Attack [28223]: Apache Solr authentication bypass vulnerability (CVE-224-45216) 13. Attack [28235]: Finetree 5MP camera user_pop.chp arbitrary user added vulnerability (CNVD-2021-42372) 14. Attack [28225]: Consul Rexec component remote command execution vulnerability 15. Attack [28226]: Bitbucket login bypass vulnerability 16. Attack [31527]: UCMS arbitrary file read vulnerability (CVE-222-28444) 17. Attack [31529]: Sap EAP Enterprise Adaptation Management Platform Download.xml arbitrary file read vulnerability 18. Attack [28228]: Apache Airflow Unauthorized Access Vulnerability (CVE-2020-13927) 19. Attack [28229]: Permission Bypass Vulnerability in Drupal (CVE9-6342) 20. Attack [31530]: Adobe Experience Manager forms and documents. form. validator. html sensitive information leak vulnerability 21. Attack [28230]: IBM Operational Decision Manager Data Source JDBC Injection Vulnerability (CVE-2024-22319) 22. Attack [10569]: TP Link Archer C50 Denial of Service Vulnerability (CVE-2020-9375) 23. Attack [50663]: Discovery of DNS BIND version detection behavior 24. Attack [28231]: D-Link D-View uploadmin directory traversal file write vulnerability (CVE-2023-32167) 25. Attack [28233]: CyberPanel upgrademysqlstatus remote code execution vulnerability (CVE-2024-51567) 26. Attack [28234]: pyLoad js2py sandbox arbitrary code execution vulnerability (CVE-2024-39205) 27. Attack [42177]: Discovered ransomware LockBit 2.0 request communication (b66ssc) 28. Attack [31531]: Jida Zhengyuan authentication gateway downTools arbitrary file reading vulnerability 29. Attack [42169]: Discovered Conficker Trojan connecting to server 30. Attack [28206]: PostgreSQL XML Entity Injection Vulnerability 31. Attack [28203]: Blue Ling OA ReportServlet arbitrary file write vulnerability 32. Attack [31510]: HTTP SQL injection attempt type nine 33. Attack [31511]: OfficeWeb365 GetNext arbitrary file read vulnerability Update rules: 1. Attack [26377]: Kingsoft Terminal Security System V9 ajax.php code execution vulnerability 2. Attack [28127]: WordPress LearnPress SQL injection vulnerability (CVE-224-8522/CVE-2024-8529) 3. Attack [25747]: Execution of Windows Information Collection Command 4. Attack [27209]: Code injection vulnerability in XWiki.org XWiki Database Search (CVE-2024-31982) 5. Attack [41188]: DDOS tool Mstream main control end detects distributed end 6. Attack [25390]: Netgear ProSAFE NMS300 FileUploadUtils directory traversal 7. Attack [27486]: Remote code execution vulnerability in Feiqi Internet FE Enterprise Operations Management Platform/common/common_stort_tree.jsp 8. Attack [26218]: SPIP Remote Code Execution Vulnerability (CVE-23-27372) 9. Attack [25988]: Wordpress file upload vulnerability (CVE-2020-24948) matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-11-08 16:14:07

Name： eoi.unify.allrulepatch.ips.2.0.0.37160.rule	Version：2.0.0.37160
MD5：e744b69c687d40d17379648b4328aeeb	Size：46.65M
Description： This upgrade package is an intrusion prevention feature library upgrade package, which only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.37160. The rules for adding/improving this upgrade package include: New rule: 1. Attack [28176]: Dahua Intelligent Cloud Gateway Registration Management Platform doLogin SQL Injection Vulnerability (CNVD-2024-38747) 2. Attack [28177]: NUUO Network Video Recorder command injection vulnerability (CVE9-9653) 3. Attack [42167]: Existence of jsky web scan test files 4. Attack [10566]: GitLab branch search regular expression denial of service vulnerability (CVE-224-2878) 5. Attack [31497]: NETGEAR DGND4000/DGND3700v2 information leakage vulnerability (CVE-23-50677) 6. Attack [31498]: Allegra getFileContentAsString directory traversal vulnerability (CVE-224-22530) 7. Attack [28179]: Apache JSPWiki upload storage cross site scripting vulnerability (CVE-224-27136) 8. Attack [31499]: OneThink Content Management Framework Category Method SQL Injection Vulnerability 9. Attack [28180]: Cacti Group automated graph and tree rule name storage XSS vulnerability (CVE-24-31444) 10. Attack [28181]: MaxView Storage Manager dynamicscontent.rperties.xhtml code execution vulnerability 11. Attack [28182]: Dolibarr ERP/CRM card.chp reflective XSS vulnerability (CVE-24-34051) 12. Attack [28183]: Maccms 8. x Index. php vod search command execution vulnerability (CVE7-17733) 13. Attack [28184]: Zhilian Cloud's testService SQL injection vulnerability 14. Attack [31500]: Loytec LGATE-902 Path Traverse Vulnerability (CVE8-14918) 15. Attack [42168]: Discovered Neuret Trojan uploading information 16. Attack [42170]: Discovery of Broide Trojan uploading information 17. Attack [31504]: SEW-EURODRIVE MOVITOOLS MotionStudio XML External Entity Injection Vulnerability (CVE-224-1167) 18. Attack [42171]: CryptoShield ransomware online communication 19. Attack [31501]: Kong Admin Rest API information leak vulnerability (CVE-2020-11710) 20. Attack [28187]: Virata EmWeb Information Leakage Vulnerability 21. Attack [28188]: Kingdee EAS/eaportal/tools/appUtil.jsp fastjson deserialization vulnerability 22. Attack [28185]: JetBrains TeamCity Agent Distribution Cross Site scripting vulnerability (CVE-224-31138) 23. Attack [28186]: JetBrains TeamCity JspPrecompilation authentication bypass vulnerability (CVE-224-23917) 24. Attack [31507]: SpectoLabs hoverfly arbitrary file read vulnerability (CVE-24-45388) 25. Attack [31502]: Simple School Management System SQL injection vulnerability (CVE-24-25304) 26. Attack [31503]: Simple School Management System SQL injection vulnerability (CVE-24-25306) 27. Attack [31505]: Simple School Management System SQL injection vulnerability (CVE-24-25305) 28. Attack [31506]: Event Student Attendance System SQL injection vulnerability (CVE-24-25302) 29. Attack [31508]: Arbitrary file read vulnerability in the Zhongxin Tianda system 30. Attack [28189]: Grav CMS directory traversal vulnerability (CVE-224-27921) 31. Attack [31509]: U-Mail Physical Path Leakage Vulnerability 32. Attack [28190]: D-Link DAR-7000 webmailattachphp privilege upgrade (CVE-2023-5143) 33. Attack [28191]: NetMizer Log Management System Position. php Command Execution Vulnerability 34. Attack [28192]: NetMizer log management system hostdelay.php command execution vulnerability 35. Attack [28193]: Dayrui FineCms arbitrary file upload vulnerability 36. Attack [28194]: UFIDA U8 Cloud system esnserver arbitrary file upload vulnerability 37. Attack [42172]: Discovered Taurus Trojan connecting to server 38. Attack [31512]: Microsoft SharePoint XML External Entity Injection Vulnerability (CVE-24-30043) 39. Attack [42173]: Discovered Satan Trojan uploading information 40. Attack [28195]: Grafana expression remote code execution vulnerability (CVE-2024-9264) 41. Attack [28196]: Unauthorized Access Vulnerability in Jupyter Notebook 42. Attack [42174]: Discovery of Creepy Trojan communication 43. Attack [42175]: Discovery of BlackNET Trojan online communication 44. Attack [28197]: Gitlab privilege escalation vulnerability (CVE6-4340) 45. Attack [28200]: I Doc View/system/cmd.json arbitrary command execution vulnerability 46. Attack [10567]: GitLab description tag Emoji uncontrolled resource consumption vulnerability (CVE-224-2818) 47. Attack [28198]: SQL injection vulnerability in the Centralon Web updateDirectory function (CVE-2024-0637) 48. Attack [28199]: Progress Software WhatsUp Gold WriteDataMile arbitrary file write vulnerability (CVE-24-4883) 49. Attack [28201]: Horde Groupware Webmail Edition/ip/test.chp remote command execution vulnerability 50. Attack [31515]: Tianrongxin Operation and Maintenance Security Audit System Download Arbitrary File Reading Vulnerability 51. Attack [31514]: OpenCart archive extraction directory traversal vulnerability (CVE-224-21518) 52. Attack [28202]: Lianda OA uploadImg.asp arbitrary file upload vulnerability 53. Attack [28204]: Ivanti Endpoint Manager SQL injection vulnerability (CVE-224-29823) 54. Attack [28205]: Harbor permission and access control vulnerability (CVE9-16097) 55. Attack [42176]: Nemucod Trojan communication discovered 56. Attack [31516]: WordPress LearnDash LMS plugin information leak vulnerability (CVE-224-1208) 57. Attack [31517]: Golang debug/pprof debug information leak vulnerability 58. Attack [28207]: Geovision IP Camera/PictureCatch. cgi remote command execution vulnerability 59. Attack [31518]: SQL injection vulnerability in ezOFFICE SignatureEditFrm.js for 10000 households 60. Attack [28208]: Jinhe OA C6 ApproveRemindSetExecut. xml XXE vulnerability (CNVD-2024-40568) 61. Attack [28209]: Geovision IP Camera/JpegStream.cgi remote command execution vulnerability 62. Attack [31519]: Dzzoffice Unauthorized Access Vulnerability (CVE-2021-30205) 63. Attack [31520]: ConnectWise ScreenConnect InstallExtension directory traversal vulnerability (CVE-224-1708) 64. Attack [28212]: Delta Electronics InfraSuite Device Master deserialization vulnerability (CVE-23-47207) 65. Attack [50662]: Geoserver default password login behavior 66. Attack [28210]: Weblogic deserialization command execution vulnerability (CVE-24-21216) 67. Attack [28214]: Netgear Orbi Router RBR750 command injection vulnerability (CVE-222-37337) 68. Attack [31521]: SQL injection vulnerability in the ufile.api.chp asset management and operation system of Baiyi Cloud 69. Attack [31522]: WordPress plugin Comments Import Export path traversal vulnerability (CVE-224-7514) 70. Attack [28215]: Palo Alto Networks Expedition Remote Command Execution Vulnerability (CVE-224-9463) 71. Attack [31523]: Article Proxy images.listener.chp arbitrary file read vulnerability (CVE-2024-2053) 72. Attack [42164]: Microsoft Windows NTL relay theme spoofing vulnerability (CVE-24-38030) 73. Attack [28169]: Progress Software WhatsUp Gold arbitrary file upload vulnerability (CVE-2024-4884) Update rule: 1. Attack [26315]: Remote code injection vulnerability in the Ruijie EWEB management system (CVE-2023-34644) 2. Attack [26115]: Yonyou Changjie Tong T+ajaxpro front-end remote command execution vulnerability (CNVD-2023-48562) 3. Attack [27164]: ProjectSend password reset vulnerability (CVE-2020-28874) 4. Attack [25390]: Netgear ProSAFE NMS300 FileUploadUtils directory traversal 5. Attack [26182]: Smartbi has an identity authentication bypass vulnerability (CNVD-2023-55718) 6. Attack [25490]: go http tunnel tool communication 7. Attack [28161]: Inductive Automation Ignition Base64Element insecure deserialization vulnerability (CVE-2023-50220) 8. Attack [24365]: ThinkPHP 5. x Remote Command Execution Vulnerability (CNVD-2018-24942) 9. Attack [31090]: HTTP/etc/passwd file read successful 10. Attack [42167]: Communication with jsky scanning tool 11. Attack [27131]: Java Code Execution Type 2 12. Attack [26394]: SQL injection vulnerability in the formservice process control system of Time Space Intelligent Friends Enterprise 13. Attack [42158]: Discovery of Poisson's Trojan communication 14. Attack [28128]: Unix CUPS Printing Service Remote Code Execution Vulnerability (CVE-24-47076/CVE-2024-47175/CVE-2024-47176/CVE-2024-47177) 15. Attack [60470]: Microsoft Windows win.ini access attempt 16. Attack [27168]: Yonyou NC Cloud and YonBIP PMCloudDriveProjectStateServlet JDBC injection vulnerability 17. Attack [26301]: Kingdee Cloud Starry Sky Binary Modeler deserialization vulnerability 18. Attack [41588]: PHP Webshell script upload 19. Attack [25747]: Execution of Windows Information Collection Command 20. Attack [25746]: Linux information collection command execution 21. Attack [24578]: Zabbix authentication bypass vulnerability (CVE9-17382) 22. Attack [31041]: Ruijie Campus Network Self Service System logid_judge.jsf Arbitrary File Reading Vulnerability 23. Attack [10566]: GitLab branch search regular expression denial of service vulnerability (CVE-224-2878) 24. Attack [28132]: Koadic post penetration tool uploads host information 25. Attack [42155]: Malicious software solimba uploads host information 26. Attack [42154]: Discovery of Zyklon Trojan communication 27. Attack [42156]: Discovery of Mermaid Trojan communication matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-11-04 09:16:17

Name： eoi.unify.allrulepatch.ips.2.0.0.36977.rule	Version：2.0.0.36977
MD5：03d232dff5e4e5d81181dd648f8d65a9	Size：46.29M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 2.0.0.36977. The rules for adding/improving this upgrade package include: New rule: 1. Attack [28129]: SQL injection vulnerability in D-Link DSR router series products (CVE3-5945) 2. Attack [31463]: Ivanti Avalanche getAdhocFilePath directory traversal vulnerability (CVE-224-24992) 3. Attack [31462]: Fortra FileCatalyst SQL injection vulnerability (CVE-224-5276) 4. Attack [31464]: Cacti Group Cacti graph SQL injection vulnerability (CVE-224-31458) 5. Attack [28131]: XWiki.org XWiki SearchAdmin command injection vulnerability (CVE-23-50721) 6. Attack [28130]: Ivanti Avalanche copyFile directory traversal vulnerability (CVE-24-23535) 7. Attack [31465]: ZOHO ManageEngine OpManager information leak vulnerability (CVE-2020-11946) 8. Attack [28133]: Yunyou CMS request_uri remote code execution vulnerability 9. Attack [31466]: VMware Aria Operations for Networks Login Banner Cross Site scripting vulnerability (CVE-224-22241) 10. Attack [42151]: Discovery of Chthonic Trojan communication 11. Attack [28135]: Western Digital My Cloud/cgi bin/nas_Sharing.cgi remote command execution vulnerability 12. Attack [28137]: WeiPHP scan_callback remote code execution vulnerability 13. Attack [28136]: ivanti Policy Secure command injection vulnerability (CVE-24-21887) _2 14. Attack [28134]: Unauthorized command injection vulnerability in Qualitor system processVariavel.php (CVE-23-47253) 15. Attack [31467]: LibreNMS ServiceTemplate Controller. php name storage cross site scripting vulnerability (CVE-224-32479) 16. Attack [10564]: GitLab Community and Enterprise FileFinder Regex Denial of Service Vulnerability (CVE-224-2829) 17. Attack [28138]: VNet Multiple Product HLS_tmp Directory Traverse Vulnerability (CVE-2023-51365) 18. Attack [42153]: Malicious software BrowserTealer uploads host information 19. Attack [42152]: Discovery of ProtonBot Trojan Communication 20. Attack [28139]: Fangzheng Changxiang's all media news gathering and editing system addOrUpdating Org XXE vulnerability 21. Attack [31468]: Huawang Cloud Conference Management Platform checkDoubleUserNameForAdd SQL Injection Vulnerability 22. Attack [31469]: Tongwang OA tooneAssistantAttachement.jsp arbitrary file read vulnerability 23. Attack [31470]: SQL injection vulnerability in the endTime parameter of the Koron AIO management system 24. Attack [31473]: Allegra GanttAndChExportAction directory traversal vulnerability (CVE-2023-22361) 25. Attack [28141]: WordPress Better Search Replace Plugin deserialization vulnerability (CVE-2023-6933) 26. Attack [28140]: VMware Horizon info.jsp Log4j remote command execution vulnerability 27. Attack [31474]: TurboMail email system viewfile information leakage vulnerability 28. Attack [28142]: XWiki.org XWiki ReginalConfig code injection vulnerability (CVE-224-21650) 29. Attack [31485]: Journyx project management software soap_cgi. pyc XXE vulnerability 30. Attack [31486]: Downfile_ios SQL injection vulnerability in the front-end of the Super Cat Signature APP distribution platform 31. Attack [28154]: Super Cat Signature APP Distribution Platform Front End Download Remote File Write Vulnerability 32. Attack [31488]: SQL injection vulnerability in UserEdit.xml interface of Huace monitoring and warning system 33. Attack [31489]: Vulnerabilities in the GetCssFile of the Sailan Enterprise Management System for arbitrary file reading 34. Attack [31480]: SQL injection vulnerability in the iPadOS ImportDetailJson of the Sailan Enterprise Management System 35. Attack [31487]: DownLoadServerFile arbitrary file read vulnerability in Hongmai Medical Beauty Industry Management System 36. Attack [28155]: LanLing EKP system dataxml. tppl command execution vulnerability 37. Attack [31484]: Anmei Digital Hotel Broadband Operation System - HiBOS Weather.exe Arbitrary File Reading Vulnerability 38. Attack [28151]: Remote code execution vulnerability in Thinkphp, an online recording management system of Shenou Communication 39. Attack [31481]: DeepBlue billing management system download load arbitrary file read vulnerability 40. Attack [28150]: Strategy deserialization RCE vulnerability in Shenlan billing management system 41. Attack [31482]: Proxy arbitrary file reading vulnerability in Shenlan billing management system 42. Attack [28149]: Wordpress GutenKit plugin remote file writing causing RCE vulnerability (CVE-224-9234) 43. Attack [28152]: AVCON network video service system editusercommit. php arbitrary user password reset vulnerability 44. Attack [31483]: Calibre arbitrary file read vulnerability (CVE-224-6781) 45. Attack [28153]: Calibre Remote Code Execution Vulnerability (CVE-224-6782) 46. Attack [31492]: WordPress plugin LearnPress SQL injection vulnerability (CVE-224-4434) 47. Attack [31493]: SQL injection vulnerability in SourceCodester Clinics Patient Management System (CVE-224-7454) 48. Attack [31494]: SQL injection vulnerability in SourceCodester Clinics Patient Management System (CVE-224-7494) 49. Attack [28143]: SQL injection vulnerability in Zhangbutler list.rtm 50. Attack [28147]: 10000 households OA GeneralWeb XXE vulnerability 51. Attack [28158]: Zhiyuan OA ajax.do cap4FormDesignManager arbitrary file write vulnerability 52. Attack [28161]: Inductive Automation Ignition Base64Element insecure deserialization vulnerability (CVE-2023-50220) 53. Attack [28163]: Qualitor system checkAcesso.chp arbitrary file upload vulnerability (CVE-24-44849) 54. Attack [28164]: Login SQL injection vulnerability in Zhongzhi OA office system 55. Attack [28171]: Optilink management system gene. php arbitrary command execution vulnerability 56. Attack [31496]: Lingdang CRM system interface pdf.chp arbitrary file read vulnerability 57. Attack [28174]: JimuReport Block Report Permission Bypass Vulnerability (CVE-24-44893) 58. Attack [28159]: Nagios XI monitoring wizard. php SQL injection vulnerability (CVE-224-24401) 59. Attack [10565]: Django UsernameField Denial of Service Vulnerability (CVE-2023-46695) 60. Attack [28173]: Lingdang CRM system interface wechatSession file upload vulnerability 61. Attack [31478]: WordPress Plugin Superstorefinder SQL Injection Vulnerability 62. Attack [31479]: WordPress Plugin super interactive maps SQL injection vulnerability 63. Attack [28160]: Strapi Unauthorized Password Reset Vulnerability (CVE9-18818) 64. Attack [31490]: Palo Alto Networks Expedition SQL injection vulnerability (CVE-224-9465) 65. Attack [28162]: Seagate BlackArmor NAS Remote Code Execution Vulnerability (CVE4-3206) 66. Attack [28165]: Seacms 6.4.5 searchable. php remote command execution vulnerability 67. Attack [28166]: Seacms 9.92/comment/app/index.php remote command execution vulnerability 68. Attack [28170]: Remote command execution vulnerability in Panalog logging system/mailcious_dawn_fornode.chp 69. Attack [31495]: Oracle E-commerce Suite/OA_TMLM/jtfwrepo.xml Sensitive Information Leakage Vulnerability 70. Attack [28172]: Opergy Proton/Enterprise command injection vulnerability (CVE9-7276) 71. threat[28128]:Unix CUPS Printing Service Remote Code Execution Vulnerability (CVE-2024-47076/CVE-2024-47175/CVE-2024-47176/CVE-2024-47177) Update rules: 1. Attack [60464]: HTTP service directory traversal vulnerability 2. Attack [28032]: deserialization vulnerability in Articles Proxy wiz.rizard.comgress.chp (CVE-224-2054) 3. Attack [31451]: Shibang Communication IP Network Intercom Broadcasting System getjson. php Arbitrary File Reading Vulnerability 4. Attack [31452]: Shibang Communication IP Network Intercom Broadcasting System rj_get_token.php Arbitrary File Reading Vulnerability 5. Attack [27960]: H3C MagicR300 Remote Code Execution Vulnerability (CVE-2023-33629) 6. Attack [27167]: Linksys RE7000 wireless extender remote code execution vulnerability (CVE-2024-25852) 7. Attack [26270]: Metabase Remote Code Execution Vulnerability (CVE-2023-38646) 8. Attack [30962]: IDNA directory information leakage vulnerability on CODING platform 9. Attack [26301]: Kingdee Cloud Starry Sky Binary Modeler deserialization vulnerability 10. Attack [27077]: Pan Micro E-Office10 Remote Code Vulnerability 11. Attack [31472]: SRM Zhilian Cloud Procurement System Download Arbitrary File Reading Vulnerability of Zhilian (Shenzhen) Technology Co., Ltd 12. Attack [31475]: Active UC downloadDocument.action arbitrary file read vulnerability 13. Attack [31476]: UFIDA NC showcontent SQL injection vulnerability 14. Attack [31477]: UFIDA TruboCRM Management System Festivalremind.php SQL Injection Vulnerability 15. Attack [28144]: Yitian Intelligent eHR Management Platform CreateUser arbitrary user adds vulnerability 16. Attack [28146]: NetEase SecGate3600 Unauthorized User Addition Vulnerability 17. Attack [26945]: Apache Kafka Remote Code Execution Vulnerability (CVE-23-25194) 2 18. Attack [25746]: Linux information collection command execution 19. Attack [27205]: Apache Kafka UI Command Injection Vulnerability (CVE-2023-52251) 20. Attack [27465]: TP-LINKTL-WR940N Command Execution Vulnerability (CVE-2023-33538) 21. Attack [26502]: Juniper Networks Junos OS EX arbitrary file read vulnerability (CVE-2023-36845) 22. Attack [26990]: WordPress plugin Pie Register URL redirection vulnerability (CVE-2023-0552) 23. Attack [31160]: PowerJob Unauthorized Access Vulnerability (CVE-2023-29923) 24. Attack [25910]: Apache Commons Collections deserialization command injection vulnerability (CC2) 25. Attack [41576]: Malicious program Linux/rBLackDDos_a network communication 26. Attack [24072]: PHP phar parse pharfile Function filename len Property integer overflow vulnerability (CVE6-10159) matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-10-22 18:15:51

Name： eoi.unify.allrulepatch.ips.2.0.0.36883.rule	Version：2.0.0.36883
MD5：f0cec122f91f2b4f550d169d0267035b	Size：46.07M
Description： This upgrade package is an intrusion prevention feature library upgrade package, which only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 2.0.0.36883. The rules for adding/improving this upgrade package include: New rule: 1. Attack [31454]: Ivanti Avalanche extractZipEntry directory traversal vulnerability (CVE-224-24994) 2. Attack [31455]: Pan micro e-office/building/subject/tables/json. php SQL injection vulnerability 3. Attack [31456]: Fansoft report fr_rog/fr-dialog SQL injection vulnerability 4. Attack [28116]: Delta Electronics DIAEnergie dDIAE-SlogListParameters SQL injection vulnerability (CVE-224-23975) 5. Attack [28117]: Delta Electronics DIAEnergie dDIAE_unListParameters SQL injection vulnerability (CVE-224-23494) 6. Attack [28118]: Delta Electronics DIAEnergie dDIAE_usListParameters SQL injection vulnerability (CVE-224-25574) 7. Attack [28119]: UFIDA U8+CRM leadconversion. php SQL injection vulnerability 8. Attack [31457]: Jinhe OA C6 SignUpload. ashx SQL injection vulnerability 9. Attack [31458]: SQL injection vulnerability in UFIDA U8 CRM config/foldbackseteditphp 10. Attack [31459]: SQL injection vulnerability in UFIDA U8 CRM config/foldbackstettingphp 11. Attack [28120]: UFIDA Changjie Tong TPlus system FileUploadHandler. ashx arbitrary file upload vulnerability 12. Attack [28121]: UFIDA Changjie Tong T+Ufida T. CodeBehind. DR. Member. MemmberIntegral. ME_SemberIntegral-IntegralAdjust deserialization vulnerability 13. Attack [28122]: Multiple Upload. php file upload vulnerability in Lingdang CRM system 14. Attack [28123]: Anheng Mingyu Security Gateway aaa_localw_eb_preview file upload vulnerability 15. Attack [31460]: ZoneMinder web/views/file.chp file read vulnerability (CVE7-5595) 16. Attack [28125]: Moodle Cross Site Script Injection Vulnerability (CVE-2021-27131) 17. Attack [31461]: Dreamer CMS information leak vulnerability (CVE-23-4743) 18. Attack [28124]: Parse Server SQL injection vulnerability (CVE-2024-39309) 19. Attack [28126]: Apache Kafka ProvectusUI JMX deserializes arbitrary command execution vulnerability (CVE-224-32030) 20. Attack [28127]: WordPress LearnPress SQL injection vulnerability (CVE-2024-8522) Update rules: 1. Attack [31009]: PaperCut NG access control error vulnerability (CVE-2023-27350) 2. Attack [28034]: Smartbi imageimport.jsp arbitrary file upload vulnerability 3. Attack [27936]: Homematic CUx Daemon addon code injection vulnerability (CVE9-14423) 4. Attack [27935]: Remote command execution vulnerability in the multi service intelligent gateway of Rexroth matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-10-10 17:43:35

Name： eoi.unify.allrulepatch.ips.2.0.0.36817.rule	Version：2.0.0.36817
MD5：13465d284cf041e31347165d43e85ab1	Size：45.89M
Description： This upgrade package is an intrusion prevention feature library upgrade package, which only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.36817. The rules for adding/improving this upgrade package include: New rule: 1. Attack [31453]: LibreNMS packages.inc.php SQL injection vulnerability (CVE-224-32461) 2. Attack [31451]: Vulnerabilities in reading arbitrary files in the getjson. php file of the Shibang Communication IP network intercom broadcasting system 3. Attack [28109]: Vulnerabilities in uploading arbitrary files in uploaddsn.php of the IP network intercom broadcasting system of Shibang Communication 4. Attack [31452]: Shibang Communication IP Network Intercom Broadcasting System rj_get_token.php Arbitrary File Reading Vulnerability 5. Attack [28096]: ThinkPHP deserializes arbitrary command execution vulnerability (CVE-24-44902) 6. Attack [31445]: Pan Micro E-mobile diarydo.php SQL injection vulnerability 7. Attack [31446]: Vulnerabilities in the SQL injection of pan micro E-mobile notify_mage.chp 8. Attack [28097]: Remote Code Execution Vulnerability in Pay FastJson of Dahua Smart Park Comprehensive Management Platform 9. Attack [28099]: Ubiquitous E-Office save_image.chp arbitrary file upload vulnerability (CVE-224-3227) 10. Attack [31447]: Pan Micro E-mobile emailreply_page. php SQL injection vulnerability 11. Attack [28100]: WS-FTP Server Code Issue Vulnerability (CVE-2023-40044) 12. Attack [31448]: BSPHP Unauthorized Access Vulnerability 13. Attack [28101]: UFIDA U8 CRM ajax/setremindtoold.php SQL injection vulnerability 14. Attack [28102]: Baiyi Cloud Asset Management Operation System ticket. edit. php SQL Injection Vulnerability 15. Attack [28106]: Saltstack Unauthorized Command Execution Vulnerability (CVE-2020-25592) 16. Attack [28108]: Schneider Electric C-Bus Automation Controller (5500SHAC) Remote Code Execution Vulnerability 17. Attack [28087]: Spore Communication IP Network Intercom Broadcast System my_ parser. php arbitrary file upload vulnerability (CVE-2024-31680) 18. Attack [28088]: Busyscreenshotpush. php path traversal vulnerability in the IP network intercom broadcast system of Symbian Communications (CVE-224-3218) 19. Attack [28089]: Haikangwei Vision Security Access Gateway aaa_portal_authw_chat_Submit Command Execution Vulnerability 20. Attack [28093]: Xinrui Switch Unauthorized Password Modification Vulnerability for Any User 21. Attack [28092]: Tianrongxin Data Leakage Prevention System Unauthorized Modification of Administrator Password Vulnerability 22. Attack [28091]: Pan Micro OA/Api/integration/oauth2/profile permission bypass vulnerability 23. Attack [28094]: Ubiquitous E-Office action_upload.chp arbitrary file upload vulnerability 24. Attack [28084]: Vulnerabilities in uploading arbitrary files in the addscendata.chp network intercom broadcasting system of Shibang Communication IP Update rules: 1. Attack [27395]: Smartbi windowUnloading identity authentication bypass vulnerability (CNVD-2023-64853) 2. Attack [25216]: Sensitive information leakage vulnerability in OA login.code.chp session 3. Attack [25286]: VMware View Planner logupload file upload vulnerability (CVE-2021-21978) 4. Attack [26069]: Microsoft Exchange Remote Command Execution Vulnerability (CVE-2020-16875) 5. Attack [26975]: WordPress Royal Elementor plugin arbitrary file upload vulnerability (CVE-2023-5360) matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-10-04 17:03:06

Name： eoi.unify.allrulepatch.ips.2.0.0.36802.rule	Version：2.0.0.36802
MD5：d2be0292dd9e7416f3e35ce49531b9d7	Size：45.88M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version is 2.0.0.36802. The new/improved rules in this upgrade package are: New rules: 1. Attack [31449] : a generic micro e - cology FormmodeFieldBrowserServlet SQL injection vulnerabilities 2. threat [28104]: Ubiq e-cology BrowserAction SQL injection vulnerability 3. threat [28103]: Ubimicro e-cology CptInstock1Ajax SQL injection vulnerability 4. The attack [28105] : a generic micro e - cology ImportValidationFieldServlet SQL injection vulnerabilities 5. threat [31450]: Ubiquity E-mobile source_page.php SQL injection vulnerability Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-09-25 17:35:20

Name： eoi.unify.allrulepatch.ips.2.0.0.36751.rule	Version：2.0.0.36751
MD5：24c81ecd52ad104a2934b1dc3ffabdca	Size：45.83M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.36751. The new/improved rules in this upgrade package are: New rules: 1. threat [31421]: Rui You Tianyi application virtualization system GetBSAppUrl SQL injection vulnerability 2. threat [28051]:Simple School Managment System teacher_login.php SQL injection vulnerability (CVE-2024-25308/CVE-2024-25309) 3. threat [28050]: Contract lock electronic signature system /utask/upload file upload vulnerability 4. threat [31422]: Jiusi OA wap.do arbitrary file reading vulnerability 5. threat [28049]: Jiusi OA /jsoa/WebServiceProxy XXE vulnerability 6. threat [31424]:GitLab Cross-site Script Injection vulnerability (CVE-2023-2164) 7. threat [31423]:LG Simple Editor directory traversal vulnerability (CVE-2023-40496) 8. threat [28053]: Qianxinnet God SecGate3600-A1500 firewall sysToolsDetectNet.cgi remote code execution vulnerability 9. threat [28052]: SQL injection vulnerability in LogDownLoadService of Cyton Electronic document security management system 10. threat [31427]: Lanling OA getLoginSessionId information leakage vulnerability 11. Threat [28054]: Glodon OA GetUserByUserCode SQL injection vulnerability 12. threat [31428]: Kingdee OA comm_user.jsp SQL injection vulnerability 13. Threat [31429]: Kingdee OA flow_performance_view_case_modify.jsp SQL injection vulnerability 14. Threat [31430]: Kingdee OA get_one_view_case.jsp SQL injection vulnerability 15. Threat [31431]: Kingdee OA addmsg.jsp SQL injection vulnerability 16. Threat [31432]: Kingdee OA InstantMessage.jsp SQL injection vulnerability 17. Threat [28057]: UploadInvtSpFile arbitrary file upload vulnerability in Shunjing ERP management system 18. Threat [28058]:F5 BIG-IP Remote Code Execution Vulnerability (CVE-2023-46747)_2 19. Attack [28059] : kingdee EAS/easportal/tools/appUtil JSP file upload any loophole Threat [28060]:PHPOK sqlext variable SQL injection vulnerability Threat [31433]:Emerson XWEB 300D EVO directory Traversal Vulnerability (CVE-2021-45427) 22. Threat [28055]:mosparo URL Redirection vulnerability (CVE-2023-5375) 23. Threat [28056]:WordPress plugin Media Library Assistant Remote Code Execution Vulnerability (CVE-2023-4634) 24. Threat [28061]:Nagios XI Arbitrary File Upload Vulnerability (CVE-2021-3273) 25. Threat [28062]: Deeply convinced that SSLVPN-Pre Auth modifies the bound mobile phone vulnerability 26. Threat [28063]: Deep conviction SSLVPN foreground arbitrary password reset vulnerability 27. Threat [31434]: MCU E-Mobile system interface cdnfile arbitrary file read vulnerability 28. Threat [28065]: Glodon OA system interface do.asmx arbitrary file read vulnerability 29. Threat [28064]: Hongyu multi-user mall user.php remote command execution vulnerability 30. Threat [28068]: upLoad2.jsp arbitrary file upload vulnerability of video conference platform Upload2.jsp 31. Threat [28069]: Hikvision Integrated security management platform /lm/api/file arbitrary file upload vulnerability 32. Threat [28066]: Glodon OA system interface do.asmx arbitrary file write vulnerability 33. Threat [28067]: UF GRP-U8 VerifyToken fastjson deserialization vulnerability 34. Threat [31435]:OfficeWeb365 wordfix/Index arbitrary file read vulnerability 35.Threat [28071]:KLog Server operating system Command injection vulnerability (CVE-2020-35729) 36. Threat [28072]:RichFaces Framework Code Injection Vulnerability (CVE-2018-14667) 37. Threat [28073]: Biodrom Smart s200 Management Platform SQL Injection vulnerability (CVE-2024-27718) 38. Threat [28074]: LyLme-Spage File.php Arbitrary file upload vulnerability CVE-2024-34982) 39. Threat [31436]: Jindouyun HKMP smart business software download arbitrary file reading vulnerability 40. Attack [28075] : Marine CMS/js/player/dmplayer dmku/SQL injection vulnerabilities (CVE - 2024-29275) 41. Attack [28076] : uf U8, CRM config/relobjreportlist PHP SQL injection vulnerabilities 42. Threat [28077]:Horde Groupware Webmail Edition Remote Command execution vulnerability 43. Threat [31438]: Glotech OA GetDeptByDeptCode SQL injection vulnerability 44. Threat [31437]:DLINK DAP-1620 path Traversal Vulnerability (CVE-2021-46381) 45. Threat [31439]: Netyu Xingyun Netyu VPN security gateway UserFile arbitrary file download vulnerability (CNVD-2024-34014) 46. Threat [28079]:PrestaShop SQL Injection vulnerability (CVE-2023-27034) 47. Threat [31440]:PrestaShop Information Disclosure Vulnerability (CVE-2023-39677) 48. Threat [28081]:PrestaShop Ap Pagebuilder SQL Injection vulnerability (CVE-2022-22897) 49. Threat [31441]:openEAP open enterprise application platform config_data_out.jsp file information leakage vulnerability 50. Threat [28080]: autobridgecall.php Remote command execution vulnerability of Fujian Collexum Communication command and dispatch management platform 51. Attack [31442] : visionbank OA EmailAccountOrgUserService SQL injection vulnerabilities 52. Threat [28085]: Arbitrary file upload vulnerability of Addmediada.php, an IP network intercom broadcast system 53. Attack [31444] : fu au cloud AjaxSendDingdingMessage. Ashx SQL injection vulnerabilities 54. Threat [42150]: Ubiquity OA /cloudstore/system/#/sys Unauthorized access vulnerability 55. Threat [28082]:Ivanti Cloud Service Appliance Command Injection Vulnerability (CVE-2024-8190) 56. Threat [28083]: TOPSEC maincgi.cgi command execution vulnerability 57. Threat [31443]:mooSocial Cross-site Scripting Vulnerability (CVE-2023-45542) 58.Threat [28086]:GeoServer WPS SSRF vulnerability (CVE-2023-43795) 59. Threat [28090]:Rejetto HFS Remote Command Execution Vulnerability (CVE-2024-39943) Threat [31425]: Glodon OA GetAllUsersXml information disclosure vulnerability Update rules: 1. threat [25952]: Kingsoft V8 Terminal Security System PDF_making.php Command Execution vulnerability (CNVD-2020-73297) 2. threat [28040]: Huatian Power OA /OAapp/MyHttpServlet arbitrary file upload vulnerability 3. threat [10398]:PHP multipart/form-data remote DOS vulnerability 4. Threat [42146]: Delimiters related to command injection exist in HTTP parameters 5. threat [25747]:Windows information collection command execution 6. threat [25981]: Access OA login_code any user login vulnerability 7. threat [26757]:Sophos Web Appliance Remote Code Execution Vulnerability (CVE-2023-1671) 8. threat [25748]:Linux information collection conceals command execution 9. threat [26238]:Adobe ColdFusion Code Issue vulnerability (CVE-2023-29300) 10. threat [25929]: Ice Scorpion 1.0/2.0 Webshell connection 11. Threat [25827]: Ubiquity E-Office do_excel.php arbitrary file writing vulnerability 12. threat [31030]:OwnCloud graphapi Information Leakage Vulnerability (CVE-2023-49103) 13. threat [26575]:F5 BIG-IP Remote Code Execution Vulnerability (CVE-2023-46747) 14. Threat [26839]: UFida multiple deserialization vulnerability 15. Threat [26860]:DedeCMS file contains vulnerability (CVE-2023-2928) 16. threat [31163]:ChatGPT NextWeb Server request forgery and XSS vulnerability (CVE-2023-49785) 17. Threat [27154]:Cisco IMC Command Injection vulnerability (CVE-2024-20356) 18. Threat [23425]:WebUI 1.5b6 remote code execution vulnerability 19. Threat [25121]:SaltStack Salt API SSH Client Command Injection Vulnerability (CVE-2020-16846) 20. Threat [27823]:Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-38856) 21. Threat [27376]:Apache-OFBiz path traversal causes RCE vulnerability (CVE-2024-36104/CVE-2024-32113) 22. Threat [26951]:Ncast Remote Code Execution Vulnerability (CVE-2024-0305) 23. Threat [31183]:Twittee Text Tweet Cross-site Scripting vulnerability (CVE-2023-0602) 24. threat [27076]:VMware Aria Operations for Networks exportPDF Code Injection vulnerability (CVE-2023-20889) 25. Threat [60464]:HTTP service directory traversal vulnerability 26. Threat [26975]:WordPress Royal Elementor plugin arbitrary File upload vulnerability (CVE-2023-5360) 27. Threat [31400]:Bank Locker Management System Search-Lo 28. Threat [26819]:Struts2 Remote Code Execution Vulnerability (CVE-2023-50164)(S2-066)_2 29. Threat [26830]:Cisco IOS XE Web UI Privilege Escalation Vulnerability (CVE-2023-20198) Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-09-24 17:48:18

