Created
May 28, 2024 13:39
-
-
Save GarryLai/5c17b37d654057b9a893db2c85a0da71 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| main classes: | |
| 10000000 - Cross Site Scripting | |
| 20000000 - Cross Site Scripting (Extended) | |
| 30000000 - SQL Injection | |
| 40000000 - SQL Injection (Extended) | |
| 50000000 - Generic Attacks | |
| 60000000 - Generic Attacks(Extended) | |
| 70000000 - Trojans | |
| 80000000 - Information Disclosure | |
| 90000000 - Known Exploits | |
| 100000000 - Credit Card Detection | |
| 110000000 - Bad Robot | |
| sub classes: | |
| 50010000 - OS Command Injection Attacks | |
| 50020000 - Coldfusion Injection | |
| 50030000 - LDAP Injection | |
| 50050000 - Command Injection | |
| 50060000 - Session Fixation | |
| 50070000 - File Injection | |
| 50080000 - PHP Injection | |
| 50090000 - SSI Injection | |
| 50100000 - UPDF XSS | |
| 50110000 - Email Injection | |
| 50130000 - HTTP Response Splitting | |
| 50140000 - RFI Injection | |
| 50150000 - LFI injection | |
| 50160000 - SRC Disclosure | |
| 50170000 - Java Method Injection | |
| 50180000 - Directory Traversal | |
| 60010000 - OS Command Injection Attacks | |
| 60020000 - Coldfusion Injection | |
| 60030000 - LDAP Injection | |
| 60050000 - Command Injection | |
| 60060000 - Session Fixation | |
| 60070000 - File Injection | |
| 60080000 - PHP Injection | |
| 60090000 - SSI Injection | |
| 60100000 - UPDF XSS | |
| 60110000 - Email Injection | |
| 60120000 - HTTP Request Smuggling | |
| 60130000 - HTTP Response Splitting | |
| 60140000 - RFI Injection | |
| 60150000 - Directory Traversal | |
| 80010000 - Zope Information Leakage | |
| 80020000 - CF Information Leakage | |
| 80030000 - PHP Information Leakage | |
| 80040000 - ISA Server Existence Revealed | |
| 80050000 - Microsoft Office Document Properties Leakage | |
| 80060000 - CF Source Code Leakage | |
| 80070000 - IIS Default Location | |
| 80080000 - Application Availability/Errors | |
| 80090000 - Weblogic information disclosure | |
| 80100000 - File or Directory Names Leakage | |
| 80110000 - IFrame Injection | |
| 80120000 - Generic Malicious JS Detection | |
| 80130000 - Detect Possible Links To Malware Domains | |
| 80140000 - ASP/JSP Source Code Leakage | |
| 80150000 - PHP Source Code Leakage | |
| 80160000 - Statistics Pages Revealed | |
| 80170000 - SQL Errors leakage | |
| 80180000 - IIS Errors leakage | |
| 80190000 - Directory Listing | |
| 80200000 - HTTP Header Leakage | |
| 80210000 - WordPress Version Information Leakage | |
| 90010000 - Oracle 9i Default Configuration File Information Disclosure | |
| 90020000 - Coppermine Photo Gallery ThumbNails.PHP SQL Injection | |
| 90030000 - Netscape Enterprise Server Directory Indexing Vulnerability | |
| 90040000 - Cisco IOS HTTP Service HTML Injection | |
| 90050000 - Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption | |
| 90060000 - HP OpenView Network Node Manager 'OvAcceptLang' Parameter Heap Buffer Overflow | |
| 90070000 - HP OpenView Network Node Manager 'ovalarm.exe' Remote Buffer Overflow | |
| 90080000 - ACal Authentication Bypass & PHP Code Insertion | |
| 90090000 - Best Software SalesLogix Multiple Remote Vulnerabilities | |
| 90100000 - IBM Lotus Domino Web Server iNotes s_ViewName/Foldername Buffer Overflow | |
| 90110000 - Microsoft IIS Form_JScript.asp XSS | |
| 90120000 - Microsoft Windows Media Services Logging ISAPI Buffer Overflow | |
| 90130000 - Microsoft IIS Chunked Encoding Transfer Heap Overflow | |
| 90140000 - Dave Carrigan Auth_LDAP Remote Format String Vulnerability | |
| 90150000 - 427BB Authentication Bypass Vulnerability | |
| 90160000 - CSLiveSupport Remote Command Execution Vulnerability | |
| 90170000 - CSGuestbook Remote Command Execution Vulnerability | |
| 90180000 - CSChat-R-Box Remote Command Execution Vulnerability | |
| 90190000 - CSSearch Remote Command Execution Vulnerability | |
| 90200000 - RaXnet Cacti Graph_Image.PHP Remote Command Execution Vulnerability | |
| 90210000 - CHETCPASSWD System Shadow File Disclosure | |
| 90220000 - SAP Internet Transaction Server Cross Site Scripting Vulnerability | |
| 90230000 - PHP CGI Argument Injection Exploit | |
| 90240000 - ASP CGI Argument Injection Exploit | |
| 90250000 - Apache Tomcat Example Files Web Root Path Disclosure Vulnerability | |
| 90260000 - Asterisk Recording Interface Audio.PHP Information disclosure. | |
| 90270000 - Barracuda Spam Firewall IMG.PL Remote Command Execution Vulnerability | |
| 90280000 - CPG Dragonfly CMS Remote Command Execution Vulnerability. | |
| 90290000 - WebScripts WebBBS Remote Command Execution Vulnerability | |
| 90300000 - Sensitive information disclosure by a direct request for a configuration file. | |
| 90310000 - Database sensitive information disclosure by a direct request application's database. | |
| 90320000 - Path Disclosure Vulnerability by a direct request url. | |
| 90330000 - Denial Of Service Vulnerability by a direct request. | |
| 90340000 - Sensitive information disclosure by a direct request file .xml | |
| 90350000 - Venom Board Post.PHP3 Multiple SQL Injection Vulnerabilities | |
| 90360000 - HP Power Manager Directory Traversal Remote Code Execution Vulnerability | |
| 90370000 - Zenoss Vulnerability | |
| 90380000 - Microsoft SharePoint Server 2007 Cross Site Scripting Vulnerability | |
| 90390000 - Struts 2 Vulnerability | |
| 90400000 - Remote Arbitrary Command Execution Vulnerability | |
| 90410000 - Padding Oracle Attack | |
| 90420000 - Bash Arbitrary Commands Injection Vulnerability (Shellshock) | |
| 90430000 - Wordpress Vulnerability | |
| 90440000 - Potential Reflected File Download (RFD) Attack | |
| 90450000 - Arbitrary File Disclosure | |
| 90460000 - vBulletin Vulnerability | |
| 90470000 - Local File Inclusion Vulnerability | |
| signature: | |
| 10000001 - This signature prevents attackers from adding event processing functions for "mousedown" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000002 - This signature prevents hackers from using "mocha" tag to perform script injection. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000003 - This signature prevents attackers from adding event processing functions for "mouseup" event. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000004 - This signature prevents attackers from injecting an external page using the "lowsrc" attribute (which is only supported by Microsoft Internet Explorer). This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000005 - This signature prevents attackers from using shell commands of href attribute in <A> tag, This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000006 - This signature prevents attackers from adding event processing functions for "onkeyup" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000007 - This signature prevents attackers from calling the function "createtextrange" with which attackers can capture the user input. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000008 - This signature prevents attackers from adding event processing functions for "onresize" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000009 - This signature prevents attackers from adding event processing functions for "onmouseover" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000010 - This signature prevents attackers from adding event processing functions for "onabort" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000011 - This signature prevents attackers from adding event processing functions for "onclick" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000012 - This signature prevents attackers from adding event processing functions for "onselect" event. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000013 - This signature prevents attackers from adding event processing functions for "ondragdrop" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000014 - This rule prevents the function call of "copyparentfolder" used by attackers to obtain the web site's directory structure. | |
| 10000015 - This signature prevents attackers from adding event processing functions for "onmouseout" events This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000016 - This signature prevents attackers from adding a "vbscript" body. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000017 - This signature prevents attackers from adding event processing functions for "onunload" events This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000018 - This signature prevents attackers from adding a "javascript" body. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000019 - This signature prevents attackers from adding one risk link address. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000020 - This signature prevents attackers to execute shell commands or external scripts using "execscript" function. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000021 - This rule prevents the function call "getspecialfolder" which can be exploited by attackers to get web site's directory structure This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000022 - This rules prevents attackers from adding event processing function for "onload" event in HTML body. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000023 - This signature prevents attackers from executing external "vbscript" in a web page. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000024 - This signature prevents attackers from adding event processing functions for "onkeydown" event. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000025 - This signature prevents attackers from adding event processing functions for "onmousemove" event. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000026 - This signature prevents attackers from using "livescript" tag to perform script injection. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000027 - This signature prevents attackers from adding event processing functions for "onblur" event. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000028 - This signature prevents attackers from adding event processing functions for "onmove" event. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000029 - This rule prevents the function call "getparentfolder" which can be exploited by attackers to get web site's directory structure This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000030 - This signature prevents attackers from executing external script source code via an "iframe". This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000031 - This signature prevents attackers from using "src" attribute to execute an external script. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000032 - This signature prevents attackers from executing external "javascript" source code in a web page. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000033 - This signature prevents attackers from executing scripts using "style" attribute. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000034 - This signature prevents Cross-site scripting attacks via the "background" of the BODY element. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000035 - This signature prevents attackers from using the "fromcharcode" method to translate an unicode sequence to string in a web page. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000036 - This signature prevents attackers from executing external "vbscript" source code in a web page. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000037 - This signature prevents attackers from linking an external "image" in a web page. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000038 - This signature prevents attackers from setting up a "background-image" for one element. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000039 - This signature prevents attackers from adding a "frame" element in a web page. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000040 - This signature prevents attackers from executing external "ecmascript" source code in a web page. Tthis injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000041 - This signature prevents attackers from adding event processing functions for "onload" event. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000042 - This signature prevents attackers from executing an external vbscript source code in a web page. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000043 - This signature prevents attackers from adding event processing functions for 'onfocus' event. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000044 - This signature prevents attackers from importing an external "css" file in a web page. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000045 - This signature prevents attackers from easily stealing a cookie from an authenticated user. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000046 - This signature prevents attackers from obtaining the tag content of a given parameter via the "innerhtml". This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000047 - This signature prevents attackers from adding event processing functions for 'onerror' events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000048 - This signature prevents attackers from executing an javascript source code in a web page. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000049 - This signature prevents attackers from adding a "vbscript" source code. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000050 - This signature prevents attackers from injecting an external page using the "lowsrc" attribute (which is only supported by Microsoft Internet Explorer). This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000051 - This signature prevents attackers from executing a user-defined function via "asfunction". This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000052 - This signature prevents attackers from executing shell commands via "shell". This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000053 - This rule prevents the function call 'activexobject', which can be exploited by attackers to get objects such as WScript. that provides access to some very useful core OS components. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000054 - This signature prevents attackers from adding event processing functions for "onkeypress" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000055 - This signature prevents attackers from adding event processing functions for "onsubmit" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000056 - This signature prevents attackers from executing external "x-javascript" source code in a web page. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000057 - This signature prevents attackers from adding "script" source code body, This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000058 - This signature prevents attackers from executing external javascript source code of "href" attribute in tag. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000059 - This signature prevents attackers from adding event processing functions for "onchange" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000060 - This signature prevents attackers from executing external "jscript" source code in a web page. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000061 - This signature prevents attackers from executing external "x-vbscript" source code in a web page. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000062 - This signature prevents attackers from executing external script source code via a "meta" tag. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000063 - This signature prevents attackers from displaying some specified messages in an "alert" box, such as a cookie from an authenticated user. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000064 - This signature prevents attackers from executing external scripts using "settimeout" function. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000065 - This signature prevents attackers from importing an external css file in a web page by "addimport" method. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000066 - This signature prevents attackers from using "CDATA" fields to break up some harmful scripts giving a false sense of security as the text will not be parsed. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000067 - This signature prevents attackers from using "url" attribute to execute an external script. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000068 - This signature prevents attackers from adding "behaviour URL" for HTML component DIV. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000069 - This signature prevents attackers from adding attack info into "<img src". | |
| This injection can be achieved in HTTP arguments. | |
| 10000070 - This signature prevents attackers from adding attack info into HTML component. | |
| This injection can be achieved in HTTP arguments. | |
| 10000071 - This signature prevents attackers from setting document flag. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000072 - This signature prevents attackers from executing scripts using "style" attribute. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000073 - This signature prevents attackers from executing external JavaScript "form action" tag attribute in source code. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000074 - This signature prevents attackers from adding event processing functions for "onMouseEnter" events This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000075 - This signature prevents attackers from adding event processing functions for "onPageHide" events This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000076 - This signature prevents attackers from adding event processing functions for "onMouseLeave" events This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000077 - This signature prevents attackers from adding event processing functions for "onPageShow" events This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000078 - This signature prevents attackers from adding event processing functions for "onBeforeUnload" events This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000079 - This signature prevents attackers from adding event processing functions for "onPopState" events This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000080 - This signature prevents attackers from adding event processing functions for "onbeforeload" events This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000081 - This signature prevents attackers from adding event processing functions for "oninput" events This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000082 - This signature prevents attackers from adding event processing functions for "onScroll" events This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000083 - This signature prevents attackers from adding event processing functions for "onPropertyChange" events This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000084 - This signature prevents attackers from adding event processing functions for "onReadyStateChange" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000085 - This signature prevents attackers from adding event processing functions for "onStart" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000086 - This signature prevents attackers from adding event processing functions for "onEnd" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000087 - This signature prevents attackers from adding event processing functions for "onMouseWheel" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000088 - This signature prevents attackers from adding event processing functions for "onMoveEnd" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000089 - This signature prevents attackers from adding event processing functions for "onMoveStart" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000090 - This signature prevents attackers from adding event processing functions for "onSelectStart" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000091 - This signature prevents attackers from adding event processing functions for "onStop" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000092 - This signature prevents attackers from manipulating the href attribute in a tag, This injection can be achieved in HTTP request URL or HTTP arguments | |
| 10000093 - This signature prevents attackers from manipulating the src attribute in a tag, This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000094 - This signature prevents attackers from using background shell command attribute in a tag, This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000095 - This signature prevents attackers from adding a label attack info into an HTML component. | |
| This injection can be achieved in HTTP arguments. | |
| 10000096 - This signature prevents attackers from injecting information into the HTML component applet. | |
| This injection can be achieved in HTTP arguments. | |
| 10000097 - This signature prevents attackers from adding event processing functions for "onActivate" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000098 - This signature prevents attackers from adding event processing functions for "onAfterPrint" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000099 - This signature prevents attackers from adding event processing functions for "onAfterUpdate" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000100 - This signature prevents attackers from adding event processing functions for "onBeforeActivate" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000101 - This signature prevents attackers from adding event processing functions for "onBeforeCopy" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000102 - This signature prevents attackers from adding event processing functions for "onBeforeCut" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000103 - This signature prevents attackers from adding event processing functions for "onBeforeDeactivate" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000104 - This signature prevents attackers from adding a risk linky address by using "allowscriptaccess" attribute. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000105 - This signature prevents attackers from adding a risky link address by using "rel" attribute. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000106 - This signature prevents attackers from adding a risky link address by using "data:" attribute. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000107 - This signature prevents attackers from adding a risky link address by using "<!doctype". This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000108 - This signature prevents attackers from adding a risky link address by using "xmlns". This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000109 - This signature prevents attackers from adding a risky link address by using "xlink:href". This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000110 - This signature prevents attackers from adding event processing functions for "onBeforeEditFocus" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000111 - This signature prevents attackers from adding event processing functions for "onBeforePaste" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000112 - This signature prevents attackers from adding event processing functions for "onBeforePrint" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000113 - This signature prevents attackers from adding event processing functions for "onBegin" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000114 - This signature prevents attackers from adding event processing functions for "onBounce" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000115 - This signature prevents attackers from adding event processing functions for "onCopy" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000116 - This signature prevents attackers from adding event processing functions for "onCut" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000117 - This signature prevents attackers from adding event processing functions for "onDrag" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000118 - This signature prevents attackers from adding event processing functions for "onDrop" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000119 - This signature prevents attackers from adding event processing functions for "onPaste" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000120 - This signature prevents attackers from adding event processing functions for "onDataSetComplete" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000121 - This signature prevents attackers from adding event processing functions for "onDblClick" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000122 - This signature prevents attackers from adding event processing functions for "onDeactivate" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000123 - This signature prevents attackers from adding event processing functions for "onPause" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000124 - This signature prevents attackers from adding event processing functions for "onProgress" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000125 - This signature prevents attackers from adding event processing functions for "onReadyStateChange" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000126 - This signature prevents attackers from adding event processing functions for "onRepeat" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000127 - This signature prevents attackers from adding event processing functions for "onResizeEnd" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000128 - This signature prevents attackers from adding event processing functions for "onResizeStart" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000129 - This signature prevents attackers from adding event processing functions for "onResume" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000130 - This signature prevents attackers from adding event processing functions for "onContextMenu" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000131 - This signature prevents attackers from adding event processing functions for "onDragEnd" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000132 - This signature prevents attackers from adding event processing functions for "onFinish" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000133 - This signature prevents attackers from adding event processing functions for "onFocusIn" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000134 - This signature prevents attackers from adding event processing functions for "onFocusOut" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000135 - This signature prevents attackers from adding event processing functions for "onRowsEnter" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000136 - This signature prevents attackers from adding event processing functions for "onRowExit" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000137 - This signature prevents attackers from adding event processing functions for "onSeek" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000138 - This signature prevents attackers from executing external JavaScript "location" tag attribute in the source code. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000139 - This signature prevents attackers from running malicious Javascript code using "eval". | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000140 - This signature prevents attackers from executing scripts using "x:expression". This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000141 - This signature prevents attackers from adding event processing functions for "onforminput" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000142 - This signature prevents attackers from adding event processing functions for "onformchange" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000143 - This signature prevents attackers from displaying specific messages in a "prompt" box, such as a cookie from an authenticated user. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000144 - This signature prevents attackers from stealing location from an authenticated user. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000145 - This signature prevents attackers from adding a risky link address. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000146 - This signature prevents attackers from searching for vulnerabilities on the target server through "chr" enumerating. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 10000147 - This signature prevents attackers from adding event processing functions for "onDragLeave" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000148 - This signature prevents attackers from adding event processing functions for "onDragEnter" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000149 - This signature prevents attackers from executing external "x-scriptlet" source code in a web page. Tthis injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000150 - This signature prevents attackers from displaying some specified messages in an "confirm" box, such as a cookie from an authenticated user. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000151 - This signature prevents attackers from adding a xml name space by using "xml:namespace". | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000152 - This signature prevents attackers from importing a xml name space by using "import namespace". | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000153 - This signature prevents attackers from performing attack in firefox browser. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000154 - This signature prevents attackers from executing external JavaScript "formaction" tag attribute in the source code. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000155 - This signature prevents attackers from adding attack info about HTML5 attribute "dirname". | |