Name： eoi.unify.allrulepatch.ips.2.0.0.36622.rule	Version：2.0.0.36622
MD5：ee53e844607731f8de3630cd79de0e2e	Size：45.72M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 2.0.0.36622. The rules for adding/improving this upgrade package include: New rule: 1. Attack [28039]: PrestaShop Responsive Mega Menu Pro Remote Command Execution Vulnerability (CVE8-8823) 2. Attack [28040]: Huatian Power OA/OAapp/MyHttpServlet arbitrary file upload vulnerability 3. Attack [31415]: Arcserve Unified Data Protection ImportNodeServlet directory traversal vulnerability (CVE-2024-0800) 4. Attack [10563]: Arcserve Unified Data Protection ASNative. dll Denial of Service Vulnerability (CVE-2024-0801) 5. Attack [28037]: ModeDateService SQL vulnerability in the pan micro ecology9 system interface 6. Attack [31416]: Client Infobymid SQL injection vulnerability in Tianqing Terminal Security Management System 7. Attack [28041]: Tianqing Terminal Security Management System rptsvr arbitrary file upload vulnerability 8. Attack [28042]: Smartbi setEngineAddress privilege bypass vulnerability (CNVD-2023-60888) 9. Attack [28044]: Fujian Kelixun Communication Command and Dispatch Management Platform vmonitor. php Remote Command Execution Vulnerability 10. Attack [28043]: Deeply convinced of SSL VPN/por/checkurl.csp remote command execution vulnerability 11. Attack [28046]: JeecgBoot building block report jmreport Aviator template injection arbitrary code execution vulnerability 12. Attack [28047]: Deep Conviction Application Delivery Reporting System/report/script/login.php Remote Command Execution Vulnerability 13. Attack [28045]: Fujian Kelixun Communication Command and Dispatch Management Platform restcontroller.php Remote Command Execution Vulnerability 14. Attack [28048]: Ruijie RG-UAC application management gateway nmc_sync.chp arbitrary command execution vulnerability 15. Attack [42149]: Suspected SSRF pseudo protocol attack in request parameters 16. Attack [31419]: Ruiyou Tianyi Application Virtualization System ExternalApi XGI SQL injection vulnerability 17. Attack [31420]: Ruiyou Tianyi Application Virtualization System GetPwdPolicy SQL Injection Vulnerability 18. Attack [31418]: Fengxin IoT FastBee open-source IoT platform download arbitrary file read vulnerability 19. Attack [28028]: Access to OA Moare arbitrary file upload vulnerability 20. Attack [28026]: SQL injection vulnerability in ezOFFICE filesendcheck_gd.js for 10000 households 21. Attack [28027]: UFIDA U8 CRM ajax/chkService.exe SQL injection vulnerability 22. Attack [28029]: Zabbix/popup-bitem.chp SQL injection vulnerability (CVE2-3435) 23. Attack [28030]: Bihaiwei L7 Cloud Router Confirm.exe Remote Command Execution Vulnerability 24. Attack [31411]: Access OA recoverdata SQL injection vulnerability 25. Attack [31412]: Accessing OA/nc/finger/use_finger.php SQL injection vulnerability 26. Attack [31413]: Access OA/PDA/Auth. php SQL injection vulnerability 27. Attack [28031]: Amazon AWS Redshift JDBC Driver Remote Code Execution Vulnerability (CVE-222-41828) 28. Attack [28034]: Smartbi imageimport.jsp arbitrary file upload vulnerability 29. Attack [28032]: deserialization vulnerability in Articles Proxy wiz.rizard.comgress.chp (CVE-224-2054) 30. Attack [28036]: Trace_route remote command execution vulnerability in Tianrongxin operation and maintenance security audit system 31. Attack [28035]: Smartbi FileResource SQL injection vulnerability 32. Attack [28038]: Simple School Management System delete SQL injection vulnerability (CVE-24-25312/CVE-24-25310) 33. Attack [31410]: Arbitrary file read vulnerability in the Lianruan secure data exchange system Update rules: 1. Attack [26383]: Hytec Inter HWL-2511-SS popen.cgi command injection vulnerability (CVE-222-36553) 2. Attack [25747]: Execution of Windows Information Collection Command 3. Attack [27904]: Ant Sword Webshell Management Tool Connection Control_2 4. Attack [26365]: New Cape Smart Campus System Code Execution Vulnerability 5. Attack [41658]: Webshell backdoor program for Chinese kitchen knife access control 6. Attack [41964]: Webshell backdoor program China Knife Connection (ASP) 7. Attack [28006]: Apache OFBiz Unauthorized Remote Code Execution Vulnerability (CVE-24-45195) 8. Attack [26917]: Atlassian Confluence remote code execution vulnerability (CVE-23-22527) 9. Attack [26269]: Citrix ADC and Citrix Gateway remote code execution vulnerability (CVE-2023-3519) matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-09-19 09:16:35

Name： eoi.unify.allrulepatch.ips.2.0.0.36578.rule	Version：2.0.0.36578
MD5：c95ce08020036a043d8c2419c90d82b5	Size：45.68M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.36578. The new/improved rules in this upgrade package are: Update rules: 1. Threat [42146]: Delimiters related to command injection exist in HTTP parameters Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-09-12 14:29:01

Name： eoi.unify.allrulepatch.ips.2.0.0.36535.rule	Version：2.0.0.36535
MD5：13f81e628f54609b6656e9061c4bfa85	Size：45.66M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.36535. The new/improved rules in this upgrade package are: New rules: 1. threat [27986]:Apache APISIX AdminAPI Default Token vulnerability (CVE-2020-13945) 2. Threat [27987]: Arbitrary file upload vulnerability on the OA UploadFile interface of the full-process cloud 3. threat [31397]:IceWarp Mail Server directory traversal vulnerability (CVE-2023-39699) 4. threat [31396]:SManga file parameter directory traversal vulnerability 5. threat [42143]:Apache Druid console unauthorized access vulnerability 6. threat [27989]: GetFlowDropDownListItems SQL injection vulnerability of Tongxin eHR human resource management system 7. threat [27988]: Langxin Tianji human resource management system GetE01ByDeptCode SQL injection vulnerability 8. threat [42144]: Ice Scorpion 4.0 Webshell Connection (jsp-asp) 9. threat [10561]:Squid Proxy HTTP X-Forwarded-For Denial of Service Vulnerability (CVE-2023-50269) 10. threat [10562]:Squid Proxy Cache Manager Denial of Service Vulnerability (CVE-2024-23638) 11. Threat [27990]: UF NC show_download_content SQL injection vulnerability 12. threat [27992]: Gold and OA C6 jQueryUploadify.ashx SQL injection vulnerability 13. threat [27993]:SPIP porte_plume Remote Code Execution Vulnerability (CVE-2024-7954) 14. Threat [42145]:Rig Exploit Kit communication 15. Attack [27994] : a generic micro e - office/general/weibo/javascript/uploadify/uploadify. PHP file upload any loophole 16. Attack [27996] : a generic micro e - office/general/weibo/javascript/LazyUploadify/uploadify. PHP file upload any loophole 17. Threat [27997]:Arris VAP2500 tools_command Code Injection Vulnerability (CVE-2014-8423) 18. Threat [27995]: Jiusi OA user_list_3g.jsp SQL injection vulnerability 19. Threat [28000]:BEECMS admin_pic_upload.php Arbitrary File Upload vulnerability (CNVD-2020-29420) 20. Threat [27998]:WordPress Plugin WP Popup Banners SQL injection vulnerability (CVE-2023-28661) 21. Threat [27999]:WordPress Plugin Gift Cards SQL Injection vulnerability (CVE-2023-28662) 22. Threat [28001]:WordPress Plugin Formidable PRO2PDF SQL Injection Vulnerability (CVE-2023-28663) Threat [28002]:Cisco Small Business RV Series Routers Command Injection Vulnerability (CVE-2022-20707) 24. Threat [28003]: Sail soft report local_install file upload vulnerability 25. threat [28004]:PerkinElmer Arbitrary File Read vulnerability (CVE-2024-6911) Threat [28005]:Consul register Remote Command execution vulnerability 27. Attack [31395] : a generic micro OA E - Cology getE9DevelopAllNameValue2 loopholes read arbitrary files 28. Threat [31399]:DedeCMS 5.7 guestbook.php SQL injection vulnerability 29. Threat [28006]:Apache OFBiz Unauthorized Remote Code Execution Vulnerability (CVE-2024-45195) 30. Threat [28007]: UFida U8-Cloud AddTaskDataRightAction SQL injection vulnerability Threat [31400]:Bank Locker Management System Search page cross-site script injection vulnerability 32. Threat [31401]:Bank Locker Management System Search-Report page cross-site script injection vulnerability 33. Threat [31402]:OpenAPI Generator Online directory Traversal vulnerability (CVE-2024-35219) 34. Threat [42146]: There is a separator associated with command injection in the HTTP parameter 35. Threat [31403]:WordPress Plugin ShortPixel Adaptive Images Cross-site scripting vulnerability (CVE-2023-0334) 36. Threat [31404]:WordPress plugin CMP - Coming Soon&Maintenance Information Leak Vulnerability (CVE-2023-1263) 37. Threat [42147]: Attempts to execute arbitrary commands on sensitive HTTP parameters 38. Threat [28009]: Cloud Advantage CMS background code execution vulnerability 39. Threat [28010]:Atlassian Confluence Remote Code Execution Vulnerability (CVE-2024-21683)_2 40. Threat [28011]: Shiro deserialization vulnerability in cloud space-time social business ERP system 41. Threat [28013]: UF U8 Cloud API System parameter SQL injection vulnerability 42. Threat [28012]: Dahua Smart Park Integrated management platform sendFaceInfo remote command execution vulnerability 43. Threat [28014]:GeoServer path traversal vulnerability (CVE-2023-41877) 44. Threat [28015]:GeoServer Arbitrary File Upload vulnerability (CVE-2023-51444) Threat [28016]: UFida NC system smartweb2.RPC.dXML entity injection vulnerability 46. threat [28008]: UF U8-Cloud MultiRepChooseAction SQL injection vulnerability 47. Threat [28017]: UF NC dcupdateService deserialization vulnerability 48. Threat [28019]: Westsoft XMS FoxLookupInvoker deserialization vulnerability 49. Threat [28020]:GeoServer WFS GetFeature NotDisjoint Foreground Code Execution Vulnerability (CVE-2024-36401/CVE-2024-36404) 50. Threat [28018]:WordPress GiveWP Deserialization vulnerability (CVE-2024-5932) Threat [28021]:FineCMS v5.0.8 Arbitrary file write vulnerability 52. Threat [28022]: Command execution vulnerability of holographic AI network operation and maintenance platform ajax_system_set.php 53. Threat [31406]: Access OA ugo.php SQL injection vulnerability 54. Threat [31407]: SQL injection vulnerability of Voituregetsource.jsp on ezOffice collaborative office management platform 55. Threat [28023]:Zabbix httpmon.php SQL Injection vulnerability (CVE-2013-5743) 56. Threat [31408]: Access OA down.php arbitrary file download vulnerability 57. Threat [28024]:GL.iNet Router Command Injection Vulnerability (CVE-2024-39226) 58. Threat [28025]:Zabbix popup.php SQL Injection vulnerability (CVE-2011-4674) Threat [42148]: Godzilla Webshell connection Threat [31409]: Million households ezEIP productlist.aspx SQL injection vulnerability Update rules: 1. threat [42043]:Koadic Post penetration tool execution command 2. threat [60589]:Squid Proxy TRACE request remote Denial of service vulnerability 3. threat [30809]: Ubiquity E-Office officeserver.php Arbitrary file read vulnerability (CNVD-2022-43247) 4. threat [26747]:Panabit Panalog sy_addmount.php remote command execution vulnerability 5. threat [31400]:Bank Locker Management System Search-Locker page cross-site script injection vulnerability 6. threat [27376]:Apache OFBiz path traversal causes RCE vulnerability (CVE-2024-36104) 7. threat [27513]: UF U8 Cloud ServiceDispatcherServlet deserialization vulnerability 8. Threat [25747]:Windows information collection command execution 9. threat [25885]:Confluence Arbitrary File Read Vulnerability (CVE-2015-8399) 10. Threat [27563]:GeoServer WFS GetFeature Foreground Code Execution Vulnerability (CVE-2024-36401/CVE-2024-36404) 11. Threat [27205]:Apache Kafka UI Command Injection Vulnerability (CVE-2023-52251) Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-09-11 15:04:11

Name： eoi.unify.allrulepatch.app.2.0.0.36407.rule	Version：2.0.0.36407
MD5：51b679995f4a027aec6906e6750b7edc	Size：45.49M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.36407. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27971]: Zhejiang University Ent Customer Resource Management System ProductAction.entphone arbitrary file upload vulnerability 2. Attack [27972]: OAMobile_fjUploadByType file upload vulnerability in Zhengfang Mobile Information Service Management System 3. Attack [27973]: CLTPHP upload arbitrary file upload vulnerability (CNVD-2018-05808) 4. Attack [42139]: Ice Scorpion 2.0 Webshell connection_2 5. Attack [27974]: GitStack/rest/user/unauthorized user addition vulnerability (CVE8-5955) 6. Attack [27975]: UFIDA U8 Cloud RepAddToTaskAction SQL injection vulnerability 7. Attack [31392]: Discovery of iFinD tool scanning behavior 8. Attack [27976]: Spring Boot Admin Thymeleaf Server Template Injection Vulnerability (CVE-2023-38286) 9. Attack [42140]: Godzilla JAVA_AES_SASE64 Webshell connection_3 10. Attack [27978]: Ivanti Virtual Traffic Manager authentication bypass vulnerability (CVE-224-7593) 11. Attack [31393]: Amcrest IP Camera Sensitive Information Leakage Vulnerability (CVE7-8229) 12. Attack [42142]: Internal network tunneling tool reGeorg Communication-2 13. Attack [27979]: OKLite title parameter cross site script injection vulnerability 14. Attack [31394]: OKLite folder parameter directory traversal vulnerability 15. Attack [27980]: GetAlarmAppealByGuid SQL injection vulnerability in Tongtianxing CMSV6 vehicle positioning monitoring platform 16. Attack [27981]: Vulnerabilities in the file upload of the pan micro OA e-cology Action.jsp MobileAppUploadAction 17. Attack [27982]: Cacti reports_user.chp SQL injection vulnerability (CVE-239358) 18. Attack [27983]: MajorDoMo Smart Home Automation Platform Remote Command Execution Vulnerability (CVE-23-50917) 19. Attack [27984]: Linux bounces shell command to execute payload Update rules: 1. Attack [27812]: Vulnerability of arbitrary file upload in the clusters interface of Hikvision Integrated Security Management Platform 2. Attack [25929]: Ice Scorpion 2.0 Webshell Connection 3. Attack [42138]: Ice Scorpion 3.0 Webshell Connection 4. Attack [41891]: Earthworm intranet penetration tool accesses intranet services 5. Attack [49003]: Mirai zombie connects to server 6. Attack [41748]: Malicious program Windows/NanoCore remote control Trojan network communication matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-09-05 10:38:22

Name： eoi.unify.allrulepatch.ips.2.0.0.36356.rule	Version：2.0.0.36356
MD5：db481904fcb6682b6acd4f1148e43825	Size：45.45M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 2.0.0.36356. The rules for adding/improving this upgrade package include: New rule: 1. Attack [31390]: SQL injection vulnerability in Wanhu OA wf/accessory_delete.js 2. Attack [31391]: UFIDA U8 Cloud AppPhoneServletService SQL injection vulnerability 3. Attack [27970]: SRM Intelligent Connected Cloud Acquisition System Login Bypass Vulnerability matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-30 18:31:57

Name： eoi.unify.allrulepatch.ips.2.0.0.36348.rule	Version：2.0.0.36348
MD5：9486f47120383f8c8cc08eeb1282f31e	Size：45.45M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.36348. The new/improved rules in this upgrade package are: New rules: 1. threat [31388]:Open Solutions For Education openSIS SQL Injection vulnerability (CVE-2021-39379) 2. threat [27967]: Xinhuatong software cloud platform Default.aspx login bypass vulnerability 3. threat [27968]: Lanling OA erp_data.jsp remote code execution vulnerability 4. threat [27969]: Beijing Digital China Cloud Cloud DCN Firewall Command Execution vulnerability (CVE-2024-42905) 5. threat [27961]:IBM Operational Decision Manager Deserialization vulnerability (CVE-2024-22320) Update rules: 1. threat [25599]: Lanling OA custom.jsp arbitrary file read vulnerability (CNVD-2021-28277) Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-08-30 13:40:09

Name： eoi.unify.allrulepatch.ips.2.0.0.36336.rule	Version：2.0.0.36336
MD5：e5da4101a01824b3158c9bed6b4d56ad	Size：45.44M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 2.0.0.36336. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27956]: Nystudio107 Seomatic code injection vulnerability (CVE-2021-41749) 2. Attack [27957]: Telcom Gateway Configuration Management System delFILE. php Command Execution Vulnerability 3. Attack [31384]: IC Realtime ICIP-P2012T Unauthorized Access Vulnerability (CVE-2023-31594) 4. Attack [27959]: XXL-JOB Hessian2 deserialization vulnerability 5. Attack [27958]: SQL injection vulnerability in Guanglian Da OA VNet API 6. Attack [27960]: H3C MagicR300 Remote Code Execution Vulnerability (CVE-2023-33629) 7. Attack [27962]: Zhongbang CRMEB SQL injection vulnerability (CVE-24-36837) 8. Attack [27963]: Guanglian Da OA UserFilesApload.ahx file upload vulnerability 9. Attack [27964]: Hikvision Integrated Security Management Platform/center/app/clusters/sll/file arbitrary file upload vulnerability 10. Attack [31385]: Nagios SQL injection vulnerability (CVE-2021-28925) 11. Attack [50661]: Kuboard attempts to log in with default password 12. Attack [31387]: D-Link DIR and other multi product information leakage vulnerabilities (CVE-2024-0717) 13. Attack [42138]: Ice Scorpion 3.0 Webshell Connection (JSP-PHP) 14. Attack [27966]: nGinder deserialization vulnerability (CVE-224-28212) 15. Attack [31386]: Nacos Raft protocol arbitrary file read vulnerability Update rules: 1. Attack [27729]: BJCA Electronic Seal Signing System Template Injection Vulnerability 2. Attack [26111]: Nacos Raft protocol deserialization code execution vulnerability (CNVD-2023-45001) matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-29 22:04:07

Name： eoi.unify.allrulepatch.ips.2.0.0.36298.rule	Version：2.0.0.36298
MD5：75e96cdb0bb17898b40e78d49df763fc	Size：45.41M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.36298. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27955]: Inspur GS Enterprise Management Software uploadlistfile arbitrary file upload vulnerability Update rules: 1. Attack [27413]: MLflow arbitrary file read vulnerability (CVE-23-1177) 2 matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-28 14:46:05

Name： eoi.unify.allrulepatch.ips.2.0.0.36292.rule	Version：2.0.0.36292
MD5：06ee3aa906c06fa60defa1209900f003	Size：45.41M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 2.0.0.36292. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27952]: Guanglian Da Linkworks gwgdwebservice SQL injection vulnerability 2. Attack [27954]: Fangzheng All Media Acquisition and Editing System binary_1arge. do SQL Injection Vulnerability 3. Attack [27951]: Niuku Technology niushop b2b2c SQL injection vulnerability (CVE-224-25248) 4. Attack [27953]: Niuku Technology niushop b2b2c SQL injection vulnerability (CVE-224-25247) matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-27 22:38:35

Name： eoi.unify.allrulepatch.ips.2.0.0.36284.rule	Version：2.0.0.36284
MD5：6b756a3d33eb3e954b5d812215b8dc6d	Size：45.41M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.36284. The new/improved rules in this upgrade package are: New rules: 1. threat [27940]:ZOHO ManageEngine ServiceDesk Plus Arbitrary File Upload vulnerability (CVE-2021-44077) 2. threat [27939]: Gold and OA C6 DBModules.aspx SQL injection vulnerability 3. threat [27941]: Shared human resource management system -TXEHR V15 SFZService.asmx SQL injection vulnerability 4. threat [27942]:JeecgBoot /jmreport/upload Arbitrary file upload vulnerability (CVE-2023-34660) 5. threat [31382]: Information leakage vulnerability of getAllUsers in a Setong electronic document security management system 6. threat [31383]: SQL injection vulnerability of GetPasswayData, the background management system of parking lot 7. threat [27943]: An OEM product remote_auth.php bypasses capTCHA bursting vulnerability 8. threat [27944]: ToLogin SQL injection vulnerability of parking lot background management system 9. threat [27945]:Tenda A301 fromSetWirelessRepeat Function Stack Overflow Vulnerability (CVE-2024-6189) 10. threat [27946]:Tenda O3 formQosSet Function Stack Overflow Vulnerability (CVE-2024-6962) 11. threat [27947]:Tenda O3 fromDhcpSetSer Function Stack Overflow vulnerability (CVE-2024-6964) 12. threat [27948]:Tenda O3 fromVirtualSet Function Stack Overflow vulnerability (CVE-2024-6965) 13. threat [27949]:Tenda O3 fromMacFilterSet Parameter Stack Overflow vulnerability (CVE-2024-7151) 14. Threat [27950]: UF U8C Cloud approveservlet SQL injection vulnerability 15. Threat [42134]: Trojan Bitter-SplinterRAT malicious communication 16. Threat [42135]: Malware Trojan.Win32.ButeRat.MA botnet communication 17. Threat [42136]: Malware Trojan.Win32.Farfli botnet communication 18. Threat [42137]: The worm Win32.Worm.MyDoom Update rules: 1. threat [26706]: aaa_portal_auth_config_reset interface command execution vulnerability 2. threat [30846]:Joomla Unauthorized Access vulnerability (CVE-2023-23752) 3. The attack [25818] : KeySight N6854A and N6841A RF Sensor UserFirmwareRequestHandler directory traversal vulnerability (CVE - 2022-1661) 4. threat [27429]:QNAP Systems Photo Station arbitrary file read vulnerability (CVE-2022-2759) Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-08-27 18:00:57

Name： eoi.unify.allrulepatch.ips.2.0.0.36261.rule	Version：2.0.0.36261
MD5：7e54db1944219e59300ebb029d645f4c	Size：45.37M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version is 2.0.0.36261. The new/improved rules in this upgrade package are: New rules: 1. threat [27938]: Remote command execution vulnerability of Web Application Firewall (WAF) Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-08-26 00:03:41

Name： eoi.unify.allrulepatch.ips.2.0.0.36257.rule	Version：2.0.0.36257
MD5：30d147112feda1a6471cd21eb60afd1a	Size：45.37M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.36257. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27937]: SQL injection vulnerability in the MeasureQRResultAction interface of UFIDA U8cloud system matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-25 20:24:38

Name： eoi.unify.allrulepatch.ips.2.0.0.36253.rule	Version：2.0.0.36253
MD5：35ad621e0e2176e284324ee030de30f5	Size：45.36M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 2.0.0.36253. The rules for adding/improving this upgrade package include: New rule: 1. Attack [31381]: MoticDSM McDadi Digital Slice Management System Style Arbitrary File Reading Vulnerability 2. Attack [27935]: Remote command execution vulnerability in the multi service intelligent gateway of Rexroth 3. Attack [27936]: Homematic CUx Daemon addon code injection vulnerability (CVE9-14423) Update rules: 1. Attack [27919]: Draytek VigorConnect Cross Site scripting vulnerability (CVE-2021-20125/CVE-2021-20126) 2. Attack [27913]: Draytek Multiple Products Format String Vulnerability (CVE-2021-42911) matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-23 20:43:00

Name： eoi.unify.allrulepatch.ips.2.0.0.36241.rule	Version：2.0.0.36241
MD5：893ebce5d21e12aa543393e789a47ae0	Size：45.36M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 2.0.0.36241. The rules for adding/improving this upgrade package include: New rule: 1. Attack [31374]: Hitachi Vantara Pentaho information breach vulnerability (CVE-2021-31601) 2. Attack [27925]: SQL injection vulnerability in the receiving file_gd.js of the Wanhu ezOFFICE collaborative management platform 3. Attack [27926]: Zhang Steward uploadFileByChunks.Htm arbitrary file upload vulnerability 4. Attack [27927]: IBM Java HTTP server request forgery SSRF vulnerability (CVE-2021-27748) 5. Attack [42131]: Discovery of malicious Trojan DLL download for BOKBOT 6. Attack [42132]: Discovery of malicious BokBOT Trojan DLL download_1 7. Attack [31378]: Jeecg Boot Sensitive Information Leakage Vulnerability (CVE-2021-37306) 8. Attack [42133]: Kevin LAB BEMS default password vulnerability (CVE-2021-37292) 9. Attack [27928]: Lianda Power OA UpLoadFile/uploadLogo interface arbitrary file upload vulnerability 10. Attack [27929]: Siemens Tecnomatix FactoryLink vrn Opcode 10 buffer overflow vulnerability 11. Attack [31379]: Siemens Tecnomatix FactoryLink vrn Opcode 8 file download vulnerability 12. Attack [27930]: Pan Micro E-commerce BlogService SQL Injection Vulnerability 13. Attack [27931]: SOURCEFORCE Admin Server Request Forgery SSRF Vulnerability (CVE-2021-21311) 14. Attack [31380]: DzzOffice uploadfile cross site scripting vulnerability (CVE-224-29273) 15. Attack [27933]: ZOHO Corporation ADManager Plus arbitrary file upload vulnerability (CVE-2021-42002) 16. Attack [27932]: Mtab bookmark navigation program getIcon SQL injection vulnerability 17. Attack [27934]: Pan Micro E-Cology SQL Injection Vulnerability Update rules: 1. Attack [41499]: HTTP request sensitive path access attempt matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-23 15:09:01

Name： eoi.unify.allrulepatch.ips.2.0.0.36207.rule	Version：2.0.0.36207
MD5：bcef7cc962642d1a2773ae313cb6ab2a	Size：45.32M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.36207. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27913]: Draytek Multiple Products Format String Vulnerability (CVE-2021-42911) 2. Attack [27917]: UFIDA NC System FileManager arbitrary file upload vulnerability 3. Attack [27918]: Shandao Project Management System 18.5 apiGetModel Backend Command Execution Vulnerability 4. Attack [31375]: Draytek VigorConnect DownloadFileServlet path traversal vulnerability (CVE-2021-20123) 5. Attack [31376]: Draytek VigorConnect WebServlet path traversal vulnerability (CVE-2021-20124) 6. Attack [27919]: Draytek VigorConnect Cross Site scripting vulnerability (CVE-2021-20125/CVE-2021-20126) 7. Attack [27920]: Draytek VigorConnect arbitrary file deletion vulnerability (CVE-2021-20127) 8. Attack [27921]: Draytek VigorConnect Cross Site scripting vulnerability (CVE-2021-20128) 9. Attack [31377]: Draytek VigorConnect Log Information Leakage Vulnerability (CVE-2021-20129) 10. Attack [27923]: UFIDA U8-CRM attrlist SQL injection vulnerability 11. Attack [27922]: Schneider Electric Modbus Serial Driver Stack based Buffer Error Vulnerability (CVE3-0662) 12. Attack [27924]: Nginx WebUI Solon Framework Remote Code Execution Vulnerability Update rules: 1. Attack [31372]: EMlog 5.3.1 Sensitive Information Leakage Vulnerability (CVE-2021-3293) 2. Attack [31105]: Huaxia ERP Information Leakage Vulnerability (CNVD-2020-63964) matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-21 18:44:26

Name： eoi.unify.allrulepatch.ips.2.0.0.36189.rule	Version：2.0.0.36189
MD5：3fb4775066579837984ae8d2ef39f03e	Size：45.29M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 2.0.0.36189. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27912]: Running BPM RunVNet Init SQL Injection Vulnerability 2. Attack [42126]: Discovery of Pikabot malicious Trojan download 3. Attack [42127]: Discovery of Pikabot malicious Trojan DLL download 4. Attack [42128]: Discovery of Pikabot malicious Trojan DLL download_1 5. Attack [42129]: Discovery of Pikabot Malicious Trojan JS Download 6. Attack [42130]: Discovery of Pikabot malicious Trojan JS download_1 7. Attack [27914]: SQL injection vulnerability in groupInfo interface of Dahua Smart Park Comprehensive Management Platform 8. Attack [27916]: Yonyou Changjie Tong CRM SQL Injection Vulnerability Update rules: 1. Attack [25747]: Execution of Windows Information Collection Command matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-21 10:13:44

Name： eoi.unify.allrulepatch.ips.2.0.0.36175.rule	Version：2.0.0.36175
MD5：4af870e8e8c9b55d85558c41940dd362	Size：45.28M
Description： This upgrade package is an intrusion prevention feature library upgrade package, which only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 2.0.0.36175. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27899]: Yonyou NC psnImage/download SQL injection vulnerability 2. Attack [27900]: Eking Management Easy FileUpload API arbitrary file upload vulnerability 3. Attack [27901]: UFIDA U8-CRM exportdictionary.chp SQL injection vulnerability 4. Attack [27910]: Pan Micro E-Cology 10 Remote Code Execution Vulnerability 5. Attack [27902]: Yibao OA ExecuteSQL ForSingle interface SQL injection vulnerability 6. Attack [42124]: Trojan Formbook (he2a) malicious communication 7. Attack [42125]: Trojan Formbook (ae30) malicious communication 8. Attack [27904]: Ant Sword Webshell Management Tool Connection Control_2 9. Attack [27905]: Panabit Panalog sprog.deleevent.exe SQL injection vulnerability 10. Attack [27906]: Red Sea EHR pc.mob SQL injection vulnerability 11. Attack [27907]: QueryPrintTemplate SQL injection vulnerability in Jindouyun HKMP intelligent business software 12. Attack [27909]: UFIDA U8-CRM reservation completeness. php SQL injection vulnerability 13. Attack [27911]: Yi Bao OA BasicService.amx arbitrary file upload vulnerability 14. Attack [27903]: Hadoop YARN ResourceManager Unauthorized Access Vulnerability (CVE-2021-33036) 15. Attack [31373]: Donghua Medical Collaborative Office System Template File Arbitrary File Download Vulnerability matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-20 16:31:02

Name： eoi.unify.allrulepatch.ips.2.0.0.36147.rule	Version：2.0.0.36147
MD5：899c88932194ea7ee902cc832ce40a1d	Size：45.25M
Description： This upgrade package is an intrusion prevention feature library upgrade package, which only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 5.6.11.36147. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27897]: Tianzhiyun Intelligent Manufacturing Management Platform Usermanager.ashx SQL Injection Vulnerability 2. Attack [31371]: Commvault CommCell arbitrary file read vulnerability (CVE-2021-34993) 3. Attack [27898]: Pan Micro OA H2 Remote Code Execution Vulnerability matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-16 23:46:25

Name： eoi.unify.allrulepatch.ips.2.0.0.36140.rule	Version：2.0.0.36140
MD5：5641593a34c59390bedb3f470518b74b	Size：45.25M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has changed to 2.0.0.36140. The rules for adding/improving this upgrade package include: New rule: 1. Attack [42122]: Malicious communication of Trojan FORMBOOK 3.8 version 2. Attack [27894]: Cisco Small Business RV Series Routers Operating System Command Injection Vulnerability (CVE-2021-1414) 3. Attack [27891]: Zhang Steward listUploadIntelligent.Htm SQL injection vulnerability 4. Attack [27892]: The setImg.ashx file uploaded to the Fangtian Cloud intelligent platform system resulted in an RCE vulnerability 5. Attack [27893]: WookTeam Searchinfo SQL Injection Vulnerability Reproduction 6. Attack [27895]: RCE leakage caused by uploading FileUpAd.xml files to the Smart Campus (Anshouyi) management system 7. Attack [27896]: Vulnerabilities in uploading arbitrary files in the FileUpProductupdate.xml smart campus (secure campus) management system 8. Attack [31370]: Caucho Resin path traversal vulnerability (CVE-2021-44138) 9. Attack [42123]: Malicious communication of Trojan FORMBOOK 4.1 version 10. Attack [31367]: Apache Tomcat Information Leakage Vulnerability (CVE-224-21733) 11. Attack [27890]: Windows TCP/IP Remote Code Execution Vulnerability (CVE-24-38063) Update rules: 1. Attack [27854]: H3C iMC Intelligent Management Center Remote Code Execution Vulnerability 2. Attack [25540]: Apache OpenOffice dBase buffer overflow vulnerability (CVE-2021-33035)
Release Time：2024-08-16 20:15:13

Name： eoi.unify.allrulepatch.ips.2.0.0.36121.rule	Version：2.0.0.36121
MD5：151f89ca50f682ae70f444c53f6368ac	Size：45.21M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.36111. The new/improved rules in this upgrade package are: New rules: 1. threat [31366]:Cobbler Arbitrary File Read Vulnerability (CVE-2021-40323) 2. threat [27889]: Tianyi Cloud web tamper-proof system background file upload vulnerability 3. threat [31368]: The list_file background directory traversal vulnerability of Tianyi Cloud Web anti-tamper system 4. threat [31369]: Tianyi Cloud web tamper-proof system download background arbitrary file download vulnerability 5. threat [42120]:DarkGate Trojan HTTP_C2 communication Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-08-15 21:46:18

Name： eoi.unify.allrulepatch.ips.2.0.0.36111.rule	Version：2.0.0.36111
MD5：673dfcca2796827b1dbfa9de125580c2	Size：45.21M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.36111. The new/improved rules in this upgrade package are: New rules: 1. threat [31362]:ZK_Framework Arbitrary File Read vulnerability (CVE-2022-36537) 2. threat [42121]: DarkGate Trojan downloaded _2 is found 3. threat [31363]:AntD Admin Sensitive Information Disclosure Vulnerability (CVE-2021-46371) 4. threat [27884]: SQL injection vulnerability in smart Government payslip interface of digital Fingertip cloud platform 5. threat [31364]:Auerswald Compact Sensitive Information Disclosure Vulnerability (CVE-2021-40859) 6. threat [31365]:Chamilo LMS SQL Injection vulnerability (CVE-2021-34187) 7. threat [27885]: Dahua DSS group_saveGroup SQL injection vulnerability 8. threat [27886]: Hangzhou Sany Qiancheng Technology vehicle monitoring service platform platformSql SQL injection vulnerability 9. threat [27887]: FineVis data visualization plugin /reuse/item arbitrary file upload vulnerability 10. threat [27888]: Qiming Enterprise Resource Planning Management DRP system deserialization vulnerability
Release Time：2024-08-15 14:25:58