| This injection can be achieved in HTTP url and arguments. | |
| 10000156 - This signature prevents attackers from adding attack info about HTML5 attribute "repeat". | |
| This injection can be achieved in HTTP url and arguments. | |
| 10000157 - This signature prevents attackers from adding event processing functions for "onDragOver" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000158 - This signature prevents attackers from adding event processing functions for "onErrorUpdate" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000159 - This signature prevents attackers from adding event processing functions for "onFilterChange" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000160 - This signature prevents attackers from adding event processing functions for "onHelp" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000161 - This signature prevents attackers from adding event processing functions for "onLayoutComplete" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000162 - This signature prevents attackers from adding event processing functions for "onLoseCapture" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000163 - This signature prevents attackers from adding event processing functions for "onMediaComplete" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000164 - This signature prevents attackers from adding event processing functions for "ondragstart" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000165 - This signature prevents attackers from adding event processing functions for "onMediaError" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000166 - This signature prevents attackers from adding event processing functions for "onOutOfSync" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000167 - This signature prevents attackers from adding event processing functions for "onbeforeupdate" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000168 - This signature prevents attackers from adding event processing functions for "oncellchange" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000169 - This signature prevents attackers from adding event processing functions for "oncontrolselect" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000170 - This signature prevents attackers from adding event processing functions for "ondataavailable" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000171 - This signature prevents attackers from adding event processing functions for "ondatasetchanged" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000172 - This signature prevents attackers from adding event processing functions for "onrowenter" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000173 - This signature prevents attackers from adding event processing functions for "onrowsdelete" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000174 - This signature prevents attackers from adding event processing functions for "onrowsinserted" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000175 - This signature prevents attackers from adding event processing functions for "onselectionchange" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000176 - This signature prevents attackers from adding event processing functions for "onstoragecommit" events. This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000177 - This signature prevents attackers from executing external scripts using "setInterval" function. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000178 - This signature prevents attackers from bypassing WAF with HTML entity encode. This injection can be achieved in HTTP arguments. | |
| 10000179 - This signature prevents attackers from bypassing WAF with HTML entity encode. This injection can be achieved in HTTP arguments. | |
| 10000180 - This signature prevents attackers from bypassing WAF with HTML entity encode. This injection can be achieved in HTTP arguments. | |
| 10000181 - This signature prevents attackers to open some malicious web pages in a new window using "window.open()". This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000182 - This signature prevents attackers to redirect the browser to a new malicious page using "window.location". This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000183 - This signature prevents attackers from executing external scripts using "setImmediate" function. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000184 - This signature prevents attackers from loading and executing external scripts using jQuery function "$.get()". This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000185 - This signature prevents attackers from loading and executing external scripts using jQuery function "$.getScript()". This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000186 - This signature prevents attackers from adding event processing functions for "poster" events (Works Upto Opera 10.5). This injection can be achieved in HTTP request URLs or HTTP arguments. | |
| 10000187 - This signature prevents attackers from bypassing WAF with HTML entity encode. This injection can be achieved in HTTP arguments. | |
| 10000188 - This signature prevents attackers from adding attack info into "<isindex>" tag. This injection can be achieved in HTTP headers, HTTP request URL or HTTP arguments. | |
| 10000189 - This signature prevents attackers from adding attack info into "<vmlframe>" tag. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 10000190 - This signature prevents attackers from importing Cross-Site attack info into "<link>" tag. This injection can be achieved in HTTP headers, HTTP request URL or HTTP arguments. | |
| 20000001 - This signature prevents attackers from adding event processing functions for "mousedown" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000002 - This signature prevents attackers from using "mocha" tag to perform script injection. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000003 - This signature prevents attackers from adding event processing functions for "mouseup" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000004 - The lowsrc attribute is only supported by Microsoft Internet Explorer and can be exploited by attackers to inject an external page. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000005 - This signature prevents the attackers from using href attribute shell command in <A> tags. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000006 - This signature prevents attackers from adding event processing functions for "onkeyup" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000007 - This signature prevents attackers from calling the function "createtextrange" allowing attackers to capture the user input. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000008 - This signature prevents attackers from adding event processing functions for "onresize" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000009 - This signature prevents attackers from adding event processing functions for "onmouseover" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000010 - This signature prevents attackers from adding event processing functions for "onabort" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000011 - This signature prevents attackers from adding event processing functions for "onclick" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000012 - This signature prevents attackers from adding event processing functions for "onselect" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000013 - This signature prevents attackers from adding event processing functions for "ondragdrop" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000014 - This rule prevents the "copyparentfolder"function call allowing attackers to obtain directory structure of the web site. | |
| 20000015 - This signature prevents attackers from adding event processing functions for "onmouseout" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000016 - This signature prevents attackers from adding a "vbscript" body. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000017 - This signature prevents attackers from adding event processing functions for "onunload" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000018 - This signature prevents attackers from adding a "javascript" body. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000019 - This signature prevents attackers from adding a risk link address. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000020 - This signature prevents attackers to execute shell command or external scripts using "execscript" function. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000021 - This rule prevents the function call "getspecialfolder" which can be exploited by attackers to get the web site's directory structure. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000022 - This rules prevents attackers from adding event processing function for "onload" event in HTML body, | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000023 - This signature prevents attackers from executing external "vbscrip"t in a web page. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000024 - This signature prevents attackers from adding event processing functions for "onkeydown" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000025 - This signature prevents attackers from adding event processing functions for "onmousemove" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000026 - This signature prevents attackers from using "livescript" tag to perform script injections. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000027 - This signature prevents attackers from adding event processing functions for "onblur" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000028 - This signature prevents attackers from adding event processing functions for "onmove" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000029 - This rule prevents the function call "getparentfolder" which can be exploited by attackers to get web site's directory structure. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000030 - This signature prevents attackers from executing external script source code via an "iframe". | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000031 - This signature prevents attackers from using "src" attribute to execute an external script. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000032 - This signature prevents attackers from executing external javascript source code in a web page. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000033 - This signature prevents attackers from executing scripts using "style" attributes. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000034 - This signature prevents attackers from enabling Cross-site scripting via the "background" of the BODY element. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000035 - This signature prevents attackers from using the "fromcharcode" method to translate unicode sequence to string. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000036 - This signature prevents attackers from executing external vbscript source code. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000037 - This signature prevents attackers from linking an external image. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000038 - This signature prevents attackers from setting up a "background image" for an element. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000039 - This signature prevents attackers from adding a "frame" element. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000040 - This signature prevents attackers from executing external "ecmascript" source code. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000041 - This signature prevents attackers from adding event processing functions for "onload" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000042 - This signature prevents attackers from executing an external "vbscript" source code. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000043 - This signature prevents attackers from adding event processing functions for "onfocus" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000044 - This signature prevents attackers from importing an external "css" file. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000045 - This signature prevents attackers from stealing a cookie from an authenticated user. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000046 - This signature prevents attackers from obtaining the tag content of a given parameter via "innerhtml". | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000047 - This signature prevents attackers from adding event processing functions for "onerror" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000048 - This signature prevents attackers from executing a javascript source code. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000049 - This signature prevents attackers from adding a "vbscript" source code. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000050 - The lowsrc attribute is only supported by Microsoft Internet Explorer and can be exploited by attackers to inject javascript source code. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000051 - This signature prevents attackers from executing a user-defined function via "asfunction". | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000052 - This signature prevents attackers from executing shell command via "shell". | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000053 - This rule prevents the function call "activexobject" which can be exploited by attackers to get object information such as WScript. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000054 - This signature prevents attackers from adding event processing functions for "onkeypress" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000055 - This signature prevents attackers from adding event processing functions for "onsubmit" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000056 - This signature prevents attackers from executing external "x-javascript" source code. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000057 - This signature prevents attackers from adding "script" source code body. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000058 - This signature prevents attackers from executing external "href attribute" javascript source code in a tag. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000059 - This signature prevents attackers from adding event processing functions for "onchange" events. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000060 - This signature prevents attackers from executing external "jscript" source code. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000061 - This signature prevents attackers from executing external "x-vbscript" source code. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000062 - This signature prevents attackers from executing external script source code via a "meta" tag. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000063 - This signature prevents attackers from displaying specified messages in an "alert" box such as a cookie from an authenticated user. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000064 - This signature prevents attackers from executing external scripts using "settimeout function". | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000065 - This signature prevents attackers from importing an external css file by "addimport" method. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000066 - This signature prevents attackers from using "CDATA" fields to break up harmful scripts trying to avoid detection mechanisms. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000067 - This signature prevents attackers from using "url" attributes to execute an external script. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000071 - This signature prevents attackers from using "url" attributes to execute an external script. | |
| this injection can be achieved in HTTP request URL . | |
| 20000073 - This signature prevents attackers from executing external JavaScript "form action" tag attribute in source code. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000074 - This signature prevents attackers from adding event processing functions for "onMouseEnter" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000075 - This signature prevents attackers from adding event processing functions for "onPageHide" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000076 - This signature prevents attackers from adding event processing functions for "onMouseLeave" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000077 - This signature prevents attackers from adding event processing functions for "onPageShow" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000078 - This signature prevents attackers from adding event processing functions for "onBeforeUnload" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000079 - This signature prevents attackers from adding event processing functions for "onPopState" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000080 - This signature prevents attackers from adding event processing functions for "onbeforeload" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000081 - This signature prevents attackers from adding event processing functions for "oninput" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000082 - This signature prevents attackers from adding event processing functions for "onScroll" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000083 - This signature prevents attackers from adding event processing functions for "onPropertyChange" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000084 - This signature prevents attackers from adding event processing functions for "onReadyStateChange" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000085 - This signature prevents attackers from adding event processing functions for "onStart" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000086 - This signature prevents attackers from adding event processing functions for "onEnd" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000087 - This signature prevents attackers from adding event processing functions for "onMouseWheel" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000088 - This signature prevents attackers from adding event processing functions for "onMoveEnd" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000089 - This signature prevents attackers from adding event processing functions for "onMoveStart" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000090 - This signature prevents attackers from adding event processing functions for "onSelectStart" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000091 - This signature prevents attackers from adding event processing functions for "onStop" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000092 - This signature prevents attackers from manipulating the href attribute in a tag, This injection can be achieved in HTTP request URL or HTTP arguments | |
| 20000093 - This signature prevents attackers from manipulating the src attribute in a tag, This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000094 - This signature prevents attackers from using background shell command attribute in a tag, This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000095 - This signature prevents attackers from adding a label attack info into an HTML component. | |
| This injection can be achieved in HTTP arguments. | |
| 20000096 - This signature prevents attackers from injecting information into the HTML component applet. | |
| This injection can be achieved in HTTP arguments. | |
| 20000097 - This signature prevents attackers from adding event processing functions for "onActivate" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000098 - This signature prevents attackers from adding event processing functions for "onAfterPrint" events. This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000099 - This signature prevents attackers from adding event processing functions for "onAfterUpdate" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000100 - This signature prevents attackers from adding event processing functions for "onBeforeActivate" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000101 - This signature prevents attackers from adding event processing functions for "onBeforeCopy" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000102 - This signature prevents attackers from adding event processing functions for "onBeforeCut" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000103 - This signature prevents attackers from adding event processing functions for "onBeforeDeactivate" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000104 - This signature prevents attackers from adding event processing functions for "onBeforeEditFocus" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000105 - This signature prevents attackers from adding event processing functions for "onBeforePaste" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000106 - This signature prevents attackers from adding event processing functions for "onBeforePrint" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000107 - This signature prevents attackers from adding event processing functions for "onBegin" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000108 - This signature prevents attackers from adding event processing functions for "onBounce" events. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000109 - This signature prevents attackers from adding event processing functions for "onCopy" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000110 - This signature prevents attackers from adding event processing functions for "onCut" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000111 - This signature prevents attackers from adding event processing functions for "onDrag" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000112 - This signature prevents attackers from adding event processing functions for "onDrop" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000113 - This signature prevents attackers from adding event processing functions for "onPaste" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000114 - This signature prevents attackers from adding event processing functions for "onDataSetComplete" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000115 - This signature prevents attackers from adding event processing functions for "onDblClick" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000116 - This signature prevents attackers from adding event processing functions for "onDeactivate" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000127 - This signature prevents attackers from adding event processing functions for "onPause" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000128 - This signature prevents attackers from adding event processing functions for "onProgress" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000129 - This signature prevents attackers from adding event processing functions for "onReadyStateChange" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000130 - This signature prevents attackers from adding event processing functions for "onRepeat" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000131 - This signature prevents attackers from adding event processing functions for "onResizeEnd" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000132 - This signature prevents attackers from adding event processing functions for "onResizeStart" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000133 - This signature prevents attackers from adding event processing functions for "onResume" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000134 - This signature prevents attackers from adding event processing functions for "onContextMenu" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000135 - This signature prevents attackers from adding event processing functions for "onDragEnd" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000136 - This signature prevents attackers from adding event processing functions for "onFinish" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000137 - This signature prevents attackers from adding event processing functions for "onFocusIn" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000138 - This signature prevents attackers from adding event processing functions for "onFocusOut" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000139 - This signature prevents attackers from adding event processing functions for "onRowsEnter" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000140 - This signature prevents attackers from adding event processing functions for "onRowExit" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000141 - This signature prevents attackers from adding event processing functions for "onSeek" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000142 - This signature prevents attackers from executing external JavaScript "location" tag attribute in the source code. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000143 - This signature prevents attackers from running malicious Javascript code using "eval". | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000144 - This signature prevents attackers from executing scripts using "x:expression". This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000145 - This signature prevents attackers from adding event processing functions for "onforminput" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000146 - This signature prevents attackers from adding event processing functions for "onformchange" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000147 - This signature prevents attackers from displaying specific messages in a "prompt" box, such as a cookie from an authenticated user. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000148 - This signature prevents attackers from stealing location from an authenticated user. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000149 - This signature prevents attackers from adding a risky link address. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000150 - This signature prevents attackers from adding event processing functions for "onDragLeave" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000151 - This signature prevents attackers from adding event processing functions for "onDragEnter" events . | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000152 - This signature prevents attackers from executing external "x-scriptlet" source code. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000153 - This signature prevents attackers from displaying specified messages in an "confirm" box such as a cookie from an authenticated user. | |