Name： eoi.unify.allrulepatch.ips.2.0.0.36085.rule	Version：2.0.0.36085
MD5：0d984c8c7e9cada92d3c9506d3bcc34f	Size：45.20M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.36085. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27876]: Hitachi Vantara Pentaho Business Analytics Server code injection vulnerability (CVE-222-43769) 2. Attack [42119]: DarkGate Trojan HTTP-C2 communication 3. Attack [27878]: Remote code execution vulnerability in the ocean CMS backend admin_stmtp.php 4. Attack [27877]: pfSense operating system command injection vulnerability (CVE-222-31814) 5. Attack [27879]: UFIDA NC link/content SQL injection vulnerability 6. Attack [27880]: Phicomm Feixun fir302b A2 Operating System Command Injection Vulnerability (CVE-223-27373) 7. Attack [31361]: Multiple Interface SQL Injection Vulnerabilities in the Xiangyun Digital Catering Service System 8. Attack [27881]: Sharing Human Resources Management System TXEHR V15 hdlUploadFile.ahx arbitrary file upload vulnerability 9. Attack [27882]: H3C SecPath next-generation firewall local_cert_delete_both arbitrary file upload vulnerability matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-14 12:57:59

Name： eoi.unify.allrulepatch.ips.2.0.0.36060.rule	Version：2.0.0.36060
MD5：92deb443094680fa57bcc2ee6ecb3ff7	Size：45.18M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.36060. The rules for adding/improving this upgrade package include: Update rules: 1. Attack [27873]: Shanghai Puhua PowerPMS APPGetUser SQL injection vulnerability matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-13 16:18:08

Name： eoi.unify.allrulepatch.ips.2.0.0.36057.rule	Version：2.0.0.36057
MD5：5d3eb7dea0a3c5f2c23c66e051cc3cdf	Size：45.19M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.36057. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27871]: Netgear R6850 c4 IPAddr parameter command injection vulnerability (CVE-224-30568) 2. Attack [27872]: Netgear R6850 ntc_userver parameter command injection vulnerability (CVE-2024-30572) 3. Attack [27873]: Shanghai Puhua PowerPMS APPGetUser SQL injection vulnerability 4. Attack [27875]: UFIDA U8cloud BusinessRefAction SQL injection vulnerability 5. Attack [27874]: Vulnerability 2 in uploading arbitrary files to thousands of OA accounts 6. Attack [42117]: Discovery of DarkGate malicious Trojan download_1 7. Attack [42118]: Discovery of DarkGate malicious Trojan download matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-13 13:38:04

Name： eoi.unify.allrulepatch.ips.2.0.0.36047.rule	Version：2.0.0.36047
MD5：eb6a7db08ea9e539b0782c0e6f86a0ab	Size：45.18M
Description： This upgrade package is an intrusion prevention feature library upgrade package, which only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.36047. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27867]: SQL injection vulnerability in the shared human resources management system TXEHR V15-Employee info Service. asmx 2. Attack [31360]: WordPress Zoomsounds plugin path traversal vulnerability (CVE-2021-39316) 3. Attack [27865]: Ice Scorpion Webshell Connection (JSP) _2 4. Attack [27868]: BladeX Enterprise Development Platform Notice/List SQL Injection Vulnerability 5. Attack [27870]: WSO2 save_artifact_ajaxprocessor XXE vulnerability (CVE-2020-24589) matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-12 17:54:48

Name： eoi.unify.allrulepatch.ips.2.0.0.36031.rule	Version：2.0.0.36031
MD5：fc8a4083e0f20260a48bf59225d0e411	Size：45.16M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.36031. The new/improved rules in this upgrade package are: New rules: 1. threat [31359]:WordPress Secure Copy Content Protection and Content Locking SQL injection vulnerability (CVE-2021-24931) 2. threat [27862]: ezOFFICE graph_include.jsp SQL injection vulnerability 3. threat [27863]: File upload vulnerability SubmitUploadify of Cylan Enterprise management system 4. threat [27864]: Ice Scorpion Webshell Connection (PHP)_2 5. threat [27860]: Godzilla Godzilla JAVA_AES_BASE64 Webshell connection _2 6. threat [27866]:Windows Remote Desktop Authorization Service Remote Code Execution vulnerability (CVE-2024-38074/CVE-2024-38076/CVE-2024-38077) 7. threat [42116]: Godzilla Godzilla PHP_XOR_RAW Webshell connection _2 Update rules: 1. threat [27854]:H3C iMC Intelligent Management Center remote code execution vulnerability Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-08-10 16:11:21

Name： eoi.unify.allrulepatch.ips.2.0.0.36012.rule	Version：2.0.0.36012
MD5：860026a68b7d0821b50b8b48addf6533	Size：45.14M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.36012. The new/improved rules in this upgrade package are: New rules: 1. threat [31358]: Ubiquity E-office10 SQL file information leakage vulnerability 2. threat [27857]: Guangdong Baolun Electronic IP network broadcast service platform arbitrary file upload vulnerability 3. threat [27858]:D-Link_DAR-8000-10 Online Behavior Audit Gateway Arbitrary File upload vulnerability (CVE-2023-5154) 4. threat [27859]: Gold and OA C6 upload_json arbitrary file upload vulnerability 5. threat [31357]: SQL injection vulnerability of WordPress wp-google-maps plugin (CVE-2019-10692) 6. Threat [31356]: Arbitrary file reading vulnerability of ReportServer in official educational administration management system 7. threat [27861]: Founder's omnimedia editing system binary.do SQL injection vulnerability Update rules: 1. threat [31354]: Tencent TDSQL information leakage vulnerability (CVE-2023-42387) 2. threat [27854]:H3C iMC Intelligent Management Center remote code execution vulnerability 3. threat [27797]: edits Spel expression injection vulnerability of contract lock electronic signature platform Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-08-09 13:43:12

Name： eoi.unify.allrulepatch.ips.2.0.0.35989.rule	Version：2.0.0.35989
MD5：f01fbd5e6537947097f4c4350953507b	Size：45.13M
Description： This upgrade package is an intrusion prevention feature library upgrade package, which only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.35989. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27855]: Fujian Kelixun Communication Platform editemedia. php SQL Injection Vulnerability (CVE-224-2622) 2. Attack [27856]: Fujian Kelixun Communication Platform get_ extende_yl. php SQL Injection Vulnerability (CVE-24-2566) 3. Attack [31355]: Pan Micro OA Information Leakage Vulnerability 4. Attack [27850]: Vulnerabilities in uploading arbitrary files in cloud spatiotemporal social business ERP systems 5. Attack [27851]: Baiyi Cloud Asset Management Operation System comfileup.chp Frontline File Upload Vulnerability 6. Attack [27849]: Jinhe OA jc6 uploadFileForJinht arbitrary file upload vulnerability 7. Attack [27852]: Bihaiwei Technology - L7 Cloud Routing Jumper.php Command Execution Vulnerability 8. Attack [27853]: GetFieldJson SQL injection vulnerability in Sailan Enterprise Management System 9. Attack [27854]: H3C iMC Intelligent Management Center Remote Code Execution Vulnerability matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-08 00:02:52

Name： eoi.unify.allrulepatch.ips.2.0.0.35967.rule	Version：2.0.0.35967
MD5：3d626ce451f7cc63d649701a808bcca5	Size：45.12M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.35967. The rules for adding/improving this upgrade package include: New rule: 1. Attack [31353]: WordPress plugin Classifieds SQL injection vulnerability (CVE-222-3254) 2. Attack [27846]: Feiqi Internet FE Enterprise Operations Management Platform publicData.jsp SQL Injection Vulnerability 3. Attack [27847]: SSTI vulnerability in Guotai Xindian electronic bidding system 4. Attack [27848]: SQL injection vulnerability in CDGAuthoriseTempletService interface of Yisaitong electronic document security management system 5. Attack [31354]: Tencent TDSQL Information Leakage Vulnerability (CVE-23-42387) matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-07 18:20:10

Name： eoi.unify.allrulepatch.ips.2.0.0.35956.rule	Version：2.0.0.35956
MD5：0bc593fe6e791b000fe4a4ca948963e8	Size：45.11M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.35956. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27835]: Microsoft Windows MSHTML Platform security vulnerability (CVE-24-38112) 2. Attack [31352]: Stitionai Devika path traversal vulnerability (CVE-24-40422) 3. Attack [27836]: Tenda O3 buffer overflow vulnerability (CVE-224-7152) 4. Attack [27837]: XXE vulnerability in deleteRequestInfoByXML interface of pan micro E-Cology system 5. Attack [27838]: Fujian Kelixun Communication Platform downFILE. php SQL Injection Vulnerability (CVE-224-2621) 6. Attack [27839]: Feiqi Internet parseTree interface SQL injection vulnerability 7. Attack [27840]: SQL injection vulnerability in the checkGroupCode interface of Feiqi Internet 8. Attack [27595]: Feiqi Internet FE Enterprise Operations Management Platform EfficientCodewidget39 and ajax_codewidget39 Interface SQL Injection Causes RCE Vulnerability 9. Attack [27841]: NetEase SecGate 3600 firewall rout_ispinfo_intr_stave file upload vulnerability 10. Attack [27842]: Jinhe OA C6 RssModulesHttp.xml SQL injection vulnerability 11. Attack [27843]: Blue Ling OA arbitrary file upload vulnerability 12. Attack [27844]: Mingfei MCMS template injection remote code execution vulnerability 13. Attack [27845]: Buffer overflow vulnerability in TOTOLINK seturlFilterRules function (CVE-224-7184) Update rules: 1. Attack [27825]: Fujian Kelixun Communication Command and Dispatch Management Platform Task upload interface arbitrary file upload vulnerability 2. Attack [27826]: Fujian Kelixun Communication Command and Dispatch Management Platform event_uploadfile interface arbitrary file upload vulnerability matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-07 14:04:47

Name： eoi.unify.allrulepatch.ips.2.0.0.35934.rule	Version：2.0.0.35934
MD5：494e54a50b16d240dc67280df418c698	Size：45.08M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.35934. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27831]: Wavlink WL-WN575A3 command injection vulnerability (CVE-222-34592) 2. Attack [27832]: D-Link DAR-7000 SQL injection vulnerability (CVE-23-44694) 3. Attack [27833]: KingSelQuatation SQL injection vulnerability in Fangtian Cloud intelligent platform system 4. Attack [27834]: Dahua Smart Park OCX Control Arbitrary File Upload Vulnerability 5. Attack [31350]: Arbitrary file reading vulnerability in ShowPic, a collaborative office software developed by Yijie OA 6. Attack [31351]: WordPress plugin Metform sensitive information leak vulnerability (CVE-222-1442) 7. Attack [31348]: VICIdiol Information Leakage Vulnerability (CVE-2021-28854) Update rules: 1. Attack [26776]: Wavlink device command injection vulnerability (CVE-2020-1317/CVE-222-35526) matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-06 17:44:19

Name： eoi.unify.allrulepatch.ips.2.0.0.35919.rule	Version：2.0.0.35919
MD5：fc722da5007778cdc3451fdf249812dc	Size：45.08M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.35919. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27830]: Pan Micro Cloud Bridge e-Bridge arbitrary file upload vulnerability 2. Attack [27828]: Hikvision Operations Management Center Center/API/Session Remote Command Execution Vulnerability 3. Attack [27825]: Fujian Kelixun Communication Command and Dispatch Management Platform Task upload interface arbitrary file upload vulnerability 4. Attack [27826]: Fujian Kelixun Communication Command and Dispatch Management Platform event_uploadfile interface arbitrary file upload vulnerability 5. Attack [27827]: Fujian Kelixun Communication Command and Dispatch Management Platform Upload Interface Arbitrary File Upload Vulnerability 6. Attack [27829]: Tenda formAddSysLogRule function buffer overflow vulnerability (CVE-2024-0541) 7. Attack [31349]: TVT DVR TD-2104TS-C/TD-2108TS-HP Device Information Leakage Vulnerability (CVE-224-7339) matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-06 14:10:51

Name： eoi.unify.allrulepatch.ips.2.0.0.35902.rule	Version：2.0.0.35902
MD5：cb6e93584e8d6d08d460203247e4bec7	Size：45.08M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.35902. The rules for adding/improving this upgrade package include: New rule: 1. Attack [31345]: Mankebao backend management system downloadWebFile arbitrary file read vulnerability 2. Attack [27821]: TOTOLINK A3600R buffer overflow vulnerability (CVE-224-7176) 3. Attack [27820]: TOTOLINK A3600R command execution vulnerability (CVE-224-7175) 4. Attack [27818]: Unraid 6.8.0 Remote Code Execution Vulnerability (CVE-2020-5847) 5. Attack [27823]: Apache OFBiz Remote Code Execution Vulnerability (CVE-224-38856) 6. Attack [31347]: Update Star HD Network Real time Monitoring System path traversal vulnerability (CVE-2021-45043) 7. Attack [27816]: Call OA system index SQL injection vulnerability 8. Attack [27822]: Hikvision Integrated Security Management Platform uploadAllPackage arbitrary file upload vulnerability 9. Attack [31346]: D-LINK DAR-8000-10 Internet Behavior Audit Gateway Arbitrary File Reading Vulnerability 10. Attack [27819]: Vulnerabilities in uploading arbitrary files in the Little Fox Chatgpt paid creation system 11. Attack [27824]: F-logic DataCube3 command injection vulnerability (CVE-224-7066) Update rules: 1. Attack [26774]: TOTOLINK setDiagnosisCfg command injection vulnerability (CVE-222-38534/CVE-24-2353) matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-08-05 18:37:07

Name： eoi.unify.allrulepatch.ips.2.0.0.35876.rule	Version：2.0.0.35876
MD5：d81af7539fb28838b03e04948661a96b	Size：45.06M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35876. The new/improved rules in this upgrade package are: New rules: 1. threat [27809]: Zhiyuan FE collaborative office platform apprvaddNew SQL injection vulnerability 2. threat [27811]: Celan enterprise management system AuthToken arbitrary account login vulnerability 3. threat [27812]: Random file upload vulnerability on the clusters interface of Hikvision Integrated Security Management platform 4. threat [27814]: Deep belief desktop cloud report center remote code execution vulnerability 5. threat [27785]:Metinfo SQL Injection vulnerability (CVE-2019-16996) Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-08-03 18:14:43

Name： eoi.unify.allrulepatch.ips.2.0.0.35869.rule	Version：2.0.0.35869
MD5：378428c6b3669cf821d20f069c9d5073	Size：45.06M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35869. The new/improved rules in this upgrade package are: New rules: 1. threat [27776]: Fang Tianyun intelligent platform system upload.ashx arbitrary file Upload vulnerability 2. threat [31338]: Information disclosure vulnerability of getDataSource, unified identity authentication platform 3. threat [31339]:WordPress plugin PayPlus Payment Gateway SQL Injection vulnerability (CVE-2024-6205) 4. threat [27779]:TOTOLINK setTr069Cfg method Command Injection vulnerability (CVE-2024-23058) 5. threat [27777]:Tenda formWifiMacFilterGet function buffer overflow vulnerability (CVE-2024-0542/CVE-2024-0993) 6. threat [27780]:Tenda formwrlSSIDset Function Buffer Overflow vulnerability (CVE-2024-0992) 7. threat [27781]: Gold and OA C6 HomeService.asmx SQL injection 8. threat [27788]:TOTOLINK N600R Command injection vulnerability (CVE-2022-26186) 9. Attack [27787] : gold and OA C6 IncentivePlanFulfill aspx SQL injection vulnerabilities 10. threat [27782]: Xunyi 74cms SQL Injection vulnerability (CVE-2020-22209) 11. Threat [27783]:AspCMS commentList.asp SQL injection vulnerability 12. threat [27784]:Metinfo SQL Injection vulnerability (CVE-2019-16997) 13. Threat [31344]: UF NC-Cloud queryStaffByName SQL injection vulnerability 14. Threat [27789]:Metinfo SQL Injection vulnerability (CVE-2019-17418) 15.Threat [27786]: Zhen Yun SRM cloud platform public SpEL expression injection vulnerability 16. threat [27778]: Ubiq e-cology HrmService SQL injection vulnerability 17. Threat [27791]: UF NC hrss/attach.download.d SQL injection vulnerability 18. Threat [31341]:TOTOLINK EX1200T Information Disclosure Vulnerability (CVE-2021-42886) 19. Threat [27793]: Gold and OA C6 CarCardInfo.aspx SQL injection vulnerability 20. threat [27790]:Tenda AX1806 Buffer Overflow vulnerability (CVE-2024-40414) 21. Threat [27792]: Nevma Adaptive Images plugin information disclosure vulnerability (CVE-2019-14205) 22. Threat [31342]:Apache Solr sensitive information disclosure vulnerability 23. Threat [27797]: edits Spel expression injection vulnerability on contract lock electronic signature platform 24. Threat [27798]: Gold and OA C6 MailTemplates.aspx SQL injection vulnerability 25. threat [27799]:TOTOLINK UploadCustomModule Function Buffer Overflow vulnerability (CVE-2024-7331) 26. threat [27800]:TOTOLINK X6000R Command Execution vulnerability (CVE-2023-52040) 27. Threat [27795]:JeecgBoot userController.do Reflective XSS vulnerability 28. Threat [27796]: SQL injection vulnerability of SpringBlade menu interface 29. Threat [27794]: Generic E-Cology JNDI injection vulnerability 30. Threat [31343]: Microecology system setup interface information leakage vulnerability 31. Threat [27802]: Yonyou ChangJietong -TPlus system ajaxpro interface SSRF vulnerability 32. Threat [27803]:Jeecg-Boot Cross-site scripting vulnerability (CVE-2021-44585) 33. Threat [27801]: GetCompanyItem SQL injection vulnerability of Fangtianyun Intelligence Platform system 34. Threat [27805]:TOTOLINK Ex200 Command Injection vulnerability (CVE-2021-43711) 35. Threat [27804]: Gold and OA jc6 viewConTemplate.action interface FreeMarker template injection vulnerability 36. Threat [27807]: UF NC-Cloud queryPsnInfo SQL injection vulnerability 37. Threat [27806]:Quicklancer listing Interface SQL Injection vulnerability (CVE-2024-7188) 38. Threat [27808]: SQL injection vulnerability of getAutoCode, ezOFFICE collaborative management platform Update rules: 1. threat [27771]:Tenda formSetAutoPing Function Buffer Overflow vulnerability (CVE-2024-0990) 2. threat [27772]:Tenda formSetCfm Function Buffer Overflow vulnerability (CVE-2024-0991/CVE-2024-0996) 3. threat [60245]:HTTP SQL injection attempt type 8 4. threat [63682]:HTTP SQL injection attempt type 3 5. threat [27177]:ClamAV virus Event Name Command Injection vulnerability (CVE-2024-20328) 6. threat [27781]: Gold and OA C6 HomeService.asmx SQL injection vulnerability 7. threat [41047]: Scanning operation of Web application vulnerability scanner Nikto 8. threat [27402]: Suspected Java FreeMarker template injection in request parameter Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-08-02 21:31:58

Name： eoi.unify.allrulepatch.ips.2.0.0.35805.rule	Version：2.0.0.35805
MD5：d6884b6ff37bcf04b98f89a43d4c8e7f	Size：44.95M
Description： This upgrade package is for the Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version has been changed to 2.0.0.35805. The rules for adding/improving this upgrade package include: New rule: 1. Attack [27759]: LiveBOS UploadImage.do arbitrary file upload vulnerability 2. Attack [31337]: Sharp multifunctional printer unauthorized access vulnerability (CVE-24-33605) 3. Attack [27760]: TOTOLINK setMacFiltering Rules method command injection vulnerability (CVE-224-24328) 4. Attack [27758]: Remote code execution vulnerability in building block report 5. Attack [27764]: Accessing OA logincheck.chp SQL injection vulnerability 6. Attack [27762]: TOTOLINK setNtpCfg method command injection vulnerability (CVE-224-23057) 7. Attack [27766]: Yonyou NC Cloud/ncchr/bustrip/apply/queryApplyTypes SQL injection vulnerability 8. Attack [27769]: UFIDA Ufida/hrss/ref. show. d SQL injection vulnerability 9. Attack [27770]: Command injection vulnerability in TOTOLINK setPortForwardRules method (CVE-224-24329) 10. Attack [27767]: Open access OA getdata.chp arbitrary file upload vulnerability 11. Attack [27763]: Multiple SQL injection vulnerabilities in UFIDA Space KSOA 12. Attack [27761]: Tenda A15 Stack Overflow Vulnerability (CVE-2024-0531) 13. Attack [27765]: TOTOLINK A3300R setWiFiAclRules method command injection vulnerability (CVE-224-24333) 14. Attack [27768]: TOTOLINK A3300R setWiFiSchedule Cfg method command injection vulnerability (CVE-224-24331) 15. Attack [27771]: Tenda i6 formSetAutoPing function buffer overflow vulnerability (CVE-2024-0990) 16. Attack [27772]: Tenda i6 formAKS function buffer overflow vulnerability (CVE-2024-0991) 17. Attack [27773]: GetConsumerLinkman SQL injection vulnerability in Fangtian Cloud intelligent platform system 18. Attack [27774]: TOTOLINK setSchedule Cfg method command injection vulnerability (CVE-224-23061) 19. Attack [27775]: LiveBOS UploadFile.do arbitrary file upload vulnerability Update rules: 1. Attack [27732]: Command execution vulnerability in xtdysrv.asmx financial system of Inspur Cloud matters needing attention: After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, 3-5 ping packages will be lost. Please choose a suitable time to upgrade
Release Time：2024-07-31 23:03:11

Name： eoi.unify.allrulepatch.ips.2.0.0.35769.rule	Version：2.0.0.35769
MD5：77ab19d5c9a5b525bb04d43e9463db42	Size：44.92M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35769. The new/improved rules in this upgrade package are: New rules: 1. threat [27731]: UF NC pagesServlet SQL injection vulnerability 2. threat [27733]: Access OA V11.10 login.php SQL injection vulnerability 3. threat [31336]: Gold and OA C6 UploadFileDownLoadnew arbitrary file read vulnerability 4. threat [27740]: Jinwanwei cloud application system access platform GNRemote.dll remote command execution vulnerability 5. threat [27734]: Lanling EIS intelligence collaboration platform doc_fileedit_word.aspx SQL injection vulnerability 6. threat [27735]: Lanling EIS intelligence collaboration platform frm_form_list_main.aspx SQL injection vulnerability 7. threat [27736]: Lanling EIS intelligence collaboration platform frm_button_func.aspx SQL injection vulnerability 8. threat [27737]: Lanling EIS intelligence collaboration platform ShowUserInfo.aspx SQL injection vulnerability 9. threat [27739]: Lanling EIS intelligence collaboration platform fl_define_flow_chart_show.aspx SQL injection vulnerability 10. threat [27741]:Tosei self-washing machine network_test.php remote command execution vulnerability 11. threat [27742]:TOTOLINK setDdnsCfg Command injection vulnerability (CVE-2024-23059) 12. threat [27743]: Bonyong PM2 project management platform system ExcelIn.aspx arbitrary file upload vulnerability 13. Threat [27747]: Remote Code execution vulnerability of Tachikawa Technology PEPM Management System 14. Threat [27750]: SQL injection vulnerability of construction project management software BusinessManger.ashx 15. Threat [27751]: desktop.ashx SQL injection vulnerability of civil engineering management system 16. threat [27744]:TOTOLINK getSaveConfig Function Buffer Overflow vulnerability (CVE-2024-7172) 17. threat [27745]:TOTOLINK loginAuth function Buffer overflow vulnerability (CVE-2024-1004) 18. Threat [27746]:TOTOLINK setParentalRules function Buffer Overflow Vulnerability (CVE-2024-24325) 19. Threat [27752]:TOTOLINK NTPSyncWithHost function command injection vulnerability (CVE-2024-0296) 20. Threat [27753]:TOTOLINK setDmzCfg method Command Injection vulnerability (CVE-2024-23060) 21. Threat [27755]:TOTOLINK setIpv6Cfg method Command Injection vulnerability (CVE-2024-24327) 22. Threat [27756]:LeptonCMS Arbitrary File Upload Vulnerability (CVE-2024-24399) 23. Threat [27754]: uploadThumb file upload vulnerability of Topos TRS media asset management system 24. Threat [27757]: Renbank CRM deserialization vulnerability Update rules: 1. threat [27726]:TOTOLINK setWizardCfg function Command Injection vulnerability (CVE-2024-1781) 2. threat [27727]:TOTOLINK setWanCfg Function Command Execution vulnerability (CVE-2024-22942) 3. threat [26887]: Redsail OA udfmr.asmx SQL injection vulnerability Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-07-30 21:56:02

Name： eoi.unify.allrulepatch.ips.2.0.0.35733.rule	Version：2.0.0.35733
MD5：fda245914ca8215d91ad3bc8c20c0b21	Size：44.88M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35733. The new/improved rules in this upgrade package are: New rules: 1. threat [27726]:TOTOLINK N350R setWizardCfg buffer overflow vulnerability 2. threat [27727]:TOTOLINK LR350 setWanCfg command execution vulnerability 3. threat [27728]: Maipdor service convergence gateway send_order.cgi remote command execution vulnerability 4. threat [27729]:BJCA electronic seal signing system template injection vulnerability 5. threat [27730]: hikvision Integrated Security management platform command execution vulnerability Update rules: 1. threat [31322]: Huatian Power OA downloadWpsFile.jsp arbitrary file read vulnerability 2. threat [26764]: Multiple deserialization RCE vulnerabilities in UF U8 Cloud 3. threat [27268]: UF NC complainbilldetail and complainjudge SQL injection vulnerability Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-07-29 23:09:33

Name： eoi.unify.allrulepatch.ips.2.0.0.35721.rule	Version：2.0.0.35721
MD5：b0ff48623c7088c219208be8b072fb83	Size：44.87M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35721. The new/improved rules in this upgrade package are: New rules: 1. threat [27711]: Hikvision Integrated security management platform keepAlive remote code execution vulnerability 2. threat [27714]: hikvision Integrated security management platform applyAutoLoginTicket remote code execution vulnerability 3. threat [27715]: Hualei Technology Logistics getOrderTrackingNumber SQL injection vulnerability 4. threat [27716]: Hualei Technology logistics modifyInsurance SQL injection vulnerability 5. threat [31328]: Zhuyun IAM platform /admin-api/ Unauthorized access vulnerability 6. threat [27717]: Resconda - Multi-service intelligent gateway list_base_config.php remote command execution vulnerability 7. threat [31329]: Koron AIO moffice SQL injection vulnerability 8. threat [27719]:Tenda formexeCommand Function Buffer Overflow vulnerability (CVE-2024-2558) 9. threat [31332]: Ruijie EG350 easy gateway management system phpinfo leak vulnerability 10. threat [27718]:TOTOLINK A6000R webcmd Remote command execution vulnerability 11. Threat [31330]: DownloadBuilder arbitrary file read vulnerability 12. threat [31331]: Cylan enterprise management system GetJSFile arbitrary file read vulnerability 13. Threat [31333]: Cylan enterprise management system ReadTxtLog arbitrary file reading vulnerability 14. Threat [31334]: PlanDownLoad arbitrary file reading vulnerability of Tianwen Property ERP system 15. threat [27722]:Tenda R7WebsSecurityHandler Function Buffer Overflow vulnerability (CVE-2024-2547) 16. threat [27723]:Tenda setSchedWifi function Buffer Overflow vulnerability (CVE-2024-2490) 17. Threat [27725]: Hanwang Smart Park file upload vulnerability 18. Threat [27724]: Access OA auth.php SQL injection vulnerability 19. Threat [31335]: Access OA go.php SQL injection vulnerability 20. Threat [31324]: Tianwen Property ERP system OwnerVacantDownLoad.aspx arbitrary file read vulnerability 21. Threat [31327]: Tianwen Property ERP docfileDownLoad.aspx arbitrary file reading vulnerability Update rules: 1. threat [27471]:Tenda wpapsk_crypto2_4g Parameter buffer overflow vulnerability (CVE-2024-0532/CVE-2024-2546) 2. threat [25771]:ThinkPHP Multilingual Remote Code Execution Vulnerability (CVE-2022-47945) Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-07-29 19:19:57

Name： eoi.unify.allrulepatch.ips.2.0.0.35693.rule	Version：2.0.0.35693
MD5：f566ce414280adff0901cdc42bffa7ee	Size：44.83M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35693. The new/improved rules in this upgrade package are: New rules: 1. threat [31323]: Huizhi ERP filehandle arbitrary file read vulnerability 2. threat [27708]: Command execution vulnerability of holographic AI network operation and maintenance platform 3. threat [31321]: Suspected Nmap enip scanning behavior 4. The attack [27707] : ufida NC UserAuthenticationServlet deserialization RCE loopholes 5. threat [27704]: Red Sea Cloud EHR kqFile.mob arbitrary file upload vulnerability 6. threat [31325]: Tianwen Property ERP system VacantDiscountDownLoad arbitrary file reading vulnerability 7. Attack [31326] : jiu ge ParkingFeelFileDownLoad property of ERP system. The aspx file read any loophole 8. threat [31322]: Huatian Power OA downloadWpsFile.jsp arbitrary file read vulnerability 9. threat [27709]:SpringBlade tenant/list SQL Injection vulnerability revisited (CVE-2024-33332) 10. threat [27710]:SpringBlade dict-biz/list SQL injection vulnerability 11. threat [27712]:Spring Cloud Data Flow Remote Code Execution Vulnerability (CVE-2024-37084) 12. threat [27713]: Sails report FineVis data visualization plug-in arbitrary file write vulnerability Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-07-27 19:37:11

Name： eoi.unify.allrulepatch.ips.2.0.0.35678.rule	Version：2.0.0.35678
MD5：26125ec24cd6162c140c4a85461a9548	Size：44.81M
Description： This upgrade package is for Zealot 2.0 Intrusion Prevention signature database/Application Identification signature database. It supports only firmware version 5.6R11F01 and engine version 5.6R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35678. The new/improved rules in this upgrade package are: New rules: 1. threat [27698]: UF NC querygoodsgridbycode SQL injection vulnerability 2. threat [31317]:GB28181 camera management platform SQL injection vulnerability 3. threat [31319]:Allegra download.action directory traversal vulnerability (CVE-2024-22507) 4. threat [27699]:Allegra uploadFile.action directory traversal vulnerability (CVE-2024-22510) 5. Threat [31320]: Suspected Nmap SIP scanning behavior 6. threat [27701]: UF NC sprmonitorservlet deserialization vulnerability 7. threat [27702]: UF NC datacollectservlet deserialization vulnerability 8. threat [27697]: Gold and OA C6 GeneralXmlhttpPage.aspx SQL injection vulnerability 9. threat [27700]: UF U8cloud ESBInvokerServlet deserialization vulnerability 10. threat [27705]: Cloud class online school system file upload vulnerability 11. threat [27613]:Business Directory Script Cross-site Scripting vulnerability (CVE-2023-41538) Update rules: 1. threat [42115]:Goby tool scan attack probe _3 Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-07-26 19:45:08

Name： eoi.unify.allrulepatch.ips.2.0.0.35656.rule	Version：2.0.0.35656
MD5：fbab30fecfc7272d702b06cd6bd9ef7c	Size：44.80M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35656. The new/improved rules in this upgrade package are: New rules: 1. threat [27681]: Lanling EIS org_examine SQL injection vulnerability 2. threat [27682]: multiple SQL injection vulnerabilities in the campus card management system 3. threat [27683]: wechat public platform unlimited callback system /user/ajax.php SQL injection vulnerability 4. Threat [27685]: Tens of thousands OA file2Html.controller uploads any file 5. threat [27686]: Access OA get_columns.php SQL injection vulnerability 6. threat [27684]: Koto's full intelligent parking toll system Webservice.asmx arbitrary file upload vulnerability 7. threat [42113]:Goby tool scans attack probe _2 8. threat [27688]:FineReport Sail view form SQL injection vulnerability 9. threat [27687]:FineReport Sail soft report view form file upload vulnerability 10. Threat [42114]:Nmap OS scanning behavior 11. Threat [27689]: invite_one_ptter remote command execution vulnerability of Fujian Collicum Communication command and dispatch management platform 12. threat [27690]: UF Space-time KSOA PreviewKPQT SQL injection vulnerability 13. Threat [27669]: UOB Wisdom channels SQL injection vulnerability 14. Threat [27691]: Flycom Cloud -WMS /MyDown/MyImportData foreground SQL injection vulnerability 15. Threat [27692]:TOTOLINK apcli_do_enr_pin_wps command execution vulnerability 16. Threat [27693]: Lenovo cloud disk arbitrary user login vulnerability 17. Threat [27694]: SSRF vulnerability of installOperate interface of Ubiquity E-Mobile system Update rules: 1. threat [31316]:Apache Pulsar path traversal vulnerability (CVE-2024-27317) 2. threat [30869]: Micro-e-Office leave_record.php sql injection vulnerability Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-07-25 22:29:01

Name： eoi.unify.allrulepatch.ips.2.0.0.35615.rule	Version：2.0.0.35615
MD5：f52e317b93271f536c5ba82bcaa4fd9e	Size：44.78M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35615. The new/improved rules in this upgrade package are: New rules: 1. threat [31312]: Linkworks GetAllData information leakage vulnerability 2. threat [27665]: Lanling EIS DingUsers.aspx SQL injection vulnerability 3. threat [27666]: Ubiquity e-cology9 WorkPlanService foreground SQL injection vulnerability 4. threat [27676]: Remote code execution vulnerability of Zhiyuan OA ConstDef interface 5. threat [27670]:DedeCMS article_template_rand.php Remote code execution vulnerability 6. threat [31315]: UF U9cloud TransWebService.asmx information disclosure vulnerability 7. threat [27674]:DedeCMS sys_verizes php remote code execution vulnerability 8. threat [27672]: import.php arbitrary file upload vulnerability of UF CRM customer relationship management system 9. threat [27675]:Allegra Excel Import Deserialization vulnerability (CVE-2024-22506) 10. threat [31316]:Apache Pulsar path traversal vulnerability (CVE-2024-27317) 11. Threat [27668]: Glodon OA arbitrary file read vulnerability Update rules: 1. threat [31310]: Run the dataSphereServlet arbitrary file read vulnerability 2. threat [27652]: Sails report V10 ReportServer SQL injection vulnerability 3. threat [27657]: Rubik's table mailupdate.jsp interface arbitrary file upload vulnerability (CVE-2024-28441) Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-07-24 23:48:40

Name： eoi.unify.allrulepatch.ips.2.0.0.35584.rule	Version：2.0.0.35584
MD5：af68ca61b1ec7e8795223921ddef00ee	Size：44.86M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35584. The new/improved rules in this upgrade package are: New rules: 1. threat [27615]: invite2videoconf interface command injection vulnerability 2. threat [27604]:Ivanti EPM SQL Injection vulnerability (CVE-2024-29824) 3. threat [27606]:TP-LINK ER7206 Operating system Command injection vulnerability (CVE-2023-43482) 4. threat [27609]:WordPress HTML5 Video Player SQL Injection vulnerability (CVE-2024-5522) 5. Attack [27611] : friend GRP - A - Cloud government financial Cloud system selectGlaDatasourcePreview SQL injection vulnerabilities 6. threat [31302]:Netgear-WN604 downloadFile.php Information Disclosure vulnerability (CVE-2024-6646) 7. threat [31303]: HIKVISION network gateway userInfoData interface information leakage vulnerability 8. threat [27617]: Micro E-Cology getLabelByModule SQL injection vulnerability 9. threat [31300]: There is arbitrary file reading vulnerability in UF NC word.docx interface 10. threat [31299]: Shared human resource management system -TXEHR V15 DownloadTemplate file reading vulnerability 11. Threat [31301]:QNAP Systems QTS and QuTS hero SQL Injection vulnerability (CVE-2022-27596) 12. threat [27614]:RaspAP del_ovpncfg.php Command injection vulnerability (CVE-2022-39986) 13. threat [27619]:RaspAP get_netcfg.php command injection vulnerability (CVE-2021-33357) 14. Threat [27618]: 10,000 households OA pic/ Pic.jsp SQL injection vulnerability 15. Threat [27610]:Imo Cloud office system get_file.php remote command execution vulnerability 16. threat [27620]: Kron AIO UtilServlet arbitrary command execution vulnerability 17. Threat [31304]: OA Logindownload.jsp arbitrary file read vulnerability 18. Threat [27622]:SugarCRM File Upload vulnerability (CVE-2023-22952) 19. Threat [27607]:Jeesite SQL Injection vulnerability (CVE-2023-34601) 20. Threat [27608]:GruppoSCAI RealGimm Cross-site Scripting vulnerability (CVE-2023-41642) 21. Threat [27616]:Ipeak Ibexwebcms SQL Injection Vulnerability (CVE-2021-3018) 22. Threat [27623]: RuoYi SQL injection vulnerability (CVE-2022-4566) 23. Threat [27624]: Cloud OA 7.0 fastjson deserialization vulnerability 24. Threat [27626]: 10,000 OA ezOffice RhinoScriptEngineService command execution vulnerability Threat [27627]:Nacos data/removal file upload vulnerability 26. Threat [27628]: OA DocumentEditExcel.jsp SQL injection vulnerability 27. Threat [27621]:HSC Cybersecurity HC Mailinspector path traversal Vulnerability (CVE-2024-34470) 28. Threat [27629]: 10,000 OA contract_gd.jsp SQL injection vulnerability 29. Threat [27630]: OA check_onlyfield.jsp SQL injection vulnerability 30. Attack [42112]: Malicious mining program 1337 domain communication 31. Threat [27631]:Fogproject export.php Remote Command Execution Vulnerability (CVE-2024-39914) 32. Threat [27634]:Tenda SetPptpServerCfg Buffer Overflow Vulnerability (CVE-2024-0924) 33. Threat [27636]:Tenda SetVirtualServerCfg Stack Overflow Vulnerability (CVE-2024-0925) 34. Threat [31306]:H3C ER8300G2-X Router Information Disclosure Vulnerability (CVE-2024-32238) 35. threat [27646]: standardapiaction_Vehiclets.action SQL injection vulnerability of CMSV6 vehicle video surveillance platform 36. Threat [27637]:Tenda WifiWpsOOB Stack Overflow Vulnerability (CVE-2024-0926) 37. threat [27638]:Tenda fromSetWirelessRepeat Stack Overflow Vulnerability (CVE-2024-0930) 38. Threat [27649]:Tenda QuickIndex Stack Overflow Vulnerability (CVE-2024-0922) 39. Threat [31307]: Glotech OA ArchiveWebService interface XML entity injection vulnerability 40. threat [27647]:Tenda O3 Code Execution Vulnerability (CVE-2024-6963) 41. Threat [31308]: UniNXG SQL injection vulnerability 42. Threat [27657]: Rubik's Table mailupdate.jsp interface arbitrary file upload vulnerability (CVE-2024-28441) 43. Threat [27658]: Run report platform dataSphereServlet arbitrary file upload vulnerability 44. Threat [31309]: Run report platform InputServlet arbitrary file read vulnerability 45. Threat [27659]: Report platform InputServlet arbitrary file upload vulnerability 46. Threat [31310]: Dry report dataSphereServlet arbitrary file read vulnerability 47. Threat [31311]: Tianwen Property ERP system ContractDownLoad.aspx arbitrary file reading vulnerability 48. Threat [27653]: Hikvision Integrated Security Management Platform command injection vulnerability 49. Threat [27656]: ezOFFICE DocumenteDIT_unit.jsp SQL injection vulnerability Update rules: 1. threat [27605]: Cylan enterprise management system GetExcellTemperature SQL injection vulnerability 2. threat [30806]: Micro E-Cology getSqlData SQL injection vulnerability 3. threat [31119]: Huaxia ERP Account Password disclosure vulnerability (CVE-2024-0490) 4. threat [27472]:Tenda Buffer Overflow vulnerability (CVE-2024-0533/CVE-2024-0923) 5. threat [25475]:Apache Log4j2 Remote Code Execution vulnerability (CVE-2021-44228/CVE-2021-45046) 6. threat [30787]:Swagger sensitive information leakage vulnerability 7. threat [31238]:Alibaba Nacos default accessToken login vulnerability 8. threat [23614]:Oracle Weblogic Server Java deserialization vulnerability 9. threat [27652]: Sails report V10 ReportServer SQL injection vulnerability Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-07-24 17:39:59