| this injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000154 - This signature prevents attackers from executing external JavaScript "formaction" tag attribute in the source code. | |
| This injection can be achieved in HTTP request URL or HTTP arguments. | |
| 20000155 - This signature prevents attackers from adding event processing functions for "onDragOver" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000156 - This signature prevents attackers from adding event processing functions for "onErrorUpdate" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000157 - This signature prevents attackers from adding event processing functions for "onFilterChange" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000158 - This signature prevents attackers from adding event processing functions for "onHelp" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000159 - This signature prevents attackers from adding event processing functions for "onLayoutComplete" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000160 - This signature prevents attackers from adding event processing functions for "onLoseCapture" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000161 - This signature prevents attackers from adding event processing functions for "onMediaComplete" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000162 - This signature prevents attackers from adding event processing functions for "ondragstart" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000163 - This signature prevents attackers from adding event processing functions for "onMediaError" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000164 - This signature prevents attackers from adding event processing functions for "onOutOfSync" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000165 - This signature prevents attackers from adding event processing functions for "onbeforeupdate" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000166 - This signature prevents attackers from adding event processing functions for "oncellchange" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000167 - This signature prevents attackers from adding event processing functions for "oncontrolselect" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000168 - This signature prevents attackers from adding event processing functions for "ondataavailable" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000169 - This signature prevents attackers from adding event processing functions for "ondatasetchanged" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000170 - This signature prevents attackers from adding event processing functions for "onrowenter" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000171 - This signature prevents attackers from adding event processing functions for "onrowsdelete" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000172 - This signature prevents attackers from adding event processing functions for "onrowsinserted" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000173 - This signature prevents attackers from adding event processing functions for "onselectionchange" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000174 - This signature prevents attackers from adding event processing functions for "onstoragecommit" events. This injection can be achieved in HTTP headers, request URLs or HTTP arguments. | |
| 20000175 - This signature prevents attackers from executing external scripts using "setInterval" function. This injection can be achieved in HTTP headers, HTTP request URL or HTTP arguments. | |
| 20000176 - This signature prevents attackers from bypassing WAF with HTML entity encode. This injection can be achieved in HTTP headers or HTTP arguments. | |
| 20000177 - This signature prevents attackers from bypassing WAF with HTML entity encode. This injection can be achieved in HTTP headers or HTTP arguments. | |
| 20000178 - This signature prevents attackers from bypassing WAF with HTML entity encode. This injection can be achieved in HTTP headers or HTTP arguments. | |
| 20000179 - This signature prevents attackers to open some malicious web pages in a new window using "window.open()". This injection can be achieved in HTTP headers, HTTP request URL or HTTP arguments. | |
| 20000180 - This signature prevents attackers to redirect the browser to a new malicious page using "window.location". This injection can be achieved in HTTP headers, HTTP request URL or HTTP arguments. | |
| 20000181 - This signature prevents attackers from executing external scripts using "setImmediate" function. This injection can be achieved in HTTP headers, HTTP request URL or HTTP arguments. | |
| 20000182 - This signature prevents attackers from loading and executing external scripts using jQuery function "$.get()". This injection can be achieved in HTTP headers, HTTP request URL or HTTP arguments. | |
| 20000183 - This signature prevents attackers from loading and executing external scripts using jQuery function "$.getScript()". This injection can be achieved in HTTP headers, HTTP request URL or HTTP arguments. | |
| 20000184 - This signature prevents attackers from adding event processing functions for "poster" events (Works Upto Opera 10.5). This injection can be achieved in HTTP headers, HTTP request URL or HTTP arguments. | |
| 20000185 - This signature prevents attackers from bypassing WAF with HTML entity encode. This injection can be achieved in HTTP headers or HTTP arguments. | |
| 20000186 - This signature prevents attackers from adding attack info into "<isindex>" tag. This injection can be achieved in HTTP headers, HTTP request URL or HTTP arguments. | |
| 20000187 - This signature prevents attackers from adding attack info into "<vmlframe>" tag. This injection can be achieved in HTTP headers, HTTP request URL or HTTP arguments. | |
| 20000188 - This signature prevents attackers from importing Cross-Site attack info into "<link>" tag. This injection can be achieved in HTTP headers, HTTP request URL or HTTP arguments. | |
| 30000001 - This signature prevents attackers from extracting sensitive information from Oracle databases by using system table "sys.user_catalog". This injection can be achieved in HTTP request URL and arguments. | |
| 30000002 - This signature prevents attackers from extracting database "constraint" information. This injection can be achieved in HTTP request URL and arguments. | |
| 30000003 - This signature prevents attackers from extracting sensitive information from Oracle database system table "sys.user_tables". This injection can be achieved in HTTP request URL and arguments. | |
| 30000004 - This signature prevents attackers from extracting sensitive information from Microsoft Access database system table "msysqueries". This injection can be achieved in HTTP request URL and arguments. | |
| 30000005 - This signature prevents attackers from extracting sensitive information from Microsoft Access database. system table "msysaces". This injection can be achieved in HTTP request URL and arguments. | |
| 30000006 - This signature prevents attackers from extracting sensitive information using" @@SPID"(server process id). This injection can be achieved in HTTP request URL and arguments. | |
| 30000007 - This signature prevents attackers from guessing string type fields by "charindex()" function. This injection can be achieved in HTTP request URL and arguments. | |
| 30000008 - This signature prevents attackers from extracting sensitive information from Oracle database system table "sys.all_tables". This injection can be achieved in HTTP request URL and arguments. | |
| 30000009 - This signature prevents attackers from extracting database information from Oracle database by probing system table "sys.user_constraints". This injection can be achieved in HTTP request URL and arguments. | |
| 30000010 - This signature prevents attackers from probing table and field named "user". This injection can be achieved in HTTP request URL and arguments. | |
| 30000011 - This signature prevents attackers from probing database information using SQL "waitfor delay" function. This injection can be achieved in HTTP request URL and arguments. | |
| 30000012 - This signature prevents attackers from writing any attack content into any kind of file, anywhere in the file system. This injection can be achieved in HTTP request URL and arguments. | |
| 30000013 - This signature prevents attackers from executing the query on the specified linked server to get sensitive information.This injection can be achieved in HTTP request URL and arguments. | |
| 30000014 - This signature prevents attackers from "deleting" values in the registry. This injection can be achieved in HTTP request URL and arguments. | |
| 30000015 - This signature prevents attackers from guessing table column's attributes using "attrelid"as a column of system table 'pg_attribute', which is used to label table's id in Postgre database. This injection can be achieved in HTTP request URL and arguments. | |
| 30000016 - This signature prevents attackers from "cast" decoding the attack SQL command. This injection can be achieved in HTTP request URL and arguments. | |
| 30000017 - This signature prevents attackers from getting character's position in column in Postgre database by using function "textpos". This injection can be achieved in HTTP request URL and arguments. | |
| 30000018 - This signature prevents attackers from guessing table column's attributes in Postgre database using system table "pg_attribute". This injection can be achieved in HTTP request URL and arguments. | |
| 30000019 - This signature prevents attackers from guessing characters by using function "substring". This injection can be achieved in HTTP request URL and arguments. | |
| 30000020 - This signature prevents attackers to guess MSSQL database information in filegroups by system table "sysfilegroups". This injection can be achieved in HTTP request URL and arguments. | |
| 30000021 - This signature prevents attackers to guess MSSQL database information in columns by using system table "syscolumns". This injection can be achieved in HTTP request URL and arguments. | |
| 30000022 - This signature prevents attackers to guess MSSQL database information in sysobjects by system table "sysobjects". This injection can be achieved in HTTP request URL and arguments. | |
| 30000023 - This signature prevents attackers to get Oracle database type of object by using "object_type" in system table 'dba_objects'. This injection can be achieved in HTTP request URL and arguments. | |
| 30000024 - This signature prevents attackers to get Oracle database id of object by 'object_id' in system table 'dba_objects'. This injection can be achieved in HTTP request URL and arguments. | |
| 30000025 - This signature prevents attackers from getting server subdirectory and depth. This injection can be achieved in HTTP request URL and arguments. | |
| 30000026 - This signature prevents attackers from getting sensitive information by accessing registry through stored procedure "XP_regenumkeys". This injection can be achieved in HTTP request URL and arguments. | |
| 30000027 - This signature prevents attackers from gathering directory listings from the targeted host by injecting the "xp_filelist" command using a SQL injection attack. This injection can be achieved in HTTP request URL and arguments. | |
| 30000028 - This signature prevents attackers from using dynamic SQL string generated in some applications executed by "sp_executesql" stored procedure. This injection can be achieved in HTTP request URL and arguments. | |
| 30000029 - This signature prevents attackers from getting sensitive information through "ifnull" function. This injection can be achieved in HTTP request URL and arguments. | |
| 30000030 - This signature prevents attackers from writing attack content into any kind of file anywhere in the file system. This injection can be achieved in HTTP request URL and arguments. | |
| 30000031 - This signature prevents attackers using the "xp_cmdshell" extended stored procedure in MSSQL to execute any command shell on the server. This injection can be achieved in HTTP request URL and arguments. | |
| 30000032 - This signature prevents attackers from writing attack information through "sp_makewebtask". This injection can be achieved in HTTP request URL and arguments. | |
| 30000033 - This signature prevents attackers from getting admin privileges through "dbo". This injection can be achieved in HTTP request URL and arguments. | |
| 30000034 - This signature prevents attackers from injecting PL/SQL statements through "autonomous_transaction" . This injection can be achieved in HTTP request URL and arguments. | |
| 30000035 - This signature prevents attackers from getting sensitive information through default table "db_users". This injection can be achieved in HTTP request URL and arguments. | |
| 30000036 - This signature prevents attackers using MSSQL "xp_regwrite" extended stored procedure to add a new value to the registry. This injection can be achieved in HTTP request URL and arguments. | |
| 30000037 - This rule prevents from getting privileges through "sp_oacreate". This injection can be achieved in HTTP request URL and arguments. | |
| 30000038 - This signature prevents attackers from getting registry information through "xp_regenumvalues". This injection can be achieved in HTTP request URL and arguments. | |
| 30000039 - This signature prevents attackers from getting table row information. This injection can be achieved in HTTP request URL and arguments. | |
| 30000040 - This signature prevents attackers from getting database sensitive information through "bOOL" operation. This injection can be achieved in HTTP request URL and arguments. | |
| 30000041 - This signature prevents attackers using MSSQL "p_regaddmultistring"extended stored procedure to add a new multistring value to the registry. This injection can be achieved in HTTP request URL and arguments. | |
| 30000042 - This signature prevents attackers from probing the sql injection point. This injection can be achieved in HTTP request URL and arguments. | |
| 30000043 - This signature prevents attackers using MSSQL "xp_regremovemultistring" extended stored procedure to remove a multistring value in the registry. This injection can be achieved in HTTP request URL and arguments. | |
| 30000044 - This signature prevents attackers from getting senstive information from the target host database through "top" operation. This injection can be achieved in HTTP request URL and arguments. | |
| 30000045 - This signature prevents attackers using MSSQL "xp_regdeletekey" extended stored procedure to remove a key in the registry. This injection can be achieved in HTTP request URL and arguments. | |
| 30000046 - This signature prevents attackers using MSSQL "xp_regread" extended stored procedure to read a key value in the registry. This injection can be achieved in HTTP request URL and arguments. | |
| 30000047 - This signature prevents attackers using MSSQL "xp_enumdsn" extended stored procedure to get information about dsn. This injection can be achieved in HTTP request URL and arguments. | |
| 30000048 - This signature prevents attackers using MSSQL "xp_availablemedia" extended stored procedure to get driver information in the server. This injection can be achieved in HTTP request URL and arguments. | |
| 30000049 - This signature prevents attackers from probing senstive information from the target host database through "delay" function | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000050 - This signature prevents attackers from guessing table length from target host database through the "length" function. This injection can be achieved in HTTP request URL and arguments. | |
| 30000051 - This signature prevents attackers from injecting attack content through "sqloledb" provider. This injection can be achieved in HTTP request URL and arguments. | |
| 30000052 - This signature prevents attackers from adding extended stored procedure through "sp_addextendedproc" . This injection can be achieved in HTTP request URL and arguments. | |
| 30000053 - This signature prevents attackers from probing the admin privilege through default "sa" administrator. This injection can be achieved in HTTP request URL and arguments. | |
| 30000054 - This signature prevents attackers from guessing Oracle database objects defined by user in system table 'user_objects'. This injection can be achieved in HTTP request URL and arguments. | |
| 30000055 - This signature prevents attackers from guessing MSSQL database objects in system table sysobjects with 'xtype' attribute. This injection can be achieved in HTTP request URL and arguments. | |
| 30000056 - This signature prevents attackers from extracting Microsoft Access database information like database type by probing system table "msyscolumns". This injection can be achieved in HTTP request URL and arguments. | |
| 30000057 - This signature prevents attackers from guessing MSSQL database "column_name" table with INFORMATION_SCHEMA.COLUMNS. This injection can be achieved in HTTP request URL and arguments. | |
| 30000058 - This signature prevents attackers from guessing DB2 owner "sysibm" object attributes. This injection can be achieved in HTTP request URL and arguments. | |
| 30000059 - This signature prevents attackers from guessing Oracle Database column and table by using system table "user_ind_columns". This injection can be achieved in HTTP request URL and arguments. | |
| 30000060 - This signature prevents attackers from guessing fields string type using SQL"substring()" function. This injection can be achieved in HTTP request URL and arguments. | |
| 30000061 - This signature prevents attackers from guessing MSSQL Database key process information by using system table "sysprocesses". This injection can be achieved in HTTP request URL and arguments. | |
| 30000062 - This signature prevents attackers from guessing MySQL Database users key information by using system table "mb_users". This injection can be achieved in HTTP request URL and arguments. | |
| 30000063 - This signature prevents attackers from guessing MySQL Database. "table_name" by using system table "INFORMATION_SCHEMA.TABLES". This injection can be achieved in HTTP request URL and arguments. | |
| 30000064 - This signature prevents attackers from guessing Informix Database key information by using system table "systables". This injection can be achieved in HTTP request URL and arguments. | |
| 30000065 - This signature prevents attackers to get Oracle database object name using 'object_name' in system table 'dba_objects'. This injection can be achieved in HTTP request URL and arguments. | |
| 30000066 - This signature prevents attackers to use Blind SQL injection using "ROWNUM" in Oracle. "ROWNUM" is an Oracle pseudo column which numbers the rows in a result set. This injection can be achieved in HTTP request URL and arguments. | |
| 30000067 - This signature prevents attackers from extracting Oracle database sensitive information from system table "sys.user_triggers". This injection can be achieved in HTTP request URL and arguments. | |
| 30000068 - This signature prevents attackers from guessing key Informix Database constraints information by using system table "sysconstraints". This injection can be achieved in HTTP request URL and arguments. | |
| 30000069 - This signature prevents attackers from guessing Postgre database table column's attributes using "atttypid" as a cloumn of system table 'pg_attribute'. This injection can be achieved in HTTP request URL and arguments. | |
| 30000070 - This signature prevents attackers from extracting Microsoft Access database sensitive information using system table "msysrelationships". This injection can be achieved in HTTP request URL and arguments. | |
| 30000071 - This signature prevents attackers from stopping processes using "xp_terminate" extend procedure. This injection can be achieved in HTTP request URL and arguments. | |
| 30000072 - This signature prevents attackers from extracting Oracle database sensitive information using system table "sys.user_tab_columns". This injection can be achieved in HTTP request URL and arguments. | |
| 30000073 - This signature prevents attackers from extracting "attnotnull" attribute related database information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000074 - This signature prevents attackers from extracting Microsoft Access database sensitive information using system table "msysobjects". This injection can be achieved in HTTP request URL and arguments. | |
| 30000075 - This signature prevents attackers from extracting Oracle database sensitive information using system table "sys.tab". This injection can be achieved in HTTP request URL and arguments. | |
| 30000076 - This signature prevents attackers from guessing fields string type by SQL "ascii()" function. This injection can be achieved in HTTP request URL and arguments. | |
| 30000077 - This signature prevents attackers from extracting Oracle database sensitive information using system table "sys.user_views". This injection can be achieved in HTTP request URL and arguments. | |
| 30000078 - This signature prevents attackers using sql query to get database information. This injection can be achieved in HTTP request URL and arguments. | |
| 30000079 - This signature prevents attackers from probing the information through bruteforce using "instr". This injection can be achieved in HTTP request URL and arguments. | |
| 30000080 - This signature prevents attackers using "tbcreator" to get DB2 database table information. This injection can be achieved in HTTP request URL and arguments. | |
| 30000081 - This signature prevents attackers from shutting down the SQL server using the "shutdown" command. This injection can be achieved in HTTP request URL and arguments. | |
| 30000082 - This signature prevents attackers from guessing table information using column name with "data_type". This injection can be achieved in HTTP request URL and arguments. | |
| 30000083 - This signature prevents attackers from getting the SQL server network information through "xp_ntsec" extend Stored Procedures. This injection can be achieved in HTTP request URL and arguments. | |
| 30000084 - This signature prevents attackers to get database information using the "union select" query. This injection can be achieved in HTTP request URL and arguments. | |
| 30000085 - This signature prevents attackers to add an item to a database table using "insert into". This injection can be achieved in HTTP request URL and arguments. | |
| 30000086 - This signature prevents attackers from using a sql query to get database table information. This injection can be achieved in HTTP request URL and arguments. | |
| 30000087 - This signature prevents attackers from deleting database tables using "drop". This injection can be achieved in HTTP request URL and arguments. | |
| 30000088 - This signature prevents attackers from getting the internal representation of any data type through the use of the "DUMP" command in Oracle. This injection can be achieved in HTTP request URL and arguments. | |
| 30000089 - This signature prevents attackers from extracting database version information using "@@version". This injection can be achieved in HTTP request URL and arguments. | |
| 30000090 - This signature prevents attackers from injecting data by modifying data type "sql_variant". This injection can be achieved in HTTP request URL and arguments. | |
| 30000091 - This signature prevents attackers from getting information using MSSQL database "openrowset" function. This injection can be achieved in HTTP request URL and arguments. | |
| 30000092 - This signature prevents attackers from gathering MSSQL database sensitive information of remote db-server by using "msdasql". This injection can be achieved in HTTP request URL and arguments. | |
| 30000093 - This signature prevents attackers malicious data deletion in tables using the command "delete from". This injection can be achieved in HTTP request URL and arguments. | |
| 30000094 - This signature prevents attackers to package N files to a cab file by using system stored procedure "dbo.xp_makecab". This injection can be achieved in HTTP request URL and arguments. | |
| 30000095 - This signature prevents attackers to get sensitive information by using "UTL_HTTP", which is a built-in Oracle SQL function that issues HTTP requests. This injection can be achieved in HTTP request URL and arguments. | |
| 30000096 - This signature prevents attackers to get sensitive information by using "TO_NUMBER", which is a built-in Oracle SQL function. This injection can be achieved in HTTP request URL and arguments. | |
| 30000097 - This rule prevents attackers from getting Mysql Database file information by using command "load data infile". This injection can be achieved in HTTP request URL and arguments. | |
| 30000098 - This signature prevents attackers from extracting Oracle database sensitive information using system table "sys.user_objects". This injection can be achieved in HTTP request URL and arguments. | |
| 30000099 - This signature prevents attackers from extracting MySQL database sensitive information using system table "mysql.user". This injection can be achieved in HTTP request URL and arguments. | |
| 30000100 - This signature prevents attackers from extracting Oracle database sensitive information using system table "user_tables". This injection can be achieved in HTTP request URL and arguments. | |
| 30000101 - This signature prevents attackers from extracting Oracle database sensitive information using system table "user_tab_columns". This injection can be achieved in HTTP request URL and arguments. | |
| 30000102 - This signature prevents attackers from getting Oracle Database file information using the "utl_file" package. This injection can be achieved in HTTP request URL and arguments. | |
| 30000103 - This signature prevents attackers from extracting Oracle database sensitive information using the system table "all_objects". This injection can be achieved in HTTP request URL and arguments. | |
| 30000104 - This signature prevents attackers from extracting Postgres SQL sensitive information using the system table "pg_class". This injection can be achieved in HTTP request URL and arguments. | |
| 30000105 - This signature prevents attackers from extracting DB2 database sensitive information using the system table "syscat". This injection can be achieved in HTTP request URL and arguments. | |