Name： eoi.unify.allrulepatch.ips.2.0.0.35568.rule	Version：2.0.0.35568
MD5：7424ff3b6f749eb50af472c2aee450bd	Size：44.85M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35568. The new/improved rules in this upgrade package are: New rules: 1. threat [27643]: ajax_users.php SQL injection vulnerability of Fujian Collexion communication command and dispatch management platform 2. threat [27640]: The disable SQL injection vulnerability of the CMS V6 vehicle positioning monitoring platform 3. threat [31305]: Tianwen Property ERP system AreaAvatarDownLoad.aspx arbitrary file reading vulnerability 4. threat [27641]: SQL injection vulnerability on the NoticeAjax interface of Cyton electronic document Security management system 5. threat [27642]: SQL injection vulnerability of NetSecConfigAjax interface of Cyton electronic document security management system 6. threat [27644]:1Panel Foreground sql Injection vulnerability (CVE-2024-39911) 7. threat [27652]: Sails report V10 ReportServer SQL injection vulnerability 8. threat [27654]: Topos arbitrary file upload vulnerability 9. threat [27648]: UF U8 Cloud KeyWordDetailReportQuery and KeyWordReportQuery SQL injection vulnerability 10. threat [27645]: detection front desk RCE vulnerability of Hikvision Integrated security management platform 11. threat [27651]: Inspur Cloud financial system command execution vulnerability 12. threat [27650]: invite_one_member Remote command execution vulnerability of Fujian Collisun communication command and dispatch management platform Update rules: 1. threat [25475]:Apache Log4j2 Remote Code Execution Vulnerability (CVE-2021-44228/CVE-2021-45046) Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-07-24 00:41:54

Name： eoi.unify.allrulepatch.app.2.0.0.35535.rule	Version：2.0.0.35535
MD5：824b857fb23b1e370027bec612770be0	Size：44.82M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35535. The new/improved rules in this upgrade package are: New rules: 1. threat [27633]: Micro e-cology background code execution vulnerability 2. threat [27639]: Lanling OA foreground code execution vulnerability Update rules: 1. threat [27352]: Lanling OA dataxml.jsp remote code execution vulnerability 2. threat [26425]: Microecology login bypass vulnerability Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-07-22 23:54:24

Name： eoi.unify.allrulepatch.ips.2.0.0.35495.rule	Version：2.0.0.35495
MD5：acc8f1ff8dd2aa955809893b71c2b105	Size：44.77M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35495. The new/improved rules in this upgrade package are: New rules: 1. threat [27555]: Yihua Human resource management system unloadfile arbitrary file upload vulnerability 2. threat [27556]: Datang Telecom NVS3000 integrated video surveillance platform getDepResList SQL injection vulnerability 3. threat [27553]:QNAP Remote Code Execution vulnerability (CVE-2024-27130) 4. threat [27554]:D-Link NAS device Command Injection vulnerability (CVE-2024-3273/CVE-2024-3272) 5. threat [27557]:JeecgBoot queryFilterTableDictInfo SQL injection vulnerability (CVE-2023-34603) 6. Attack [27558] : JeecgBoot queryTableDictItemsByCode SQL injection vulnerabilities (CVE - 2023-34602) 7. threat [31288]: COSCO integrated supervision cloud platform DownFile arbitrary file reading vulnerability 8. threat [27559]:SoftNAS Cloud Command Injection vulnerability (CVE-2018-14417) 9. threat [27561]: hikvision IP network intercom broadcast system backdoor account login 10. threat [31289]: Ubiquity E-Cology getFileViewUrl SSRF vulnerability 11. threat [31290]:Teclib GLPI SQL Injection vulnerability (CVE-2019-10232) 12. threat [27562]:Joomla 3.4.6 Remote Code Execution Vulnerability (CNVD-2019-34135) 13. Threat [27566]:Panabit Intelligent Application Gateway Remote Code execution vulnerability 14. Threat [27563]:GeoServer WFS GetFeature Foreground Code Execution Vulnerability (CVE-2024-36401/CVE-2024-36404) 15. threat [27564]:GeoServer WMS getMap Foreground Code Execution Vulnerability (CVE-2024-36401/CVE-2024-36404) 16. threat [27565]:GeoServer WPS Execute Foreground Code Execution vulnerability (CVE-2024-36401/CVE-2024-36404) 17. Threat [31291]:Joomla Harmis JE Messenger component path Traversal vulnerability (CVE-2019-9922) 18. Threat [27567]: Langxin Tianji human resource management system GetFunc_code.asmx SQL injection vulnerability 19. Threat [27568]: Macro eHR FrCodeAddTreeServlet SQL injection vulnerability 20. Threat [27569]: Macro EHR train_get_code_tree SQL injection vulnerability Threat [27570]: Macro EHR customreport/tree SQL injection vulnerability 22. Threat [27571]: Macro EHR report_orgtree SQL injection vulnerability Threat [27572]: Macro View eHR downloadall SQL injection vulnerability 24. Threat [27573]: Macro eHR SmsAcceptGSTXServle XXE vulnerability 25. threat [31292]:Jquery FileTree path Traversal vulnerability (CVE-2017-1000170) Threat [27575]:Kubernetes APl Server Unauthorized access vulnerability 27. Threat [27576]: showform.jsp SQL injection vulnerability of ezOFFICE collaborative office platform for 10,000 households 28. Threat [27577]: OA wf_process_attrelate_aiframe.jsp SQL injection vulnerability 29. Threat [27578]: OA custom_documentmanager arbitrary file upload vulnerability 30. Threat [27574]: uploadFile arbitrary file upload vulnerability of Hongjing Manpower system Threat [31293]: Zen Path sessionID information disclosure vulnerability 32. Threat [27580]:F5 BIG-IP Injection Vulnerability (CVE-2024-21793) 33. Threat [27579]: OA ezflow_gd.jsp SQL injection vulnerability 34. Threat [27581]:SnakeYAML deserialization code execution vulnerability (ScriptEngineManager uses chain) 35. Threat [31294]: Qiming Star Tianqing Hanma VPN client arbitrary file read Threat [27582]:DzzOffice arbitrary file upload vulnerability Threat [27583]: Ubiquity e-cology WorkflowServiceXml SQL injection vulnerability 38. Threat [27584]:Microchip Technology SyncServer S650 Command Injection vulnerability (CVE-2022-40022) 39. Threat [27585]:ServiceNow UI Jelly Template Injection Vulnerability (CVE-2024-4879) 40. threat [27588]:Minio Authentication Bypass vulnerability (CVE-2021-41266) Threat [27591]: Data security platform DownLoad.ashx SQL injection vulnerability 42. Threat [31295]:Open Solutions for Education openSIS SQL Injection Vulnerability (CVE-20-6637) 43. Threat [31296]:Oracle E-Business Suite Sensitive information leak (CVE-2022-21500) 44. Threat [27596]: tens of thousands OA upload.jsp arbitrary file upload vulnerability 45. Threat [31297]:Touchpad/Trivum WebTouch Setup Unauthorized Access Vulnerability (CVE-2018-13862) 46. Threat [27598]:MASTER IPCAMERA01 Arbitrary Configuration Modification Vulnerability (CVE-2018-5725) 47. Threat [27599]: Zen Tao Project Management System SQL Injection vulnerability (CVE-2022-47745) 48. Threat [27601]:PbootCMS Remote Command Execution Vulnerability (CVE-2022-32417) 49. Threat [31298]:ForU CMS SQL Injection Vulnerability (CVE-2024-0729) 50. Threat [42111]:Cobalt Strike penetrates attack tool Beacon HTTP traffic (forged jquery) 51. Threat [27586]: Bihaiwei L7 multiple products jumper.php has a command execution vulnerability 52. Threat [27587]: UF NC Cloud blobRefClassSearch FastJson deserialized RCE vulnerability 53. Threat [27589]:SuiteCRM SQL Injection Vulnerability (CVE-2024-36412) 54. Threat [27590]:PowerCreator CMS UploadResourcePic Arbitrary file upload vulnerability 55. Threat [27592]: SQL Injection vulnerability of WordPress Dokan Pro plugin (CVE-2024-3922) 56. Threat [27593]:WordPress Quiz Maker plugin SQL Injection vulnerability (CVE-2024-6028) 57. Threat [27594]:Adobe Magento OR Commerce E-commerce System XXE Vulnerability (CVE-2024-34102) 58. Threat [27600]:Ollama Remote Code Execution Vulnerability (CVE-2024-37032) Threat [27602]: Remote code execution vulnerability due to unauthorized access to Pyspider WebUI 60. threat [27603]: ezEIP Enterprise management system /member/success.aspx command execution vulnerability Update rules: 1. threat [26821]: Hikvision IP Network Intercom Broadcast System Command Execution vulnerability (CVE-2023-6895) 2. threat [27389]: Zhiyuan OA fileUpload.do foreground file upload bypass vulnerability 3. threat [27136]: UF NC ActionServlet SQL injection vulnerability 4. threat [30962]:CODING platform idna directory information leakage vulnerability 5. threat [27398]:PHP CGI Windows Platform Remote Code Execution vulnerability (CVE-2024-4577) 6. Threat [41891]:Earthworm Intranet penetration tool accesses Intranet services 7. threat [27519]:GeoServer property name expression foreground code Execution vulnerability (CVE-2024-36401/CVE-2024-36404) 8. threat [27151]:Java Base64 decoding execution type 3 9. threat [27130]:Java Base64 decoding execution type 1 Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-07-20 16:19:20

Name： eoi.unify.allrulepatch.ips.2.0.0.35364.rule	Version：2.0.0.35364
MD5：a924303c4aad9fb83e08338b1d2240d9	Size：44.64M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35364. The new/improved rules in this upgrade package are: New rules: 1. threat [27520]:Apache DubboHessian-Lite Deserialization Remote Code Execution Vulnerability (CVE-2021-43297) 2. threat [27521]: UF NC soapRequest.ajax JNDI injection vulnerability 3. threat [27522]:BOSSCMS arbitrary file upload vulnerability 4. threat [27523]:Cisco Small Business RV Series Routers Command Injection vulnerability (CVE-2021-1473) 5. threat [31271]: Yonyou NC portalsesInittoolservice information leakage vulnerability 6. threat [31272]: Information leakage vulnerability of CMSV6 vehicle positioning monitoring platform 7. threat [27524]:Cockpit Arbitrary File upload vulnerability (CVE-2023-1313) 8. threat [27526]:Rejetto HTTP File Server Remote Code Execution vulnerability (CVE-2024-23692) 9. threat [31274]:DedeCMS Information Disclosure Vulnerability (CVE-2018-6910) 10. Threat [27527]:DrayTek Vigor operating system command injection vulnerability (CVE-2020-15415) 11. Threat [31276]: HIKVISION video encoding device access gateway showFile.php arbitrary file download vulnerability 12. threat [27528]:Go-fastafs /group1/upload Arbitrary File upload vulnerability (CVE-2023-1800) 13. Threat [27529]: UF NC Cloud qryAddGoodsApplyPK SQL injection vulnerability 14. Threat [31275]: UF NC multiple interface XXE vulnerability POST type 15. Threat [31277]:Gongjin Electronics BE126 WIFI File Reading Vulnerability (CVE-2017-8770) 16. Threat [27530]: Towers Authentication System main.do remote command execution vulnerability 17. Threat [31279]:Zyxel USG FLEX path Traversal Vulnerability (CVE-2022-2030) 18. threat [27533]: UF U8 Cloud MeasureQueryByToolAction SQL injection vulnerability 19. Threat [27532]:D-Link DSL-3782 Command Injection Vulnerability (CVE-2022-34527) 20. Threat [27534]:D-Link DSL-3782 Command Injection Vulnerability (CVE-2023-27216) 21. Threat [31278]:Splunk Enterprise Windows modules/messaging directory traversal vulnerability (CVE-2024-36991) 22. Threat [27535]:Citrix Storage Cross-site Scripting vulnerability (CVE-2020-8198) 23. Threat [31283]:Artica Pandora FMS Information Leakage Vulnerability (CVE-2020-8497) 24. Threat [31280]: SecGate3600 authManageSet.cgi information leakage vulnerability 25. threat [31281]: Macroview eHR DownLoadCourseware arbitrary file reading vulnerability Threat [27536]: Macro eHR downlawbase SQL injection vulnerability 27. Threat [27537]: Macro eHR LoadOtherTreeServlet SQL injection vulnerability 28. Threat [27538]: Macro eHR getSdutyTree SQL injection vulnerability 29. Threat [27539]: Macro eHR loadtree SQL injection vulnerability 30. Threat [27540]: Macro eHR showmediainfo SQL injection vulnerability 31. Threat [27541]: Macro HCM pos_dept_post SQL injection vulnerability 32. Threat [27542]: fieldsettree SQL injection vulnerability in Macro HCM system 33. Threat [27543]: Hongjing HCM infoView sql injection vulnerability 34. Threat [27544]: Macro eHR report_org_collect_tree.jsp SQL injection vulnerability 35. Threat [31284]: Macro HCM DisplayFiles arbitrary file read vulnerability 36. Attack [31285] : ufida NC oacoSchedulerEvents/isAgentLimit SQL injection vulnerabilities 37. Attack [27545] : uf U8, Cloud smartweb2. ShowRPCLoadingTip. D XXE holes 38. Threat [27546]: Macro eHR get_org_tree.jsp SQL injection vulnerability 39. Threat [31286]: Macro View HCM openFile arbitrary file read vulnerability 40. Threat [27547]: Macro eHR trainplan_tree.jsp SQL injection vulnerability 41. Threat [27548]: Extreme CMS SQL Injection Vulnerability (CVE-2021-36484) 42. Threat [31282]:Apache Solr ContentStreams arbitrary file read vulnerability 43. Threat [31287]: Macro eHR OutputCode arbitrary file read vulnerability 44. Threat [27550]: Macro HCM ajaxService SQL injection vulnerability 45. Threat [31258]: Yonyou Changjietong T+ LoginManager information disclosure vulnerability 46. Threat [31260]:Sonatype Nexus Repository 3 Path traversal vulnerability (CVE-2024-4956) Update rules: 1. threat [26764]: UF U8 Cloud multiple deserialization RCE vulnerability 2. threat [27360]: Joi fragment Thymeleaf remote code execution (background) vulnerability 3. threat [27495]:Atlassian Bitbucket Data Center Deserialization Remote Code Execution Vulnerability (CVE-2022-26133) 4. threat [30795]: UF NC IUpdateService XXE vulnerability 5. threat [25203]:D-Link DAP-2020 Operating system command injection vulnerability (CVE-2021-27249/CVE-2021-27250) 6. threat [31258]: Yonyou Changjietong T+ getdecallusers information disclosure vulnerability 7. threat [25701]:SeaCMS search.php Remote Code execution vulnerability 8. threat [30989]:JumpServer Authorization Issue vulnerability (CVE-2023-42442) Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-07-20 16:16:30

Name： eoi.unify.allrulepatch.ips.2.0.0.35263.rule	Version：2.0.0.35263
MD5：1f44d2c8958475da6c74b2302d839bd2	Size：44.57M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35263. The new/improved rules in this upgrade package are: New rules: 1. threat [27484]: queryRuleByDeptId SQL injection vulnerability in UF NC-Cloud system 2. threat [27485]: UF NC Cloud queryBeginEndTime SQL injection vulnerability 3. threat [27487]: Yonyou T+ ScheduleManageController SQL injection vulnerability 4. threat [42109]:vshell C2 tool connection communication 5. threat [27486]: Feiqi Internet FE Enterprise Operation management platform /common/common_sort_tree.jsp remote code execution vulnerability 6. threat [27489]:Java bounces shell command execution 7. threat [31257]:Apache ShenYu Admin plugin Unauthorized Access Information Disclosure vulnerability (CVE-2022-23944) 8. threat [27488]:Hitachi Vantara Pentaho Business Analytics SQL Injection vulnerability (CVE-2021-34684) 9. threat [27490]: UF U8 Cloud ReportDetailDataQuery SQL injection vulnerability 10. Threat [27492]:Byzro Networks Smart S80 Management Platform arbitrary file upload vulnerability (CVE-2024-3521) 11. Threat [27493]: Hikvision Integrated security management platform /svm/api/v1/productFile Arbitrary file upload vulnerability 12. threat [27491]:JunAMS File Upload vulnerability (CNVD-2020-24741) 13. Threat [27495]:Atlassian Bitbucket Data Center Deserialization Remote Code Execution Vulnerability (CVE-2022-26133) 14. Threat [27494]:pgAdmin4 Deserialization Code Execution Vulnerability (CVE-2024-2044) 15. Threat [27496]: Dahua dss login_login.action s2 expression injection vulnerability 16. Threat [27361]: TongWeb selectApp.jsp arbitrary file upload vulnerability 17. Threat [31259]: Hikvision integrated security management platform Config.properties information disclosure vulnerability 18. Threat [27499]:Showdoc Arbitrary File Upload Vulnerability (CNVD-2020-26585) 19. Threat [27498]:Contec SolarView Compact Remote Command Execution Vulnerability (CVE-2023-46509) 20. Threat [27501]: Bangyong PM2 project management system Global_UserLogin.aspx SQL injection vulnerability 21. Threat [27502]: Yisetong DLP multi-interface arbitrary command execution vulnerability 22. Threat [27500]: Rui Jie Unified online Behavior management and audit system static_convert.php foreground remote code execution vulnerability Threat [27497]:ShowDoc 3.2.5 item_id parameter SQL injection vulnerability 24. threat [31261]: UF U9 Cloud UMWebService.asmx file reading vulnerability 25. threat [27503]: online_check.php remote code execution vulnerability of Ruijie Unified Online Behavior management and audit system 26. Threat [42110]: The DNS request or response domain name is too long 27. Threat [31262]: Ufida /hrss/ELTextFile.load.d arbitrary file reading vulnerability 28. Threat [31263]: Macro View eHR HCM-DisplayExcelCustomReport arbitrary file read vulnerability 29. Threat [27506]:H3C User self-service platform remote code execution vulnerability 30. Threat [27507]: Yisetong Electronic Document Security Management system /CDGServer3/sync/user deserialization vulnerability 31. Threat [31264]: UF NC-Cloud INtbOBAWebService XXE vulnerability 32. Threat [31265]: Yisetong electronic document security management system NavigationAjax SQL injection vulnerability 33. Threat [31266]: SQL injection vulnerability UploadFileToCatalog, Eseton Electronic document security system 34. Threat [27508]: New Cape Campus Service management platform /api/v3/login arbitrary command execution vulnerability 35. Threat [31267]:Lightdash BI Management System Arbitrary File Reading Vulnerability (CVE-2023-35844) 36. Threat [27510]: AccountEdit file upload vulnerability 37. threat [27509]:Pear Admin Boot getDictItems SQL injection vulnerability (CVE-2024-6241) 38.Threat [31268]:Jumpserver Arbitrary File Read Vulnerability (CVE-2023-42819) 39. Threat [31269]: notify.php SQL injection vulnerability 40. threat [27511]: Netkang NS-ASG security gateway /protocol/index.php remote command execution vulnerability 41. Threat [27512]: informationmanager_upload.jsp file upload vulnerability on the ezOffice collaborative office management platform 42. Threat [27513]: UF U8 Cloud ServiceDispatcherServlet deserialization vulnerability 43. Threat [27514]: UF OA doUpload.jsp arbitrary file upload vulnerability 44. Threat [27515]: UF NC Cloud IMetaWebService4BqCloud SQL injection vulnerability 45. Threat [49065]: UF NC Multi-interface XXE vulnerability Threat [27516]: UF NC Cloud getStaffInfo SQL injection vulnerability 47. Threat [31270]:ChronoEngine ChronoForms directory traversal vulnerability (CVE-2021-28377) 48. Threat [27517]:WordPress Plugin Waiting SQL Injection vulnerability (CVE-2023-28659) 49. Threat [27518]:WordPress Plugin Events Made Easy SQL Injection vulnerability (CVE-2023-28660) 50. Threat [27519]:GeoServer property name expression foreground code Execution Vulnerability (CVE-2024-36401/CVE-2024-36404) Update rules: 1. threat [26820]: Kingdee Day Unauthorized file upload vulnerability 2. threat [27468]:Java expression is injected into OGNL type 1 3. threat [27469]:Java expression injection OGNL type 2 4. threat [27470]:Java expression injection OGNL type 3 5. threat [27130]:Java Base64 decoding execution type 1 6. threat [27133]:Java Base64 decoding execution type 2 7. threat [27151]:Java Base64 decoding execution type 3 8. threat [30967]:CoreMail email system assets information disclosure vulnerability 9. threat [27205]:Apache Kafka UI Command Injection vulnerability (CVE-2023-52251) 10. threat [25559]:Dolibarr ERP and CRM Code Injection Vulnerability (CVE-2022-0819/CVE-2022-40871) 11. Threat [26762]: Update.jsp SQL injection vulnerability of Yisetong electronic document security management system 12. threat [25142]: Exocet VM2100 send_order.cgi gateway remote command execution vulnerability 13. threat [25475]:Apache Log4j2 Remote Code Execution vulnerability (CVE-2021-44228/CVE-2021-45046) 14. Threat [22591]:FCKEditor 'FileUpload()' function arbitrary file upload vulnerability 15. Threat [25925]:Java URLDNS deserialization attack Threat [23991]:Fastjson Remote Code execution vulnerability 17. Threat [25024]: uploadfileToPath.htm Arbitrary file upload vulnerability (CNVD-2020-62256) 18. Threat [26712]: Dahua City Security system platform attachment_downloadByUrlAtt.action Arbitrary file download vulnerability 19. Threat [27075]: Hope to manufacture ERP system comboxstore RCE vulnerability 20. Threat [27131]:Java code execution type 2 21. Threat [27129]:Java code execution type 1 Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-07-03 23:46:11

Name： eoi.unify.allrulepatch.ips.2.0.0.35217.rule	Version：2.0.0.35217
MD5：2a4052c6c9219f1caa504479bba9f366	Size：44.52M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35217. The new/improved rules in this upgrade package are: New rules: 1. threat [27504]: Boland BES deserialization vulnerability Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-07-02 13:39:32

Name： eoi.unify.allrulepatch.app.2.0.0.35125.rule	Version：2.0.0.35125
MD5：477076293553ef304b11aa1c403baa37	Size：44.40M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35125. The new/improved rules in this upgrade package are: New rules: 1. threat [27446]:Kramer VIAware Code Execution Vulnerability (CVE-2021-35064) 2. threat [27447]:UCMS Command Injection vulnerability (CVE-2020-25483) 3. threat [27449]:FUXA Command Injection vulnerability (CVE-2023-33831) 4. threat [27450]:Zyxel NAS device setCookie command injection vulnerability (CVE-2024-29973) 5. threat [27451]:Apache uploads.htaccess file Settings parsed with PHP 6. threat [27452]:Panabit Panalog SQL Injection vulnerability (CVE-2024-2014) 7. threat [27453]: ncsubjass SQL injection vulnerability of Zhiyuan Internet FE collaborative office platform 8. threat [31247]: Youyou Firewall backup background arbitrary file read vulnerability 9. threat [27454]: maintain command execution vulnerability on the background interface of Youyou firewall [31248] 10. Attack: gold and OA UploadImageDownLoadIn aspx file read any loophole 11. Threat [27455]: UF GRP-U8 listSelectDialogServlet SQL injection vulnerability 12. threat [27456]:SuperWebMailer Command injection vulnerability (CVE-2020-11546) 13. Threat [27457]: Zhiyuan OA zip file upload content.do ofd background decompression vulnerability 14. Threat [27458]:Afian FileRun Injection vulnerability (CVE-2021-35504) 15. Threat [27460]:Afian FileRun Injection vulnerability (CVE-2021-35505) 16. Threat [27459]: UF GRP-U8 forgetPassword_old.jsp SQL injection vulnerability 17. threat [27448]:SolarWinds Serv-U Remote Code Execution Vulnerability (CVE-2021-35211) 18. Threat [31249]:SAP NetWeaver Application Server Java path Traversal Vulnerability (CVE-2017-12637) 19. Threat [27461]: Zhiyuan OA ajax.do syncConfigManager remote code execution vulnerability 20. Threat [27463]:Palo Alto Networks PAN-OS Command Injection Vulnerability (CVE-2017-15944) 21. Attack [27462] : zhejiang university ents RegulatePriceAction customer resource management system. The entsoft SQL injection vulnerabilities 22. The attack [27464] : chang access business group T + Ufida, T.S M.L ogin. The UIP. LoginManager SQL injection vulnerabilities (CNVD - 2021-12845) 23. Threat [27465]:TP-LINKTL-WR940N Command execution vulnerability (CVE-2023-33538) 24. threat [31252]: Nex.js next directory traversal vulnerability (CVE-2020-5284) 25. Threat [50660]:BugscanTeam DNSlog site access 26. threat [27466]:FasterXML Jackson-databind Remote Code Execution Vulnerability (CVE-2019-20330) 27. Threat [27467]:Netsweeper Command Injection vulnerability (CVE-2020-13167) 28. Threat [31254]: Huatian Power OA hrApplicationFormService information leakage vulnerability 29. threat [27471]:Tenda A15 wpapsk_crypto2_4g Parameter Buffer Overflow vulnerability (CVE-2024-0532) 30. Threat [31250]:FastAdmin lang interface arbitrary file read vulnerability 31. Threat [31251]:ShokoServer /api/Image/withpath/ Arbitrary File Reading vulnerability (CVE-2023-43662) 32. Threat [31253]:CData path traversal vulnerability (CVE-2024-31848/CVE-2024-31849/CVE-2024-31850/CVE-2024-31851) 33. Threat [31255]:Fortinet FortiOS Directory Traversal Vulnerability (CVE-2018-13379) 34. Threat [27472]:Tenda A15 devName Parameter Buffer Overflow Vulnerability (CVE-2024-0533) 35. Threat [31256]: Zhejiang University Ente Resource management system i0004_openFileByStream.jsp arbitrary file reading vulnerability 36. Threat [27473]: SQL injection vulnerability of CompInfoAction customer resource management system of Zhejiang University Ente 37. Threat [27474]: Zhejiang University Ente customer resource management system Quotegask_editAction SQL injection vulnerability 38. Threat [27475]: Zhejiang University Ente customer resource management system PurchaseAction SQL injection vulnerability 39. Threat [27476]: Zhejiang University Ente customer resource management system T0140_editAction.entweb SQL injection vulnerability 40. Threat [27477]: SQL injection vulnerability of Ente customer resource management system FollowAction 41. Threat [27478]: Zheda entphone SQL injection vulnerability LoginAction 42. Threat [27479]: Zhejiang University Entphone customer resource management system MailAction.entphone arbitrary file upload vulnerability 43. Threat [27480]: Zhejiang University Ente customer resource management system machord_doc arbitrary file upload vulnerability 44. Threat [27483]: UF World KSOA select_position.jsp SQL injection vulnerability Threat [27468]:Java expression injection OGNL type 1 Threat [27469]:Java expression injection OGNL type 2 47. Threat [27470]:Java expression injection OGNL type 3 48. Threat [27481]: UF GRP-U8 U8SMSProxy SQL injection vulnerability 49. Threat [27482]: UF GRP-U8 ReturnForWcp Remote Code Execution vulnerability Update rules: 1. threat [27302]: Zhiyuan OA V8.1SP2 Ajax.do formulaManager JNDI injection vulnerability 2. threat [27438]:ZyXEL NAS OS Command Injection vulnerability (CVE-2020-9054) 3. threat [25002]:vBulletin 5.6.2 'widget_tabbedContainer_tab_panel' Remote Code Execution Vulnerability (CVE-2020-17496) 4. threat [26210]:UCMS File Upload vulnerability (CVE-2022-35426) 5. threat [27200]: Yonyou T+ keyEdit.aspx SQL injection vulnerability 6. Threat [42044]: Suspected of using pseudo-protocols in the request parameters for PHP file inclusion Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-06-28 13:46:56

Name： eoi.unify.allrulepatch.app.2.0.0.35049.rule	Version：2.0.0.35049
MD5：ce76845e196de13715c2b47d52312f2c	Size：44.32M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.35049. The new/improved rules in this upgrade package are: New rules: 1. threat [31242]: Lanling OA syszonepersoninfo information leakage vulnerability 2. threat [27430]:HTTP Xpath injection attempt count 3. threat [27431]:HTTP Xpath injection attempts string-length 4. threat [27432]:HTTP Xpath injection attempts to substring 5. threat [27433]:WordPress plugin School Management Pro Code Injection vulnerability (CVE-2022-1609) 6. threat [27436]:Jeecg commonController file upload vulnerability 7. threat [27435]:Adobe ColdFusion Arbitrary File Write vulnerability (CVE-2018-15960) 8. threat [31243]:Alibaba Nacos SQL Injection vulnerability (CVE-2021-29442) 9. threat [27438]:ZyXEL NAS Operating System Command Injection vulnerability (CVE-2020-9054) 10. threat [31244]: MCU OA e-office config interface information leakage vulnerability 11. Threat [31245]:VoIPmonitor SQL Injection vulnerability (CVE-2022-24260) 12. threat [27437]:WordPress plugin User Post Gallery Code injection vulnerability (CVE-2022-4060) 13. Threat [27439]: Contract lock electronic signature platform add remote command execution vulnerability 14. Threat [27440]: Zhejiang University ENTCRM customer resource management system CrmBasicAction.entcrm front desk arbitrary file upload vulnerability 15. Threat [27441]: SQL injection vulnerability of CMSV6 vehicle positioning monitoring platform 16. Threat [27443]: Red Sea Cloud EHR PtFjk.mob arbitrary file upload vulnerability 17. Threat [31246]: Sensitive information leakage vulnerability of Zhiyuan M3 Session 18. Threat [27442]:GitLab CE/EE Remote Code Execution Vulnerability (CVE-2022-2185) 19. Threat [27444]:WordPress PostX plugin Administrator Access Vulnerability (CVE-2024-5326) 20. Threat [27445]: Zhiyuan OA ajax.do file upload vulnerability Update rules: 1. threat [23277]:Web service cross-site script execution attack 2. Attack [26232] : a generic micro ecology deleteUserRequestInfoByXml ReceiveCCRequestByXml - RequestInfoByXml XXE holes (CVE - 2023-2806) 3. threat [27302]: Zhiyuan OA V8.1SP2 saveFormula4Cloud JNDI injection vulnerability Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-06-26 15:55:22

Name： eoi.unify.allrulepatch.app.2.0.0.34907.rule	Version：2.0.0.34907
MD5：d6f0488a6ca04a95276f267c217329da	Size：44.17M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.34907. The new/improved rules in this upgrade package are: New rules: 1. threat [27391]:WordPress Plugin ReviewX WordPress SQL Injection vulnerability (CVE-2023-26325) 2. threat [27393]: Macro eHR showmedia.jsp SQL injection vulnerability 3. Threat [27395]:Smartbi windowUnloading Authentication bypass vulnerability (CNVD-2023-64853) 4. threat [27396]: Suspected request parameter contains PHP Twig template injection 5. threat [27397]:Windows powershell coding bypasses bounce shell 6. threat [27392]:WordPress Plugin uDraw Arbitrary File Access Vulnerability (CVE-2022-0656) 7. threat [50659]: The remote delivery of scheduled tasks by schtasks is detected 2 8. threat [27398]:PHP CGI Windows Platform Remote Code Execution vulnerability (CVE-2024-4577) 9. Threat [27399]: Python Jinja2 template injection exists in suspected request parameters 10. threat [27401]:phpStudy Linux Background sql Injection vulnerability (CNVD-2023-19775) 11. Threat [27402]: Suspected Java FreeMarker template injection in request parameter 12. threat [27403]:Jorani Remote Command Execution vulnerability (CVE-2023-26469) 13. Threat [31236]:WordPress plugin Extensive VC Addons for WPBakery page builder Path traversal vulnerability (CVE-2023-0159) 14. Threat [27400]: Kingsoft Terminal Security system V9 update_software_info_v2.php SQL injection vulnerability 15. Threat [27376]:Apache-OFBiz path traversal causes RCE vulnerability (CVE-2024-36104) 16. Threat [27378]: Dahua Smart Park integrated management platform user_save.action arbitrary file upload vulnerability 17. Threat [27380]: datasource.php Sql injection vulnerability of TopApp-LB load balancing system 18. Threat [27381]: Kingsoft V9 terminal security system update_software_info_v2 sql injection vulnerability 19. Threat [31234]: Dahua DSS digital monitoring system user_edit.action information leakage vulnerability 20. Threat [27377]:Apache HugeGraph-Server Remote Command Execution Vulnerability (CVE-2024-27348) 21. Threat [27383]:Citrix Arbitrary Code Execution Vulnerability (CVE-2020-8194) 22. Threat [42105]:Redis suspicious file writing behavior 23. Threat [31235]:phpMyAdmin file contains vulnerability (CVE-2014-8959) 24. Threat [27382]:YzmCMS pay_callback Remote command execution vulnerability 25. threat [27384]: MCU OA e-office webservice arbitrary file upload vulnerability 26. Threat [27385]:WordPress Plugin The Easy Digital Downloads SQL Injection vulnerability (CVE-2023-23489) 27. Threat [27386]:WordPress Plugin The Survey Maker SQL injection vulnerability (CVE-2023-23490) 28. Threat [27387]:TEMENOS Channels Local file contains vulnerability (CVE-2019-14251) 29. Threat [27388]: Upload of UFIDA U8 CRM uploadfile file causes RCE vulnerability 30. Threat [27389]: Zhiyuan OA fileUpload.do foreground file upload bypass vulnerability 31. Threat [27390]: SecGate 3600 firewall app_av_import_save arbitrary file upload vulnerability Update rules: 1. threat [41720]: Antsword Webshell management tool connection control 2. threat [63682]:HTTP SQL injection attempt type 3 3. Threat [24255]:Web service remote command execution attack 4. threat [26967]:Windows command execution environment variable bypassed 5. threat [49049]: CrackMapExec smbexec remote command execution behavior is discovered 6. threat [41987]: Remote command execution behavior of wmiexec on the Impacket tool is discovered 7. threat [63249]:HTTP /etc/passwd file access attempt 8. threat [60245]:HTTP SQL injection attempt type 8 9. threat [25526]:YouPHPTube Encoder Command injection vulnerability (CVE-2019-5127/CVE-2019-5128/CVE-2019-5129) 10. Threat [23277]:Web service cross-site script execution attack 11. Threat [30888]: UF Changjietong T+ CheckMutex SQL injection vulnerability 12. threat [25032]:ThinkAdmin 6-Arbitrary File Read vulnerability (CVE-2020-25540) 13. Threat [30911]:Spring Framework Reflective File Download Vulnerability (CVE-2020-5398) 14. threat [26069]:Microsoft Exchange Remote Command Execution vulnerability (CVE-2020-16875) 15. Threat [25587]:phpMyAdmin SearchController SQL Injection vulnerability (CVE-2020-26935) 16. Threat [27372]: nginxwebureload remote command execution vulnerability Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-06-17 09:07:36

Name： eoi.unify.allrulepatch.app.2.0.0.34852.rule	Version：2.0.0.34852
MD5：61b69ba09259637334bd7b5c8d28fc03	Size：44.12M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version is 2.0.0.34852. The new/improved rules in this upgrade package are: New rules: 1. threat [27323]:Jinja2 Server Side Template Injection (SSTI) vulnerability (CVE-2024-32651) 2. threat [27325]: UF GRP-U8 sqcxIndex.jsp SQL injection caused RCE vulnerability 3. threat [31220]: UF Government finance system FileDownload arbitrary file reading vulnerability 4. threat [27326]: File upload vulnerability of UF NC uploadControl interface 5. threat [31221]: UF GRP A++Cloud government finance cloud download interface arbitrary file reading vulnerability 6. threat [27327]: CMSV6 inspect_file arbitrary file upload vulnerability 7. threat [31222]:kkFileView getCorsFile Arbitrary File Read vulnerability (CVE-2021-43734) 8. threat [42098]: Malicious mining virus xmr-stak mining Trojan connection 9. threat [42099]:Empire Post Penetration Tool Backdoor communication 2 10. threat [31223]: UFida NC printBill arbitrary file reading vulnerability 11. Threat [27329]: Unauthorised vulnerability of Evertek WAF 12. Threat [42100]:HTTP SQL stack injection attack attempt 13. Threat [27332]:Shibboleth OIDC OP Server Side Request Forgery Vulnerability (CVE-2022-24129) 14. Threat [27331]:Zyxel Zywall310 Cross-site Scripting vulnerability (CVE-2021-46387) 15. Threat [27333]:Zimbra Collaboration Suite Server-side Request forgery Vulnerability (CVE-2020-7796) 16. threat [31224]:Zimbra skin Parameter directory Traversal vulnerability (CVE-2013-7091) 17. Threat [27335]:Dogtag_PKI XML Entity Injection Vulnerability (CVE-2022-2414) 18. Threat [50657]: Displays sensitive LSA information in the domain 19. Threat [27330]: UF GRP-U8 dialog_moreUser_check.jsp SQL injection vulnerability 20. Threat [50658]:SMB file transfer operation 21. Threat [27336]: Access OA-V11.8-api-ali.php file upload vulnerability 22. Threat [27337]:ModelDB directory Traversal vulnerability (CVE-2023-6023) 23. Attack [31225] : hikvision integrated security management platform orgManage/v1 / orgs/download any file read holes 24. Threat [31226]:Check Point Security Gateway Arbitrary File Read Vulnerability (CVE-2024-24919) 25. threat [27339]: Dahua Intelligent Park bitmap arbitrary file upload vulnerability 26. Threat [42101]: wmihacker tool command interaction found 27. Threat [27340]:H3C SecParh bastion machine data_provider.php remote command execution vulnerability 28. Threat [27341]: Yonyou Changjietong CRM create_site.php SQL injection vulnerability 29. Threat [42102]: File upload behavior found in wmihacker tool 30. Threat [27343]: upload vulnerability with U8 Cloud upload.jsp file 31. Threat [27344]: UF NC Cloud runScript SQL injection vulnerability 32. Threat [27345]: UF U8 Cloud linkntb.jsp SQL injection vulnerability 33. Threat [42103]: wmihacker tool file download found 34. Threat [27346]: ezOFFICE FileTest file upload vulnerability 35. Threat [31228]: Kingdee EAS pdfViewLocal.jsp arbitrary file read vulnerability 36. Attack [27347] : the friend chang access business group T + CommonPage/UserFileUpload aspx file upload 37. Threat [27348]: Donghua Medical Collaborative Office system connector interface file upload vulnerability 38. Threat [42104]:XXL-JOB default accesstoken vulnerability 39. Threat [27350]: Zhiyuan OA rest interface password reset vulnerability 40. threat [27349]:LiveBos crm ScriptVarix.jsp remote code execution vulnerability Threat [27351]: Tidal ClusterEngineV4.0 Arbitrary Command Execution Vulnerability (CVE-2020-21224) 42. Threat [27352]: Lanling OA dataxml.jsp remote code execution vulnerability Threat [27353]: UF U8 Cloud ArchiveVerify SQL injection vulnerability 44. Threat [27354]: Chando repoID Background Command Execution Vulnerability (CNVD-2023-02709) Threat [27357]: Tidal ClusterEngineV4.0 Login Bypass vulnerability Threat [27355]: SQL injection vulnerability in ThinkCMF article foreground editor 47. Threat [27360]: Joi fragment Thymeleaf remote code execution (background) vulnerability 48. Threat [31230]:ThinkCMF Profile Arbitrary file deletion vulnerability 49. Threat [27359]:nginxWebUI check remote command execution vulnerability Threat [27362]:JEECMS malicious template injection page file upload vulnerability 51. Threat [27364]: hiddenWatermark file upload vulnerability in electronic document security management system 52. Threat [27363]:ThinkCMF Ueditor arbitrary file upload vulnerability 53. Threat [27365]: East TongWeb /sysweb/upload arbitrary file upload vulnerability 54. Threat [27366]: Dongfang TongWeb /console/Upload arbitrary file upload vulnerability 55. Threat [27368]: Lanling EIS intelligence collaboration platform UniformEntry.asp SQL injection vulnerability 56. Threat [31231]: Hikvision Integrated Security management platform /lm/api/files arbitrary file read vulnerability 57. Threat [27369]: Hikvision iVMS-8700 EPS Action arbitrary file upload vulnerability 58. Threat [27370]:nginxWebUI saveCmd remote command execution vulnerability 59. Threat [27371]:nginxWebUI runNginxCmd remote command execution vulnerability Threat [27372]: nginxwebureload remote command execution vulnerability Threat [31232]: Arbitrary file read vulnerability UploadFileList of Exeton Electronic Document Security management system 62. Threat [27373]: XStream deserialization vulnerability of Yisetong electronic document security management system 63. threat [27374]: Fastjson remote code execution vulnerability 64. Threat [27324]:Netflix Genie path Traversal Vulnerability (CVE-2024-4701) 65. Threat [31233]: Hikang Camera information leakage vulnerability (CVE-2017-7921) 66. Threat [27367]: Hikvision iVMS-8700 Msp upload.action Arbitrary file upload vulnerability 67. Attack [42093]:Venom C2 framework communication Update rules: 1. threat [25748]:Linux information collection conceals command execution 2. Threat [67449]:MySQL login authentication fails 3. Threat [27107]:Linux information collection command execution type 3 4. threat [30811]: Micro E-cology SignatureDownLoad arbitrary file read vulnerability 5. threat [26048]:XStream deserialization Command injection vulnerability (CVE-2020-26217) 6. threat [25705]:Apache Commons-Text Remote Command Execution Vulnerability (CVE-2022-42889) 7. threat [25475]:Apache Log4j2 Remote Code Execution vulnerability (CVE-2021-44228/CVE-2021-45046) 8. threat [23991]:Fastjson remote Code execution vulnerability 9. threat [30859]:Eclipse Jetty Sensitive Information Disclosure Vulnerability (CVE-2021-28169) 10. threat [63682]:HTTP SQL injection attempt type 3 Threat [24302]: Suspected XML External entity (XXE) injection attack attempt 12. threat [63249]:HTTP /etc/passwd file access attempt 13. Threat [25668]: Zhiyuan OA-ajax.do Unauthorized File Upload Vulnerability (CNVD-2021-01627) 14. Threat [24471]:WebLogic Arbitrary File Upload Vulnerability (CVE-2019-2618/CVE-2019-2827) 15. Threat [26415]: Space Time Zhiyou enterprise process management and control system formservice file upload vulnerability 16. threat [26043]: Pan-micro E-cology ofsLogin.jsp arbitrary user login 17. Threat [24971]: Chando Project Management System 11.6 arbitrary file reading vulnerability 18. Threat [30879]: Ubiq E-mobile client SQL Injection Vulnerability (CNVD-2021-25287) 19. Threat [50576]: Sunflower Remote control client controlled operation 20. Threat [41887]:Ngrok Intranet penetration tool communication 21. Threat [41658]:Webshell backdoor program Chinese kitchen knife access control Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-06-13 09:58:39

Name： eoi.unify.allrulepatch.app.2.0.0.34626.rule	Version：2.0.0.34626
MD5：e25f7fbb9231822212551eec47cdb844	Size：44.00M
Description： This upgrade package is for Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, while the rule version changes to 2.0.0.34626. The new/improved rules for this upgrade package include: New rule: 1. Attack [27290]: Source Codester Inventory Management System SQL Injection Vulnerability (CVE-2024-1926) 2. Attack [27289]: Ruijie RG-SAM+Campus Network Self Service System OperatorReportorRoamService SQL Injection Vulnerability 3. Attack [27291]: Yonyou NC System Electric Procurement WarningDetailInfo SQL Injection Vulnerability 4. Attack [10559]: Fluent Bit Memory Corruption Vulnerability (CVE-2024-4323) 5. Attack [27293]: MLflow path traversal vulnerability (CVE-2024-3848) 6. Attack [27295]: Yonyou GRP-U8 operOrganization SQL injection vulnerability 7. Attack [27294]: Atlas Confluence Remote Code Execution Vulnerability 1 (CVE-2024-21683) 8. Attack [27246]: Ruiyou Tianyi Application Virtualization System Index.php Deserialization Vulnerability 9. Attack [42094]: AniShell Webshell upload 10. Attack [42095]: AniShell Webshell Communication 11. Attack [27296]: WordPress Ultimate Member SQL Injection Vulnerability (CVE-2024-1071) 12. Attack [27297]: WordPress getTop storage type cross site scripting vulnerability (CVE-2024-2194) 13. Attack [27298]: Treasure Data Digtag getFile directory traversal vulnerability (CVE-2024-25125) 14. Attack [42096]: NTDaddy Webshell upload 15. Attack [42097]: NTDaddy Webshell Communication 16. Attack [27300]: CommFunHandler Arbitrary File Upload Vulnerability in Zhongcheng Kexin Ticketing Management Platform 17. Attack [27299]: Baizhuo Smart Management Platform Uploadfile.php File Upload Vulnerability (CVE-2024-0939) 18. Attack [27302]: Zhiyuan OA V8.1SP2 Ajax.do Call FormulaManager Arbitrary File Upload Vulnerability 19. Attack [27303]: GravCMS Remote Code Execution Vulnerability (CVE-2021-21425) 20. Attack [27304]: Godzilla ASP_AES-BASE64 Webshell Connection_3 21. Attack [27305]: Apache OFBiz authentication bypass vulnerability (CVE-2023-51467/CVE-2023-49070) 22. Attack [27301]: F5 BIG-IP Next Central Manager SQL Injection Vulnerability (CVE-2024-26026) 23. Attack [31214]: KubePi Information Leakage Vulnerability (CVE-2023-37916) 24. Attack [31215]: Microsoft Skype for Business Server Information Leakage Vulnerability (CVE-2022-26911) 25. Attack [31216]: XXL-JOB SSRF Server Side Request Forgery Vulnerability (CVE-2022-43183) 26. Attack [27306]: Pan Micro E-Cology ProcessOverRequestByXml Arbitrary File Read Vulnerability 27. Attack [31217]: Grafana Path Traversal Vulnerability (CVE-2022-32275) 28. Attack [27307]: Microsoft Windows Win32k Local Empowerment Vulnerability (CVE-2021-1732) 29. Attack [27308]: H3C SSL VPN Cross Site Scripting Vulnerability (CVE-2022-35416) 30. Attack [27310]: Apache OFBiz Deserialization Code Execution Vulnerability (CVE-2021-30128) 31. Attack [27313]: Mingyuan Cloud ERP System Interface Manager ApiUpdate.ashx Arbitrary File Upload Vulnerability 32. Attack [27312]: F5 BIG-IQ Command Injection Vulnerability (CVE-2021-23024) 33. Attack [27314]: Yonyou Mobile System Management init Interface SQL Injection Vulnerability 34. Attack [27315]: Yonyou Mobile System Management Save Interface SQL Injection Vulnerability 35. Attack [27316]: Guanglianda Linkworks DataExchange.ashx XML Entity Injection Vulnerability 36. Attack [27317]: Guanglianda Linkworks GetUserCodesByOrgCodes XML Entity Injection Vulnerability 37. Attack [27318]: Multiple SQL injection vulnerabilities in the virtualization system of Ruiyou Tianyi application 38. Attack [27319]: Jenkins Git Plugin Unauthorized Access Vulnerability (CVE-2022-36883) 39. Attack [27321]: Ivanti Endpoint Manager Code Injection Vulnerability (CVE-2021-44529) 40. Attack [27320]: Palo Alto Networks PAN-OS Operating System Command Injection Vulnerability (CVE-2021-3060) 41. Attack [27322]: SAP NetWeaver path traversal file upload vulnerability (CVE-2021-38163) 42. Attack [31218]: VMWare Workshop One UEM SSRF Server Side Request Forgery Vulnerability (CVE-2021-20054) 43. Attack [31219]: UFIDA NC 6.5 LinkVoucher SQL Injection Vulnerability Update rules: 1. Attack [26270]: Metabase Remote Code Execution Vulnerability (CVE-2023-38646) 2. Attack [26333]: Ruijie NBR Router Fileupload.php Arbitrary File Upload Vulnerability 3. Attack [63696]: GlobalScape CuteZip ZIP file parsing buffer overflow vulnerability 4. Attack [26364]: Mingyuan Real Estate ERP ParentCode SQL Injection Vulnerability 5. Attack [26368]: Jinshan Terminal Security System V9 Arbitrary File Upload Vulnerability 6. Attack [30949]: Yonyou Space KSOA PayBill SQL Injection Vulnerability 7. Attack [27014]: Jinhe OA C6 OfficeServer Arbitrary File Upload Vulnerability 8. Attack [25838]: Apache APISIX Dashboard Remote Code Execution Vulnerability (CVE-2021-45232) 9. Attack [25834]: Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2023-21839/CVE-2023-21979) 10. Attack [25823]: Pan Micro E-Office E-Office10 OfficeServer. php File Upload Vulnerability Notes: 1. After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, ping the package will result in 3-5 loss. Please choose an appropriate time to upgrade
Release Time：2024-05-31 13:35:36

Name： eoi.unify.allrulepatch.app.2.0.0.34528.rule	Version：2.0.0.34528
MD5：05ad5e448af61a82f8b5d03f913a576e	Size：43.90M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.34528. The new/improved rules in this upgrade package are: New rules: 1. threat [27243]:D-Link DIR-816 A2 Command injection vulnerability (CVE-2022-42999) 2. threat [27244]:D-Link DIR-816 Command injection vulnerability (CVE-2022-37125) 3. threat [27209]:XWiki.org XWiki DatabaseSearch Code Injection vulnerability (CVE-2024-31982) 4. threat [27288]:RuvarOA email_attach_delete.aspx SQL injection vulnerability 5. threat [27245]:Koadic Post penetration tool communication _2 6. threat [27247]:Acmailer mail system init_ctl.cgi remote command execution vulnerability 7. threat [27248]:Arcserve Unified Data Protection File Upload vulnerability (CVE-2023-41998) 8. threat [27246]: Ruiyou Tianyi application virtualization system index.php deserialization vulnerability 9. threat [27249]:WordPress Paid Memberships Pro plugin arbitrary file upload vulnerability (CVE-2023-6187) 10. Threat [27251]:Inductive Automation Ignition Deserialization Vulnerability (CVE-2023-50219) 11. Threat [27252]: Ruiyou Tianyi application virtualization system index.php SQL injection vulnerability 12. threat [27253]: UF GRP-U8 bx_dj_check.jsp SQL injection vulnerability 13. Threat [27256]: Command Injection Vulnerability of multiple D-Link products (CVE-2021-45382) 14. Threat [27254]:Cacti api_automation.php SQL Injection vulnerability (CVE-2024-31445) 15. Threat [27257]:Cacti file contains vulnerability (CVE-2024-31459) 16. Threat [27255]:JeePlus rapid development platform validateMobileExist SQL injection vulnerability 17. Threat [27259]:Inductive Automation Ignition Deserialization vulnerability (CVE-2023-50218) 18. Threat [27258]:Windows Mark of the Web Security Feature Bypass vulnerability (CVE-2024-30050) 19. Threat [27260]:NETGEAR ProSAFE Cross-site Scripting vulnerability (CVE-2023-50231) 20. Threat [42089]:Casus15 Webshell upload 21. Threat [42090]:Casus15 Webshell communication 22. Threat [27261]:Cacti Command Injection vulnerability (CVE-2024-29895) 23. Threat [42092]:Soldierofallah Webshell communication 24. Threat [42091]:Soldierofallah Webshell upload 25. threat [31211]:Voltronic Power ViewPower Information Disclosure vulnerability (CVE-2023-51587) 26. Threat [27262]:Dahua EIMS capture_handle Remote Command Execution vulnerability 27. Threat [27263] Wavelink Avalanche Unauthorized Access vulnerability (CVE-2021-22962) 28. Threat [10558]:Squid Proxy Server Processing HTTP Information Buffer Overflow Vulnerability (CVE-2023-49285) 29. Threat [27264]:D-Link DIR-810/816 Command injection vulnerability (CVE-2022-37129/CVE-2022-34974) 30. Threat [27266]:D-Link DIR-846 Command injection vulnerability (CVE-2022-46642) 31. Threat [31212]:LG LED Assistant directory Traversal Vulnerability (CVE-2024-2863) 32. Threat [27265]: UF NC downTax/download SQL injection vulnerability 33. Threat [27267]:WordPress Tutor LMS Pro plugin SQL Injection vulnerability (CVE-2024-4352) 34. Threat [27275]:Ivanti Avalanche FileStoreConfig Arbitrary File Upload Vulnerability (CVE-2023-46264) Threat [27268]: UF NC complainbilldetail SQL injection vulnerability 36. Threat [27250]:RuvarOA wf_work_form_save.aspx SQL Injection vulnerability (CVE-2024-25522) 37. Threat [27269]:RuvarOA wf_get_fields_approve.aspx SQL Injection Vulnerability (CVE-2024-25518) 38. Threat [27270]:RuvarOA wf_work_finish_file_down.aspx SQL Injection vulnerability (CVE-2024-25515) 39. Threat [27271]:RuvarOA wf_template_child_field_list.aspx SQL Injection vulnerability (CVE-2024-25514) 40. Threat [27272]:RuvarOA kaizen_download.aspx SQL Injection vulnerability (CVE-2024-25513) 41. Threat [27273]:RuvarOA AttachDownLoad.aspx SQL Injection vulnerability (CVE-2024-25512) 42. Threat [27274]:RuvarOA address_public_new.aspx SQL Injection vulnerability (CVE-2024-25511) 43. Threat [27276]:RuvarOA address_public_show.aspx SQL Injection vulnerability (CVE-2024-25510) 44. Threat [27279]:Apace OFBiz directory Traversal Vulnerability (CVE-2024-32113) 45. Threat [27278]:Zabbix Server SQL Injection vulnerability (CVE-2024-22120) 46. Threat [27277]:RuvarOA wf_file_download.aspx SQL Injection Vulnerability (CVE-2024-25509) 47. Threat [27280]:RuvarOA kaizen_download.aspx SQL Injection vulnerability (CVE-2024-25519) 48. Threat [27281]:RuvarOA AttachDown.aspx SQL Injection vulnerability (CVE-2024-25507) 49. Threat [27282]:RuvarOA MF.aspx SQL Injection Vulnerability (CVE-2024-25517) 50. Threat [27283]:RuvarOA plan_template_preview.aspx SQL injection vulnerability 51. Threat [27284]:RuvarOA wf_work_stat_setting.aspx SQL injection vulnerability 52. Threat [27285]:RuvarOA sys_blogtemplate_new.aspx SQL Injection vulnerability (CVE-2024-25520) 53. Threat [27286]:RuvarOA get_company.aspx SQL Injection vulnerability (CVE-2024-25521) 54. Threat [27287]:RuvarOA department_plan_attach_download.aspx SQL injection vulnerability Update rules: 1. threat [42016]:Viper C2 traffic -Windows POST requests heartbeat packet detection 2. threat [26423]:D-Link DIR-846 Remote Code Execution vulnerability (CVE-2022-46552/CVE-2022-46641) 3. threat [24399]:ZeroMQ libzmq v2_decoder Integer Overflow vulnerability (CVE-2019-6250) Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-05-23 17:13:44

Name： eoi.unify.allrulepatch.app.2.0.0.34439.rule	Version：2.0.0.34439
MD5：de7e1d47190b0fe7b3747a956fd1d632	Size：43.82M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.34439. The new/improved rules in this upgrade package are: New rules: 1. threat [27190]:D-Link DIR-846 Command injection vulnerability (CVE-2021-46315) 2. threat [27191]:D-Link DIR-846 Command injection vulnerability (CVE-2021-46319) 3. threat [27192]:D-Link DIR-846 Command injection vulnerability (CVE-2021-46314) 4. threat [27189]: SQL Injection vulnerability of WordPress MasterStudy LMS plugin (CVE-2024-1512) 5. threat [27194]:Arcserve Unified Data Protection Arbitrary File Upload vulnerability (CVE-2023-42000) 6. threat [27193]:Progress Kemp LoadMaster Remote Command Execution Vulnerability (CVE-2024-1212) 7. threat [27195]: multiple SQL injection vulnerabilities in a Cyton electronic document security management system 8. Attack [27196] : a JLockSeniorDao. The electronic document security management system. FindByLockName DWR SQL injection vulnerabilities 9. Attack [27197]: Multiple arbitrary file reading vulnerabilities in a Setong electronic document security management system 10. threat [27198]: downloadfromfile arbitrary file reading vulnerability of a Sython electronic document security management system 11. Threat [27199]: Zen Dao Project management system users authentication bypass vulnerability 12. threat [31207]: Kron AIO PublicServlet arbitrary file reading vulnerability 13. Threat [27200]: Yonyou T+ keyEdit.aspx SQL injection vulnerability 14. Threat [27201]:Voltronic Power ViewPower Pro SQL Injection vulnerability (CVE-2023-51586) 15. Threat [27202]:WordPress AI Engine plugin file upload vulnerability CVE-2023-51409) 16. threat [27203]:Advantech R-SeeNet Cross-site Script Injection vulnerability (CVE-2021-21802) 17. Threat [27204]:Advantech R-SeeNet Cross-Site Script Injection Vulnerability (CVE-2021-21803) 18. Threat [31208]:LibreNMS SQL Injection Vulnerability (CVE-2023-5591) 19. Threat [27205]:Apache Kafka UI Command Injection Vulnerability (CVE-2023-52251) 20. Threat [27210]:XWiki.org XWiki SearchSuggestSourceSheet Code injection vulnerability (CVE-2024-31465) 21. Threat [27212]: Netkang NS-ASG Application Security gateway add_ikev2.php SQL Injection vulnerability (CVE-2024-3458) 22. Threat [27208]: Netkang NS-ASG Application Security gateway add_postlogin.php SQL Injection vulnerability (CVE-2024-3455) 23. Threat [27207]: Netcom NS-ASG Application security gateway config_anticrach.php SQL Injection vulnerability (CVE-2024-3456) 24. Threat [27206]: Netkang NS-ASG Application security gateway config_ISCGroupNoCache.php SQL Injection vulnerability (CVE-2024-3457) 25. threat [27214]:SiteServer CMS Remote File Download vulnerability (CVE-2022-36226) 26. Threat [27213]:SiteServer CMS File Upload Vulnerability (CVE-2021-42654) 27. Threat [27217]: UF NC avatar interface file upload vulnerability 28. Threat [31209]: Gold and OA C6 FileDownLoad.aspx arbitrary file read vulnerability 29. Threat [27220]: UF NC registerServlet JNDI remote code execution vulnerability 30. Threat [27219]:Jeecg-boot SQL Injection vulnerability (CVE-2022-47105) 31. Threat [27221]:Mura CMS processAsyncObject SQL Injection Vulnerability (CVE-2024-32640) 32. Threat [27218]:TBK DVR device.rsp Command Execution Vulnerability (CVE-2024-3721) 33. Threat [27222]:Likeshop Arbitrary File Upload Vulnerability (CVE-2024-0352) 34. Threat [27223]:TerraMaster TOS Command Injection Vulnerability (CVE-2018-13336) 35. Threat [27224]:TerraMaster TOS Command Injection Vulnerability (CVE-2018-13338) 36. Threat [27229]: UF GRP-U8 license_check.jsp SQL injection vulnerability 37. Threat [27226]:D-Link DIR-890L Command Injection vulnerability (CVE-2022-29778) 38. Threat [27227]:D-Link DIR-825 G1 Command Injection vulnerability (CVE-2021-46441) 39. Threat [27228]:D-Link DIR-825 G1 Access Control Error Vulnerability (CVE-2021-46442) 40. threat [27225]:WordPress Porto plugin local file contains vulnerability (CVE-2024-3806) 41. Threat [27230]: Lanling EIS intelligence collaboration platform frm_form_upload.aspx arbitrary file upload vulnerability 42. Threat [27231]:XWiki.org XWiki Solr Space Facet Code Injection Vulnerability (CVE-2024-31984) 43. Threat [31210]:WordPress LearnPress plugin SQL Injection vulnerability (CVE-2023-6567) 44. Threat [27232]: Telecom gateway configuration management system rewrite-php file upload vulnerability 45.Threat [27233]:WordPress Backup Migration plugin Command Injection vulnerability (CVE-2023-7002) 46. Threat [27234]:RuvarOA OfficeFileUpdate.aspx Information Disclosure Vulnerability (CVE-2024-25533) 47. Threat [27235]:RuvarOA get_dict.aspx SQL Injection Vulnerability (CVE-2024-25532) 48. Threat [27236]:RuvarOA wf_office_file_history_show.aspx SQL Injection vulnerability (CVE-2024-25529) 49. Threat [27237]:RuvarOA worklog_template_show.aspx SQL Injection vulnerability (CVE-2024-25527/CVE-2024-25528) 50. Threat [27239]:RuvarOA OfficeFileDownload.aspx SQL Injection vulnerability (CVE-2024-25525) 51. Threat [27238]:RuvarOA pm_gatt_inc.aspx SQL Injection Vulnerability (CVE-2024-25526) 52. Attack [27241] : RuvarOA WorkPlanAttachDownLoad. Aspx SQL injection vulnerabilities (CVE - 2024-25524) 53. Threat [27242]:RuvarOA file_memo.aspx SQL Injection vulnerability (CVE-2024-25523) Update rules: 1. threat [42044]: Suspected of using pseudo-protocols in the request parameters to include PHP files 2. threat [25421]:Advantech R-SeeNet device_graph_page.php Cross-site Scripting vulnerability (CVE-2021-21801) 3. threat [23613]:IBM Websphere Java Deserialization Remote Code Execution vulnerability (CVE-2015-7450) 4. threat [24256]:Pivotal spring Framework Spring-Messaging Module STOMP Remote Code Execution Vulnerability (CVE-2018-1270) 5. threat [24852]:Jenkins-CI Remote Code Execution vulnerability (CVE-2016-9299/CVE-2017-1000353) 6. threat [27212]: Ruiyou Tianyi application virtualization system appsave SQL injection vulnerability 7. threat [24567]: BeanShell Remote Code Execution Vulnerability (CNVD-2019-32204) of Wmicro e-cology/ UF NC OA System 8. threat [24375]:NoneCms/ThinkPHP5 5.0.23 Remote Code Execution Vulnerability (CVE-2018-20062) Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-05-17 16:30:36

Name： eoi.unify.allrulepatch.app.2.0.0.34351.rule	Version：2.0.0.34351
MD5：5f71973d6eb31e88737c3032a1daa9d6	Size：43.74M
Description： The update package is for Zealot 2.0 Intrusion prevention signature database/Application identification signature database, and supports only the engine version V56R11F01 or later. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged. The rule version is 2.0.0.34351. The new/improved rules in this upgrade package are: New rules: 1. threat [27161]:D-Link DIR-859 Command injection vulnerability (CVE-2022-46476) 2. threat [27162]: Arbitrary Code Execution vulnerability of Nodejs Mysql2 module (CVE-2024-21508) 3. threat [27163]:Cacti Group Cacti sql_save SQL Injection vulnerability (CVE-2023-39357) 4. threat [27165]: UF NC Cloud importhttpscer arbitrary file upload vulnerability 5. threat [27164]:ProjectSend Reset Password vulnerability (CVE-2020-28874) 6. threat [27166]: Seth SuccezBI foreground arbitrary file upload vulnerability 7. threat [27169]:JetBrains TeamCity Cross-Site Scripting Injection vulnerability (CVE-2023-41249) 8. Attack [27168] : ufida NC Cloud and YonBIP PMCloudDriveProjectStateServlet JNDI injection vulnerabilities 9. threat [27170]:F-logic DataCube3 SQL Injection vulnerability (CVE-2024-31750) 10. threat [27171]: SQL Injection vulnerability of WordPress Icegram Express plugin (CVE-2024-2876) 11. Threat [27167]:Linksys RE7000 Wireless Extender Remote Code Execution Vulnerability (CVE-2024-25852) 12. threat [27172]: MingSoft MCMS content management system list.do SQL injection vulnerability 13. Threat [27173]: UF NC down/bill SQL injection vulnerability 14. Threat [27174]: UF U8 CRM swfupload arbitrary file upload vulnerability 15. Threat [31205]: UF U8 cloud PrintTemplateFileServlet file reading vulnerability 16. threat [27176]: Arbitrary Code Execution vulnerability of Nodejs Mysql2 module (CVE-2024-21511) 17. Threat [31206]:Cacti Group SQL Injection vulnerability (CVE-2023-51448) 18. Threat [27175]: dict/list SQL injection vulnerability of MingSoft MCMS content management system 19. Threat [27177]:ClamAV virus Event Name Command Injection vulnerability (CVE-2024-20328) 20. Threat [42088]:Merlin C2 tool HTTP communication 21. Threat [27178]:Tenda AC18 Command Injection Vulnerability (CVE-2022-31446) 22. Threat [27179]:AJ-Report Open source data verification on large screen; swagger-ui RCE vulnerability 23. Threat [27182]:Ivanti Avalanche FileStoreConfig File Upload vulnerability (CVE-2023-32564) 24. Threat [27180]: Ruiyou Tianyi application virtualization system AgentBoard.XGI Remote code execution vulnerability 25. Threat [27183]: Xungrao Technology X2Modbus Gateway AddUser Adds vulnerability to any user 26. Threat [27184]: Yonyou U8 CRM downloadfile arbitrary file read vulnerability 27. Threat [27181]:Dahua IPC Authorization Issue Vulnerability (CVE-2021-33044/CVE-2021-33045) 28. Threat [27186]:pkpmbs construction project quality supervision system Ajax_operaFile.aspx file reading vulnerability 29. Threat [27187]: Injection of vulnerability with U8 Cloud XChangeServlet XML external entity 30. Threat [27188]:LiveGBS user/save Logic Defect vulnerability (CNVD-2023-72138) 31. Threat [27185]:WordPress Automatic plugin SQL Injection vulnerability (CVE-2024-27956) Update rules: 1. threat [25555]:F5 BIG-IP iControl REST Authentication Bypass vulnerability (CVE-2022-1388) 2. threat [25571]:Confluence Server and Data Center OGNL Injection Remote Code Execution Vulnerability (CVE-2022-26134) 3. threat [27133]:Java Base64 decoding execution type 2 4. threat [42011]:FRP Intranet Penetration tool communication-UDP 5. threat [26580]:ntopng Permission Bypass vulnerability (CVE-2021-28073) 6. threat [27086]:Bank Locker Management System SQL injection vulnerability (CVE-2023-0562) Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-05-10 15:54:50

Name： eoi.unify.allrulepatch.app.2.0.0.34279.rule	Version：2.0.0.34279
MD5：767d6c5b7447dcde4ae4cc342ad110f8	Size：43.67M
Description： This upgrade package is for Zealot 2.0 intrusion prevention feature library/application recognition feature library, and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, while the rule version changes to 2.0.0.34279. The new/improved rules for this upgrade package include: New rule: 1. Attack [27143]: Shanshi Wangke Cloud Authentication Security System setsystemimeaction Command Execution Vulnerability 2. Attack [27142]: OpenMetada SpEL injection vulnerability (CVE-2024-28253) 3. Attack [27144]: OpenMetada SpEL injection vulnerability (CVE-2024-28254) 4. Attack [10557]: Apache Commons FileUpload Denial of Service Vulnerability (CVE-2023-24998) 5. Attack [27148]: CrashFTP Server Template Injection Vulnerability (CVE-2024-4040) 6. Attack [27145]: OpenMetada SpEL injection vulnerability (CVE-2024-28847) 7. Attack [27146]: OpenMetada SpEL injection vulnerability (CVE-2024-28848) 8. Attack [27147]: Primitive EOS Platform Remote Code Execution Vulnerability 9. Attack [27149]: Parse Server Code Injection Vulnerability (CVE-2024-29027) 10. Attack [27150]: Java code execution type three 11. Attack [27151]: Java Base64 decoding execution type three 12. Attack [27152]: Buffalo WSR-2533DHPL2 Path Traversal Vulnerability (CVE-2021-2090) 13. Attack [27153]: Buffalo WSR-2533DHPL2 Code Injection Vulnerability (CVE-2021-20091) 14. Attack [42084]: Silver Fox Download 32-bit Payload 15. Attack [42085]: Silver Fox Obtains Sample List 16. Attack [27155]: Zen Project Management System Identity Authentication Bypass Vulnerability 17. Attack [27154]: Cisco IMC Command Injection Vulnerability (CVE-2024-20356) 18. Attack [27156]: Yonyou NC PaWfm/open SQL injection vulnerability 19. Attack [42086]: Silver Fox XOR+Subtraction Encryption Communication 20. Attack [27158]: Yonyou NC WorkflowImageServlet Interface SQL Injection Vulnerability 21. Attack [27157]: Yonyou NC runState Servlet/doPost SQL Injection Vulnerability 22. Attack [42087]: Silver Fox zlib encrypted communication 23. Attack [27159]: SSRF vulnerability in timed tasks based on background Update rules: 1. Attack [30805]: Pan Micro E-ology Users. Data Information Leakage Vulnerability 2. Attack [30935]: DedeCMS rank parameter SQL injection vulnerability (CVE-2023-27709) 3. Attack [27129]: Java code execution type one 4. Attack [27130]: Java Base64 decoding execution type one 5. Attack [61900]: iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow Vulnerability 6. Attack [41781]: FRP intranet penetration tool communication 7. Attack [30810]: Unauthorized Access Vulnerability in Pan Micro E-Office UserSelect 8. Attack [60084]: Multiple remote security vulnerabilities in Google search tool ProxyStyleSheet Notes: 1. After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, ping the package will result in 3-5 loss. Please choose an appropriate time to upgrade
Release Time：2024-05-06 09:11:08

Name： eoi.unify.allrulepatch.app.2.0.0.34224.rule	Version：2.0.0.34224
MD5：7f523fab5586c5a7ff560e65af9cae19	Size：43.64M
Description： This upgrade package is for the intrusion prevention feature library and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, while the rule version changes to 2.0.0.34224. The new/improved rules for this upgrade package include: New rule: 1. Attack [25587]: phpMyAdmin SearchController SQL injection vulnerability (CVE-2020-26935) 2. Attack [27119]: Apache Zeppelin Shell Arbitrary Command Execution Vulnerability (CVE-2024-31861) 3. Attack [27123]: Pimcore SQL Injection Vulnerability (CVE-2023-3820) 4. Attack [27124]: Netgear ProSAFE NMS300 MFile Arbitrary File Upload Vulnerability (CVE-2023-38095) 5. Attack [31199]: CachetHQ Cachet CreatIncidentCommandHandler. PHP template injection vulnerability (CVE-2023-43661) 6. Attack [42082]: Zegost remotely controls Trojan communication 7. Attack [27125]: DedeCMS makehtml-archives-action. php SQL injection vulnerability (CVE-2024-3148) 8. Attack [27128]: OpenMetadata Command Execution Vulnerability (CVE-2024-28255) 9. Attack [27129]: Java code execution type one 10. Attack [27131]: Java code execution type 2 11. Attack [27132]: XWiki. org XWiki AdminSheet Section Code Injection Vulnerability (CVE-2023-46731) 12. Attack [27130]: Java Base64 decoding execution type one 13. Attack [27133]: Java Base64 Decoding Execution Type 2 14. Attack [31200]: IP guard WebServer getdatarecord permission bypass vulnerability 15. Attack [31201]: Oracle WebLogic Server Information Leakage Vulnerability (CVE-2024-21006) 16. Attack [27135]: NETgear ProSafe SSL VPN firmware FVS336G SQL injection vulnerability (CVE-2022-29383) 17. Attack [27134]: kkFileView fileUpload Arbitrary File Upload Vulnerability 18. Attack [27137]: Parse Server SQL Injection Vulnerability (CVE-2024-27298) 19. Attack [27138]: Multiple SQL injection vulnerabilities such as pan micro E-office flowdo_page.php 20. Attack [27136]: Yonyou NC ActionServlet SQL Injection Vulnerability 21. Attack [31203]: Grafana Information Leakage Vulnerability (CVE-2022-26148) 22. Attack [42083]: Exchange Server server-side request forgery information leakage 23. Attack [27140]: Online Driving School SQL Injection Vulnerability (CVE-2022-3130) 24. Attack [27139]: Cacti Group Cacti snmp_escape string Command Injection Vulnerability (CVE-2023-39362) 25. Attack [27141]: Icescorpion 4.0 Webshell Connection (ASP) 26. Attack [31204]: Arcayan Firmware cgi_i_filter.js Configuration Information Leakage Vulnerability (CVE-2021-2092) Update rules: 1. Attack [24689]: phpMyAdmin 4. x SQL injection vulnerability (CVE-2020-5504) 2. Attack [25731]: Linux sample download conceals command execution 3. Attack [26279]: HaloCMS file upload vulnerability (CVE-2022-32994) 4. Attack [60464]: HTTP Service Directory Traversal Vulnerability 5. Attack [42008]: Tunna HTTP tunnel intranet proxy connection 2 6. Attack [27127]: Godzilla PHP_XOR_BASE64 Webshell Connection_3 7. Attack [27126]: Godzilla PHP_XOR_BASE64 Webshell Connection_2 8. Attack [27114]: Cobalt Strike attack tool cloud function communication 9. Attack [25209]: Trend Technology InterScan Web Security Virtual Appliance Password Field Command Injection Vulnerability (CVE-2020-8466) 10. Attack [25746]: Linux information collection command execution 11. Attack [24594]: Advantech WebAccess BwRPswd.exe Stack-based Buffer Overflow (CVE-2019-6550) 12. Attack [42079]: Suo5 Tunnel Tool Communication 13. Attack [26232]: Panmicroecology deleteUserRequestInfoByXML/ReceiveCCRequestByXml XXE vulnerability 14. Attack [30879]: Pan Micro E-Mobile Client SQL Injection Vulnerability (CNVD-2021-25287) 15. Attack [41499]: HTTP request sensitive path access attempt 16. Attack [25697]: Microsoft Exchange Server Server Side Request Forgery Vulnerability (CVE-2022-41040) 17. Attack [25894]: Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-34473) Notes: 1. After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, ping the package will result in 3-5 loss. Please choose an appropriate time to upgrade
Release Time：2024-04-28 11:23:41