| 30000106 - This signature prevents attackers from guessing fields string types using SQL "substr()" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000107 - This signature prevents attackers from obtaining Oracle database system privileges. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000108 - This signature prevents attackers from probing SQL injection vulnerability in accessed page. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000109 - This signature prevents attackers from getting table information in databases by using "inner join" sql query. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000110 - This signature prevents attackers from getting the login security configuration information by using MSSQL extended stored procedure "xp_loginconfig". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000111 - This signature prevents attackers from getting information from databases by using "varchar" to build a sql query. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000112 - This signature prevents attackers from getting information from databases by using "nvarchar" to build a sql query. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000114 - This signature prevents attackers from getting information from databases by building a sql query. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000115 - This signature prevents attackers from getting information from databases by building sql query. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000116 - This signature prevents attackers from getting Oracle database information using the 'dbms_java' package. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000117 - This signature prevents attackers from getting Oracle or Mysql database information using the "to_char" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000118 - This signature prevents attackers from getting information from MSSQL database by using the "sp_sqlexec" system stored procedure. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000119 - This signature prevents attackers from getting global database variable information by building a sql query with "printf * @@". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000120 - This signature prevents attackers from getting MSSQL information by using the "xp_execresultset" extended stored procedure. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000121 - This signature prevents attackers from getting information from MSSQL database by using the "sp_execute" system stored procedure. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000122 - This signature prevents attackers from getting information from MSSQL database by using the "sp_prepare" system stored procedure. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000123 - This signature prevents attackers from getting Oracle database sensitive information using system view "user_constraints" which describes constraint definitions in tables in the current user's schema. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000124 - This signature prevents attackers to get sensitive information by using column "column_id" in system view "USER_TAB_COLUMNS" which describes the columns of the tables, views, and clusters owned by the current user. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000125 - This signature prevents attackers to guess MySql database "user_password" using system table"mb_users". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000126 - This signature prevents attackers to get MSSQL database sensitive user information by column "user_group" in system table "mb_user". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000127 - This signature prevents attackers to get Oracle database sensitive user information by using system table "user_users". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000128 - This signature prevents attackers from testing if the target server is vulnerable using a "COALESCE" test result. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000133 - This signature prevents attackers from probing string type of fields using the "locate()" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000134 - This signature prevents attackers from probing string type of fields using the "instr()" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000135 - This signature prevents attackers from injecting data by modifying data type "sql_longvarchar" . | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000136 - This signature prevents attackers from adding attack info through or via a statement. | |
| This injection can be achieved in HTTP url and HTTP arguments. | |
| 30000137 - This signature prevents attackers from getting table information in databases . | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000138 - This signature prevents attackers from getting table information in databases . | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000139 - This signature prevents attackers from retrieving database table information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000140 - This signature prevents attackers from changing database table information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000141 - This signature prevents attackers from changing database table information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000142 - This signature prevents attackers from creating database table information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000143 - This signature prevents attackers from guessing the database name. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000144 - This signature prevents attackers from executing database procedures. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000145 - This signature prevents attackers from retrieving sensitive information from the target host database through the "Case" operation. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000146 - This signature prevents attackers from probing sensitive information from the target host database using "waitfor" . | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000147 - This signature prevents attackers from using a SQL query to retrieve database information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000148 - This signature prevents attackers from executing command shell. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000149 - This signature prevents attackers from using a SQL query "like" to retrieve database information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000150 - This signature prevents attackers from probing sensitive information from the target host database using "pg_sleep" . | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000151 - This signature prevents attackers from using a SQL query "declare" to retrieve database information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000152 - This signature prevents attackers from using "load_file" to retrieve database information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000153 - This rule prevents attackers from getting privileges through "sp_addlogin". This injection can be achieved in HTTP request URL and arguments. | |
| 30000154 - This rule prevents attackers from getting privileges through "sp_addsrvrolemember". This injection can be achieved in HTTP request URL and arguments. | |
| 30000155 - This signature attackers prevents attackers from extracting sensitive information using" @@servername". This injection can be achieved in HTTP request URL and arguments. | |
| 30000156 - This signature prevents attackers from extracting sensitive information using"@@microsoftversion". This injection can be achieved in HTTP request URL and arguments. | |
| 30000157 - This signature prevents attackers from extracting Postgres SQL sensitive information using the system table "pg_group". This injection can be achieved in HTTP request URL and arguments. | |
| 30000158 - This signature prevents attackers from extracting Postgres SQL sensitive information using the system table "pg_shadow". This injection can be achieved in HTTP request URL and arguments. | |
| 30000159 - This signature prevents attackers from guessing fields string type using SQL"make_set()" function. This injection can be achieved in HTTP request URL and arguments. | |
| 30000160 - This signature prevents attackers from guessing fields string type using SQL"elt()" function. This injection can be achieved in HTTP request URL and arguments. | |
| 30000161 - This signature prevents attackers from probing sensitive information from the target host database using the "sleep" . | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000162 - This signature prevents attackers from probing sensitive information from the target host database using the "benchmark" . | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000163 - This signature prevents attackers from probing sensitive information from the target host database using the "sleep" function . | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000164 - This signature prevents attackers from probing sensitive information from the target host database using the "order by" . | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000165 - This signature prevents attackers from masking the injected code using "unhex" decoding. This injection can be achieved in HTTP request URL and arguments. | |
| 30000166 - This signature prevents attackers from probing sensitive information from the target host database using the "if()" or "mid()" . This injection can be achieved in HTTP request URL and arguments. | |
| 30000167 - This signature prevents attackers from adding attack info through or via a statement. | |
| This injection can be achieved in HTTP url and HTTP arguments. | |
| 30000168 - This signature prevents attackers malicious data deletion in tables using the command "drop". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000169 - This signature prevents attackers from getting Oracle database information using the 'utl_http.request' . | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000170 - This signature prevents attackers from alerting database column using "alert". This injection can be achieved in HTTP request URL and arguments. | |
| 30000171 - This signature prevents attackers from deleting database column using "drop". This injection can be achieved in HTTP request URL and arguments. | |
| 30000172 - This signature prevents attackers from sending a message on a socket using "sp_sendmsg" extend procedure. This injection can be achieved in HTTP request URL and arguments. | |
| 30000173 - This signature prevents attackers to get database information using the "updatexml()" query. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000174 - This signature prevents attackers to get database information using the "extractvalue()" query. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 30000175 - This signature prevents attackers from getting sensitive information by querying data through stored procedure "procedure analyse()". This injection can be achieved in HTTP request URL and arguments. | |
| 30000176 - This signature prevents attackers from extracting Oracle database sensitive information using system function "sys_context()". This injection can be achieved in HTTP request URL and arguments. | |
| 30000177 - This signature prevents attackers from extracting MySQL database sensitive information via "GeometryCollection()". This injection can be achieved in HTTP request URL and arguments. | |
| 30000178 - This signature prevents attackers from extracting MySQL database sensitive information via "polygon()". This injection can be achieved in HTTP request URL and arguments. | |
| 30000179 - This signature prevents attackers from extracting sensitive information from Oracle databases via "OWA_UTIL" Package. This injection can be achieved in HTTP request URL and arguments. | |
| 30000180 - This signature prevents attackers from extracting sensitive information from Oracle databases via "UTL_INADDR" Package. This injection can be achieved in HTTP request URL and arguments. | |
| 40000001 - This signature prevents attackers from extracting Oracle database sensitive information in system table "sys.user_catalog". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000002 - This signature prevents attackers from extracting database constraint information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000003 - This signature prevents attackers from extracting Oracle database sensitive information in system table "sys.user_tables". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000004 - This signature prevents attackers from extracting Microsoft Access database sensitive information in system table "msysqueries". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000005 - This signature prevents attackers from extracting Microsoft Access database sensitive information in system table "msysaces". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000006 - This signature prevents attackers from extracting sensitive information using "@@SPID"(server process id). | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000007 - This signature prevents attackers from guessing fields' string type using "charindex()" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000008 - This signature prevents attackers from extracting Oracle database sensitive information using system table "sys.all_tables". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000009 - This signature prevents attackers from extracting Oracle database information such as database type by probing system table "sys.user_constraints". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000010 - This signature prevents attackers from probing table and field named "user". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000011 - This signature prevents attackers from probing database information by SQL "waitfor delay" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000012 - This signature prevents attackers from writing any attack content into any kind of file, anywhere on the file system. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000013 - This signature prevents attackers from executing the query on the specified linked server to get sensitive information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000014 - This signature prevents attackers from deleting registry values. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000015 - This signature prevents attackers from guessing "attrelid" table column attributes in system table "pg_attribute" which is used to label table's id in Postgre database. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000016 - This signature prevents attackers from masquerading the injected code using "cast" decoding. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000017 - This signature prevents attackers from getting Postgre database character position in columns by using the function "textpos". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000018 - This signature prevents attackers from guessing Postgre database column attributes in system table "pg_attribute". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000019 - This signature prevents attackers from guessing characters by using the function "substring". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000020 - This signature prevents attackers to guess MSSQL database filegroups information in system table "sysfilegroups". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000021 - This signature prevents attackers to guess MSSQL database column information in system table "syscolumns". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000022 - This signature prevents attackers to guess MSSQL database sysobjects information in system table "sysobjects". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000023 - This signature prevents attackers to get Oracle database object type information by "object_type" in system table 'dba_objects'. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000024 - This signature prevents attackers to get Oracle database object id by "object_id" in system table "dba_objects". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000025 - This signature prevents attackers from getting server subdirectory and depth. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000026 - This signature prevents attackers from getting sensitive information by accessing the registry through "Xp_regenumkeys" stored procedure. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000027 - This signature prevents attackers from using a SQL injection attack to inject the "xp_filelist" command. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000028 - This signature prevents attackers from using dynamic SQL string generated in some applications executed using "sp_executesql" stored procedure. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000029 - This signature prevents attackers from getting sensitive information through the "ifnull" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000030 - This signature prevents attackers from writing attack content into files anywhere on the file system. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000031 - This signature prevents attackers using the "xp_cmdshell" extended stored procedure in MSSQL to execute command shell on the server. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000032 - This signature prevents attackers from writing attack information through "sp_makewebtask". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000033 - This signature prevents attackers from getting admin privilege through "dbo". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000034 - This signature prevents attackers from injecting PL/SQL statements through "autonomous_transaction" . | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000035 - This signature prevents attackers from getting sensitive information through the default "db_users" table. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000036 - This signature prevents attackers using the "xp_regwrite" extended stored procedure in MSSQL to add a new value to registry. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000037 - This signature prevents attackers from raising privileges through "sp_oacreate". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000038 - This signature prevents attackers from getting registry information through "xp_regenumvalues" . | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000039 - This signature prevents attackers from getting table row information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000040 - This signature prevents attackers from getting database sensitive information through BOOL operation. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000041 - This signature prevents attackers using the "xp_regaddmultistring" extended stored procedure in MSSQL to add a new multistring value to the registry. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000042 - This signature prevents attackers from probing for SQL Injection vulnerabilities. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000043 - This signature prevents attackers from using the "xp_regremovemultistring" extended stored procedure in MSSQL to remove a multistring value in the registry. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000044 - This signature prevents attackers from getting senstive information from the target host database through the "Top" operation. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000045 - This signature prevents attackers from using the "xp_regdeletekey" extended stored procedure in MSSQL to remove a key in the registry. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000046 - This signature prevents attackers from using the "xp_regread" extended stored procedure in MSSQL to read a key value in the registry. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000047 - This signature prevents attackers from using the "xp_enumdsn" extended stored procedure in MSSQL to get dsn information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000048 - This signature prevents attackers from using the "xp_availablemedia" extended stored procedure in MSSQL to get driver information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000049 - This signature prevents attackers from probing senstive information from target host database through "delay" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000050 - This signature prevents attackers from guessing table length from target host database through "length" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000051 - This signature prevents attackers from injecting attack content through "sqloledb" provider. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000052 - This signature prevents attackers from adding extended stored procedure through "sp_addextendedproc". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000053 - This signature prevents attackers from probing the admin privilege through the default "sa" administrator. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000054 - This signature prevents attackers from guessing Oracle database objects in system table "user_objects". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000055 - This signature prevents attackers from guessing MSSQL database objects in system table sysobjects with "xtype" attribute. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000056 - This signature prevents attackers from extracting Microsoft Access database information like database type by probing system table "msyscolumns". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000057 - This signature prevents attackers from guessing MySQL database "column_name" with INFORMATION_SCHEMA.COLUMNS. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000058 - This signature prevents attackers from guessing attributes from DB2 database "sysibm" owner. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000059 - This signature prevents attackers from guessing Oracle Database column and table by using system table "user_ind_columns". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000060 - This signature prevents attackers from guessing field string types using SQL "substring()" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000061 - This signature prevents attackers from guessing key MSSQL Database process information using system table "sysprocesses". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000062 - This signature prevents attackers from guessing key MySQL Database user information by using system table "mb_users". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000063 - This signature prevents attackers from guessing MySQL database "table_name" by using system table "INFORMATION_SCHEMA.TABLES". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000064 - This signature prevents attackers from guessing key Informix database information by using system table "systables". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000065 - This signature prevents attackers to get Oracle database object name by using "object_name" in system table "dba_objects". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000066 - This signature prevents Blind SQL injection attacks using "ROWNUM" in Oracle. "ROWNUM" is an Oracle pseudo column which numbers the rows in a result set. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000067 - This signature prevents attackers from extracting sensitive Oracle database information using system table "sys.user_triggers". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000068 - This signature prevents attackers from guessing key Informix database information of constraints by using system table "sysconstraints". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000069 - This signature prevents attackers from guessing Postgre database table column's attributes using "atttypid" as a column of system table "pg_attribute". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000070 - This signature prevents attackers from extracting sensitive Microsoft Access database information from system table "msysrelationships". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000071 - This signature prevents attackers from stopping processes through "xp_terminate" extended procedure. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000072 - This signature prevents attackers from extracting sensitive Oracle database information from system table "sys.user_tab_columns". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000073 - This signature prevents attackers from extracting "attnotnull" attribute related database information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000074 - This signature prevents attackers from extracting sensitive Microsoft Access database information from system table "msysobjects". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000075 - This signature prevents attackers from extracting sensitive Oracle database information from system table "sys.tab". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000076 - This signature prevents attackers from guessing string type of fields using SQL "ascii()" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000077 - This signature prevents attackers from extracting sensitive Oracle database information from system table "sys.user_views". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000078 - This signature prevents attackers from using a SQL query to get database information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000079 - This signature prevents attackers from probing for information through bruteforce using "instr" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000080 - This signature prevents attackers using "tbcreator" to get DB2 database table information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000081 - This signature prevents attackers from shutting down the SQL server through the "shutdown" command. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000082 - This signature prevents attackers from guessing table information by using column name with "data_type". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000083 - This signature prevents attackers from getting the SQL server network information through "xp_ntsec" extended Stored Procedure. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000084 - This signature prevents attackers from using "union select" query to get database information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000085 - This signature prevents attackers from using "insert into" to add an item to database tables. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000086 - This signature prevents attackers from using a SQL query to get database table information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000087 - This signature prevents attackers from using the "drop" operation to delete a database table. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000088 - This signature prevents attackers from getting the internal representation of any data type by using the Oracle DUMP command. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000089 - This signature prevents attackers from extracting database version information using "@@version". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000090 - This signature prevents attackers from injecting data by modifying data type "sql_variant". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000091 - This signature prevents attackers from using the "openrowset" function to get MSSQL database information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000092 - This signature prevents attackers from gathering sensitive MSSQL database information using "msdasql". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000093 - This signature prevents attackers from deleting table data maliciously by using the command "delete from". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000094 - This signature prevents attackers to package N files to a cab file by using MSSQL database system stored procedure "dbo.xp_makecab". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000095 - This signature prevents attackers to get sensitive information by using "UTL_HTTP "which is a built-in Oracle SQL function that issues HTTP requests. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000096 - This signature prevents attackers to get sensitive information by using "TO_NUMBER", which is a built-in Oracle SQL function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000097 - This signature prevents attackers from getting Mysql database file information by using the command "load data infile". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000098 - This signature prevents attackers from extracting sensitive Oracle database information from system table "sys.user_objects". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000099 - This signature prevents attackers from extracting sensitive MySQL database information from system table "mysql.user". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000100 - This signature prevents attackers from extracting sensitive Oracle database information from system table "user_tables". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000101 - This signature prevents attackers from extracting sensitive Oracle database information from system table "user_tab_columns". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000102 - This signature prevents attackers from getting Oracle database file information by using the "utl_file" package. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000103 - This signature prevents attackers from extracting sensitive Oracle database information from system table "all_objects". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000104 - This signature prevents attackers from extracting sensitive Postgres SQL information from system table "pg_class". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000105 - This signature prevents attackers from extracting sensitive DB2 database information from system table "syscat". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000106 - This signature prevents attackers from guessing string type of fields by SQL "substr()" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000107 - This signature prevents attackers from obtaining Oracle database system privileges. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000108 - This signature prevents attackers from probing for SQL injection vulnerabilities. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000109 - This signature prevents attackers from getting database table information by using the "inner join" SQL query. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000110 - This signature prevents attackers from getting the MSSQL login security configuration information by using the extended stored procedure "xp_loginconfig". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000111 - This signature prevents attackers from getting database information by using "varchar" to build a SQL query. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000112 - This signature prevents attackers from getting database information by using "nvarchar" to build a SQL query. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000114 - This signature prevents attackers from getting database information by building a SQL query. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000115 - This signature prevents attackers from getting database information by building a SQL query. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000116 - This signature prevents attackers from getting Oracle database information by using the "dbms_java" package. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000117 - This signature prevents attackers from getting Oracle or Mysql database information by using the function "to_char". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000118 - This signature prevents attackers from getting information from MSSQL databases by using the "sp_sqlexec" system stored procedure. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000119 - This signature prevents attackers from getting global database variable information by building a SQL query with"printf * @@" | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000120 - This signature prevents attackers from getting MSSQL database information by using the "xp_execresultset" extended stored procedure. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000121 - This signature prevents attackers from getting MSSQL database information by using the "sp_execute" system stored procedure. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000122 - This signature prevents attackers from getting MSSQL database information by using the "sp_prepare" system stored procedure. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000123 - This signature prevents attackers to get sensitive Oracle database information using system view "user_constraints". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000124 - This signature prevents attackers to get sensitive information by using 'column_id' in system view "USER_TAB_COLUMNS". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000125 - This signature prevents attackers to guess MySql database 'user_password' using system table "mb_users". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000126 - This signature prevents attackers to get sensitive MSSQL database user information by column "user_group" in system table "mb_user". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000127 - This signature prevents attackers to get sensitive Oracle database user information using system table "user_users". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000128 - This signature prevents attackers from testing for vulnerabilities in the target server through "COALESCE" test result. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000129 - This signature prevents attackers from testing for vulnerabilities in the target server through server response time. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000130 - This signature prevents attackers from testing for vulnerabilities in the target server through server response time. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000131 - This signature prevents attackers from testing for vulnerabilities in the target database server through multiple SQL manipulations to gain sensitive informations. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000132 - This signature prevents attackers from testing for vulnerabilities in the target database server through multiple SQL manipulations to gain sensitive informations. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000133 - This signature prevents attackers from probing field string types using "locate()" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000134 - This signature prevents attackers from probing field string types using "instr()" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000135 - This signature prevents attackers from injecting data by modifying data type "sql_longvarchar" . | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000136 - This signature prevents attackers to inject the SQL DataBase by using '--' or '#' which is SQL grammar for notes. | |
| This injection can be achieved in HTTP arguments. | |
| 40000137 - This signature prevents attackers from injecting the SQL DataBase by using ''' or '"' which is used to construct a variational string. | |
| This injection can be achieved in HTTP arguments. | |
| 40000138 - This signature prevents attackers to inject the SQL DataBase by using || or &&, xor which be used for construct variational string. | |
| This injection can be achieved in HTTP arguments. | |
| 40000139 - This signature prevents attackers to inject the SQL DataBase by using "order by". | |
| This injection can be achieved in HTTP arguments. | |
| 40000140 - This signature prevents attackers to inject the SQL DataBase by using "quote". | |
| This injection can be achieved in HTTP arguments. | |
| 40000141 - This signature prevents attackers from injecting SQL Databases using "\*". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000142 - This signature prevents attackers to inject the SQL DataBase by using "*/". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000143 - This signature prevents attackers from guessing the database name. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000144 - This signature prevents attackers from executing database procedures. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000145 - This signature prevents attackers from retrieving sensitive information from the target host database through the "Case" operation. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000146 - This signature prevents attackers from probing sensitive information from the target host database using "waitfor" . | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000147 - This signature prevents attackers from using a SQL query to retrieve database information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000148 - This signature prevents attackers from executing command shell. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000149 - This signature prevents attackers from using a SQL query "like" to retrieve database information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000150 - This signature prevents attackers from probing sensitive information from the target host database using "pg_sleep" . | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000151 - This signature prevents attackers from using a SQL query "declare" to retrieve database information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000152 - This signature prevents attackers from using "load_file" to retrieve database information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000153 - This rule prevents attackers from getting privileges through "sp_addlogin". This injection can be achieved in HTTP request URL and arguments. | |
| 40000154 - This rule prevents attackers from getting privileges through "sp_addsrvrolemember". This injection can be achieved in HTTP request URL and arguments. | |
| 40000155 - This signature prevents attackers from extracting sensitive information using" @@servername". This injection can be achieved in HTTP request URL and arguments. | |
| 40000156 - This signature prevents attackers from extracting sensitive information using"@@microsoftversion". This injection can be achieved in HTTP request URL and arguments. | |
| 40000157 - This signature prevents attackers from extracting Postgres SQL sensitive information using the system table "pg_group". This injection can be achieved in HTTP request URL and arguments. | |
| 40000158 - This signature prevents attackers from extracting Postgres SQL sensitive information using the system table "pg_shadow". This injection can be achieved in HTTP request URL and arguments. | |
| 40000159 - This signature prevents attackers from adding attack info through or via a statement. | |
| This injection can be achieved in HTTP url and HTTP arguments. | |
| 40000160 - This signature prevents attackers from masking the injected code using "unhex" decoding. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000161 - This signature prevents attackers from probing sensitive information from the target host database using the "if()" or "mid()" . | |
| This injection can be achieved in HTTP headers, HTTP request URL and arguments. | |
| 40000162 - This signature prevents attackers malicious data deletion in tables using the command "drop". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000163 - This signature prevents attackers from probing SQL injection vulnerability in accessed page. | |
| This injection can be achieved in HTTP request URL and arguments | |
| 40000164 - This signature prevents attackers from creating database table information. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000165 - This signature prevents attackers from getting Oracle database information by using the "utl_http.request'. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 40000166 - This signature prevents attackers from alerting database column using "alert". This injection can be achieved in HTTP request URL and arguments. | |
| 40000167 - This signature prevents attackers from deleting database column using "drop". This injection can be achieved in HTTP request URL and arguments. | |
| 40000168 - This signature prevents attackers from sending a message on a socket using "sp_sendmsg" extend procedure. This injection can be achieved in HTTP request URL and arguments. | |
| 40000169 - This signature prevents attackers to get database information using the "updatexml()" query. | |
| This injection can be achieved in HTTP request URL, arguments and headers. | |
| 40000170 - This signature prevents attackers to get database information using the "extractvalue()" query. | |
| This injection can be achieved in HTTP request URL, arguments and headers. | |
| 40000171 - This signature prevents attackers from getting sensitive information by querying data through stored procedure "procedure analyse()". This injection can be achieved in HTTP request URL , arguments and HTTP headers. | |
| 40000172 - This signature prevents attackers from extracting Oracle database sensitive information using system function "sys_context()". This injection can be achieved in HTTP request URL, arguments and headers. | |
| 40000173 - This signature prevents attackers from extracting MySQL database sensitive information via "GeometryCollection()". This injection can be achieved in HTTP request URL , request arguments and headers. | |
| 40000174 - This signature prevents attackers from extracting MySQL database sensitive information via "polygon()". This injection can be achieved in HTTP request URL, request arguments and headers. | |
| 40000175 - This signature prevents attackers from extracting sensitive information from Oracle databases via "OWA_UTIL" Package. This injection can be achieved in HTTP request URL , request arguments and headers. | |
| 40000176 - This signature prevents attackers from extracting sensitive information from Oracle databases via "UTL_INADDR" Package. This injection can be achieved in HTTP request URL , request arguments and headers. | |
| 50010001 - This signature prevents attackers from accessing OS commands. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50020001 - This signature prevents attackers from performing "ColdFusion" injection attacks by using undocumented ColdFusion admin functions and tags. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50030001 - This signature prevents attackers from performing LDAP Injection attacks. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050001 - This signature prevents attackers from performing Command Injection attacks. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050002 - This signature prevents attackers from performing Command Injection attacks. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050003 - This signature prevents attackers from performing Command Injection attacks. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050004 - This signature prevents attackers from performing Command Injection attacks using "ls"system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050005 - This signature prevents attackers from performing Command injection attacks using "passwd" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050006 - This signature prevents attackers from performing Command Injection attacks using "rm" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050007 - This signature prevents attackers from performing Command Injection attacks using "finger" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050008 - This signature prevents attackers from performing Command Injection attacks - using "echo" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050009 - This signature prevents attackers from performing Command Injection attacks using "kill" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050010 - This signature prevents attackers from performing Command Injection attacks using "chsh" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050011 - This signature prevents attackers from performing Command Injection attacks using "ping" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050012 - This signature prevents attackers from performing Command injection attacks using "TCL" reading commands. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050013 - This signature prevents attackers from performing Command access attacks for server scanning. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050014 - This signature prevents attackers from performing Command injection attacks using "ftp" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050015 - This signature prevents attackers from performing Command Injection attacks using "perl" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050016 - This signature prevents attackers from performing Command Injection attacks using "echo" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050017 - This signature prevents attackers from performing Command Injection attacks using the 'telnet' command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050018 - This signature prevents attackers from performing Command Injection attacks using "chmod" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050019 - This signature prevents attackers from performing Command Injection attacks using "wguest.exe" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050020 - This signature prevents attackers from performing Command injection attacks using "net.exe" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050021 - This signature prevents attackers from performing Command Injection attacks using "g++" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050022 - This signature prevents attackers from performing Command Injection attacks using "nasm" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050023 - This signature prevents attackers from performing Command Injection attacks using "traceroute" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050024 - This signature prevents attackers from performing Command Injection attacks using "tracert" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050025 - This signature prevents attackers from performing Command Injection attacks using "nmap" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050026 - This signature prevents attackers from performing Command Injection attacks using "lsof" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050027 - This signature prevents attackers from performing Command Injection attacks using "id" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050028 - This signature prevents attackers from performing Command Injection attacks by using "chgrp" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050029 - This signature prevents attackers from performing Command Injection attacks using "cd" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050030 - This signature prevents attackers from performing Command Injection attacks using "cmd.exe" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050031 - This signature prevents attackers from performing Command Injection attacks using "mail" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050032 - This signature prevents attackers from performing Command Injection attacks using "tclsh" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050033 - This signature prevents attackers from performing Command Injection attacks using "gcc" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050034 - This signature prevents attackers from performing Command Injection attacks using "ps" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050035 - This signature prevents attackers from performing Command Injection attacks using "ftp.exe" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050036 - This signature prevents attackers from performing Command Injection attacks by using "telnet.exe" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050037 - This signature prevents attackers from performing Command Injection attacks by using "echo" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050038 - This signature prevents attackers from performing Command Injection attacks by using "chmod" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050039 - This signature prevents attackers from performing Command Injection attacks by using "cmd" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050040 - This signature prevents attackers from performing Command Injection attacks by using "tftp" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050041 - This signature prevents attackers from performing Command Injection attacks by using "cmd" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050042 - This signature prevents attackers from performing Command Injection attacks. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050043 - This signature prevents attackers from performing Command Injection attacks using the "uname" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050044 - This signature prevents attackers from performing Command Injection attacks using the "cpp" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050045 - This signature prevents attackers from performing Command Injection attacks using the "nc" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050046 - This signature prevents attackers from performing Command Injection attacks using the "nc.exe" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050047 - This signature prevents attackers from performing Command Injection attacks using the "cmd32" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050048 - This signature prevents attackers from performing Command Injection attacks using "wsh.exe" to run scripts. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050049 - This signature prevents attackers from performing Command Injection attacks using the "xterm" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50050050 - This signature prevents attackers from adding attack info through directory injection. | |
| This injection can be achieved in HTTP url. | |
| 50050051 - This signature prevents attackers from injecting attack info from shellcode. | |
| This injection can be achieved in HTTP header and arguments. | |
| 50050052 - This signature prevents attackers from performing Command injection attacks using some system commands. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50060001 - This rule prevents the attacker from using session fixation through set session id in persistent cookie. | |
| This attack can be achieved in HTTP request URL and parameter. | |
| 50060002 - This rule prevents the attacker from session fixation through set session id in domain cookie. | |
| This attack can be achieved in HTTP request URL and parameter. | |
| 50060003 - This rule prevents the attacker from session fixation through set session id in" <meta>" tag. | |
| This attack can be achieved in HTTP request URL and parameter. | |
| 50070001 - This signature prevents attackers from performing File Injection attacks - get "boot" information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50070002 - This signature prevents attackers from performing File Injection attacks - get "config "information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50070003 - This signature prevents attackers from performing File Injection attacks - get apache "direction" config information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50070004 - This signature prevents attackers from performing File Injection attacks - get apache "password" information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50070005 - This signature prevents attackers from performing File Injection attacks - get apache "config" information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50070006 - This signature prevents attackers from performing File Injection attacks - get "asp global" information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50070007 - This signature prevents attackers from performing File Injection attacks - get apache "access control" list information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50070008 - This signature prevents attackers from performing File Injection attacks - get apache access control list information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50070009 - This signature prevents attackers from performing File Injection attacks - get apache "authentication group" information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50070010 - This signature prevents attackers from performing File Injection attacks retrieving password information. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50070011 - This signature prevents attackers from performing File Injection attacks retrieving group information. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50080001 - This signature prevents attackers modifying php session info. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50080002 - This signature prevents attackers modifying php url argument info which is in php inner code. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50080003 - This signature prevents attackers opening an inner file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50080004 - This signature prevents attackers viewing file content. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50080005 - This signature prevents attackers viewing file content. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50080006 - This signature prevents attackers moving web server files to external ftp servers. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50080007 - This signature prevents attackers moving web server files to external ftp servers. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50080008 - This signature prevents attackers moving web server files to external ftp servers. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50080009 - This signature prevents attackers uploading external ftp files to web the server. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50080010 - This signature prevents attackers reading or writing a bzip2 (.bz2) file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50080011 - This signature prevents attackers reading or writing a gzip (.gz) file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50080012 - This signature prevents attackers moving a posted file to a new position. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50080013 - This signature prevents attackers to inject malicious PHP code using "fwrite" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080014 - This signature prevents attackers from getting unauthorized PHP resources using "fread" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080015 - This signature prevents attackers from getting unauthorized PHP resources using "fscanf" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080016 - This signature prevents attackers from getting unauthorized PHP resources using "fgets" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080017 - This signature prevents attackers from reading unauthorized PHP file using "readfile" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080018 - This signature prevents attackers to read file list of specail PHP directory using "readdir" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080019 - This signature prevents attackers to scan special PHP directory using "scandir" function. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080020 - This signature prevents attackers to send PHP resource to FTP server. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080021 - This signature prevents attackers to install malicious code in PHP web server downloaded from FTP Server. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080022 - This signature prevents attackers to install malicious code downloaded from FTP Server to the PHP web server. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080023 - This signature prevents attackers to install the malicious code downloaded from FTP Server to the PHP web server. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080024 - This signature prevents attackers to read gz-format information by using the function "gzread". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080025 - This signature prevents attackers to inject malicious code to PHP web servers by using the function "gzwrite". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080026 - This signature prevents attackers to read gz format files in PHP web servers by using "readgzfile". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080027 - This signature prevents attackers to inject malicious code in gz format to PHP web servers. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080028 - This signature prevents attackers to inject PHP web servers by using "proc_open" to bypass safe_mode restrictions and get access to any file accessible for apache uid. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080029 - This signature prevents attackers to modify the inner session information to get additional unauthorized resource. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080030 - This signature prevents attackers to skip data restrictions and post illegal data. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080031 - This signature prevents attackers from running and prossesing their own hacking functions. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080032 - This signature prevents attackers to compress malicious messages. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080033 - This signature prevents attackers to inject malicious code into PHP web servers. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 50080034 - This signature prevents attackers from using "passhru" function in PHP. | |
| This injection can be achieved in HTTP url and HTTP arguments. | |
| 50080035 - This signature prevents attackers from using phpinfo function in PHP. | |
| This injection can be achieved in HTTP url and HTTP arguments. | |
| 50080036 - This signature prevents attackers modifying php url argument info by "allow_url_include= ". | |
| This attack can be achieved in HTTP request url and arguments. | |
| 50080037 - This signature prevents attackers modifying php url argument info by "safe_mode= ". | |
| This attack can be achieved in HTTP request url and arguments. | |
| 50080038 - This signature prevents attackers modifying php url argument info by "suhosin.simulation= ". | |
| This attack can be achieved in HTTP request url and arguments. | |
| 50080039 - This signature prevents attackers modifying php url argument info by "disable_functions= ". | |
| This attack can be achieved in HTTP request url and arguments. | |
| 50080040 - This signature prevents attackers modifying php url argument info by "open_basedir= ". | |
| This attack can be achieved in HTTP request url and arguments. | |
| 50080041 - This signature prevents attackers modifying php url argument info by "php://input ". | |
| This attack can be achieved in HTTP request url and arguments. | |
| 50080042 - This signature prevents attackers from injecting malicious code to PHP web pages via "php://filter". This attack can be achieved in HTTP request url. | |
| 50090001 - This signature prevents attackers from performing SSI Injection attacks via common server-site include vulnerability . | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50100001 - This signature prevents attackers from performing UPDF Cross-site scripting attacks via PDF universal Acrobat Reader XSS vulnerability. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50110001 - This signature prevents attackers from performing Email injection attacks by adding" <LF> "character in email header. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50130001 - This signature prevents attackers from performing HTTP response splitting attacks by submitting strings containing "\r\n". | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50130002 - This signature prevents attackers from performing HTTP response splitting attacks by submitting strings containing" HTTP tab". | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50130003 - This signature prevents Acunetix Scanner from injecting custom HTTP headers by submitting strings containing "\r\n". | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50140001 - This signature prevents attackers from performing RFI attacks to include a malicious code from a remote IP. | |
| This attack can be achieved in arguments. | |
| 50140002 - This signature prevents attackers from performing RFI attacks to include a malicious code from a remote resource using PHP "include()" function. | |
| This attack can be achieved in arguments. | |
| 50140003 - This signature prevents attackers from performing RFI attacks to include a malicious code from a remote resource. | |
| This attack can be achieved in arguments. | |
| 50140004 - This signature prevents attackers from performing RFI attacks to include a malicious code from a URL link. | |
| This attack can be achieved in arguments. | |
| 50140005 - This signature prevents attackers from exploiting a vulnerability to include an arbitrary remote file with malicious PHP code and executing it in the context of the webserver process. | |
| This attack can be achieved in HTTP request arguments. | |
| 50140006 - This signature prevents attackers from executing arbitrary PHP code via a URL in the "AMG_serverpath" parameter. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 50150001 - This signature prevents attacks using " " terminate statement. | |
| This injection can be achieved in HTTP arguments. | |
| 50150002 - This signature prevents attacks using logs. | |
| This injection can be achieved in HTTP url and HTTP arguments. | |
| 50150003 - This signature prevents attacks using maillog. | |
| This injection can be achieved in HTTP url and HTTP arguments. | |
| 50160001 - This signature prevents information disclosure. | |
| This injection can be achieved in HTTP url. | |
| 50160002 - This signature prevents disclosure through translate headers. | |
| This injection can be achieved in HTTP header names. | |
| 50160003 - This signature prevents attackers from getting IIS server information through tilde (~) character . | |
| This injection can be achieved in HTTP request URL . | |
| 50160004 - This signature prevents attackers from downloading the database file and obtaining user names and passwords via a direct request for "zHk8dEes3.txt". | |
| This attack can be achieved in HTTP request URL. | |
| 50170001 - This signature prevents java methond injection attack . | |
| This injection can be achieved in HTTP arguments. | |
| 50180001 - This signature prevents attackers from accessing restricted directories and executing commands outside of the web server's root directory. This attack can be archived in HTTP arguments. | |
| 60010001 - This signature prevents attackers from using OS commands. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60010002 - This signature prevents attackers from using OS commands by exploiting /level/$NUMBER/exec/ in Cisco IOS HTTP Configuration. This attack can be achieved in HTTP request URL . | |
| 60010011 - This signature prevents attackers running OS commands exploiting ovWebHelp.exe in HP OpenView Network Node Manager | |
| This attack can be achieved in HTTP request URL . | |
| 60010012 - This signature prevents attackers from running OS commands by the test-cgi.bat request in apache . | |
| This attack can be achieved in HTTP request URL . | |
| 60010013 - This signature prevents attackers from running OS commands exploiting II5.0 heap stack. | |
| This attack can be achieved in HTTP request URL . | |
| 60020001 - This signature prevents attackers from performing ColdFusion injection by using undocumented "ColdFusion" admin functions and tags. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60030001 - This signature prevents attackers from performing LDAP Injection attacks. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050001 - This rule can prevent the attacker from Command Injection attacks. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050002 - This signature prevents attackers from performing Command Injection attacks. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050003 - This signature prevents attackers from performing Command Injection attacks. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050004 - This signature prevents attackers from performing Command Injection attacks using "ls" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050005 - This signature prevents attackers from performing Command injection attacks using "passwd" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050006 - This signature prevents attackers from performing Command Injection using "rm" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050007 - This signature prevents attackers from performing Command Injection attacks using "finger" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050008 - This signature prevents attackers from performing Command Injection attacks using "echo" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050009 - This signature prevents attackers from performing Command Injection attacks using "kill" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050010 - This signature prevents attackers from performing Command Injection attacks using "chsh" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050011 - This signature prevents attackers from performing Command Injection attacks using "ping" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050012 - This signature prevents attackers from performing Command injection attacks used for reading "Tcl" commands. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050013 - This signature prevents attackers from performing Command access attacks used for server scanning. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050014 - This signature prevents attackers from performing Command injection attacks using "ftp" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050015 - This signature prevents attackers from performing Command Injection attacks using "perl" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050016 - This signature prevents attackers from performing Command Injection attacks "echo" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050017 - This signature prevents attackers from performing Command Injection attacks using "telnet" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050018 - This signature prevents attackers from performing Command Injection attacks using the "chmod" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050019 - This signature prevents attackers from performing Command Injection attacks using the "wguest.exe" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050020 - This signature prevents attackers from performing Command injection attacks using the "net.exe" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050021 - This signature prevents attackers from performing Command Injection attacks using the "g++" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050022 - This signature prevents attackers from performing Command Injection attacks using the "nasm" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050023 - This signature prevents attackers from performing Command Injection attacks using the "traceroute" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050024 - This signature prevents attackers from performing Command Injection attacks using the "tracert" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050025 - This signature prevents attackers from performing Command Injection attacks using the "nmap" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050026 - This signature prevents attackers from performing Command Injection attacks using the "lsof" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050027 - This signature prevents attackers from performing Command Injection attacks using the "id" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050028 - This signature prevents attackers from performing Command Injection attacks using "chgrp" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050029 - This signature prevents attackers from performing Command Injection attacks using "cd" system command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050030 - This signature prevents attackers from performing Command Injection attacks using "cmd.exe" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050031 - This signature prevents attackers from performing Command Injection attacks using "mail" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050032 - This signature prevents attackers from performing Command Injection attacks using "tclsh" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050033 - This signature prevents attackers from performing Command Injection attacks using "gcc" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050034 - This signature prevents attackers from performing Command Injection attacks using "ps" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050035 - This signature prevents attackers from performing Command Injection attacks using "ftp.exe" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050036 - This signature prevents attackers from performing Command Injection attacks using "telnet.exe"command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050037 - This signature prevents attackers from performing Command Injection attacks using "echo" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050038 - This signature prevents attackers from performing Command Injection attacks using "chmod" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050039 - This signature prevents attackers from performing Command Injection attacks using "cmd" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050040 - This signature prevents attackers from performing Command Injection attacks using "tftp" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050041 - This signature prevents attackers from performing Command Injection attacks using "cmd" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050042 - This signature prevents attackers from performing Command Injection attacks. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050043 - This signature prevents attackers from performing Command Injection attacks using "uname" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050044 - This signature prevents attackers from performing Command Injection attacks using "cpp" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050045 - This signature prevents attackers from performing Command Injection attacks using "nc" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050046 - This signature prevents attackers from performing Command Injection attacks using "nc.exe" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050047 - This signature prevents attackers from performing Command Injection attacks using "cmd32" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050048 - This signature prevents attackers from performing Command Injection attacks using "wsh.exe" to run scripts. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050049 - This signature prevents attackers from performing Command Injection attacks using "xterm" command. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050051 - This signature protects against Command Injection attacks | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60050052 - This signature prevents attackers from performing Command Injection attacks using the "net user" system command. | |
| This attack can be achieved in HTTP arguments. | |
| 60050053 - This signature protects against Command Injection attacks. | |
| This attack can be achieved in HTTP request arguments. | |
| 60050054 - This signature protects against Command Injection attacks. | |
| This attack can be achieved in HTTP request arguments. | |
| 60060001 - This signature prevents attackers from seesion fixation through set session id in persistent cookies. | |
| This attack can be achieved in HTTP request URL and parameter. | |
| 60060002 - This signature prevents attackers from seesion fixation through set session id in domain cookie. | |
| This attack can be achieved in HTTP request URL and parameter. | |
| 60060003 - This signature prevents attackers from seesion fixation through set session id in "<meta>" tag. | |
| This attack can be achieved in HTTP request URL and parameter. | |
| 60070001 - This signature prevents attackers from performing File Injection attacks retrieving boot information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60070002 - This signature prevents attackers from performing File Injection attacks using get config information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60070003 - This signature prevents attackers from performing File Injection attacks retrieving apache direction config information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60070004 - This signature prevents attackers from performing File Injection attacks retrieving apache password information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60070005 - This signature prevents attackers from performing File Injection attacks retrieving apache config information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60070006 - This signature prevents attackers from performing File Injection attacks retrieving asp global information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60070007 - This signature prevents attackers from performing File Injection attacks retrieving apache access control list information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60070008 - This signature prevents attackers from performing File Injection attacks retrieving apache access control list information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60070009 - This signature prevents attackers from performing File Injection attacks retrieving apache authentication group information from a file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60080001 - This signature prevents attackers modifying php session info. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60080002 - This signature prevents attackers modifying php url argument. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60080003 - This signature prevents attackers from opening an inner file. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60080004 - This signature prevents attackers from watching file content. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60080005 - This signature prevents attackers from watching file content. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60080006 - This signature prevents attackers from transferring web server files to a remote ftp server. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60080007 - This signature prevents attackers from transferring web server files to a remote ftp server. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60080008 - This signature prevents attackers from transferring web server files to a remote ftp server. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60080009 - This signature prevents attackers from transferring ftp files to the web server using ftp. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60080010 - This signature prevents attackers opening a bzip2 (.bz2) file for reading or writing to the destination web server. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60080011 - This signature prevents attackers opening a gzip (.gz) file for reading or writing to the destination web server. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60080012 - This signature prevents attackers moving a posted file to a new position. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60080013 - This signature prevents attackers to inject malicious code in PHP web server using the function "fwrite". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080014 - This signature prevents attackers from getting unauthorized PHP web server resources using 'fread'. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080015 - This signature prevents attackers from getting unauthorized PHP web server resources using function "fscanf". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080016 - This signature prevents attackers from getting unauthorized PHP web server resources using "fgetss". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080017 - This signature prevents attackers from reading unauthorized PHP server file using function "readfile". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080018 - This signature prevents attackers to get PHP web server files using the function "readdir". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080019 - This signature prevents attackers to scan PHP web server using the function "scandir". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080020 - This signature prevents attackers to send PHP web server resourceto an FTP server. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080021 - This signature prevents attackers to install malicious code downloaded from an FTP server to a PHP web server. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080022 - This signature prevents attackers to install malicious code downloaded from an FTP Server to a PHP web server. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080023 - This signature prevents attackers to install malicious code downloaded from an FTP Server to a PHP web server. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080024 - This signature prevents attackers to read ga format information in PHP web servers using function "gzread". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080025 - This signature prevents attackers to inject malicious code to PHP web servers using function "gzwrite". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080026 - This signature prevents attackers to read PHP web server gz format files using "readgzfile". | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080027 - This signature prevents attackers to inject malicious code in gz-format to PHP web servers. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080028 - This signature prevents attackers to inject PHP web servers by using 'proc_open' to bypass safe_mode restrictions and get access to files accessible for apache uid. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080029 - This signature prevents attackers to modify the inner session information to get additional unauthorized resource. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080030 - This signature prevents attackers to skip data restrictions and post illegal data. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080031 - This signature prevents attackers creating and processing their own functions. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080032 - This signature prevents attackers to compress malicious messages. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080033 - This signature prevents attackers to inject malicious code to PHP web servers. | |
| This injection can be achieved in HTTP request URL and arguments. | |
| 60080034 - This signature prevents attackers modifying php url argument info by "allow_url_include= ". | |
| This attack can be achieved in HTTP request url and arguments. | |
| 60080035 - This signature prevents attackers modifying php url argument info by "safe_mode= ". | |
| This attack can be achieved in HTTP request url and arguments. | |
| 60080036 - This signature prevents attackers modifying php url argument info by "suhosin.simulation= ". | |
| This attack can be achieved in HTTP request url and arguments. | |
| 60080037 - This signature prevents attackers modifying php url argument info by "disable_functions= ". | |
| This attack can be achieved in HTTP request url and arguments. | |
| 60080038 - This signature prevents attackers modifying php url argument info by "open_basedir= ". | |
| This attack can be achieved in HTTP request url and arguments. | |
| 60080039 - This signature prevents attackers modifying php url argument info by "php://input ". | |
| This attack can be achieved in HTTP request url and arguments. | |
| 60080040 - This signature prevents attackers from injecting malicious code to PHP web pages via "php://filter". This attack can be achieved in HTTP request url and request arguments. | |
| 60090001 - This signature prevents attackers from performing SSI Injection attacks via common server-site include vulnerabilities. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60100001 - This signature prevents attackers from performing UPDF XSS attacks via PDF universal Acrobat Reader XSS vulnerabilities. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60110001 - This signature prevents attackers from performing Email injection attacks by adding "<LF>" character in email headers. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60120001 - This signature prevents attackers from performing HTTP request smuggling attacks by adding comma character in the Content-Length or Transfer-Encoding request headers. | |
| This attack can be achieved in the Content-Length or Transfer-Encoding header fields. | |
| 60130001 - This signature prevents attackers from performing HTTP response splitting attacks by submitting strings containing "\r\n". | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60130002 - This signature prevents attackers from performing HTTP response splitting attacks by submitting strings containing HTTP tab. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 60140001 - This signature prevents attackers from performing RFI attacks to include a malicious code from a remote IP. | |
| This attack can be achieved in arguments. | |
| 60140002 - This signature prevents attackers from performing RFI attacks to include a malicious code from a remote resource using PHP "include()" function. | |
| This attack can be achieved in arguments. | |
| 60140003 - This signature prevents attackers from performing RFI attacks to include a malicious code from a remote resource. | |
| This attack can be achieved in arguments. | |
| 60140004 - This signature prevents attackers from performing RFI attacks to include a malicious code from a link. | |
| This attack can be achieved in arguments. | |
| 60150001 - This signature prevents attackers from accessing restricted directories and executing commands outside of the web server's root directory. This attack can be archived in HTTP arguments and headers. | |
| 70000001 - This rule detects if there are specific header names which are used by trojan horses in HTTP headers. | |
| This injection can be achieved in HTTP request header names. | |
| 70000002 - This rule detects if the HTTP request filename contains "root.exe". | |