Name： eoi.unify.allrulepatch.app.2.0.0.34133.rule	Version：2.0.0.34133
MD5：decd13cc632187154a7d32d93954c514	Size：43.60M
Description： This upgrade package is for the intrusion prevention feature library and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, while the rule version changes to 2.0.0.34133. The new/improved rules for this upgrade package include: New rule: 1. Attack [27106]: Windows Information Collection Command Execution Type Three 2. Attack [27107]: Linux Information Collection Command Execution Type Three 3. Attack [31192]: WordPress AYS Popup Box Plugin class sys pb-admin.php Reflective Cross Site Scripting Vulnerability (CVE-2023-4137) 4. Attack [31193]: VISAM VBASE Automation Base ProjektInfo file parsing external entity injection vulnerability (CVE-2022-45876) 5. Attack [31194]: XWiki. org XWiki User Profile Store Cross Site Scripting Vulnerability (CVE-2023-40176) 6. Attack [31195]: VMware Aria Operations for Networks saveFileToDisk path traversal vulnerability (CVE-2023-20890) 7. Attack [27111]: Fast Food Ordering System SQL Injection Vulnerability (CVE-2022-3012) 8. Attack [27112]: Tenda G103 Command Injection Vulnerability (CVE-2023-27076) 9. Attack [27113]: mySCADA myPRO Command Injection Vulnerability (CVE-2023-28716) 10. Attack [27114]: Cobalt Strike attack tool cloud function communication 11. Attack [31196]: JIZHICMS Server Request Forgery Vulnerability (CVE-2022-31390) 12. Attack [31197]: LG Simple Editor copyTemplateAll directory traversal vulnerability (CVE-2023-40495) 13. Attack [27115]: Dolibarr ERP and CRM Database Backup Command Injection Vulnerability (CVE-2023-3886) 14. Attack [27116]: Grav Server Template Injection (SSTI) Vulnerability (CVE-2024-28116) 15. Attack [27117]: Progress Flowmon Command Injection Vulnerability (CVE-2024-2389) 16. Attack [42080]: XorBot botnet communication 17. Attack [27118]: Yonyou NC saveImageServlet Arbitrary File Upload Vulnerability 18. Attack [31198]: F5 BIG-IP unzip directory traversal vulnerability (CVE-2023-41373) 19. Attack [10556]: Squid Proxy Digest nc Heap Buffer Overflow (CVE-2023-46847) 20. Attack [27121]: Xisoft Cloud XML Entity Injection Vulnerability 21. Attack [27122]: Palo Alto Networks PAN-OS Command Injection Vulnerability (CVE-2024-3400) 22. Attack [27120]: JAI-EXT Code Injection Vulnerability (CVE-2022-24816) Update rules: 1. Attack [24350]: ACME mini_https arbitrary file read vulnerability (CVE-2018-18778) 2. Attack [25747]: Windows information collection command execution 3. Attack [60084]: Multiple remote security vulnerabilities in Google search tool ProxyStyleSheet Notes: 1. After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, ping the package will result in 3-5 loss. Please choose an appropriate time to upgrade
Release Time：2024-04-25 09:23:54

Name： eoi.unify.allrulepatch.app.2.0.0.34078.rule	Version：2.0.0.34078
MD5：cc38955616861f5e837246f9f0f8bedf	Size：43.56M
Description： This upgrade package is the Zealot 2.0 intrusion prevention signature library/application identification signature library upgrade package. It only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.34078. The new/improved rules in this upgrade package include: New rules: 1. Attack [31180]: Bank Locker Management System cross-site scripting vulnerability (CVE-2023-0563) 2. Attack [27089]: Odoo cross-site scripting vulnerability (CVE-2023-1434) 3. Attack [27090]: WordPress plugin Video List Manager SQL injection vulnerability (CVE-2023-1408) 4. Attack [27091]: WordPress plugin GN Publisher cross-site scripting vulnerability (CVE-2023-1080) 5. Attack [31181]: WordPress plugin Steveas WP Live Chat Shoutbox SQL injection vulnerability (CVE-2023-1020) 6. Attack [27092]: WP Visitor Statistics SQL injection vulnerability (CVE-2023-0600) 7. Attack [31182]: WordPress plugin Watu Quiz cross-site scripting vulnerability (CVE-2023-0968) 8. Attack [31183]: Twittee Text Tweet cross-site scripting vulnerability (CVE-2023-0602) 9. Attack [27093]: WordPress Tutor LMS plug-in cross-site scripting (XSS) vulnerability (CVE-2023-0236) 10. Attack [31184]: Online Security Guards Hiring System cross-site scripting vulnerability (CVE-2023-0527) 11. Attack [31185]: WordPress Japanized for WooCommerce <2.5.8 cross-site scripting vulnerability (CVE-2023-0948) 12. Attack[27094]: Arbitrary file upload vulnerability in UFIDA NC doPost interface 13. Attack [31187]: WordPress Plugin Japanized For WooCommerce <2.5.5 Cross-site Scripting Vulnerability (CVE-2023-0942) 14. Attack [27095]: Slimstat Analytics SQL injection vulnerability (CVE-2023-0630) 15. Attack[31186]:Membership Database<= 1.0 - Cross-site scripting vulnerability (CVE-2023-0514) 16. Attack [27096]: WordPress TripAdvisor Review Slider SQL injection vulnerability (CVE-2023-0261) 17. Attack [31188]: WordPress Plugin Pricing Table Builder SQL injection vulnerability (CVE-2023-0900) 18. Attack [27098]: ASUSTOR ADM command execution vulnerability (CVE-2018-11510) 19. Attack [27097]: Netbox scripts remote code execution Vulnerability (CVE-2024-23780) 20. Attack [42076]: Malicious mining virus Rozena CS communication 21. Attack [27099]: WordPress LayerSlider plugin SQL injection vulnerability (CVE-2024-2879) 22. Attack [31189]: MuYucms picdel.html arbitrary file deletion vulnerability (CVE-2023-27700) 23. Attack [42071]: NjRAT variant zombie Trojan network communication 24. Attack[42079]: suo5 tunnel tool communication 25. Attack[41968]: Suspected Sliver malicious traffic communication 26. Attack [27101]: Fortinet FortiClientEMS SQL injection vulnerability (CVE-2023-48788) 27. Attack [42078]: Vapebot botnet communication 28. Attack [27103]: D-Link NAS unauthorized RCE (CVE-2024-3273) 29. Attack [27102]: WordPress WooCommerce remote code execution vulnerability (CVE-2022-1020) 30. Attack [27108]: Uniview ISC2500-S command injection vulnerability (CVE-2024-0778) 31. Attack[31191]: Hikvision IP network intercom broadcasting system information leakage vulnerability (CVE-2023-6894) 32. Attack [27104]: Jinhe OA C6 UploadFileEditorSave.aspx file upload vulnerability 33. Attack [27105]: Jinhe OA jc6 ntko-upload arbitrary file upload vulnerability 34. Attack [27110]: Telesquare TLR-2005Ksh setSyncTimeHos router command execution vulnerability Update rules: 1. Attack[31186]:Membership Database= 1.0 - Cross-site scripting vulnerability (CVE-2023-0514) 2. Attack [26580]: ntopng permission bypass vulnerability (CVE-2021-28073) 3. Attack [25919]: SeaCMS command execution vulnerability (CVE-2022-23878) 4. Attack [25747]: Windows information collection command execution 5. Attack [41781]: FRP intranet penetration tool communication 6. Attack [27088]: JumpServer remote code execution vulnerability (CVE-2024-29202) Precautions: 1. After the upgrade package is upgraded, the engine will automatically restart to take effect and will not cause session interruption. However, 3~5 ping packets will be lost. Please choose a suitable time to upgrade.
Release Time：2024-04-19 00:24:35

Name： eoi.unify.allrulepatch.app.2.0.0.33994.rule	Version：2.0.0.33994
MD5：b0ccbc8c3c49a02bd4ed6739b51f842a	Size：43.50M
Description： This upgrade package is the Zealot 2.0 intrusion prevention signature library/application identification signature library upgrade package. It only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.33994. The new/improved rules in this upgrade package include: New rules: 1. Attack[27075]: Aiming to create comboxstore RCE vulnerability in ERP system 2. Attack [27076]: VMware Aria Operations for Networks exportPDF code injection vulnerability (CVE-2023-20889) 3. Attack [27073]: Adobe ColdFusion arbitrary file reading vulnerability (CVE-2024-20767) 4. Attack [27077]: Panwei E-Office10 remote code vulnerability 5. Attack [31178]: CrowdStrike HeartBleed vulnerability scanning tool 6. Attack [27078]: Inductive Automation Ignition ExtendedDocumentCodec insecure deserialization vulnerability (CVE-2023-50223) 7. Attack [31179]: Zhejiang Uniview Network Video Recorder main-cgi file information leakage vulnerability 8. Attack [27081]: Netgear ProSAFE NMS300 getNodesByTopologyMapSearch SQL injection vulnerability (CVE-2023-44450) 9. Attack [27082]: Netgear ProSAFE NMS300 clearAlertByIds SQL injection vulnerability (CVE-2023-44449) 10. Attack [27079]: Ray DashBoard API unauthorized command execution vulnerability (CVE-2023-48022) 11. Attack [50656]: Neutrino-proxy intranet penetration tool 12. Attack [42073]: RDDoS botnet communication 13. Attack [42072]: PerlBot botnet communication 14. Attack [42070]: NjRAT 0.7NC botnet communication 15. Attack [27088]: JumpServer remote code execution vulnerability (CVE-2024-29202) 16. Attack [42069]: Mirai_miori botnet communication 17. Attack [42074]: Tbot botnet communication 18. Attack [42075]: Altman Webshell management tool communication 19. Attack [27083]: WordPress My Calendar Plugin my_calendar_rest_route SQL injection vulnerability (CVE-2023-6360) 20. Attack [27085]: WordPress plugin MyCryptoCheckout cross-site scripting vulnerability (CVE-2023-1546) 21. Attack [27084]: FileCatalyst Workflow Web Portal arbitrary file upload vulnerability (CVE-2024-25153) 22. Attack [27086]: Bank Locker Management System SQL injection vulnerability (CVE-2023-0562) 23. Attack [27087]: JumpServer remote code execution vulnerability (CVE-2024-29201) Update rules: 1. Attack [25490]: go-http-tunnel tunnel tool communication 2. Attack [25727]: Linux sample download command execution 3. Attack [41931]: curl PE file download 4. Attack [24432]: Nexus Repository Manager 3 remote command execution vulnerability (CVE-2019-7238) 5. Attack [41932]: curl ELF file download 6. Attack [25784]: Atlassian Bitbucket command injection vulnerability (CVE-2022-36804) 7. Attack [41956]: Cobalt Strike penetration attack tool Beacon HTTP communication_2 Precautions: 1. After the upgrade package is upgraded, the engine will automatically restart to take effect and will not cause session interruption. However, 3~5 ping packets will be lost. Please choose a suitable time to upgrade.
Release Time：2024-04-04 09:03:10

Name： eoi.unify.allrulepatch.app.2.0.0.33939.rule	Version：2.0.0.33939
MD5：9ab5e5891471012faafbff7f5878f12b	Size：43.45M
Description： This upgrade package is the Zealot 2.0 intrusion prevention signature library/application identification signature library upgrade package. It only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.33939. The new/improved rules in this upgrade package include: New rules: 1. Attack [50654]: Logmein remote control tool 2. Attack [31174]: SmartOA EmailDownload.ashx arbitrary file download vulnerability 3. Attack[42061]:r57 Webshell transmission 4. Attack [31175]: Zhixiang OA msglog.aspx SQL injection vulnerability 5. Attack [31173]: Huatian Power OA TemplateService arbitrary file reading vulnerability 6. Attack [27068]: WordPress BuddyPress Unauthorized Access Vulnerability (CVE-2021-21389) 7. Attack [27069]: Hongjing eHR SQL injection vulnerability reappears (CVE-2023-6655) 8. Attack[42062]:r57 Webshell communication 9. Attack [31176]: ChatGPT third-party PHP client server-side request forgery vulnerability (CVE-2024-27564) Update rules: 1. Attack [25117]: Adobe ColdFusion CKEditor upload.cfm file upload vulnerability (CVE-2018-15961/CVE-2019-7838) 2. Attack [24764]: Nagios XI authorized arbitrary file upload vulnerability 3. Attack [25429]: Nagios XI Switch Wizard Switch.inc.php command injection vulnerability (CVE-2021-37344/CVE-2021-25297) 4. Attack [24389]: NTPsec ntpd ctl_getitem out-of-bounds read (CVE-2019-6443/CVE-2019-6444) 5. Attack [68249]: Webshell sample 100021 uploaded 6. Attack [41956]: Cobalt Strike penetration attack tool Beacon HTTP communication_2 7. Attack [41738]: Cobalt Strike penetration attack tool Beacon HTTP communication 8. Attack [25533]: Grafana Labs Grafana component directory traversal vulnerability (CVE-2021-43798) Precautions: 1. After the upgrade package is upgraded, the engine will automatically restart to take effect and will not cause session interruption. However, 3~5 ping packets will be lost. Please choose a suitable time to upgrade.
Release Time：2024-04-01 14:51:01

Name： eoi.unify.allrulepatch.app.2.0.0.33859.rule	Version：2.0.0.33859
MD5：93c4cea39f9779b863d71aedce6e4db2	Size：43.42M
Description： This upgrade package is the Zealot 2.0 intrusion prevention signature library/application identification signature library upgrade package. It only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.33859. The new/improved rules in this upgrade package include: New rules: 1. Attack [27048]: PaperCut NG External User Lookup code injection vulnerability (CVE-2023-39469) 2. Attack [27049]: Schneider Electric C-Bus Toolkit FILE DOWNLOAD Command directory traversal vulnerability (CVE-2023-5399) 3. Attack [27050]: Apache OFBiz path traversal vulnerability (CVE-2024-25065) 4. Attack [27051]: Ivanti Avalanche SmartDeviceServer decodeToMap XML external entity injection vulnerability (CVE-2023-32567) 5. Attack [31164]: O2OA open background arbitrary file reading vulnerability 6. Attack [27052]: F5 BIG-IP dbquery.jsp SQL injection vulnerability (CVE-2023-46748) 7. Attack [27053]: Edimax Technology N300 BR-6428NS_v4 command injection vulnerability (CVE-2023-31985) 8. Attack [31165]: Qilai OA treelist.aspx SQL injection vulnerability 9. Attack [31166]: Yuantian OA GetDataAction SQL injection vulnerability 10. Attack [27054]: Tenda AC18 command injection vulnerability (CVE-2023-30135) 11. Attack [31167]: Joomla PrayerCenter SQL injection vulnerability (CVE-2018-7314) 12. Attack [27055]: Voltronic Power ViewPower Pro autoMatchMac command injection vulnerability (CVE-2023-51572) 13. Attack [27056]: Voltronic Power ViewPower Pro updateManager password authentication bypass vulnerability (CVE-2023-51573) 14. Attack [27058]: Netcom Technology NS-ASG Application Security Gateway SQL injection vulnerability (CVE-2024-2330) 15. Attack [27060]: JetBrains TeamCity path traversal vulnerability (CVE-2024-27199) 16. Attack [27061]: UF Chanjet T+ InitServerInfo.aspx SQL injection vulnerability 17. Attack [27057]: F-logic DataCube3 arbitrary file upload vulnerability (CVE-2024-25832) 18. Attack [27062]: Cisco SD-WAN vManage Directory Traversal Vulnerability (CVE-2020-26073) 19. Attack [27063]: WAVLINK wavlink operating system command injection vulnerability (CVE-2020-12124) Update rules: 1. Attack [66494]: HP OpenView NNM snmp.exe Oid parameter buffer overflow vulnerability 2. Attack [30269]: Netscape iPlanet search NS-Query-Pat directory traversal vulnerability 3. Attack [68244]: Webshell sample 100751 uploaded 4. Attack [61900]: iTinySoft Studio Total Video Player M3U playlist buffer overflow vulnerability 5. Attack [24550]: Webmin remote code execution vulnerability (CVE-2019-15107) 6. Attack [41961]: Webshell backdoor program Chinese Chopper Connection (php) 7. Attack [24785]: PHPMoAdmin 1.1.2 remote code execution vulnerability (CVE-2015-2208) 8. Attack [26652]: Splunk Enterprise XSLT remote code execution vulnerability (CVE-2023-46214) 9. Attack [31162]: Contec SolarView Compact arbitrary file reading vulnerability (CVE-2023-29919) 10. Attack [31160]: PowerJob unauthorized access vulnerability (CVE-2023-29922) Precautions: 1. After the upgrade package is upgraded, the engine will automatically restart to take effect and will not cause session interruption. However, 3~5 ping packets will be lost. Please choose a suitable time to upgrade.
Release Time：2024-03-22 17:23:26

Name： eoi.unify.allrulepatch.app.2.0.0.33781.rule	Version：2.0.0.33781
MD5：06bb9a89bd8f743d95302596867f1886	Size：43.38M
Description： This upgrade package is the Zealot 2.0 intrusion prevention signature library/application identification signature library upgrade package. It only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.33781. The new/improved rules in this upgrade package include: New rules: 1. Attack [27024]: Command injection vulnerability in multiple WAGO products (CVE-2023-1698) 2. Attack [31156]: vega vulnerability scanning tool 3. Attack [27027]: Cloudpanel makefile arbitrary file upload vulnerability (CVE-2023-35885) 4. Attack [27026]: JetBrains TeamCity Authentication Bypass Vulnerability (CVE-2024-27198) 5. Attack [27025]: Microsoft Exchange Server security feature bypass vulnerability (CVE-2021-31207) 6. Attack [27028]: Microsoft Exchange Server BackEnd Privilege Elevation Vulnerability (CVE-2021-34523) 7. Attack [31157]: jsky web vulnerability scanning tool 8. Attack [27029]: UFIDA U8 Cloud RegisterServlet SQL injection vulnerability 9. Attack [31158]: Jeecg P3 Biz Chat arbitrary file reading vulnerability (CVE-2023-33510) 10. Attack [27031]: Netgate pfSense status_logs_filter_dynamic.php reflected cross-site scripting vulnerability (CVE-2023-42325) 11. Attack [27032]: Netgear ProSAFE NMS300 UpLoadServlet arbitrary file upload vulnerability (CVE-2023-38098) 12. Attack [27034]: Apache DolphinScheduler arbitrary code execution vulnerability (CVE-2023-49299) 13. Attack [27035]: CRMEB apiwechatapp_auth permission bypass vulnerability (CVE-2023-3232) 14. Attack[27037]: ITSETECAM Webshell communication 15. Attack[27038]: ITSETECAM Webshell upload 16. Attack [27039]: Apache DolphinScheduler arbitrary code execution vulnerability (CVE-2024-23320) 17. Attack [27030]: UFIDA NC saveDoc.ajax arbitrary file upload vulnerability 18. Attack [27033]: Netcom Technology NS-ASG Application Security Gateway SQL injection vulnerability (CVE-2024-2022) 19. Attack [31160]: PowerJob unauthorized access vulnerability (CVE-2023-29922) 20. Attack [27036]: Purchase Order System SQL injection vulnerability (CVE-2023-29622) 21. Attack [31161]: KubeOperator front-end configuration file download vulnerability (CVE-2023-22480) 22. Attack [27040]: UFIDA U8 Cloud CacheInvokeServlet deserialization vulnerability 23. Attack [27041]: Haixiang ERP getylist_login SQL injection vulnerability 24. Attack [27042]: H3C campus network self-service system flexfileupload arbitrary file upload vulnerability 25. Attack [50652]: XML External Entity Injection (XXE)-(HTML Entity Encoding/UTF-16/UTF-7) 26. Attack [27043]: WordPress Social Login and Register Plugin authentication bypass vulnerability (CVE-2023-2982) 27. Attack [27045]: Windows security event log analysis tool LogonTracer remote command injection vulnerability (CVE-2018-16167) 28. Attack [27044]: Ray API has local file reading vulnerability (CVE-2023-6021) 29. Attack [27046]: Alkacon Software OpenCMS has a URL redirection vulnerability (CVE-2023-6380) 30. Attack [31162]: Contec SolarView Compact arbitrary file reading vulnerability (CVE-2023-29919) 31. Attack [27047]: SpringBlade list interface SQL injection vulnerability Update rules: 1. Attack [26859]: Node.js deserialization code execution vulnerability (CVE-2017-5941) 2. Attack [26306]: WPS Office For Windows code execution vulnerability 3. Attack [50576]: Sunflower remote control client controlled operation 4. Attack [24302]: Suspicious XML External Entity (XXE) injection attack attempt 5. Attack [30713]: Apache Traffic server ESI plug-in information leakage vulnerability (CVE-2018-8040) 6. Attack [27005]: Universal static path traversal vulnerability Precautions: 1. After the upgrade package is upgraded, the engine will automatically restart to take effect and will not cause session interruption. However, 3~5 ping packets will be lost. Please choose a suitable time to upgrade.
Release Time：2024-03-14 17:30:41

Name： eoi.unify.allrulepatch.app.2.0.0.33682.rule	Version：2.0.0.33682
MD5：e31ca0d1df912ea9c1257cddc1736239	Size：43.32M
Description： This upgrade package is the Zealot 2.0 intrusion prevention signature library/application identification signature library upgrade package. It only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.33682. The new/improved rules in this upgrade package include: New rules: 1. Attack [26991]: WordPress Plugin MStore API authentication bypass vulnerability (CVE-2023-2732) 2. Attack [26999]: NETGEAR RAX30 authentication error vulnerability (CVE-2023-1327) 3. Attack [27000]: D-Link DAR-8000 command injection vulnerability (CVE-2023-4542) 4. Attack [31145]: VISAM VBASE Automation Base XML external entity injection vulnerability (CVE-2022-46286) 5. Attack [31146]: MeterSphere access control error vulnerability (CVE-2023-25573) 6. Attack [27002]: SRS video server command injection vulnerability (CVE-2023-34105) 7. Attack [42057]: Pupy backdoor C2 communication 8. Attack [27003]: Honeywell PM43 loadfile.lp remote code execution vulnerability (CVE-2023-3710) 9. Attack [27004]: LG LED Assistant UpdateFile directory traversal vulnerability 10. Attack [31149]: Citrix Gateway open redirect and XSS vulnerability (CVE-2023-24488) 11. Attack [50651]: Changting Muyun Host Management Assistant Connection 12. Attack [27006]: Milesight VPN arbitrary file reading vulnerability (CVE-2023-23907) 13. Attack [27007]: Man Group D-Tale SSRF server request forgery vulnerability (CVE-2024-21642) 14. Attack [27009]: H3C SecPath next-generation firewall sys_dia_data_check arbitrary file download vulnerability 15. Attack [27008]: Altenergy Power System Control Software operating system command injection vulnerability (CVE-2023-28343) 16. Attack [27005]: Universal static path traversal vulnerability 17. Attack [31150]: VISAM VBASE Automation Base XML external entity injection vulnerability (CVE-2022-46300) 18. Attack [27010]: Tongda OA /general/ems/query/search_excel.php SQL injection vulnerability 19. Attack [27014]: Jinhe OA C6 OfficeServer arbitrary file upload vulnerability 20. Attack [27013]: XWiki.org Change Request Extension code injection vulnerability (CVE-2023-45138) 21. Attack [31151]: Ghost CMS Content API information leakage vulnerability (CVE-2023-31133) 22. Attack [27015]: UFIDA U8 Cloud BlurTypeQuery SQL injection vulnerability 23. Attack [31152]: WordPress plug-in Migration, Backup, Staging Unauthorized Access Vulnerability (CVE-2024-1982) 24. Attack[31153]: WordPress Advanced Custom Fields Plugin post_status cross-site scripting injection vulnerability (CVE-2023-30777) 25. Attack [31154]: WordPress plug-in Migration, Backup, Staging SQL injection vulnerability (CVE-2024-1981) 26. Attack [27018]: Netgate pfSense diag_packet_capture.php command injection vulnerability (CVE-2023-48123) 27. Attack [27020]: Ivanti Connect Secure XXE vulnerability (CVE-2024-22024) 28. Attack [31155]: Jenkins Sidebar Link Plugin icon directory traversal vulnerability (CVE-2023-32985) 29. Attack [27019]: Netgate pfSense GIF GRE command injection vulnerability (CVE-2023-42326) 30. Attack [27017]: Lanling OA wechatLoginHelper SQL injection vulnerability 31. Attack [27021]: Dataease data source JDBC file reading and deserialization vulnerability (CVE-2024-23328) 32. Attack [27016]: Tianrongxin TopScanner system CommandsPolling command execution vulnerability 33. Attack [27023]: Hongfan OA iocomGetAtt SQL injection vulnerability Update rules: 1. Attack [26282]: Atlassian Jira authentication bypass vulnerability (CVE-2022-0540) 2. Attack [25252]: Godzilla JAVA_AES_BASE64 Webshell connection 3. Attack [26568]: Jinhe OA frontend saveAsOtherFormatServlet arbitrary file upload vulnerability 4. Attack [26035]: Panwei E-office uploadify.php file upload vulnerability (CVE-2023-2648) Precautions: 1. After the upgrade package is upgraded, the engine will automatically restart to take effect and will not cause session interruption. However, 3~5 ping packets will be lost. Please choose a suitable time to upgrade.
Release Time：2024-03-07 18:22:24

Name： eoi.unify.allrulepatch.app.2.0.0.33603.rule	Version：2.0.0.33603
MD5：7f6c3dbb48fe93b3365ce3fcb697d413	Size：43.26M
Description： This upgrade package is the Zealot 2.0 intrusion prevention signature library/application identification signature library upgrade package. It only supports engine version V56R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.33603. The new/improved rules in this upgrade package include: New rules: 1. Attack [50650]: ActiveMQ default password login 2. Attack [31138]: ThinkPHP Debug mode log information leakage vulnerability 3. Attack [26974]: WordPress plugin Limit Login Attempts cross-site scripting vulnerability (CVE-2023-1861) 4. Attack [26975]: WordPress Royal Elementor plug-in arbitrary file upload vulnerability (CVE-2023-5360) 5. Attack [26976]: Zoho ManageEngine RecoveryManager Plus updateProxySettings command injection vulnerability (CVE-2023-48646) 6. Attack [31139]: Artica Proxy cross-site scripting (XSS) injection vulnerability (CVE-2022-37153) 7. Attack [26978]: Schneider Electric Easy UPS Online Monitoring Software command execution vulnerability (CVE-2023-29412) 8. Attack [26979]: GLPI-Project GLPI SQL injection vulnerability (CVE-2023-46727) 9. Attack [26980]: Cacti Group Cacti poller_host_duplicate SQL injection vulnerability (CVE-2023-49085) 10. Attack [26977]: Apache Solr Backup/Restore APIs remote command execution vulnerability (CVE-2023-50386) 11. Attack [26982]: ScreenConnect authentication bypass leading to remote command execution (CVE-2024-1709) 12. Attack [26983]: Apache ServiceComb Service-Center code issue vulnerability (CVE-2023-44313) 13. Attack [26984]: Xinhu OA ordinary user rights getshell vulnerability 14. Attack [26985]: Exrick XMall SQL injection vulnerability (CVE-2024-24112) 15. Attack [26986]: AwStats aswtats.pl remote command execution vulnerability (CVE-2005-0116) 16. Attack [26988]: Ivanti Avalanche EnterpriseServer GetSettings authentication bypass vulnerability (CVE-2023-28126) 17. Attack [26989]: Zoho ManageEngine OPManager remote code execution vulnerability (CVE-2023-31099) 18. Attack [26987]: Pimcore Multiselect.php getFilterConditionExt SQL injection vulnerability (CVE-2023-47637) 19. Attack[31140]: pocsuite vulnerability scanning tool 20. Attack [31141]: CrowdStrike ShellShock vulnerability scanning tool 21. Attack [26990]: WordPress plugin Pie Register URL redirection vulnerability (CVE-2023-0552) 22. Attack [26993]: I DOC View SSRF vulnerability (CVE-2023-23743) 23. Attack [26994]: D-link DIR-823G command injection vulnerability (CVE-2023-26613) 24. Attack [26992]: WordPress plug-in Bricks Builder remote code execution vulnerability (CVE-2024-25600) 25. Attack [31142]: Appwrite server-side request forgery vulnerability (CVE-2023-27159) 26. Attack [26996]: Ruckus Wireless Admin code injection vulnerability (CVE-2023-25717) 27. Attack [26995]: D-Link D-View 8 Unauthorized Access Vulnerability (CVE-2023-5074) 28. Attack [31144]: Apache OFBiz SSRF server request forgery vulnerability (CVE-2023-50968) 29. Attack [31143]: MeterSphere arbitrary file reading vulnerability (CVE-2023-25814) 30. Attack [26997]: Ivanti Avalanche FileStoreConfig arbitrary file upload vulnerability (CVE-2023-46263) 31. Attack [26998]: Ivanti Avalanche server-side request forgery vulnerability (CVE-2023-46262) Update rules: 1. Attack [30993]: UFIDA NC smartweb2 XML entity injection vulnerability 2. Attack [24841]: Jboss unauthorized access vulnerability (CVE-2010-0738) 3. Attack[26819]: Struts2 remote code execution vulnerability (CVE-2023-50164)(S2-066)_2 4. Attack [26752]: Struts2 remote code execution vulnerability (CVE-2023-50164) (S2-066) 5. Attack [26917]: Atlassian Confluence remote code execution vulnerability (CVE-2023-22527) Precautions: 1. After the upgrade package is upgraded, the engine will automatically restart to take effect and will not cause session interruption. However, 3~5 ping packets will be lost. Please choose a suitable time to upgrade.
Release Time：2024-03-01 11:00:34

Name： eoi.unify.allrulepatch.app.2.0.0.33528.rule	Version：2.0.0.33528
MD5：8a82e72ae34fe6573c3121d784db2cd7	Size：43.22M
Description： This upgrade package is the Zealot 2.0 intrusion prevention signature library/application identification signature library upgrade package. It only supports firmware version 5.6R11F01 and above, and engine version 5.6R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.33528. The new/improved rules in this upgrade package include: New rules: 1. Attack [10554]: Unauthorized viewing of password vulnerability in Yuanqiu Medical Training System 2. Attack [31137]: China ERP (jshERP) information leakage vulnerability (CVE-2023-48894) 3. Attack [26961]: China ERP (jshERP) file upload vulnerability (CVE-2024-24000) 4. Attack [26962]: China ERP (jshERP) SQL injection vulnerability (CVE-2024-24001) 5. Attack [26963]: China ERP (jshERP) SQL injection vulnerability (CVE-2024-24003) 6. Attack [26964]: China ERP (jshERP) SQL injection vulnerability (CVE-2024-24002) 7. Attack [26965]: China ERP (jshERP) SQL injection vulnerability (CVE-2024-24004) 8. Attack [26967]: Windows command execution and environment variable bypass 9. Attack [26969]: ZOHO ManageEngine Desktop Central MSP authorization issue vulnerability (CVE-2021-44515) 10. Attack [42056]: Zyxel USG Series default password vulnerability (CVE-2020-29583) 11. Attack [10555]: Cisco ASA Software and Firepower Threat Defense Software Denial of Service Vulnerability (CVE-2018-0296) 12. Attack [26968]: SQL injection vulnerability in Huamei Zhuoruan metering business management platform 13. Attack [26972]: WordPress MemberHero plug-in code injection vulnerability (CVE-2022-0885) 14. Attack [26971]: Barco WePresent file_transfer.cgi code execution vulnerability attack (CVE-2019-3929) 15. Attack [26973]: Qi’an Xintianqing client_upload_file.json arbitrary file upload vulnerability (CNVD-2021-27267) 16. Attack [26952]: SpiderFlow crawler platform remote command execution vulnerability (CVE-2024-0195) 17. Attack [26953]: SpringBlade export-user SQL injection vulnerability 18. Attack [26954]: Yearning front arbitrary file reading vulnerability 19. Attack [26955]: Arbitrary login vulnerability in Feiqi Internet loginService 20. Attack [26956]: Pioneer WEB gas charging system Upload.aspx file upload vulnerability 21. Attack [42055]: Redis remotely deletes files (suspected to clean traces) 22. Attack [26957]: Gopher Protocol-Server Side Request Forgery (SSRF) 23. Attack [26958]: Unauthorized access vulnerability in UFIDA Government Finance Cloud V8 24. Attack [26959]: Cobalt Strike penetration attack tool Beacon HTTP communication_3 25. Attack [26960]: Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2024-20931) 26. Attack [31136]: Sonicwall SMA100 SQL injection vulnerability (CVE-2019-7481) Update rules: 1. Attack [41660]: PostgreSQL COPY FROM PROGRAM command injection vulnerability (CVE-2019-9193) 2. Attack [26944]: Ivanti multi-product server-side request forgery vulnerability (CVE-2024-21893) 3. Attack [25948]: MSSQL sp_oacreate execution 4. Attack [26930]: Jenkins file reading vulnerability (CVE-2024-23897) Precautions: 1. After the upgrade package is upgraded, the engine will automatically restart to take effect and will not cause session interruption. However, 3~5 ping packets will be lost. Please choose a suitable time to upgrade.
Release Time：2024-02-27 10:45:14

Name： eoi.unify.allrulepatch.app.2.0.0.33485.rule	Version：2.0.0.33485
MD5：fb7b5c94758f48ef203fd9c45c6cd39f	Size：43.19M
Description： This upgrade package is the Zealot 2.0 intrusion prevention signature library/application identification signature library upgrade package. It only supports firmware version 5.6R11F01 and above, and engine version 5.6R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.33485. The new/improved rules in this upgrade package include: New rules: 1. Attack [26952]: SpiderFlow crawler platform remote command execution vulnerability (CVE-2024-0195) 2. Attack [26953]: SpringBlade export-user SQL injection vulnerability 3. Attack [26954]: Yearning front arbitrary file reading vulnerability 4. Attack [26955]: Arbitrary login vulnerability in Feiqi Internet loginService 5. Attack [26956]: Pioneer WEB gas charging system Upload.aspx file upload vulnerability 6. Attack [42055]: Redis remotely deletes files (suspected to clean traces) 7. Attack [26957]: Gopher Protocol-Server Side Request Forgery (SSRF) 8. Attack [26958]: Unauthorized access vulnerability in UFIDA Government Finance Cloud V8 9. Attack [26959]: Cobalt Strike penetration attack tool Beacon HTTP communication_3 10. Attack [26960]: Oracle WebLogic Server Remote Code Execution Vulnerability (CVE-2024-20931) 11. Attack [31136]: Sonicwall SMA100 SQL injection vulnerability (CVE-2019-7481) Update rules: 1. Attack [41660]: PostgreSQL COPY FROM PROGRAM command injection vulnerability (CVE-2019-9193) 2. Attack [26944]: Ivanti multi-product server-side request forgery vulnerability (CVE-2024-21893) 3. Attack [25948]: MSSQL sp_oacreate execution 4. Attack [26930]: Jenkins file reading vulnerability (CVE-2024-23897) Precautions: 1. After the upgrade package is upgraded, the engine will automatically restart to take effect and will not cause session interruption. However, 3~5 ping packets will be lost. Please choose a suitable time to upgrade.
Release Time：2024-02-16 20:10:39

Name： eoi.unify.allrulepatch.app.2.0.0.33458.rule	Version：2.0.0.33458
MD5：7fefc77b36140a2b46e6efc0d58130b2	Size：43.17M
Description： This upgrade package is the Zealot 2.0 intrusion prevention signature library/application identification signature library upgrade package. It only supports firmware version 5.6R11F01 and above, and engine version 5.6R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.33458. The new/improved rules in this upgrade package include: New rules: 1. Attack [26943]: Ivanti multi-product privilege escalation vulnerability (CVE-2024-21888) 2. Attack [26944]: Ivanti multi-product server-side request forgery vulnerability (CVE-2024-21893) 3. Attack[26945]:Apache Kafka Remote Code Execution Vulnerability(CVE-2023-25194)_2 4. Attack [26946]: Tongda OA 11.7 export/Doimport code execution vulnerability 5. Attack [26940]: Mysql UDF privilege escalation 6. Attack [26948]: PlaySMS input validation error vulnerability (CVE-2020-8644) 7. Attack [42054]: Mysql remote deletion plug-in (suspected to clean traces) 8. Attack [26950]: MRCMS3.0 arbitrary file reading vulnerability 9. Attack [26951]: Remote code execution vulnerability (CVE-2024-0305) in Ncast HD intelligent recording and broadcasting system 10. Attack [26949]: Arbitrary file upload vulnerability in Laykefu customer service system 11. Attack [50648]: Suspected remote control protocol communication (QQ Remote Control/Cisco Webex/Zoom) 12. Attack [50649]: Alibaba Nacos default user password login vulnerability 13. Attack [31135]: LinkWechat-Scrm arbitrary file reading vulnerability (CVE-2024-0882) 14. Attack [42053]: Intranet tunnel tool reGeorg connection_2 15. Attack [26942]: Access to OA dologin code execution vulnerability 16. Attack [26941]: sys_hand_upfile arbitrary file upload vulnerability in SecGate 3600 firewall Update rules: 1. Attack [25761]: Fortinet firewall authentication bypass vulnerability (CVE-2022-40684) 2. Attack [25009]: Microsoft .NET Framework/SharePoint Server/Visual Studio Remote Code Execution Vulnerability (CVE-2020-1147) 3. Attack [26035]: Panwei E-office uploadify.php file upload vulnerability (CVE-2023-2648) 4. Attack [26071]: Panwei-Eoffice ajax.php arbitrary file upload vulnerability (CVE-2023-2523) 5. Attack [30800]: UFIDA u8-test.jsp SQL injection vulnerability (CNVD-2022-31182) 6. Attack [26317]: Huatian Power OA 8000 version workFlowService SQL injection vulnerability 7. Attack [30823]: Zhiyuan A6 setextno.jsp-SQL injection vulnerability Precautions: 1. After the upgrade package is upgraded, the engine will automatically restart to take effect and will not cause session interruption. However, 3~5 ping packets will be lost. Please choose a suitable time to upgrade.
Release Time：2024-02-09 22:43:05

Name： eoi.unify.allrulepatch.app.2.0.0.33416.rule	Version：2.0.0.33416
MD5：80695852bf497954785cc00a83c38183	Size：43.02M
Description： This upgrade package is the Zealot 2.0 intrusion prevention signature library/application identification signature library upgrade package. It only supports firmware version 5.6R11F01 and above, and engine version 5.6R11F01 and above. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.33416. The new/improved rules in this upgrade package include: New rules: 1. Attack [31130]: UFIDA GRP-U8 userInfoWeb SQL injection vulnerability 2. Attack [26919]: Pan-micro e-cology XmlRpcServlet file reading vulnerability 3. Attack [26920]: Panwei e-office download.php arbitrary file download vulnerability 4. Attack [26921]: UFIDA mobile management system uploadIcon file upload vulnerability 5. Attack [26923]: MLflow cross-site scripting vulnerability (CVE-2023-6568) 6. Attack [31131]: BEQ BillQuick Web Suite SQL injection vulnerability (CVE-2021-42258) 7. Attack [26922]: Panwei E-office wsdl.php SQL injection vulnerability 8. Attack [26924]: DotNetNuke input validation error vulnerability (CVE-2017-9822) 9. Attack [31132]: Oracle Business Intelligence Enterprise Edition path traversal vulnerability (CVE-2020-14864) 10. Attack [26931]: 90sec encrypted webshell upload 11. Attack [26930]: Jenkins file reading vulnerability (CVE-2024-23897) 12. Attack [26925]: GitLab arbitrary user password reset vulnerability (CVE-2023-7028) 13. Attack [31133]: Apache Solr environment variable information leakage vulnerability (CVE-2023-50290) 14. Attack [26927]: Ivanti Connect Secure and Ivanti Policy Secure have unauthorized access vulnerability (CVE-2023-46805) 15. Attack [26928]: JEECG jeecgFormDemoController remote code execution vulnerability (CVE-2023-49442) 16. Attack [26929]: Fortra GoAnywhere MFT authentication bypass vulnerability (CVE-2024-0204) 17. Attack [26865]: OfficeWeb365 Pic/Indexs arbitrary file reading vulnerability 18. Attack [26932]: Lanling OA sysSearchMain.do XMLdecode deserialization vulnerability 19. Attack [26934]: Panwei E-office upload.php arbitrary file upload vulnerability 20. Attack [26933]: LG N1A1 NAS operating system command injection vulnerability (CVE-2018-14839) 21. Attack [26935]: Zhiyuan M1 mobile userTokenService code execution vulnerability 22. Attack [26936]: Panwei E Office init.php file upload vulnerability_2 23. Attack [26937]: Advantech R-SeeNet device_status.php local file inclusion vulnerability (CVE-2023-3256) Update rules: 1. Attack [31009]: PaperCut NG access control error vulnerability (CVE-2023-27350) 2. Attack [26911]: GoAnywhere-MFT deserialization vulnerability (CVE-2023-0669) 3. Attack [30815]: Panwei E-cology FileDownload arbitrary file reading vulnerability 4. Attack [25895]: Panwei OA KtreeUploadAction file upload vulnerability 5. Attack [30961]: Lanling EKP unauthorized access vulnerability 6. Attack [26350]: OfficeWeb365 SaveDraw arbitrary file writing vulnerability (CNNVD-202301-254) 7. Attack [25904]: Hongfan OA iorepsavexml arbitrary file upload vulnerability 8. Attack [41952]: suo5 tunnel tool upload 9. Attack [26315]: Ruijie EWEB management system remote code injection vulnerability (CVE-2023-34644) 10. Attack [26043]: Panwei E-cology ofsLogin.jsp allows any user to log in 11. Attack [25600]: Lanling OA treexml.tmpl remote command execution vulnerability 12. Attack [50618]: Intranet tunnel tool Pivotnacci connection 13. Attack [63682]: HTTP SQL injection attempt type three 14. Attack [41499]: HTTP request sensitive path access attempt Precautions: 1. After the upgrade package is upgraded, the engine will automatically restart to take effect and will not cause session interruption. However, 3~5 ping packets will be lost. Please choose a suitable time to upgrade.
Release Time：2024-02-02 10:16:59

Name： eoi.unify.allrulepatch.app.2.0.0.33341.rule	Version：2.0.0.33341
MD5：3609bca4375c91b9bea749b0d40c0fde	Size：42.97M
Description： This upgrade package is an intrusion prevention signature database upgrade package and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version becomes 2.0.0.33341. The new/improved rules in this upgrade package include: New rules: 1. Attack [26907]: Tongda OA handle SQL injection vulnerability 2. Attack [26908]: Tongda OA vmeet front-end arbitrary file upload vulnerability 3. Attack [31124]: Pker background scanning tool 4. Attack [26909]: ivanti Policy Secure command injection vulnerability (CVE-2024-21887) 5. Attack [26910]: Jinhe OA jc6 SQL injection vulnerability 6. Attack [31125]: UFIDA NC LoginServerDo.jsp SQL injection vulnerability 7. Attack [42052]: LCX port forwarding tool upload 8. Attack [26911]: GoAnywhere-MFT deserialization vulnerability (CVE-2023-0669) 9. Attack [31126]: UFIDA U8 XChangeServlet XXE vulnerability 10. Attack [31123]: SQL injection to obtain Oracle version 11. Attack [31121]: SQL injection to obtain Oracle table name 12. Attack [26912]: Citrix ShareFile Storage Zones Controller Directory Traversal Vulnerability (CVE-2021-22941) 13. Attack [31127]: UFIDA Chanjetong Remote Communication GNRemote.dll SQL injection vulnerability 14. Attack [26913]: JumpServer arbitrary file writing vulnerability (CVE-2023-42819) 15. Attack [31120]: SQL injection to obtain Oracle field name 16. Attack [31122]: SQL injection to obtain Oracle field data 17. Attack [31128]: UFIDA NC supdoc.jsp SQL injection vulnerability 18. Attack[26914]: Empire post-penetration tool backdoor communication 19. Attack [26915]: Zhiyuan OA loginController.do RCE vulnerability 20. Attack [26916]: Spring AMQP deserialization vulnerability (CVE-2023-34050) 21. Attack [26918]: Panwei e-office json_common.php SQL injection vulnerability 22. Attack [26917]: Atlassian Confluence remote code execution vulnerability (CVE-2023-22527) Update rules: 1. Attack[26839]: Multiple deserialization vulnerabilities in UFIDA Precautions: 1. After the upgrade package is upgraded, the engine will automatically restart to take effect and will not cause session interruption. However, 3~5 ping packets will be lost. Please choose a suitable time to upgrade.
Release Time：2024-01-26 15:20:21

Name： eoi.unify.allrulepatch.app.2.0.0.33285.rule	Version：2.0.0.33285
MD5：4c5b182d80a88e13e6b0d8bf3018d0be	Size：42.91M
Description： This upgrade package is for the intrusion prevention feature library and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, while the rule version changes to 2.0.0.33285. The new/improved rules for this upgrade package include: New rules: 1. threat [31110]: OA GraphReportAction SQL injection vulnerability 2. threat [26895]: UF NC Cloud soapFormat.ajax interface XXE vulnerability 3. threat [31111]: Access OA rid foreground SQL injection vulnerability 4. threat [26897]:Influxdb unauthorized access vulnerability 5. threat [26898]:SnakeYAML deserialization code execution vulnerability (PropertyPathFactoryBean exploitation chain) 6. threat [26899]:MLflow Arbitrary File Read vulnerability (CVE-2023-2780) 7. threat [42046]:raylink remote control tool 8. threat [25938]: dataimport remote command execution vulnerability of Yisetong electronic document security management system 9. Threat [42047]:Navicat HTTP Tunnel proxy behavior 10. Threat [31112]: OA downloadhttp.jsp arbitrary file download vulnerability 11. Threat [42048]: Mahaja APT attack vsrss.exe download execution 12. threat [42049]:Final1stspy malware communication 13. Threat [26900]: Dawei lnnojet IP Collaborative Innovation Management System administrator password reset vulnerability 14. Threat [26901]:NGINX configuration error directory traversal vulnerability 15. Threat [30895]:TuziCMS 2.0.6 SQL Injection vulnerability (CVE-2022-23882) 16. Threat [26902]: OA iSignatureHTML.jsp SQL injection vulnerability 17. Threat [42050]:RedControle backdoor program C2 communication 18. Threat [31113]: Access OA result.php SQL injection vulnerability 19. Threat [42051]:pocscan vulnerability scanning tool 20. Threat [31115]:SQL injection obtains the number of Oracle libraries 21. Threat [31114]:SQL injection obtains Oracle tables 22. Threat [31116]:SQL injection obtains the number of Oracle fields 23. Threat [31117]:SQL injection obtains Oracle records 24. Threat [31118]: Access OA get_file.php arbitrary file read vulnerability 25. threat [26904]:Microsoft Windows Themes ReviseVersionIfNecessary Conditional competition vulnerability (CVE-2023-38146) 26. threat [26903]:Microsoft Browser Information Disclosure vulnerability (CVE-2017-0009) 27. threat [26905]:Microsoft Script Engine Memory Corruption vulnerability (CVE-2017-0228) 28. Threat [31119]: Huaxia ERP Account Password Disclosure vulnerability (CVE-2024-0490) 29. Threat [26864]: Access OA query.php SQL injection vulnerability Update rules: 1. threat [60464]:HTTP service directory traversal vulnerability 2. threat [30957]: Handel SRM tomcat.jsp session information leakage vulnerability 3. threat [42044]: Suspected of using pseudo-protocols in file related parameters to include PHP files 4. Threat [25747]:Windows information collection command execution 5. threat [63249]:HTTP /etc/passwd file access attempt 6. threat [23997]:FasterXML Jackson-Databind framework json deserialization code execution vulnerability (CVE-2017-7525) 7. threat [24725]:FasterXML jackson-databind JNDI Injection Remote Code Execution vulnerability (CVE-2020-8840) 8. threat [24578]:Zabbix Authentication Bypass vulnerability (CVE-2019-17382) 9. threat [25761]:Fortinet Firewall Authentication Bypass Vulnerability (CVE-2022-40684) 10. threat [50559]:Docker Remote API access attempt 11. Threat [23907]:HTTP code injection attack 12. Threat [25746]:Linux information collection command execution 13. Threat [25981]: Access OA login_code any user login vulnerability 14. Threat [63682]:HTTP SQL injection attempt type 3 15. threat [25571]:Confluence Server and Data Center OGNL Injection Remote Code Execution Vulnerability (CVE-2022-26134) 16. Threat [60993]:HTTP cross-site scripting general attack attempt 17. Threat [26890]: Ubiquity eoffice file-upload vulnerability Notes: 1. After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, ping the package will result in 3-5 loss. Please choose an appropriate time to upgrade
Release Time：2024-01-23 15:33:39

Name： eoi.unify.allrulepatch.app.2.0.0.33198.rule	Version：2.0.0.33198
MD5：a05eddfbb953e50be603cd091272430e	Size：42.84M
Description： This update package is an intrusion prevention signature database update package. Only the engine version V56R11F01 or later is supported. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, and the rule version is 2.0.0.33198. The new/improved rules in this upgrade package are: New rules: 1. threat [26866]: Access OA submit.php SQL injection vulnerability 2. Threat [31098]:dirmap directory scanning tool 3. threat [31099]:VMware vCenter Server Server Request forgery vulnerability (CVE-2021-21973) 4. threat [26867]:Adobe ColdFusion Authentication Bypass vulnerability (CVE-2023-26347) 5. threat [26868]:Mlflow directory Traversal vulnerability (CVE-2023-1176) Threat [31100]:dirsearch directory scanning tool. 6 7. threat [26869]: Access OA action_crawler foreground arbitrary file upload vulnerability 8. threat [26870]: Access OA check_secure_key foreground SQL injection vulnerability 9. threat [26871]:DrayTek Vigor 2960 router Command injection vulnerability (CVE-2023-24229) 10. threat [26872]: Runshen Information management system CommentStandardHandler SQL injection vulnerability 11. threat [26878]: Ruijie Network RG-EW multiple family product command injection vulnerability (CVE-2023-27796) 12.Threat [26889]: Dahua DSS digital monitoring system itcBulletin SQL injection vulnerability 13. Threat [31103]: Redsail OA ioFileExport.aspx arbitrary file reading vulnerability 14. Threat [26886]: Redsail ioRepPicAdd file upload vulnerability Threat [26834]: UF GRP-U8 ufgovbank XML injection vulnerability 16. Threat [26892]: Redsail OA list interface SQL injection vulnerability 17. Threat [26893]: OA privateUpload front desk arbitrary file upload vulnerability 18. Threat [42043]:Koadic Post penetration tool execution command 19. Threat [31105]: Huaxia ERP Information Leakage Vulnerability (CNVD-2020-63964) 20. Threat [31102]:dontgo403 scanning tool 21. Threat [31106]: Tulles WAS5.0 tree file Reading vulnerability (CNVD-2020-27769) 22. Threat [26874]: Dahua ICC readpic arbitrary file read vulnerability 23. Threat [26875]: Dahua Intelligent iot ICC integrated management platform justForTest user login vulnerability 24. Threat [26873]: Dahua Smart Park Integrated management platform poi arbitrary file upload vulnerability 25. Threat [26879]: OA fileUpload.controller arbitrary file upload vulnerability 26. Threat [26880]: OA showResult.action background SQL injection vulnerability 27. Threat [26881]: OA download_ftp.jsp arbitrary file download vulnerability 28. Threat [26877]: Kwing AIO ReportServlet arbitrary file reading vulnerability 29. Threat [26876]: Koron AIO ReportServlet arbitrary file upload vulnerability 30. Threat [31107]:Milesight Router Information Disclosure Vulnerability (CVE-2023-43261) 31. Threat [31108]: Ruiqi Cloud resetPwd login bypass vulnerability 32. Threat [42044]: Suspected PHP file inclusion using pseudo-protocol in file related parameters 33. Threat [31109]: Qiming Stars unified security control platform getMaster.do information leakage vulnerability 34. Threat [26884]: Zhiyuan OA A5 search_result.jsp sql injection vulnerability 35. Threat [26882]: Zhiyuan OA pdfServlet arbitrary file upload vulnerability 36. Threat [26883]: Zhiyuan A6 downloadAtt.jsp SQL injection vulnerability 37. Threat [26887]: Redsail OA udfmr.asmx SQL injection vulnerability Update rules: 1. threat [21460]: Trojan Backdoor backdoor.asp.ace ASP Web access 2. threat [41588]:PHP Webshell script upload 3. threat [26182]:Smartbi has authentication bypass vulnerability (CNVD-2023-55718) 4. threat [31104]:Caldera framework login communication 5. threat [63237]:HTTP /etc/shadow file access attempt 6. threat [63249]:HTTP /etc/passwd file access attempt 7. threat [60471]:HTTP directory traversal reads /etc/passwd file 8. threat [31108]: resetPwd password reset behavior 9. threat [41499]:HTTP request sensitive path access attempt Note: 1. After the upgrade package is upgraded, the engine automatically restarts and takes effect without interrupting sessions. However, 3 to 5 ping packets will be lost.
Release Time：2024-01-12 10:48:28

Name： eoi.unify.allrulepatch.app.2.0.0.33111.rule	Version：2.0.0.33111
MD5：921fb74db6d4fb7aad97fe77a65139a1	Size：42.77M
Description： This upgrade package is for the intrusion prevention feature library and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, while the rule version changes to 2.0.0.33111. The new/improved rules for this upgrade package include: New rule: 1. Attack [26842]: Ajax NET Professional (AjaxPro) Deserialization Vulnerability (CVE-2021-23758) 2. Attack [42035]: Loading suspicious script Invoke Mimikatz 3. Attack [31096]: Discovering Hoaxshell rebound shell tool 4. Attack [50646]: Manjusaka C2 remote control tool login 5. Attack [26845]: NPC Download of Manjusaka C2 Tool 6. Attack [42037]: B374k PHP Webshell communication 7. Attack [42038]: Loading Nishang Suspicious Script Show TargetScreen 8. Attack [26841]: MLflow SSTI vulnerability (CVE-2023-6709) 9. Attack [26846]: Zhiyuan Internet FE Collaborative Office Platform editflow_ Manager.jsp SQL injection vulnerability 10. Attack [26847]: Blue Ling OA datajson.js script remote code execution vulnerability 11. Attack [42040]: Citrix file upload interface uploads SSH public key 12. Attack [26848]: Seowon Intech SWC 5100W WIMAX Command Injection Vulnerability (CVE-2023-27826) 13. Attack [26849]: Apache OFBiz groovy remote code execution vulnerability (CVE-2023-51467) 14. Attack [42039]: Undead Soul Webshell Upload 15. Attack [42041]: Undead Soul Webshell Communication 16. Attack [50647]: Remote control tool pcAnywhere connection 17. Attack [26859]: Node. js Deserialization Code Execution Vulnerability (CVE-2017-5941) 18. Attack [26858]: Yonyou U8 cloud KeyWordDetailReportQuery SQL injection vulnerability 19. Attack [26843]: Mlflow directory traversal vulnerability (CVE-2023-6753) 20. Attack [26850]: Baizhuo Smart S45F Gateway Intelligent Management Platform/sysmanagement/license.php File Upload Vulnerability (CVE-2023-5492) 21. Attack [26851]: PatrolFlow-AM-2500-100 Management Platform transipmac.php Command Execution Vulnerability in Baizhuo Network 22. Attack [26852]: Baizhuo Patflow showuser.php backend SQL injection vulnerability 23. Attack [26853]: SQL injection vulnerability in Baizhuo Smart S85F Management Platform (CVE-2023-4414) 24. Attack [26854]: PowerJob Remote Code Execution Vulnerability (CVE-2023-37754) 25. Attack [26855]: Apache InLong Code Issue Vulnerability (CVE-2023-34434) 26. Attack [26856]: Pan Micro E Office init.php File Upload Vulnerability 27. Attack [26857]: Pan Micro E-Office init.php SQL Injection Vulnerability 28. Attack [26860]: DedeCMS file contains vulnerability (CVE-2023-2928) 29. Attack [42042]: IOX proxy tool communication 30. Attack [26862]: Kingdee easWebClient Arbitrary File Download Vulnerability 31. Attack [26863]: Unauthorized Access Vulnerability of BeiDou Active Security Cloud Platform 32. Attack [26861]: Mlflow directory traversal vulnerability (CVE-2023-6753)_ two Update rules: 1. Attack [63682]: HTTP SQL injection attempt type three 2. Attack [41499]: HTTP request sensitive path access attempt 3. Attack [26505]: Deeply Convinced NGAF Next Generation Firewall login.cgi Remote Command Execution Vulnerability 4. Attack [24652]: Mongo express remote code execution vulnerability (CVE-2019-10758) Notes: 1. After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, ping the package will result in 3-5 loss. Please choose an appropriate time to upgrade
Release Time：2024-01-05 09:47:18

Name： eoi.unify.allrulepatch.app.2.0.0.33040.rule	Version：2.0.0.33040
MD5：04943398ead7ea7e97b853322c5de174	Size：42.71M
Description： This upgrade package is for the intrusion prevention feature library and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, while the rule version changes to 2.0.0.33040. The new/improved rules for this upgrade package include: New rule: 1. Attack [26820]: Kingdee Tianyan Unauthorized File Upload Vulnerability 2. Attack [42026]: Jsp File Browser backdoor program access 3. Attack [42027]: Black Mamba C2 Traffic_ Framework communication 4. Attack [26823]: MLflow directory traversal vulnerability (CVE-2023-6909) 5. Attack [26824]: MLflow directory traversal vulnerability (CVE-2023-6909)_ two 6. Attack [26825]: Red Sail OA FaxService.asmx Arbitrary File Write Vulnerability 7. Attack [42028]: JShell Webshell communication 8. Attack [26826]: Zhiyuan M3 Remote Code Execution Vulnerability 9. Attack [42029]: jfolder Webshell communication 10. Attack [42030]: Loading netcat script powercat 11. Attack [26828]: Cisco IOS XE Web UI Command Execution Vulnerability (CVE-2023-20273) 12. Attack [26821]: Hikvision IP Network Intercom Broadcasting System Command Execution Vulnerability (CVE-2023-6895) 13. Attack [26822]: Hikvision IP Network intercom broadcast system path traversal vulnerability (CVE-2023-6893) 14. Attack [31090]: HTTP/etc/passwd file successfully read 15. Attack [26829]: Dokmee ECM Information Leakage Causes Remote Command Execution Vulnerability (CVE-2023-47261) 16. Attack [31091]: HTTP/etc/shadow file successfully read 17. Attack [31092]: 7kbscan directory scanning tool 18. Attack [26832]: Sunhill SureLine Command Injection Vulnerability (CVE-2021-36380) 19. Attack [26831]: UFIDA GRP-U8 SmartUpload01 File Upload Vulnerability 20. Attack [25804]: Spring Data MongoDB SpEL expression injection code execution vulnerability (CVE-2022-22980) 21. Attack [26830]: Cisco IOS XE Web UI privilege escalation vulnerability (CVE-2023-20198) 22. Attack [42031]: Phpsploit webshell communication 23. Attack [26827]: Kodbox Remote Command Execution Vulnerability (CVE-2023-6848) 24. Attack [26833]: Sailsoft Report V8get_ Geo_ JSON arbitrary file read vulnerability (CNVD-2018-04757) 25. Attack [26835]: Ruiqi Cloud Arbitrary File Reading Vulnerability 26. Attack [31093]: Tornado directory traversal vulnerability (CVE-2023-25265) 27. Attack [42032]: Spider PHP Webshell communication 28. Attack [31094]: DSXS vulnerability scanning tool 29. Attack [26836]: VMware vRealize Operations Server Side Request Forgery Vulnerability (CVE-2021-21975) 30. Attack [42033]: TrevorC2 C2 Traffic Online Registration - Connect to C2 Server 31. Attack [31095]: WebCruiser Web vulnerability scanner 32. Attack [26838]: Yonyou Space KSOA linkadd SQL injection vulnerability 33. Attack [26837]: ImageMagick Arbitrary File Read Vulnerability (CVE-2022-44268) 34. Attack [10553]: ImageMagick Denial of Service Vulnerability (CVE-2022-44267) 35. Attack [26840]: ZOHO ManageEngine Password Manager Pro Deserialization Vulnerability (CVE-2022-35405) 36. Attack [26839]: Multiple Deserialization Vulnerabilities on Yonyou 37. Attack [42034]: Loading Nishang Suspicious Script Keylogger 38. Attack [26818]: MLflow directory traversal vulnerability (CVE-2023-6831) Update rules: 1. Attack [31069]: TideFinger web vulnerability scanning tool 2. Attack [42025]: OrcaC2 Traffic Online Registration - Connect to C2 Server 3. Attack [60464]: HTTP Service Directory Traversal Vulnerability 4. Attack [26394]: Formservice SQL injection vulnerability in the spatiotemporal Zhiyou enterprise process control system 5. Attack [26387]: Zen 18.0 backstage command injection vulnerability 6. Attack [26341]: UFIDA Changjie T+GetStoreWarehouseByStore Deserialization Command Execution Vulnerability (CNVD-2023-48562) 7. Attack [30830]: Yonyou Changjie CRM get_ Usedspace. php SQL injection vulnerability 8. Attack [41956]: Cobalt Strike penetration attack tool Beacon HTTP communication_ two 9. Attack [26780]: There is an arbitrary file read vulnerability in the electronic document security management system of Yisaitong (CNVD-2023-09184) Notes: 1. After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, ping the package will result in 3-5 loss. Please choose an appropriate time to upgrade
Release Time：2023-12-29 10:20:47

Name： eoi.unify.allrulepatch.app.2.0.0.32939.rule	Version：2.0.0.32939
MD5：1546c5e5668251d0ff7585ad76e7336f	Size：42.64M
Description： This upgrade package is for the intrusion prevention feature library and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, while the rule version changes to 2.0.0.32939. The new/improved rules for this upgrade package include: New rule: 1. Attack [26769]: HCM KhFieldTree SQL Injection Vulnerability in Hongjing Human Resources System 2. Attack [31074]: Huaxia ERP Account and Password Leakage Vulnerability 3. Attack [31076]: pgAdmin directory traversal vulnerability (CVE-2023-0241) 4. Attack [31075]: Paging OA beifenAction.php backend directory traversal vulnerability 5. Attack [31077]: dlUltrasec file reading vulnerability in the electronic document security management system of Yisaitong 6. Attack [26770]: HeartBeat.php Remote Command Execution Vulnerability in Netcom's Next Generation Firewall 7. Attack [26771]: Tenda M3 Command Injection Vulnerability (CVE-2022-26289) 8. Attack [26772]: TOTOLINK CA300 PoE Command Injection Vulnerability (CVE-2023-24140/CVE-2023-24141/CVE-2023-24142/CVE-2023-24143) 9. Attack [26773]: TOTOLINK LR350 Command Injection Vulnerability (CVE-2023-37148) 10. Attack [26774]: TOTOLINK A720R Command Injection Vulnerability (CVE-2022-38534) 11. Attack [26775]: Wavlink WN579X3 Command Injection Vulnerability (CVE-2023-3380) 12. Attack [26776]: Wavlink Device Command Injection Vulnerability (CVE-2022-35526) 13. Attack [26779]: MLflow Arbitrary File Read Vulnerability (CVE-2023-1177) 14. Attack [42017]: Loading SPN scan script Discover-PSMSExchangeServers 15. Attack [42018]: Loading SPN scan script GetUserSPNs 16. Attack [26763]: Pan Micro Cloud Bridge e-Bridge AddTaste Interface SQL Injection Vulnerability 17. Attack [26778]: Loading PowerUp authorization tool 18. Attack [26781]: Ten Thousand EzOFFICE ConvertFile File File Reading Vulnerability 19. Attack [26782]: Pan Micro e-Office OA SMS_ SQL injection vulnerability in page.php interface 20. Attack [26783]: SQL injection vulnerability in the ubiquitous e-office OA UserSelect interface 21. Attack [26784]: Pan Micro e-Office OA Flow_ Xmlphp SQL injection vulnerability 22. Attack [26785]: Pan Micro e-Office OA detail.php SQL Injection Vulnerability 23. Attack [31078]: Skipfish vulnerability scanning tool 24. Attack [42019]: Octopus C2 Traffic - HTTP Request Execution Command Packet 25. Attack [31079]: Wavlink WL-WN535G3 Information Leakage Vulnerability (CVE-2022-34576) 26. Attack [42020]: Malicious mining virus Xmrig mining Trojan connection 27. Attack [26787]: Wavlink WL-WN535G3 Command Injection Vulnerability (CVE-2022-34577) 28. Attack [26788]: Wavlink WL-WN535K2_ K3 Command Injection Vulnerability (CVE-2022-2486) 29. Attack [42021]: Ncrack password blasting tool 30. Attack [31081]: Pan Micro E-ology SptmForPortalThumbnail.jsp Arbitrary File Download Vulnerability 31. Attack [26793]: Pan Micro E-Mobile Lang2Sql Interface Arbitrary File Upload Vulnerability 32. Attack [26786]: RuoYi relies on backend management system edit SQL injection vulnerability (CVE-2023-49371) 33. Attack [26819]: Struts2 Remote Code Execution Vulnerability (CVE-2023-50164) (S2-066)_ two 34. Attack [42022]: PoshC2 Remote Control Tool Traffic Detection - BeaconImage Request 35. Attack [31083]: Webinspect vulnerability scanning tool 36. Attack [42023]: Loading Nishang Port Scan Script Invoke Portscan 37. Attack [26791]: Tongda OA SQL Injection Vulnerability (CVE-2023-6611) 38. Attack [26792]: Tongda OA SQL Injection Vulnerability (CVE-2023-6608) 39. Attack [26794]: Tongda OA SQL Injection Vulnerability (CVE-2023-6607) 40. Attack [26795]: TamronOS IPTV backup arbitrary file download vulnerability 41. Attack [26796]: Tongda OA SQL Injection Vulnerability (CVE-2023-6276) 42. Attack [26798]: Tongda OA SQL Injection Vulnerability (CVE-2023-6084) 43. Attack [26799]: Tongda OA SQL Injection Vulnerability (CVE-2023-6054) 44. Attack [26800]: Tongda OA SQL Injection Vulnerability (CVE-2023-6053) 45. Attack [26801]: Tongda OA SQL injection vulnerability (CVE-2023-6052) 46. Attack [26802]: Tongda OA SQL Injection Vulnerability (CVE-2023-5783) 47. Attack [26803]: Tongda OA SQL Injection Vulnerability (CVE-2023-5782) 48. Attack [31085]: Appscan web scanning tool 49. Attack [31084]: Arachni vulnerability scanning tool 50. Attack [26804]: WordPress Backup&Migration Remote Code Execution Vulnerability (CVE-2023-6553) 51. Attack [26805]: Tongda OA SQL Injection Vulnerability (CVE-2023-5781) 52. Attack [26806]: Tongda OA SQL Injection Vulnerability (CVE-2023-5780) 53. Attack [26807]: Tongda OA SQL Injection Vulnerability (CVE-2023-5682) 54. Attack [26808]: Tongda OA SQL Injection Vulnerability (CVE-2023-5497) 55. Attack [26809]: Tongda OA SQL Injection Vulnerability (CVE-2023-5298) 56. Attack [26810]: Tongda OA SQL Injection Vulnerability (CVE-2023-5285) 57. Attack [26811]: Tongda OA SQL Injection Vulnerability (CVE-2023-5267) 58. Attack [26812]: Tongda OA SQL Injection Vulnerability (CVE-2023-5265) 59. Attack [26813]: Tongda OA SQL Injection Vulnerability (CVE-2023-5261) 60. Attack [42024]: Medusa Password Burst Tool - Web Forms Default UA Detection 61. Attack [31082]: Xsspy vulnerability scanning tool 62. Attack [31086]: GoLismero vulnerability scanning tool 63. Attack [26815]: There is an SQL injection vulnerability in the pan micro E-office getFolderZtreeNodes.php 64. Attack [26797]: Sifudi Operation and Maintenance Security Management System Test_ Qrcode_ B Command Execution Vulnerability 65. Attack [31087]: w9scan web scanning tool 66. Attack [26816]: Yonyou GPR-U8 slbmbygr SQL Injection Vulnerability 67. Attack [26814]: Tongda OA SQL Injection Vulnerability (CVE-2023-5030) 68. Attack [26817]: Tongda OA SQL Injection Vulnerability (CVE-2023-5023) 69. Attack [31088]: Suspected XSSploit Cross Site Scripting Vulnerability Scanning Tool 70. Attack [42025]: OrcaC2 C2 Traffic Online Registration - Connect to C2 Server Update rules: 1. Attack [30651]: Nessus vulnerability scanning tool HTTP service scanning operation 2. Attack [26413]: Mlflow directory traversal vulnerability (CVE-2023-3765) 3. Attack [26322]: Zhiyuan OA A8+front-end getAjaxDataServlet XXE vulnerability 4. Attack [26752]: Struts2 Remote Code Execution Vulnerability (CVE-2023-50164) (S2-066) Notes: 1. After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, ping the package will result in 3-5 loss. Please choose an appropriate time to upgrade
Release Time：2023-12-25 10:10:06

Name： eoi.unify.allrulepatch.app.2.0.0.32827.rule	Version：2.0.0.32827
MD5：0e63bb0f80b740d7b0cd9c4495e9766f	Size：42.50M
Description： This upgrade package is for the intrusion prevention feature library and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, while the rule version changes to 2.0.0.32827. The new/improved rules for this upgrade package include: New rule: 1. Attack [26739]: Rockwell Automation ThinManager ThinServer directory traversal vulnerability (CVE-2023-2917) 2. Attack [26740]: Yonyou NC Download File Arbitrary File Reading Vulnerability 3. Attack [26741]: UFIDA File Reading Vulnerability 4. Attack [26746]: Node.js jade template prototype chain contamination command execution vulnerability 5. Attack [31057]: Wfuzz vulnerability scanning tool 6. Attack [26750]: Rockwell Automation ThinManager ThinServer integer overflow vulnerability (CVE-2023-2914) 7. Attack [31059]: Yibao OA Inventory/IsPartNumber SQL Injection Vulnerability 8. Attack [31060]: Guanglian Da OA Identification Information Leakage Vulnerability 9. Attack [31062]: w3af vulnerability scanning tool 10. Attack [31063]: HTTP scanning tool 11. Attack [31064]: Alibaba Otter Manager Distributed Database Synchronization System Default Password Information Leakage Vulnerability (CNVD-2021-16592) 12. Attack [31065]: Netsparker vulnerability scanning tool 13. Attack [31066]: Safe3WVS vulnerability scanning tool 14. Attack [31058]: Grafana SSRF server-side request forgery vulnerability (CVE-2020-13379) 15. Attack [31067]: EHole (Lengdong) Red Team Key Attack System Fingerprint Detection Tool 16. Attack [26751]: Softing edgeAggregator directory traversal vulnerability (CVE-2023-38126) 17. Attack [31068]: N-Stalker web vulnerability scanning tool 18. Attack [26754]: SolarWinds Network Performance Monitor Unsecure Deserialization Vulnerability (CVE-2023-23836) 19. Attack [26755]: Wan Hu OA DocumentEdit.jsp SQL Injection Vulnerability 20. Attack [26756]: Ten Thousand OA TeleConferenceService/freemarketService XXE Injection Vulnerability 21. Attack [26745]: Sapido Multiple Router Remote Command Execution Vulnerability (CVE-2021-4242) 22. Attack [26747]: Panabit Panalog sy_ Addmount. php Remote Command Execution Vulnerability 23. Attack [26748]: Multiple NETgear Device Command Injection Vulnerability (CVE-2020-27867) 24. Attack [26749]: Netgear R6250 Command Injection Vulnerability (CVE-2023-33532) 25. Attack [26757]: Sophos Web Appliance Remote Code Execution Vulnerability (CVE-2023-1671) 26. Attack [26753]: Discovery of K8 Flying Knife Webshell Tool Connection Backdoor 27. Attack [31069]: TideFinger web vulnerability scanning tool 28. Attack [31070]: Pangolin SQL injection scanning tool 29. Attack [26758]: TRENDnet TEW-637AP wirelessAddMacFilter Command Injection Vulnerability 30. Attack [26759]: Kyan Network Monitoring Device time.php Remote Command Execution Vulnerability 31. Attack [26760]: Kyan Network Monitoring Device module.php Remote Command Execution Vulnerability 32. Attack [26761]: Kyan Network Monitoring Device License. PHP Remote Command Execution Vulnerability 33. Attack [31071]: MagicFlow Firewall Gateway main.xp Arbitrary File Read Vulnerability 34. Attack [31072]: Havij SQL injection scanning tool 35. Attack [26762]: Update.jsp SQL injection vulnerability in the electronic document security management system of Yisaitong 36. Attack [26764]: Multiple Deserialization RCE Vulnerabilities in Yonyou U8 Cloud 37. Attack [26765]: DrayTek Vigor AP910C Router Backend Code Execution Vulnerability 38. Attack [26766]: Tianrongxin TopApp LB enable_ Tool_ Debug. PHP Remote Command Execution Vulnerability 39. Attack [26767]: Tianrongxin TopApp LB login_ Check.php login bypass vulnerability 40. Attack [26768]: SolarWinds Network Performance Monitor Unsecure Deserialization Vulnerability (CVE-2022-38111) 41. Attack [31073]: Nuclei vulnerability scanning tool 42. Attack [42016]: Viper C2 Traffic - POST Request Heartbeat Packet Detection 43. Attack [26742]: Tenda AX1803 Command Injection Vulnerability (CVE-2023-49040) 44. Attack [26743]: TOTOLINK X6000R Command Injection Vulnerability (CVE-2023-46979) 45. Attack [26744]: TOTOLINK X6000R Command Injection Vulnerability (CVE-2023-46485) 46. Attack [31055]: DrayTek Vigor2960 path traversal vulnerability (CVE-2023-1009) Update rules: 1. Attack [25145]: Weblogic Server Remote Code Execution Vulnerability (CVE-2021-2109) 2. Attack [60464]: HTTP service directory traversal vulnerability 3. Attack [26010]: Alibaba Nacos authentication bypass vulnerability (CVE-2021-29441) 4. Attack [26662]: yifan YF325 Command Injection Vulnerability (CVE-2023-32632) 5. Attack [41924]: Vulnerability scanner WPScan scanning detection 6. Attack [26734]: Apache OFBiz XML RPC Deserialization Vulnerability (CVE-2023-49070) Notes: 1. After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, ping the package will result in 3-5 loss. Please choose an appropriate time to upgrade
Release Time：2023-12-15 09:28:17