| This injection can be achieved in HTTP request filename. | |
| 70000003 - This rule detects if there is a specific text mark which certain "trojan" horses have in HTTP response body. | |
| This injection can be achieved in HTTP response body. | |
| 70000004 - This signature prevents attackers from performing Command injection attacks using commands. | |
| This attack can be achieved in HTTP request URL and arguments. | |
| 80010001 - This signature prevents attackers from getting sensitive information from "Zope" servers. | |
| This leakage can be achieved in HTTP response body. | |
| 80020001 - This signature prevents attackers from getting sensitive information about "ColdFusion" applications. | |
| This leakage can be achieved in HTTP response body. | |
| 80030001 - This signature prevents attackers from getting sensitive "PHP" information. | |
| This leakage can be achieved in HTTP response body. | |
| 80030002 - This signature prevents attackers from probing PHP version and other sensitive information from the target server. This attack can be achieved in HTTP URL. | |
| 80030003 - This signature prevents attackers from getting sensitive "PHP" information. This leakage can be achieved in HTTP response body. | |
| 80040001 - This signature prevents attackers from getting sensitive information about Internet Security and Acceleration Server. | |
| This leakage can be achieved in HTTP response body. | |
| 80050001 - This signature prevents attackers from getting sensitive information about Microsoft Office document properties. | |
| This leakage can be achieved in HTTP response body. | |
| 80050002 - This rule detects whether there is Microsoft Office document properties leakage in the HTTP response body. | |
| This attack can be achieved in HTTP response body. | |
| 80050003 - This rule detects whether there is Microsoft Office document properties leakage in the HTTP response body. | |
| This attack can be achieved in HTTP response body. | |
| 80060001 - This rule detects whether there is ColdFusion source code leakage in the HTTP response body. | |
| This leakage can be achieved in HTTP response body. | |
| 80070001 - This signature prevents attackers from getting sensitive information about Microsoft IIS. | |
| This leakage can be achieved in HTTP response body. | |
| 80080001 - This rule checks if the status code of the HTTP response is 5XX. | |
| This leakage can be achieved in HTTP response status code. | |
| 80080002 - This signature prevents attackers from getting sensitive web server information. | |
| This leakage can be achieved in HTTP response body. | |
| 80080003 - This rule checks if the status code of the HTTP response is 4XX(not incuding 404). | |
| This leakage can be achieved in HTTP response status code. | |
| 80080004 - This rule checks if the status code of the HTTP response is 4XX(not incuding 404). | |
| This leakage can be achieved in HTTP response status code. | |
| 80080005 - This rule checks if the status code of the HTTP response is 404. | |
| This leakage can be achieved in HTTP response status code. | |
| 80090001 - This signature prevents attackers from getting sensitive Weblogic server information. | |
| This leakage can be achieved in HTTP response status code and body. | |
| 80090002 - This signature prevents attackers from getting sensitive Weblogic server information. | |
| This leakage can be achieved in HTTP response status code and body. | |
| 80100001 - This rule detects whether there is File or Directory Name Leakage in the HTTP response body. | |
| This attack can be achieved in HTTP response body. | |
| 80100002 - This rule detects whether there is File or Directory Name Leakage in the HTTP response body. | |
| This attack can be achieved in HTTP response body. | |
| 80110001 - This rule prevents clients from being attacked by malicious Iframe code from the injected web server. | |
| This attack can be achieved in HTTP response body. | |
| 80110002 - This rule prevents clients from being attacked by malicious Iframe code from the injected web server. | |
| This attack can be achieved in HTTP response body. | |
| 80110003 - This rule prevents clients from being attacked by malicious Iframe code from the injected web server. | |
| This attack can be achieved in HTTP response body. | |
| 80120001 - This signature prevents attackers from running malicious "javascript" code. | |
| This leakage can be achieved in HTTP response body. | |
| 80120002 - This signature prevents attackers from running malicious javascript code. | |
| This leakage can be achieved in HTTP response body. | |
| 80120003 - This signature prevents attackers from running malicious javascript code. | |
| This leakage can be achieved in HTTP response body. | |
| 80120004 - This signature prevents attackers from running malicious javascript code. | |
| This leakage can be achieved in HTTP response body. | |
| 80140001 - This signature prevents attackers from getting sensitive ASP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80140002 - This signature prevents attackers from getting sensitive ASP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80140003 - This signature prevents attackers from getting sensitive ASP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80140004 - This signature prevents attackers from getting sensitive ASP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80140005 - This signature prevents attackers from getting sensitive ASP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80140006 - This signature prevents attackers from getting sensitive ASP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80140007 - This signature prevents attackers from getting sensitive ASP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80140008 - This signature prevents attackers from getting sensitive ASP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80140009 - This signature prevents attackers from getting sensitive ASP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80140010 - This signature prevents attackers from getting sensitive ASP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80140011 - This signature prevents attackers from getting sensitive ASP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80140012 - This signature prevents attackers from getting sensitive ASP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80140013 - This signature prevents attackers from getting sensitive ASP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80140014 - This rule prevents attackers from getting sensitive ASP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80140015 - This signature prevents attackers from getting sensitive ASP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80140016 - This signature prevents attackers from getting sensitive JSP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80140017 - This signature prevents attackers from getting sensitive JSP source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150001 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150002 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150003 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150004 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150005 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150006 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150007 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150008 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150009 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150010 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150011 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150012 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150013 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150014 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150015 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150016 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150017 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150018 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150019 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150020 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150021 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150022 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150023 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150024 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150025 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150026 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150027 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150028 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150029 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150030 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150031 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150032 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150033 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80150034 - This signature prevents attackers from getting sensitive php source code information. | |
| This leakage can be achieved in HTTP response body. | |
| 80160001 - This signature prevents attackers from getting summary information generated by Webcruncher. | |
| This injection can be achieved in HTTP Response Body. | |
| 80160002 - This signature prevents attackers from getting statistics information produced by PeLAB. | |
| This injection can be achieved in HTTP Response Body. | |
| 80160003 - This signature prevents attackers from getting summary information generated by wwwstat. | |
| This injection can be achieved in HTTP Response Body. | |
| 80160004 - This signature prevents attackers from getting summary information generated by Jware. | |
| This injection can be achieved in HTTP Response Body. | |
| 80160005 - This signature prevents attackers from getting report information generated by WebLog. | |
| This injection can be achieved in HTTP Response Body. | |
| 80160006 - This signature prevents attackers from getting analysis information produced by Calamaris. | |
| This injection can be achieved in HTTP Response Body. | |
| 80160007 - This signature prevents attackers from getting sensitive information generated by Webalizer. | |
| This injection can be achieved in HTTP Response Body. | |
| 80160008 - This signature prevents attackers from getting statistics information produced by getsats. | |
| This injection can be achieved in HTTP Response Body. | |
| 80160009 - This signature prevents attackers from getting analysis information produced by EasyStat. | |
| This injection can be achieved in HTTP Response Body. | |
| 80160010 - This signature prevents attackers from getting log information produced by analog. | |
| This injection can be achieved in HTTP Response Body. | |
| 80160011 - This signature prevents attackers from getting summary information produced by analog. | |
| This injection can be achieved in HTTP Response Body. | |
| 80160012 - This signature prevents attackers from getting sensitive web server information. | |
| This leakage can be achieved in HTTP response body. | |
| 80160013 - This signature prevents attackers from getting sensitive web server information. | |
| This leakage can be achieved in HTTP response body. | |
| 80170001 - This signature prevents attackers from getting web server "database and connection" information. | |
| This leakage can be achieved in HTTP response body. | |
| 80170002 - This signature prevents attackers from getting data type information from database servers. | |
| This leakage can be achieved in HTTP response body. | |
| 80170003 - This signature prevents attackers from getting table and data type information from database servers. | |
| This leakage can be achieved in HTTP response body. | |
| 80170004 - This signature prevents attackers from getting database server information. | |
| This leakage can be achieved in HTTP response body. | |
| 80170005 - This signature prevents attackers from getting database type and other information from database servers. | |
| This leakage can be achieved in HTTP response body. | |
| 80170006 - This signature prevents attackers from getting database connect type ADO information. | |
| This leakage can be achieved in HTTP response body. | |
| 80170007 - This signature prevents attackers from getting database connect type ADO information. | |
| This leakage can be achieved in HTTP response body. | |
| 80170008 - This signature prevents attackers from getting sensitive SQL server information. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170009 - This signature prevents attackers from getting sensitive SQL server information. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170010 - This signature prevents attackers from getting sensitive Oracle information. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170011 - This signature prevents attackers from getting sensitive SQL server information. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170012 - This signature prevents attackers from getting sensitive SQL server information. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170013 - This signature prevents attackers from getting sensitive Oracle information. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170014 - This signature prevents attackers from getting sensitive SQL server information. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170015 - This signature prevents attackers from getting sensitive SQL server information. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170016 - This signature prevents attackers from getting sensitive SQL server information. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170017 - This signature prevents attackers from getting sensitive PostgreSQL server information. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170018 - This signature prevents attackers from getting sensitive PostgreSQL server information. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170019 - This signature prevents attackers from getting database column information from database servers. | |
| This leakage can be achieved in HTTP response body. | |
| 80170020 - This signature prevents attackers from getting sensitive SQL server information. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170021 - This signature prevents attackers from getting sensitive Oracle information. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170022 - This signature prevents attackers from getting sensitive MySQL information. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170023 - This signature prevents attackers from getting sensitive SQL server information. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170024 - This signature prevents attackers from getting SQL server database type information. | |
| This leakage can be achieved in HTTP response body. | |
| 80170025 - This signature prevents attackers from getting PostgresSQL database type information. | |
| This leakage can be achieved in HTTP response body. | |
| 80170026 - This signature prevents attackers from getting MySQL database type information. | |
| This leakage can be achieved in HTTP response body. | |
| 80170027 - This signature prevents attackers from getting sensitive information from MySQL. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170028 - This signature prevents attackers from getting sensitive information from MySQL. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170029 - This signature prevents attackers from getting sensitive information from MySQL. | |
| This injection can be achieved in HTTP Response Body. | |
| 80170030 - This signature prevents attackers from getting sensitive information from MySQL. | |
| This injection can be achieved in HTTP Response Body. | |
| 80180001 - This signature prevents attackers from getting ASP script information. | |
| This leakage can be achieved in HTTP response body. | |
| 80180002 - This signature prevents attackers from getting ASP script information. | |
| This leakage can be achieved in HTTP response body. | |
| 80180003 - This signature prevents attackers from getting ASP script information. | |
| This leakage can be achieved in HTTP response body. | |
| 80180004 - This signature prevents attackers from getting ASP script information. | |
| This leakage can be achieved in HTTP response body. | |
| 80180005 - This signature prevents attackers from getting ASP script information. | |
| This leakage can be achieved in HTTP response body. | |
| 80180006 - This signature prevents attackers from getting ASP script information. | |
| This leakage can be achieved in HTTP response body. | |
| 80180007 - This signature prevents attackers from getting ASP script information. | |
| This leakage can be achieved in HTTP response body. | |
| 80180008 - This signature prevents attackers from getting ASP script information. | |
| This leakage can be achieved in HTTP response body. | |
| 80180009 - This signature prevents attackers from getting ASP script information. | |
| This leakage can be achieved in HTTP response body. | |
| 80180010 - This signature prevents attackers from getting ASP script information. | |
| This leakage can be achieved in HTTP response body. | |
| 80180011 - This signature prevents attackers from getting ASP script information. | |
| This leakage can be achieved in HTTP response body. | |
| 80180012 - This signature prevents attackers from getting the inner file information. | |
| This leakage can be achieved in HTTP response body. | |
| 80180013 - This signature prevents attackers from getting ASP script information. | |
| This leakage can be achieved in HTTP response body. | |
| 80180014 - This signature prevents attackers from getting information about running environment type and version information of the web server. | |
| This leakage can be achieved in HTTP response body. | |
| 80180015 - This signature prevents attackers from getting information about running environment type and version information of the web server. | |
| This leakage can be achieved in HTTP response body. | |
| 80180016 - This signature prevents attackers from getting ASP script information. | |
| This leakage can be achieved in HTTP response body. | |
| 80190001 - This signature prevents attackers from getting directory information from the web server. | |
| This leakage can be achieved in HTTP response body. | |
| 80190002 - This signature prevents attackers from getting directory and parent directory file information. | |
| This leakage can be achieved in HTTP response body. | |
| 80190003 - This signature prevents attackers from getting directory information from the web server. | |
| This leakage can be achieved in HTTP response body. | |
| 80200001 - This rule checks if the HTTP response header contains specific header field : Server. | |
| This leakage can be achieved in HTTP response header. | |
| 80200002 - This rule checks if the HTTP response header contains "X-Pad" field. | |
| This leakage can be achieved in HTTP response header. | |
| 80200004 - This rule checks if the HTTP response header contains specific header field :X-Powered-By. | |
| This leakage can be achieved in HTTP response header. | |
| 80200005 - This rule checks if the HTTP response header contains specific header field : X-AspNet-Version. | |
| This leakage can be achieved in HTTP response header. | |
| 80210001 - This signature prevents attackers from getting version information of WordPress via <meta> tags. | |
| This leakage can be achieved in HTTP Response Body. | |
| 80210002 - This signature prevents attackers from getting version information of WordPress via RSS service. | |
| This leakage can be achieved in HTTP Response Body. | |
| 80210003 - This signature prevents attackers from getting version information of WordPress via RSS service. | |
| This leakage can be achieved in HTTP Response Body. | |
| 80210004 - This signature prevents attackers from getting version information of WordPress via opml service. | |
| This leakage can be achieved in HTTP Response Body. | |
| 80210005 - This signature prevents attackers from getting version information of WordPress via rdf service. | |
| This leakage can be achieved in HTTP Response Body. | |
| 90010001 - This rule prevents Oracle 9i database from disclosing sensitive information to attackers. | |
| This attack can be achieved in HTTP request URL. | |
| 90020001 - This signature prevents attackers from running SQL injection via Coppermine Photo Gallery ThumbNails.PHP SQL Injection Vulnerability. | |
| This attack can be achieved in HTTP request URL. | |
| 90030001 - This rule prevents attackers from viewing directory listings by appending various instructional tags to the URL. | |
| This attack can be achieved in HTTP request URL. | |
| 90040001 - This rule prevents attackers from submitting malicious HTML and script code via Cisco IOS HTTP Service HTML Injection Vulnerability. | |
| This attack can be achieved in HTTP request URL. | |
| 90050001 - This rule prevents attackers from exploiting the server to execute arbitrary code via Microsoft SQL Server "sp_replwritetovarbin" Remote Memory Corruption Vulnerability. | |
| This attack can be achieved in HTTP parameters. | |
| 90060001 - This rule prevents attackers from exploiting the server to execute arbitrary code via HP OpenView Network Node Manager "OvAcceptLang" Parameter Heap Buffer Overflow Vulnerability. | |
| This attack can be achieved in HTTP request URL. | |
| 90070001 - This rule prevents attackers from exploiting the server to execute arbitrary code via HP OpenView Network Node Manager "ovalarm.exe" Remote Buffer Overflow Vulnerability. | |
| This attack can be achieved in HTTP request URL. | |
| 90080001 - This rule prevents attackers from bypassing authentication by setting the ACalAuthenticate cookie variable to "inside". | |
| This attack can be achieved in HTTP header. | |
| 90090001 - This rule prevents attackers from performing SQL injection attacks via Best Software SalesLogix Multiple Remote Vulnerabilities. | |
| This attack can be achieved in HTTP request URL header. | |
| 90100001 - This rule prevents attackers from exploiting the server via IBM Lotus Domino Web Server iNotes s_ViewName/Foldername Buffer Overflow Vulnerability. | |
| This attack can be achieved in HTTP request URL and parameters. | |
| 90110001 - This rule prevents attackers from submitting illegal input to the "Form_JScript.asp" script. | |
| This attack can be achieved in HTTP request URL. | |
| 90120001 - This rule prevents attackers from performing a denial of service attack via Microsoft Windows Media Services Logging ISAPI Buffer Overflow Vulnerability. | |
| This attack can be achieved in HTTP request URL. | |
| 90130001 - This rule prevents attackers from exploiting the server via Microsoft IIS Chunked Encoding Transfer Heap Overflow Vulnerability. | |
| This attack can be achieved in HTTP request URL. | |
| 90140001 - This rule prevents attackers from submitting a format-string which allows remote attackers to execute arbitrary machine code. | |
| This attack can be achieved in HTTP request header. | |
| 90150001 - This rule prevents attackers from bypassing the authentication mechanism. | |
| This attack can be achieved in HTTP request header. | |
| 90160001 - This rule prevents attackers from executing arbitrary Perl code via the setup parameter. | |
| This attack can be achieved in HTTP request URL. | |
| 90170001 - This rule prevents attackers from executing arbitrary Perl code via the setup parameter. | |
| This attack can be achieved in HTTP request URL. | |
| 90180001 - This rule prevents attackers from executing arbitrary Perl code via the setup parameter. | |
| This attack can be achieved in HTTP request URL. | |
| 90190001 - This rule prevents attackers from executing arbitrary Perl code via the savesetup command and the setup parameter. | |
| This attack can be achieved in HTTP request URL. | |
| 90200001 - This rule prevents attackers from executing arbitrary commands in the context of the server. | |
| This attack can be achieved in HTTP request URL. | |
| 90210001 - This rule prevents attackers from getting a "shadow's tail" without a valid user | |
| This attack can be achieved in HTTP request URL. | |
| 90220001 - This rule prevents attackers from inserting arbitrary web scripts and steal cookies via the ~service parameter. | |
| This attack can be achieved in HTTP request URL and parameters. | |
| 90230001 - This signature prevents attackers to get file source code and execute malice code by using -s and -d of PHP-CGI. | |
| This attack can be achieved in HTTP request arguments. | |
| 90230002 - This signature prevents attackers from sending an empty array for the activation 'key' parameter to the 'wp-login.php' script to reset the specified account's password without confirmation (WordPress 2.8.3 and earlier). | |
| This attack can be achieved in HTTP request URL. | |
| 90230003 - This signature prevents attackers from deleting arbitrary users by the user parameter or deleting arbitrary rooms by the room parameter by using admin/delitem.php script. | |
| This attack can be achieved in HTTP request URL. | |
| 90240001 - This signature prevents attackers from accessing embedded resources through a URL with "WebResource.axd" or "ScriptResource.axd". | |
| This attack can be achieved in HTTP request URL. | |
| 90250001 - This signature prevents attackers from getting the installing path of the web server by requesting Apache Tomcat server sample files. | |
| This attack can be achieved in HTTP request URL. | |
| 90260001 - This signature prevents attackers from accessing arbitrary MP3, WAV, and GSM files by exploiting the VoIP server Asterisk vulnerability. | |
| This attack can be achieved in HTTP request URL. | |
| 90270001 - This signature prevents attackers from executing arbitrary commands by exploiting the Barracuda Firewall Spam vulnerability. | |
| This attack can be achieved in HTTP request URL. | |
| 90280001 - This signature prevents attackers from executing arbitrary remote PHP commands by exploiting the CPG Dragonfly CMS vulnerability which is an open source content management system. | |
| This attack can be achieved in HTTP request URL | |
| 90290001 - This signature prevents attackers from executing arbitrary commands by exploiting a vulnerability in WebBBS 4.0 and 5.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90300001 - This signature prevents attackers from downloading a database containing credentials by a direct request for config/oramon.ini. in Oramon Oracle Database Monitoring Tool 2.0.1. | |
| This attack can be achieved in HTTP request URL. | |
| 90300002 - This signature prevents attackers from obtaining the administrator password by a direct request for archive/config.ini.in mxCamArchive 2.2 which archive webcam pictures. | |
| This attack can be achieved in HTTP request URL. | |
| 90300003 - This signature prevents attackers from obtaining sensitive configuration information by a direct request to admin/connect.inc in Clever Copy 3.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90300011 - This signature prevents attackers from obtaining sensitive information by a direct request for server-status in an Apache module. | |
| This attack can be achieved in HTTP request URL. | |
| 90300012 - This signature prevents attackers from obtaining sensitive information by a direct request for server-info in Apache module. | |
| This attack can be achieved in HTTP request URL. | |
| 90300013 - This signature prevents attackers from obtaining sensitive information by a direct request in Red Hat Stronghold server. | |
| This attack can be achieved in HTTP request URL. | |
| 90300014 - This signature prevents attackers from probing sensitive IIS ASP.NET application information. | |
| This attack can be achieved in HTTP request URL. | |