Name： eoi.unify.allrulepatch.app.2.0.0.32789.rule	Version：2.0.0.32789
MD5：a747501463b59002d681008e23b6c4fc	Size：42.45M
Description： This upgrade package is for the intrusion prevention feature library and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, while the rule version changes to 2.0.0.32789. The new/improved rules for this upgrade package include: New rule: 1. Attack [26752]: Struts2 Remote Code Execution Vulnerability (CVE-2023-50164) (S2-066) Notes: 1. After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, ping the package will result in 3-5 loss. Please choose an appropriate time to upgrade
Release Time：2023-12-12 16:53:08

Name： eoi.unify.allrulepatch.app.2.0.0.32720.rule	Version：2.0.0.32720
MD5：b51605f37266f0526d988de39cd7609c	Size：42.45M
Description： This upgrade package is for the intrusion prevention feature library and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, while the rule version changes to 2.0.0.32720. The new/improved rules for this upgrade package include: New rule: 1. Attack [31050]: Pan Micro Mobilemode/public.jsp Arbitrary User Login Vulnerability 2. Attack [31049]: WhatWeb fingerprint scanning tool 3. Attack [26730]: Node. js lodash. template prototype chain contamination command execution vulnerability (CVE-2021-23337) 4. Attack [26731]: Pan Micro Weaver plugin view Servlet Arbitrary User Login Vulnerability 5. Attack [26732]: Atlas Jira authentication bypass vulnerability (CVE-2022-39960) 6. Attack [31053]: Accessing OA get_ Cal_ List. php Unauthorized Access Vulnerability 7. Attack [31054]: Amesys Cms Information Leakage Vulnerability (CVE-2022-26159) 8. Attack [26728]: Huayu Reporter toQuery.php Command Injection Vulnerability 9. Attack [26733]: Node.js ejs template prototype chain contamination command execution vulnerability (CVE-2022-29078) 10. Attack [26734]: Apache OFBiz XML RPC Deserialization Vulnerability (CVE-2023-49070) 11. Attack [26735]: UFIDA u8 FileUpload File Upload Vulnerability 12. Attack [26709]: Apache Mod_ Jk access control permission bypass vulnerability (CVE-2018-11759) 13. Attack [26710]: Crestron Hd Authorization Issue Vulnerability (CVE-2022-23178) 14. Attack [26711]: KubeView Information Leakage Vulnerability (CVE-2022-45933) 15. Attack [26712]: Dahua City Security System Platform Attachment_ DownloadByUrlAtt.action arbitrary file download vulnerability 16. Attack [26713]: Message Solution Enterprise Email Archive Management System EEA has an information leakage vulnerability (CNVD-2021-10543) 17. Attack [26714]: Ruijie RG-UAC Unified Internet Behavior Management Audit System Get_ Dkey.php Information Leakage Vulnerability (CNVD-2021-14536) 18. Attack [26715]: MetaCRM6 Customer Relationship Management System File Upload Vulnerability (CNVD-2020-48512) 19. Attack [26716]: OpenTSDB operating system command injection vulnerability (CVE-2023-25826/CVE-2023-36812) 20. Attack [26717]: Apache Kylin Operating System Command Injection Vulnerability (CVE-2022-24697) 21. Attack [26718]: Apache Kylin Operating System Command Injection Vulnerability (CVE-2022-43396) 22. Attack [26719]: Cpanel Cross Site Scripting Vulnerability (CVE-2023-29489) 23. Attack [26720]: XXE vulnerability in XML external entity injection after GeoNode authentication (CVE-2023-26043) 24. Attack [26724]: Zimbra Autodivers XXE External Entity Injection Vulnerability (CVE-2019-9670) 25. Attack [26725]: Blue Ling sysUiComponent Frontend Arbitrary File Upload Vulnerability 26. Attack [26726]: SQL injection vulnerability in Fujian Sichuang Disaster Warning System (CNVD-2015-07935) 27. Attack [26727]: Yonyou NC Cloud uploadChunk Arbitrary File Upload Vulnerability 28. Attack [26702]: PHP code execution attack - MD5 29. Attack [26704]: Open Remote Command Execution Vulnerability in Baiwei Tongda Intelligent Flow Control Router 30. Attack [31041]: Ruijie Campus Network Self Service System Login_ Judge. jsf arbitrary file read vulnerability 31. Attack [26703]: DedeCMS search.php typeArr parameter SQL injection vulnerability 32. Attack [31042]: An Hengming Yu Security Gateway sys_ Dia_ Data_ Down Interface Arbitrary File Reading Vulnerability 33. Attack [31043]: Array VPN fshare_ Template Arbitrary File Read Vulnerability 34. Attack [26705]: Apache ActiveMQ Jolokia Remote Code Execution Vulnerability (CVE-2022-41678) 35. Attack [26706]: An Hengming Yu Security Gateway AAA_ Portal_ Auth_ Config_ Reset Interface Command Execution Vulnerability 36. Attack [26707]: NUUO NVRMini Remote Command Execution Vulnerability (CVE-2018-14933) 37. Attack [31045]: Selea OCR-ANPR Camera SeleaCamera Arbitrary File Read Vulnerability 38. Attack [26708]: Fortinet FortiNAC Code Execution Vulnerability (CVE-2022-39952) 39. Attack [31046]: Zhiyuan OA A6 checkWaitdo.jsp SQL injection vulnerability 40. Attack [26701]: Expression Injection Attack - Expression Evaluation 41. Attack [31039]: ACTI Video Surveillance Images Arbitrary File Reading Vulnerability 42. Attack [26721]: Roxy WI path traversal vulnerability (CVE-2023-25802) 43. Attack [26722]: Gitea Git Fetch Remote Code Execution Vulnerability (CVE-2022-30781) 44. Attack [26723]: Liferay Portal Code Execution Vulnerability (CVE-2020-7961) 45. Attack [31048]: Mind iMind Server Information Leakage Vulnerability (CVE-2020-24765) 46. Attack [42015]: Malicious software RobinBot botnet online communication 47. Attack [26570]: Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-44690) 48. Attack [26682]: U-Mail mail system getshell vulnerability 49. Attack [26729]: Contec SolarView Compact Command Injection Vulnerability (CVE-2023-23333) Update rules: 1. Attack [41499]: HTTP request sensitive path access attempt 2. Attack [60470]: Microsoft Windows win.ini Access Attempt 3. Attack [23277]: Web Services Cross Site Script Execution Attack 4. Attack [60993]: HTTP Cross Site Scripting Universal Attack Attempt 5. Attack [26282]: Atlas Jira authentication bypass vulnerability (CVE-2022-0540) 6. Attack [21356]: Microsoft IE Page Layout Processing Remote Code Execution Vulnerability (MS12-010) 7. Attack [60464]: HTTP Service Directory Traversal Vulnerability 8. Attack [24550]: Webmin Remote Code Execution Vulnerability (CVE-2019-15107) 9. Attack [63682]: HTTP SQL injection attempt type three 10. Attack [24778]: Netlink GPON Router 1.0.11 R Remote Code Execution Vulnerability 11. Attack [24395]: Elasticsearch Kibana Local File Contains Vulnerability (CVE-2018-17246) 12. Attack [24255]: Web Services Remote Command Execution Attack 13. Attack [60991]: HTTP XSS URL request cross site scripting attack attempt 14. Attack [31009]: Sonos One Speaker Information Leakage Vulnerability (CVE-2023-27350) 15. Attack [26582]: Schneider Electric IGSS DashBoardexe Deserialization Vulnerability (CVE-2023-27978) 16. Attack [26583]: Schneider Electric IGSS DashBoardexe Deserialization Vulnerability (CVE-2023-3001) 17. Attack [42014]: xp_ Cmdshell executes - HTTP protocol 18. Attack [25300]: CMS Made Simple Smarty Server Template Injection Vulnerability (CVE-2021-26120) 19. Attack [60245]: HTTP SQL injection attempt type eight 20. Attack [26267]: Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2022-41082) 21. Attack [25578]: Spring Security authentication bypass vulnerability (CVE-2022-22978) 22. Attack [62201]: HTTP SQL injection attempt type 2 23. Attack [41886]: Pystinger proxy tool connection establishment 24. Attack [31021]: WordPress plugin WP Contacts Manager SQL injection vulnerability (CVE-2022-1014) 25. Attack [26598]: Joplin MdToHtml Cross Site Scripting Vulnerability (CVE-2022-45598) 26. Attack [26572]: Microsoft SharePoint WorkflowCodeTypeReferenceExpression Unsecure Deserialization Vulnerability (CVE-2022-35823) 27. Attack [26590]: Parse Server Prototype Pollution Vulnerability (CVE-2022-39396) 28. Attack [31022]: Mlflow directory traversal vulnerability (CVE-2023-2356) 29. Attack [26611]: CraftCMS Remote Code Execution Vulnerability (CVE-2023-41892) 30. Attack [26631]: mySCADA myPRO Command Injection Vulnerability (CVE-2023-28400) 31. Attack [26675]: Node.js Express framework prototype chain contamination attempt 32. Attack [26679]: Node.js lodash module prototype chain contamination vulnerability (CVE-2018-16487/CVE-2019-10744) Notes: 1. After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, ping the package will result in 3-5 loss. Please choose an appropriate time to upgrade
Release Time：2023-12-11 11:18:34

Name： eoi.unify.allrulepatch.app.2.0.0.32575.rule	Version：2.0.0.32575
MD5：58faf5b6d42dd302dc9c80407510214d	Size：42.34M
Description： This upgrade package is for the intrusion prevention feature library and only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, while the rule version changes to 2.0.0.32575. The new/improved rules for this upgrade package include: New rule: 1. Attack [26658]: Microsoft Office Security Feature Bypass Vulnerability (CVE-2023-36413) 2. Attack [26659]: Qizhi/H3C SecParh Fortress Machine Get_ Detail_ View.php arbitrary user login vulnerability 3. Attack [26669]: Seacms index. php SQL injection vulnerability 4. Attack [26671]: Pan Micro E-Office Absolute Path Traversal Vulnerability (CVE-2023-2765) 5. Attack [26672]: Dayrui FineCms SQL Injection Vulnerability (CVE-2018-6893) 6. Attack [26673]: VictorCMS SQL Injection Vulnerability (CVE-2022-26201) 7. Attack [26660]: Netis N3Mv2 Command Injection Vulnerability (CVE-2023-43893) 8. Attack [26661]: Nexxt Nebula1200-AC authentication bypass and enable telnetd service vulnerability (CVE-2022-46080) 9. Attack [26662]: yifan YF325 Command Injection Vulnerability (CVE-2023-32632) 10. Attack [26663]: Edimax Technology N300 BR-6428NS_ V4 Command Injection Vulnerability (CVE-2023-31983) 11. Attack [26664]: Edimax Technology N300 BR-6428NS_ V4 Command Injection Vulnerability (CVE-2023-31986) 12. Attack [26674]: taoCMS admin. php SQL injection vulnerability (CVE-2022-25505) 13. Attack [26678]: PHPCMS v1.0 SQL Injection Vulnerability (CVE-2022-26613) 14. Attack [26675]: Node.js Express framework prototype chain contamination attempt 15. Attack [26680]: elFinder ZIP parameter and arbitrary command injection vulnerability (CVE-2021-32682) 16. Attack [26679]: Node.js lodash module prototype chain contamination vulnerability (CVE-2018-16487/CVE-2019-10744) 17. Attack [31031]: CloudBees Jenkins GitHub Plugin Information Leakage Vulnerability (CVE-2018-1000600) 18. Attack [31030]: OwnCloud Graphapi Information Leakage Vulnerability (CVE-2023-49103) 19. Attack [31033]: Tianqing Unauthorized Access Vulnerability 20. Attack [31032]: Jellyfin Remote ImageController. cs SSRF vulnerability (CVE-2021-29490) 21. Attack [31035]: DVR login bypass vulnerability (CVE-2018-9995) 22. Attack [26681]: SugarCRM Enterprise Cross Site Scripting Vulnerability (CVE-2019-14974) 23. Attack [42014]: xp_ Cmdshell executes - HTTP protocol 24. Attack [31034]: Xiaomi Router Remote Arbitrary File Reading Vulnerability (CVE-2019-18371) 25. Attack [41952]: Suo5 Tunnel Tool Upload 26. Attack [26685]: Telesquare SDT-CW3B1 1.1.0 Command Injection Vulnerability (CVE-2021-46422) 27. Attack [26683]: Discovery of Impact tool secretsdump-dcsync credential theft behavior SMBv2 28. Attack [31036]: Franklin Fueling Systems Path Traversal Vulnerability (CVE-2021-46417) 29. Attack [26682]: U-Mail mail system getshell vulnerability 30. Attack [26686]: WordPress Plugin The Login with Phone Number Cross Site Scripting Vulnerability (CVE-2023-23492) 31. Attack [26687]: WordPress plugin WP Helper Lite cross site scripting vulnerability (CVE-2023-0448) 32. Attack [26688]: WordPress plugin Meta Data and Taxonomies Filter cross site scripting vulnerability (CVE-2023-28664) 33. Attack [26689]: WordPress plugin Woo Bulk Price Update Cross Site Scripting Vulnerability (CVE-2023-28665) 34. Attack [26690]: WordPress plugin InPost Gallery Cross Site Scripting Vulnerability (CVE-2023-28666) 35. Attack [26676]: iDocView Online Document Preview System File Upload Vulnerability 36. Attack [26691]: iDocView Online Document Preview System File Upload Vulnerability_ two 37. Attack [26692]: WordPress plugin Page View Count SQL injection vulnerability (CVE-2022-0434) 38. Attack [31038]: Apache Solr Arbitrary File Read Vulnerability (CVE-2017-3163) 39. Attack [26693]: Apache Solr Request Forgery Vulnerability (CVE-2017-3164) 40. Attack [26694]: GroupTreeXml SQL Injection Vulnerability in UFIDA FE Collaborative Office System 41. Attack [26695]: DeepTreeXml SQL Injection Vulnerability in UFIDA FE Collaborative Office System 42. Attack [26696]: TreeXml SQL Injection Vulnerability in UFIDA FE Collaborative Office System 43. Attack [26697]: NetMizer Log Management System cmd.php Remote Command Execution Vulnerability 44. Attack [26698]: Ectouch2.0 index. php price_ Max SQL injection vulnerability 45. Attack [26699]: 10000 OA downloads_ Old.jsp Arbitrary File Download Vulnerability 46. Attack [31039]: ACTI Video Surveillance Images Arbitrary File Reading Vulnerability 47. Attack [26700]: Ecshop 2.7.2 category.php SQL injection vulnerability 48. Attack [31040]: 10000 OA downloads_ Netdisk. JSP Arbitrary File Download Vulnerability 49. Attack [26701]: Expression injection attack - quaternion operation 50. Attack [26665]: WAYOS FBM-291W Command Injection Vulnerability (CVE-2023-37794) 51. Attack [26666]: LB-LINK device set_ Blacklist interface command injection vulnerability 52. Attack [26667]: LB-LINK device set_ Forward_ Cfg interface command injection vulnerability 53. Attack [26668]: LB-LINK device set_ Hidesid_ Cfg interface command injection vulnerability 54. Attack [26670]: LB-LINK device set_ Manpwd interface command injection vulnerability Update rules: 1. Attack [24999]: Unauthorized access to Spring Boot Actor 2. Attack [26288]: Citrix Sharefile upload.aspx Arbitrary File Upload Vulnerability (CVE-2023-24489) 3. Attack [23594]: vBulletin Forum Platform Pre authorized Remote Code Execution Vulnerability (CVE-2015-7808) 4. Attack [30960]: UFIDA U8 Cloud Upload File Upload Vulnerability 5. Attack [50618]: Internal network tunneling tool Pivotnacci connection 6. Attack [25615]: Deserialization vulnerability in Zhiyuan OA JDBC ajax.do interface 7. Attack [60245]: HTTP SQL injection attempt type eight 8. Attack [24494]: Spring Cloud Configuration 2.1. x Path Traversing (CVE-2019-3799) 9. Attack [60933]: HTTP Cross Site Scripting Universal Attack Attempt 10. Attack [30787]: Swagger sensitive information leakage vulnerability 11. Attack [41499]: HTTP request sensitive path access attempt 12. Attack [63680]: HTTP SQL injection attempt type seven 13. Attack [63681]: HTTP SQL injection attempt type three 14. Attack [26054]: Apache Solr Unauthorized Access Vulnerability (CVE-2020-13941) Notes: 1. After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, ping the package will result in 3-5 loss. Please choose an appropriate time to upgrade
Release Time：2023-12-04 10:31:11

Name： eoi.unify.allrulepatch.app.2.0.0.32461.rule	Version：2.0.0.32461
MD5：04d93fabef980efec716dee7311ea6cf	Size：42.40M
Description： This upgrade package is an intrusion prevention feature library upgrade package that only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, while the rule version changes to 2.0.0.32461. The new/improved rules for this upgrade package include: New rules: 1. Attack [26619]: WordPress plugin SupportCandy SQL injection vulnerability (CVE-2023-1730) 2. Attack [26620]: WordPress Plugin Code Snippets Cross Site Scripting Vulnerability (CVC-2021-25008) 3. Attack [26621]: WordPress Plugin Super Socializer Cross Site Scripting Vulnerability (CVC-2021-24987) 4. Attack [31025]: Code Projects Blood Bank SQL Injection Vulnerability (CVS 2023-46014) 5. Attack [42011]: FRP intranet penetration tool communication UDP 6. Attack [26627]: Ivanti Avalanche FileStoreConfig Arbitrary File Upload Vulnerability (CVE-2023-32562) 7. Attack [31026]: JetBrains TeamCity Perforce Cross Site Scripting Vulnerability (CVE-2022-48426) 8. Attack [26628]: Ivanti Avalanche FileStoreConfig validateFileStoreUncPath Arbitrary File Upload Vulnerability (CVS 2023-28128) 9. Attack [26622]: Tenda M3 Command Injection Vulnerability (CVS 2022-26536) 10. Attack [26623]: Tenda M3 Command Injection Vulnerability (CVS 2022-27076) 11. Attack [26624]: Tenda AC6 Command Injection Vulnerability (CVE-2023-40837/CVE-2023-40839) 12. Attack [26625]: Netis N3Mv2 Command Injection Vulnerability (CVS 2023-45467) 13. Attack [26626]: Netis N3Mv2 Command Injection Vulnerability (CVS 2023-45466) 14. Attack [26629]: Netis N3Mv2 Command Injection Vulnerability (CVS 2023-43890) 15. Attack [26630]: Netis N3Mv2 Command Injection Vulnerability (CVS 2023-43892) 16. Attack [26631]: mySCADA myPRO Command Injection Vulnerability (CVS 2023-28400) 17. Attack [26632]: WordPress Plugin UpdraftPlus Cross Site Scripting Vulnerability (CVC-2021-25022) 18. Attack [26633]: WordPress Plugin WHMCS Bridge Cross Site Scripting Vulnerability (CVC-2021-25112) 19. Attack [26634]: Kingdee Cloud Starry Sky ScpSupRegHandler Arbitrary File Upload Vulnerability 20. Attack [26635]: LibreNMS Port Reflective Cross Site Scripting Vulnerability (CVS 2023-4347) 21. Attack [26636]: Microsoft Windows DHCPv6 Server ProcessReplayForwardMessage Heap Overflow Vulnerability (CVS 2023-28231) 22. Attack [26640]: WordPress Plugin Visitor Statistics SQL Injection Vulnerability (CVC-2021-24750) 23. Attack [31027]: Ruijie Network NBR700G webgl.data Information Disclosure Vulnerability 24. Attack [26637]: Zhejiang University Ente Customer Resource Management System Fileupload.jsp Arbitrary File Upload Vulnerability 25. Attack [26638]: Zhejiang University Ente Resource Management System Customer Action. entphone JS Interface Arbitrary File Upload Vulnerability 26. Attack [26641]: SeaCMS admin_ Ip.php Remote Command Execution Vulnerability (CVS 2022-48093) 27. Attack [26639]: SysAid Remote Command Execution Vulnerability (CVS 2023-47246) 28. Attack [26643]: UFIDA U8cloud task TaskTreeQuery SQL Injection Vulnerability 29. Attack [31028]: Oracle E-Business Suite Web Applications Desktop Integrator Directory Traversal Vulnerability (CVE-2022-39428) 30. Attack [31029]: Kingdee Cloud Starry Sky FileProxyHandler.kdfile Arbitrary File Read Vulnerability 31. Attack [26642]: Netgate pfSense firewall_ Alias.php Cross Site Scripting Vulnerability (CVS 2022-29273) 32. Attack [26647]: Ivanti Avalanche Remote Control Server Directory Traversal Vulnerability (CVS 2023-32563) 33. Attack [26644]: Pan Micro E-Office10 welink move File Upload Vulnerability 34. Attack [26645]: Avcon Integrated Management Platform avcon.action SQL Injection Vulnerability 35. Attack [26648]: An Mei Digital Hotel Broadband Operation System Server_ Ping. php Arbitrary Command Execution Vulnerability 36. Attack [26649]: SQL injection vulnerability in the broadband operation system of Anmei Digital Hotel 37. Attack [26651]: Jiecheng Management Information System CWSFinanceCommon SQL Injection Vulnerability 38. Attack [26650]: Kingdee EAS loadTree JNDI injection vulnerability 39. Attack [26646]: WordPress Paid Memberships Cross Site Scripting Vulnerability (CVC-2022-4830) 40. Attack [26654]: Inductive Automation Ignition Deserialization Vulnerability (CVS 2022-35870) 41. Attack [26655]: Lanling EIS Smart Collaboration Platform API. aspx Interface Arbitrary File Upload Vulnerability 42. Attack [26656]: Qi'anxin 360 Tianqing getsimilarlist SQL injection vulnerability 43. Attack [26652]: Splunk Enterprise XSLT Remote Code Execution Vulnerability (CVS 2023-46214) 44. Attack [41188]: DDOS tool Mstream main control end detects distribution end 45. Attack [26657]: WordPress Plugin LearnPress Cross Site Scripting (XSS) Vulnerability (CVS 2022-0271) Updated rules: 1. Attack [25157]: PEAR Archive Tar PHAR Protocol Handling Deserialization Code Execution Vulnerability (CVE-2020-28948) 2. Attack [41780]: DNSLog query request 3. Attack [24298]: Struts2 Remote Command Execution Vulnerability (CVS 2018-11776) (S2-057) 4. Attack [30953]: UFIDA NC wsncapplet.jsp Information Disclosure Vulnerability 5. Attack [26363]: Jeecg-boot JDBC testConnection Arbitrary Code Execution Vulnerability 6. Attack [26415]: Time and Space Zhiyou Enterprise Process Control System Formservice File Upload Vulnerability 7. Attack [60471]: HTTP directory traversal reading/etc/passwd file 8. Attack [41820]: HTTP CRLF injection attack 9. Attack [41904]: Hidden Command Execution Attack Precautions: 1. After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, pinging packages will result in 3-5 loss. Please choose an appropriate time to upgrade.
Release Time：2023-11-27 10:59:32

Name： eoi.unify.allrulepatch.app.2.0.0.32365.rule	Version：2.0.0.32365
MD5：cfc1e85d10a26acdc0ffae7d793211b6	Size：42.33M
Description： This upgrade package is an intrusion prevention feature library upgrade package that only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, while the rule version changes to 2.0.0.32365. The new/improved rules for this upgrade package include: New rules: 1. Attack [26600]:Smanga add.php SQL injection vulnerability (CVE-2023-36076) 2. Attack [31018]:Smanga get-file-flow.php any-file-reading vulnerability (CVE-2023-36076) 3. Attack [26601]:Smanga delete.php unauthorized remote code execution vulnerability 4. Attack [26603]:Sidet Wi-Fi Web Management System Access Control Error Vulnerability (CVE-2023-3305) 5. Attack [31020]:Panavision E-Office Information Disclosure Vulnerability (CVE-2023-2766) 6. Attack [31019]:Zhiyuan OA wpsAssistServlet Arbitrary File Read Vulnerability (CVE-2023-2766) 7. Attack [26602]:Grafana Labs GeoMap attribution cross-site scripting vulnerability (CVE-2023-0507) 8. Attack [26604]:Panavision E-Office login_other.php SQL Injection Vulnerability (CVE-2023-0507) 9. Attack [31021]:WordPress plugin WP Contacts Manager SQL Injection Vulnerability (CVE-2022-1014) 10. Attack [31022]:Mlflow Directory Traversal Vulnerability (CVE-2023-2356) 11. Attack [26608]:Hongyun active security monitoring cloud platform arbitrary file download vulnerability 12. Attack [31023]:JetBrains TeamCity Security Vulnerability (CVE-2022-48428) 13. Attack [26610]:JetBrains TeamCity Token Information Disclosure Vulnerability (CVE-2023-42793) 14. Attack [26605]:IP-guard WebServer Remote Command Execution Vulnerability (CVE-2023-42793) 15. Attack [26611]:CraftCMS Remote Code Execution Vulnerability (CVE-2023-41892) 16. Attack [31024]:UFIDA NC portal_docServlet Arbitrary File Read Vulnerability 17. Attack [26613]:Wando OA SendFileCheckTemplateEdit SQL Injection Vulnerability 18. Attack [26606]:TP-Link WPA7510 Command Execution Vulnerability (CVE-2023-29562) 19. Attack [26615]:DedeCMS select_media.php Path Traversal Vulnerability (CVE-2023-30380) 20. Attack [26616]:Viessmann Vitogate Remote Code Execution Vulnerability (CVE-2023-45852) 21. Attack [26617]:DocCMS keyword SQL injection vulnerability (CVE-2023-45852) 22. Attack [26612]:Microsoft Word RTF Font Table Integer Overflow (CVE-2023-21716) 23. Attack [26618]:WordPress Plugin ACF Photo Gallery Field Cross-Site Scripting Vulnerability(CVE-2021-24909) 24. Attack [26607]:TP-Link TL-WPA8630P Command Injection Vulnerability(CVE-2023-27836) 25. Attack [26609]:TP-Link TL-WPA8630P Command Injection Vulnerability (CVE-2023-27837) 26. Attack [26614]:TP-Link WPA7510 stack overflow vulnerability (CVE-2023-29562) Updated rules: 1. Attack [24298]:Struts2 Remote Command Execution Vulnerability (CVE-2018-11776) (S2-057) 2. Attack [26353]:JeecgBoot Enterprise low-code platform qurestSql SQL injection vulnerability (CVE-2023-1454) 3. Attack [26288]:Citrix Sharefile upload.aspx arbitrary file upload vulnerability (CVE-2023-24489) 4. Attack [25746]:Linux information gathering command execution 5. Attack [25099]:UFIDA ERP-NC System/NCFindWeb File Inclusion Vulnerability (CVE-2023-24489) Precautions: 1. After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, pinging packages will result in 3-5 loss. Please choose an appropriate time to upgrade.
Release Time：2024-04-12 17:31:49

Name： eoi.unify.allrulepatch.app.2.0.0.32304.rule	Version：2.0.0.32304
MD5：5c806e97525bd1d924aa5a1dcb56cea9	Size：42.29M
Description： This upgrade package is an intrusion prevention feature library upgrade package that only supports engine version V56R11F01 and above upgrades. The upgrade package is a full upgrade package. After the upgrade, the firmware version and engine version remain unchanged, while the rule version changes to 2.0.0.32304. The new/improved rules for this upgrade package include: New rules: 1. Attack [26572]: Microsoft SharePoint WorkflowCodeTypeReferenceExpression Unsecure Deserialization Vulnerability (CVE-2022-35823) 2. Attack [26573]: Git reject arbitrary file write vulnerability (CVE-2023-25652) 3. Attack [26574]: Apache RocketMQ buildStartCommand Command Injection Vulnerability (CVS 2023-33246)_ two 4. Attack [31009]: Sonos One Speaker Information Disclosure Vulnerability (CVE-2023-27350) 5. Attack [10552]: Redis SCAN KEYS Command Denial of Service Vulnerability (CVE-2022-36021) 6. Attack [26577]: OpenEMR Cross Site Scripting Vulnerability (CVS 2023-2947) 7. Attack [26578]: Adobe ColdFusion Inappropriate Access Control Vulnerability (CVS 2023-26360) 8. Attack [26576]: Advantech iView ConfigurationServlet SQL Injection Vulnerability (CVS 2023-3983) 9. Attack [31010]: WordPress plugin Shield Security Cross Site Scripting Vulnerability (CVS 2023-0992) 10. Attack [26579]: EasyCVR Video Management Platform Unauthorized Access Vulnerability 11. Attack [26580]: ntopng Permission Bypass Vulnerability (CVS 2021-28073) 12. Attack [26575]: F5 BIG-IP Remote Code Execution Vulnerability (CVS 2023-46747) 13. Attack [26570]: Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2022-44690) 14. Attack [26581]: MobileIron Sentry Command Execution Vulnerability (CVS 2023-38035) 15. Attack [26582]: Schneider Electric IGSS DashBoard.exe Deserialization Vulnerability (CVS 2023-27978) 16. Attack [26583]: Schneider Electric IGSS DashBoard.exe Deserialization Vulnerability (CVS 2023-3001) 17. Attack [26584]: D-Link DIR-2640 HNAP PrefixLen Command Injection Vulnerability (CVE-2023-32150) 18. Attack [31011]: Rockwell Automation ThinManager ThinServer Directory Traversal Vulnerability (CVE-2022-21587) 19. Attack [26585]: Paging Index File Upload Vulnerability 20. Attack [26586]: Gogs file upload tree_ Path command injection (CVE-2022-2024) 21. Attack [26587]: D-Link DI-7500G-CI Cross Site Scripting Vulnerability (CVS 2023-34856) 22. Attack [26588]: D-Link D-View TftpReceiveFileHandler Directory Traversal Vulnerability (CVE-2023-32165) 23. Attack [31012]: Microfinance Management System SQL Injection Vulnerability (CVE-2022-27927) 24. Attack [26589]: Juniper SRX Firewall/EX Switch Remote Code Execution Vulnerability (CVS 2023-36844) 25. Attack [26590]: Parse Server Prototype Pollution Vulnerability (CVS 2022-39396) 26. Attack [31014]: NetScaler ADC&NetScaler Gateway Sensitive Information Disclosure Vulnerability (CVE-2023-4966) 27. Attack [26592]: The signaling index file contains a vulnerability 28. Attack [26593]: WordPress Accessibility Helper XSS Cross Site Scripting Vulnerability (CVE-2022-0150) 29. Attack [26594]: Signaling gerenAction.php SQL Injection Vulnerability 30. Attack [26595]: WordPress plugin WPIDE path traversal vulnerability (CVE-2022-2261) 31. Attack [26591]: WordPress Statistics Plugin search_ Engine SQL Injection Vulnerability (CVS 2022-4230) 32. Attack [31015]: Jinhe OA FileUploadMessage File Reading Vulnerability 33. Attack [31016]: Jinhe OA C6 download.jsp Arbitrary File Reading Vulnerability 34. Attack [26597]: Tongda OA get_ Data. PHP Frontend SQL Injection Vulnerability 35. Attack [26598]: Joplin MdToHtml Cross Site Scripting Vulnerability (CVS 2022-45598) 36. Attack [26596]: Inductive Automation Ignition ParameterVersionJavaSerialization Unsecure Deserialization Vulnerability (CVE-2023-39475) 37. Attack [31017]: Xinhu index SSRF vulnerability 38. Attack [26599]: Atlas Conflict Privilege Bypass Vulnerability (CVE-2023-22518) Update rules: 1. Attack [26562]: Event Management System File Upload Vulnerability (CVE-2022-38323) 2. Attack [21356]: Microsoft IE Page Layout Processing Remote Code Execution Vulnerability (MS12-010) 3. Attack [10531]: HAProxy HTTP Header Handling Denial of Service Vulnerability (CVS 2022-0711) 4. Attack [26523]: Atlas Conflict Create Administrator Account Vulnerability (CVE-2023-22515) Precautions: 1. After the upgrade package is upgraded, the engine will automatically restart and take effect, without causing session interruption. However, pinging packages will result in 3-5 loss. Please choose an appropriate time to upgrade
Release Time：2023-11-14 11:01:44

Name： eoi.unify.allrulepatch.app.2.0.0.31081.rule	Version：5.6.11.31081
MD5：835d87ef2f780b7bcc2b3ed84480a84b	Size：41.38M
Description： NSFOCUS NIDS/NIPS product signature upgrade package, depends on firmware version at least 5.6R11F01 and engine version 5.6R11F01. This is a total upgrade package. After upgrade package is imported, firemare version and engine version willnot change, signature version will change to 5.6.11.31081. This package include changed rules: new rules: 1. threat[26236]:PopojiCMS File Upload Vulnerability(CVE-2022-47766) 2. threat[26240]:Ruijie RG-BCR860 Command Execution Vulnerability (CVE-2023-3450) 3. threat[26242]:Struts2 Remote Code Execution Vulnerability(CVE-2007-4556)(S2-001) 4. threat[26241]:WAVLINK WN535 G3 Information Disclosure Vulnerability (CVE-2022-31846) 5. threat[26244]:Struts2 Remote Code Execution Vulnerability(CVE-2012-0838)(S2-007) 6. threat[26248]:Struts2 Remote Code Execution Vulnerability(CVE-2012-0391/0392/0393/0394)(S2-008) 7. threat[26254]:Struts2 Remote Code Execution Vulnerability(CVE-2011-3923)(S2-009) 8. threat[26243]:YonyouNC ContactsFuzzySearchServlet Deserialization Vulnerability 9. threat[26245]:YonYouNC ContactsQueryServiceServlet Deserialization Vulnerability 10. threat[26252]:YonyouNC UserQueryServiceServlet Deserialization Vulnerability 11. threat[26255]:Oracle WebLogic Server JNDI Injection Remote Code Execution Vulnerability(CVE-2020-14841) 12. threat[26258]:Struts2 Remote Code Execution Vulnerability(CVE-2013-1965/1966/2115)(S2-012/S2-013/S2-014) 13. threat[26264]:Struts2 Remote Code Execution Vulnerability(CVE-2013-2134/2135)(S2-015) 14. threat[26265]:Struts2 Remote Code Execution Vulnerability(CVE-2016-3081)(S2-032) 15. threat[26266]:Struts2 Remote Code Execution Vulnerability(CVE-2016-4438)(S2-037) 16. threat[26253]:YonyouNC UserSynchronizationServlet Deserialization Vulnerability 17. threat[26249]:YonyouNC OAUserAuthenticationServlet Deserialization Vulnerability 18. threat[26250]:YonyouNC OAUserQryServlet Deserialization Vulnerability 19. threat[26251]:YonyouNC UserAuthenticationServlet Deserialization Vulnerability 20. threat[26247]:YonyouNC OAContactsFuzzySearchServlet Deserialization Vulnerability 21. threat[26246]:YonyouNC fileupload Deserialization Vulnerability 22. threat[26268]:YonyouNC LfwFileUploadServlet Arbitrary File Upload Vulnerability 23. threat[33446]:Struts2 Remote Command Execution Vulnerability(CVE-2008-6504/CVE-2010-1870)(S2-003/S2-005) update rules: 1. threat[26182]:Smartbi RMIServlet Authentication Bypass Vulnerability 2. threat[23360]:MongoDB phpMoAdmin Remote Code Execution Vulnerability 3. threat[23794]:Struts2 Remote Command Execution Vulnerability(CVE-2016-3087)(S2-033) 4. threat[23151]:Rejetto HttpFileServer ParserLib.pas Remote Command Execution(CVE-2014-6287) 5. threat[21374]:Apache Struts Remote Command Execution Vulnerability 6. threat[25352]:Struts2 Remote Command Execution Vulnerability (CVE-2017-12611)(S2-053) 7. threat[24298]:Struts2 Remote Command Execution Vulnerability(CVE-2018-11776)(S2-057) Announcements: 1. After update the package, the engine will restart automatically, this will don't interrupt sessions, but will cause 3-5 packets loss on ping opereate", please update on a suitable time.
Release Time：2023-08-04 17:48:20