| 90300015 - This signature prevents attackers from probing sensitive MS Index Server information. | |
| This attack can be achieved in HTTP request URL. | |
| 90300016 - This signature prevents attackers from executing arbitrary code by exploiting a File Upload Vulnerability in EGallery. | |
| This attack can be achieved in HTTP request URL. | |
| 90300017 - This signature prevents attackers from obtaining file and folder names using a tilde character "~" in a get request . | |
| This attack can be achieved in HTTP request URL | |
| 90300018 - This signature prevents attackers from obtaining sensitive configuration information by a backward slash "\" appended to an ASP or HTR extension in IIS. | |
| This attack can be achieved in HTTP request URL. | |
| 90300019 - This signature prevents attackers from creating new polls by a direct request to admin/include/newpoll.php in AJ Square Free Polling Script (AJPoll). | |
| This attack can be achieved in HTTP request URL. | |
| 90300020 - This signature prevents attackers from gaining privileges by a direct request to admin.home.php after visiting admin.php in Million Dollar Text Links 1.0. | |
| This attack can be achieved in HTTP request URL | |
| 90300021 - This signature prevents attackers from gaining the PHP source code using a direct request to inc/login.ei in Elvin 1.2.0. | |
| This attack can be achieved in HTTP request URL | |
| 90300022 - This signature prevents attackers from gaining the PHP source code using a direct request to inc/jump_bug.ei in Elvin 1.2.0. | |
| This attack can be achieved in HTTP request URL | |
| 90300023 - This signature prevents attackers from gaining the PHP source code using a direct request to inc/create_account.ei in Elvin 1.2.0. | |
| This attack can be achieved in HTTP request URL | |
| 90300024 - This signature prevents attackers from obtaining sensitive information by a direct request for lan_status_adv.asp in the Huawei D100. | |
| This attack can be achieved in HTTP request URL. | |
| 90300025 - This signature prevents attackers from obtaining sensitive information by a direct request for wlan_basic_cfg.asp in the Huawei D100. | |
| This attack can be achieved in HTTP request URL. | |
| 90300026 - This signature prevents attackers from obtaining sensitive information by a direct request for lancfg.asp in the Huawei D100. | |
| This attack can be achieved in HTTP request URL. | |
| 90300027 - This signature prevents attackers from downloading a database containing credentials by a direct request for /wwwboard/passwd.txt in WWWBoard . | |
| This attack can be achieved in HTTP request URL. | |
| 90300028 - This signature prevents attackers from downloading a database containing credentials by a direct request for /archive/config.ini. in mxCamArchive 2.2. | |
| This attack can be achieved in HTTP request URL. | |
| 90300029 - This signature prevents attackers from downloading a database containing credentials by a direct request for /Management/funcs.inc. in The radware AppWall Web Application Firewall. | |
| This attack can be achieved in HTTP request URL. | |
| 90300030 - This signature prevents attackers from downloading a database containing credentials by a direct request for /Management/defines.inc. in The radware AppWall Web Application Firewall. | |
| This attack can be achieved in HTTP request URL. | |
| 90300031 - This signature prevents attackers from downloading a database containing credentials by a direct request for /Management/msg.inc. in The radware AppWall Web Application Firewall. | |
| This attack can be achieved in HTTP request URL. | |
| 90300032 - This signature prevents attackers from downloading a database containing credentials by a direct request for /estafresgaftesantusyan.inc in RADIO istek scripti 2.5. | |
| This attack can be achieved in HTTP request URL. | |
| 90300033 - This signature prevents attackers from obtaining sensitive information by a direct request to download_script.asp in the ASP Folder Gallery. | |
| This attack can be achieved in HTTP request URL. | |
| 90300034 - This signature prevents attackers from obtaining sensitive information by a direct request to /dvr.ini in the ARD-9808 DVR card security camera. | |
| This attack can be achieved in HTTP request URL. | |
| 90300035 - This signature prevents attackers from obtaining sensitive information to a direct request for /tvserver/server/;index.jsp in the ToutVirtual VirtualIQ Pro 3.2. | |
| This attack can be achieved in HTTP request URL. | |
| 90300036 - This signature prevents attackers from obtaining sensitive information by a direct request to /app/api/rpc/users/get?offset in Apache Rave versions 0.11 to 0.20. | |
| This attack can be achieved in HTTP request URL. | |
| 90300037 - This signature prevents attackers from obtaining sensitive information by a direct request to /admin/aindex.asp in the FlexWatch . | |
| This attack can be achieved in HTTP request URL. | |
| 90300038 - This signature prevents attackers from obtaining sensitive information by a direct request to /catalog/extras/update.php?readme_file in OSCommerce Update.PHP. | |
| This attack can be achieved in HTTP request URL. | |
| 90300039 - This signature prevents attackers from obtaining sensitive information by a direct request tocmspath/website.php?template in OpenEngine. | |
| This attack can be achieved in HTTP request URL. | |
| 90300040 - This signature prevents attackers from obtaining sensitive information by a direct request to /sapbc/SAP/chopSAPLog.dsp?fullName in SAP Business Connector. | |
| This attack can be achieved in HTTP request URL. | |
| 90300041 - This signature prevents attackers from obtaining sensitive information by a direct request to /sapbc/invoke/sap.monitor.rfcTrace/deleteSingle in SAP Business Connector. | |
| This attack can be achieved in HTTP request URL. | |
| 90300042 - This signature prevents attackers from obtaining sensitive information by a direct request to /getversions.php in VersatileBulletinBoard. | |
| This attack can be achieved in HTTP request URL. | |
| 90300043 - This signature prevents attackers from getting source code by a direct request for /showcode.asp in WEB-IIS. | |
| This attack can be achieved in HTTP request URL. | |
| 90300044 - This signature prevents attackers from getting source code by a direct request for /ViewCode.asp in WEB-IIS. | |
| This attack can be achieved in HTTP request URL. | |
| 90300045 - This signature prevents attackers from unauthorized access by a direct request for index.php/wp-admin/ in WordPress. | |
| This attack can be achieved in HTTP request URL. | |
| 90310001 - This signature prevents attackers from obtaining sensitive information by downloading the full contents of HyperStop WebHost Directory Database. | |
| This attack can be achieved in HTTP request URL. | |
| 90310002 - This signature prevents attackers from downloading Ocean12 FAQ Manager Pro database by a direct request to admin/o12faq.mdb. | |
| This attack can be achieved in HTTP request URL. | |
| 90310003 - This signature prevents attackers from obtaining All Club CMS (ACCMS) 0.0.2 database configuration information, including credentials, by a direct request to accms.dat. | |
| This attack can be achieved in HTTP request URL. | |
| 90310004 - This signature prevents attackers from obtaining sensitive credential information from the database by a direct request for admin/backup/datadump.sql in PHP Classifieds Script. | |
| This attack can be achieved in HTTP request URL. | |
| 90310005 - This signature prevents attackers from downloading the database file by a direct request for databases/webblogmanager.mdb in DMXReady Registration Manager 1.1. | |
| This attack can be achieved in HTTP request URL. | |
| 90310006 - This signature prevents attackers from downloading the fipsCMS Light 2.1 database file and obtain sensitive information by a direct request to _fipsdb/db.mdb | |
| This attack can be achieved in HTTP request URL. | |
| 90310007 - This signature prevents attackers from downloading the database file by a direct request to autoconfig.dd in Digitaldesign CMS 0.1 . | |
| This attack can be achieved in HTTP request URL. | |
| 90310008 - This signature prevents attackers from downloading the database file by a direct request to acidcat.mdb in Acidcat CMS version 2.1.13 . | |
| This attack can be achieved in HTTP request URL. | |
| 90310009 - This signature prevents attackers from downloading the database by a direct request to /cgisess.db in version libcgi-session-perl/4.03-1. | |
| This attack can be achieved in HTTP request URL. | |
| 90310010 - This signature prevents attackers from downloading the database by a direct request to /cgisess.db in libcgi-session-perl/4.03-1. | |
| This attack can be achieved in HTTP request URL. | |
| 90310011 - This signature prevents attackers from obtaining sensitive information by a direct request to cgi-bin/SMTPSend.dll in Apache mod_isapi module. | |
| This attack can be achieved in HTTP request URL. | |
| 90310012 - This signature prevents attackers from resetting poll votes by a direct request to admin/resetvote.php in AJ Square Free Polling Script (AJPoll) Database. | |
| This attack can be achieved in HTTP request URL. | |
| 90310013 - This signature prevents attackers from obtaining copies of the database by a direct request /adminpanel/phpmydump.php in BandSite CMS 1.1.4. | |
| This attack can be achieved in HTTP request URL. | |
| 90310014 - This signature prevents attackers from downloading a database via a direct request for data/db.mdb in Web File Explorer 3.1. | |
| This attack can be achieved in HTTP request URL. | |
| 90310015 - This signature prevents attackers from downloading a database using a direct request to dbbackup.txt in PAD Site Scripts 3.6. | |
| This attack can be achieved in HTTP request URL | |
| 90310016 - This signature prevents attackers from downloading a database using a direct request to /database/db.mdb in UranyumSoft Listing Service. | |
| This attack can be achieved in HTTP request URL | |
| 90310017 - This signature prevents attackers from downloading a database using a direct request to /hikaye/db/hikaye.mdb in CNR Hikaye Portal 2.0. | |
| This attack can be achieved in HTTP request URL | |
| 90310018 - This signature prevents attackers from downloading a database using a direct request to db/log.mdb in Diskos CMS 6.x. | |
| This attack can be achieved in HTTP request URL | |
| 90310019 - This signature prevents attackers from downloading a database using a direct request to artikler_prod.mdb in Diskos CMS 6.x. | |
| This attack can be achieved in HTTP request URL | |
| 90310020 - This signature prevents attackers from downloading a database using a direct request to medlemmer.mdb in Diskos CMS 6.x. | |
| This attack can be achieved in HTTP request URL | |
| 90310021 - This signature prevents attackers from downloading a database using a direct request to system/db/website.db in Dir2web 3.0. | |
| This attack can be achieved in HTTP request URL | |
| 90310022 - This signature prevents attackers from downloading a database using a direct request to sevvo/eco23.mdb in Kisisel Radyo Script. | |
| This attack can be achieved in HTTP request URL | |
| 90310023 - This signature prevents attackers from downloading a database using a direct request to d_atabase/Krmdb.mdb in KrM Haber 1.0. | |
| This attack can be achieved in HTTP request URL | |
| 90310024 - This signature prevents attackers from downloading a database using a direct request to path/stats.mdb in StatCounteX 3.1. | |
| This attack can be achieved in HTTP request URL | |
| 90310025 - This signature prevents attackers from downloading a database using a direct request to _database/forumFips.mdb in fipsForum 2.6. | |
| This attack can be achieved in HTTP request URL | |
| 90310026 - This signature prevents attackers from downloading a database using a direct request to fpdb/abb.mdb in Visialis ABB Forum 1.1. | |
| This attack can be achieved in HTTP request URL | |
| 90310027 - This signature prevents attackers from downloading a database using a direct request to siparis.mdb in Jevci Siparis Formu Scripti. | |
| This attack can be achieved in HTTP request URL | |
| 90310028 - This signature prevents attackers from downloading a database using a direct request to databases/acidcat_3.mdb in Acidcat CMS 3.5.3. | |
| This attack can be achieved in HTTP request URL | |
| 90310029 - This signature prevents attackers from downloading a database using a direct request to veribaze/angelo.mdb in Angelo-Emlak 1.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90310030 - This signature prevents attackers from downloading a database using a direct request to /App_Data/sb.mdb in 8pixel.net Blog 4. | |
| This attack can be achieved in HTTP request URL. | |
| 90310031 - This signature prevents attackers from downloading a database using a direct request to BookStore_MSAccess.mdb in GotoCode_Online_Bookstore. | |
| This attack can be achieved in HTTP request URL. | |
| 90310032 - This signature prevents attackers from downloading a database using a direct request to Classifieds_MSAccess.mdb in GotoCode_Online_Classifieds. | |
| This attack can be achieved in HTTP request URL. | |
| 90310033 - This signature prevents attackers from downloading a database using a direct request to havalite.db3 in Havalite CMS 1.1.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90310034 - This signature prevents attackers from downloading a database using a direct request to aspthaiForum.mdb in ASPThai.NET Forum 8.5. | |
| This attack can be achieved in HTTP request URL. | |
| 90310035 - This signature prevents attackers from downloading a database using a direct request to /nfl.mdb in ASP Football Pool v2.3 . | |
| This attack can be achieved in HTTP request URL. | |
| 90310036 - This signature prevents attackers from downloading a database using a direct request to database/comersus.mdb in Comersus BackOffice. | |
| This attack can be achieved in HTTP request URL. | |
| 90310037 - This signature prevents attackers from downloading a database using a direct request to bbs/database/globepersonnel.mdb in Logoshows_BBS. | |
| This attack can be achieved in HTTP request URL. | |
| 90310038 - This signature prevents attackers from downloading a database using a direct request to mspro12/galeri/database/db.mdb in YP_Portal_MS-Pro_Surumu. | |
| This attack can be achieved in HTTP request URL. | |
| 90310039 - This signature prevents attackers from downloading a database using a direct request to database/NewsPad.mdb in Web_Wiz_NewsPad. | |
| This attack can be achieved in HTTP request URL. | |
| 90320001 - This signature prevents attackers from obtaining the installation path from an error message by a direct request for include/slideshow.inc.php in Coppermine Photo Gallery (CPG) 1.4.14. | |
| This attack can be achieved in HTTP request URL. | |
| 90320002 - This signature prevents attackers from obtaining the installation path from an error message by a request for connectors/php/connector.php in Mambo 4.6.3 and earlier. | |
| This attack can be achieved in HTTP request URL. | |
| 90320003 - This signature prevents attackers from obtaining the installation path from an error message by a direct request import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4. | |
| This attack can be achieved in HTTP request URL. | |
| 90320004 - This signature prevents attackers from obtaining the installation path information from an error message created by a negative integer value used in a search action. | |
| This attack can be achieved in HTTP request URL. | |
| 90320005 - This signature prevents attackers from obtaining the installation path from an error message by a direct request in DeluxeBB 1.3 . | |
| This attack can be achieved in HTTP request URL. | |
| 90320006 - This signature prevents attackers from obtaining the installation path from an error message by a direct request in SimpNews version 2.47.3 and earlier. | |
| This attack can be achieved in HTTP request URL. | |
| 90320007 - This signature prevents attackers from obtaining the installation path from an error message by a direct request in Joomla! 1.6.1 | |
| This attack can be achieved in HTTP request URL. | |
| 90320008 - This signature prevents attackers from probing sensitive Microsoft IIS server information. | |
| This attack can be achieved in HTTP request URL. | |
| 90320009 - This signature prevents attackers from obtaining the installation path from an error message using a direct request to wp-settings.php in WordPress and WordPress MU 2.8.0 and earlier . | |
| This attack can be achieved in HTTP request URL | |
| 90330001 - This signature prevents attackers from denying service to legitimate users in Novell iManager 2.7. | |
| This attack can be achieved in HTTP request URL. | |
| 90330003 - This signature prevents a Denial of Service attack using a direct URL request to WService=wsbroker1/_help.r in OpenEdge 10b. | |
| This attack can be achieved in HTTP request URL. | |
| 90330004 - This signature prevents a Denial of Service attack using a direct URL request to WService=wsbroker1/_dict.r in OpenEdge 10b | |
| This attack can be achieved in HTTP request URL. | |
| 90330005 - This signature prevents a Denial of Service attack using a direct URL request to WService=wsbroker1\_comp.r in OpenEdge 10b | |
| This attack can be achieved in HTTP request URL. | |
| 90330006 - This signature prevents a Denial of Service attack using a direct URL request to WService=wsbroker1/_admin.r in OpenEdge 10b | |
| This attack can be achieved in HTTP request URL. | |
| 90330007 - This signature prevents a Denial of Service attack using a direct URL request to WService=wsbroker1/dict.r in OpenEdge 10b | |
| This attack can be achieved in HTTP request URL. | |
| 90330008 - This signature prevents attackers from exploiting a MS-DOS Device Name Denial Of Service Vulnerability in Microsoft FrontPage Server Extensions. | |
| This attack can be achieved in HTTP request URL. | |
| 90330009 - This signature prevents a Denial of Service attack using a direct URL request to %% in Cisco IOS . | |
| This attack can be achieved in HTTP request URL. | |
| 90330010 - This signature prevents attackers from exploiting a MS-DOS name "AUX" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330011 - This signature prevents attackers from exploiting a MS-DOS Device name "CON" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330012 - This signature prevents attackers from exploiting a MS-DOS Device name "PRN" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330013 - This signature prevents attackers from exploiting a MS-DOS Device name "LST:" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330014 - This signature prevents attackers from exploiting a MS-DOS Device name "NUL:" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330015 - This signature prevents attackers from exploiting a MS-DOS Device name "COM[1-4]" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330016 - This signature prevents attackers from exploiting a MS-DOS Device name "LPT[1-4]" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330017 - This signature prevents attackers from exploiting a MS-DOS Device name "$IDLE$" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330018 - This signature prevents attackers from exploiting a MS-DOS Device name "CLOAK$$$" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330019 - This signature prevents attackers from exploiting a MS-DOS Device name "CLOCK$" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330020 - This signature prevents attackers from exploiting a MS-DOS Device name "CONFIG$" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330021 - This signature prevents attackers from exploiting a MS-DOS Device name "DPMIXXX0" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330022 - This signature prevents attackers from exploiting a MS-DOS Device name "DPMSXXX0" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330023 - This signature prevents attackers from exploiting a MS-DOS Device name "EMMXXXX0" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330024 - This signature prevents attackers from exploiting a MS-DOS Device name "IFS$HLP$" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330025 - This signature prevents attackers from exploiting a MS-DOS Device name "KEYBD$" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330026 - This signature prevents attackers from exploiting a MS-DOS Device name "SCREEN$" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330027 - This signature prevents attackers from exploiting a MS-DOS Device name "VCPIXXX0" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330028 - This signature prevents attackers from exploiting a MS-DOS Device name "XMSXXXX0" Denial Of Service Vulnerability in Microsoft Internet Information Services (IIS) 6.0. | |
| This attack can be achieved in HTTP request URL. | |
| 90330029 - This signature prevents attackers from exploiting the "Str_To_Date" Denial Of Service Vulnerability in MySQL versions prior to 4.1.18, 5.0.19, and 5.1.6. | |
| This attack can be achieved in HTTP request ARGS. | |
| 90330030 - This signature prevents attackers from denying service by requests to the 'cgitest.exe' sample script in Sambar Server. | |
| This attack can be achieved in HTTP request URL. | |
| 90340001 - This signature prevents attackers from obtaining sensitive configuration information by a direct request to imsenterprise-enrol.xml in certain Moodle versions. | |
| This attack can be achieved in HTTP request URL. | |
| 90340002 - This signature prevents attackers from obtaining sensitive configuration information by a direct request to userinfo.xml in eyeOS version 0.8.5. | |
| This attack can be achieved in HTTP request URL. | |
| 90340003 - This signature prevents attackers from obtaining sensitive configuration information by a direct request to soapConfig.xml in Oracle 9i and 10g. | |
| This attack can be achieved in HTTP request URL. | |
| 90340004 - This signature prevents attackers from obtaining sensitive configuration information by a direct request to revise.xml in Revize CMS. | |
| This attack can be achieved in HTTP request URL. | |
| 90350001 - This signature prevents attackers from exploiting a Venom Board Post.PHP3 Multiple SQL Injection Vulnerability. | |
| This injection can be achieved in HTTP request URL . | |
| 90360001 - The signature prevents attackers from exploiting a HP Power Manager Directory Traversal Remote Code Execution Vulnerability. | |
| The attack can be achieved in HTTP request URL . | |
| 90370001 - This signature prevents attackers from exploiting a Zenoss Vulnerability. | |
| This attack can be achieved in HTTP request URL . | |
| 90380001 - This signature prevents attackers from exploiting a Microsoft SharePoint Server 2007 Cross Site Scripting Vulnerability. | |
| This injection can be achieved in HTTP request URL . | |
| 90390001 - This signature prevents attackers from exploiting a Struts 2 Vulnerability. | |
| This attack can be achieved in HTTP request arguments . | |
| 90390002 - This signature prevents attackers from exploiting a Struts 2 Vulnerability by 'class' parameter. | |
| This attack can be achieved in HTTP request arguments . | |
| 90390003 - The signature prevents a malicious user manipulating server side context objects by OGNL statements injection and executing arbitrary remote command for further attack. This attack can be achieved in HTTP URL and request arguments. | |
| 90390004 - The signature prevents malicious users put arbitrary OGNL statements into any String variable exposed by an action and have it evaluated as an OGNL expression that can bypassing the ParametersInterceptor and OGNL library protections. This attack can be achieved in HTTP URL and request arguments. | |
| 90390005 - This signature prevents attackers from exploiting a Struts 2 Vulnerability by manipulating 'class.classloader.jarPath'. This attack can be achieved in HTTP request arguments. | |
| 90390006 - This signature prevents attackers from overwriting '_memberAccess' object to call static method to execute OS commands by ONGL. This attack can be achieved in HTTP URL and request arguments. | |
| 90400001 - This rule prevents attackers from executing arbitrary commands by requests censtore.cgi in Censtore. | |
| This attack can be achieved in HTTP request URL. | |
| 90400002 - This rule prevents attackers from executing arbitrary commands by requests CSUserCGI.exe in Cisco User-Changeable Password (UCP). | |
| This attack can be achieved in HTTP request URL. | |
| 90400003 - This rule prevents attackers from executing arbitrary commands by requests /OvCgi/webappmon.exe in in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53. | |
| This attack can be achieved in HTTP request URL. | |
| 90400004 - This rule prevents attackers from executing arbitrary code by calling the “xp_peekqueue” extended stored procedure in Microsoft SQL Server. | |
| This attack can be achieved in HTTP request URL or HTTP arguments. | |
| 90400005 - This rule prevents attackers from executing arbitrary code by calling the "xp_printstatements" extended stored procedure in Microsoft SQL Server. | |
| This attack can be achieved in HTTP request URL or HTTP arguments. | |
| 90400006 - This rule prevents attackers from executing arbitrary code by calling the "xp_proxidmetadata" extended stored procedure in Microsoft SQL Server. | |
| This attack can be achieved in HTTP request URL or HTTP arguments. | |
| 90400007 - This rule prevents attackers from executing arbitrary code by calling the "xp_setsqlsecurity" extended stored procedure in Microsoft SQL Server. | |
| This attack can be achieved in HTTP request URL or HTTP arguments. | |
| 90400008 - This rule prevents attackers from executing arbitrary code by calling the "xp_showcolv" extended stored procedure in Microsoft SQL Server. | |
| This attack can be achieved in HTTP request URL or HTTP arguments. | |
| 90400009 - This rule prevents attackers from executing arbitrary code by calling the "xp_sprintf" extended stored procedure in Microsoft SQL Server. | |
| This attack can be achieved in HTTP request URL or HTTP arguments. | |
| 90400010 - This rule prevents attackers from executing arbitrary code by calling the "xp_updatecolvbm" extended stored procedure in Microsoft SQL Server. | |
| This attack can be achieved in HTTP request URL or HTTP arguments. | |
| 90400011 - This rule prevents attackers from executing arbitrary code by calling the "xp_sqlinventory" extended stored procedure in Microsoft SQL Server. | |
| This attack can be achieved in HTTP request URL or HTTP arguments. | |
| 90400012 - This rule prevents attackers from executing arbitrary code by calling the "xp_enumresultset" extended stored procedure in Microsoft SQL Server. | |
| This attack can be achieved in HTTP request URL or HTTP arguments. | |
| 90400013 - This rule prevents attackers from executing arbitrary commands by requests to /slxweb.dll/admin?command in WEB-MISC SalesLogix Eviewer. | |
| This attack can be achieved in HTTP request URL. | |
| 90400014 - This rule prevents attackers from executing arbitrary commands by requests to _PHPLIB[libdir] in Multiple Vendor PHPLIB. | |
| This attack can be achieved in HTTP request URL. | |
| 90400015 - This rule prevents attackers from executing arbitrary code by calling the "xp_freedll" extended stored procedure in Microsoft SQL Server. | |
| This attack can be achieved in HTTP request URL or HTTP arguments. | |
| 90400016 - This rule prevents attackers from executing arbitrary commands by requests to /search= {.exec|cmd.} in HttpFileServer 2.3.x. | |
| This attack can be achieved in HTTP request URL. | |
| 90400017 - This signature prevents attackers from executing arbitrary commands via shell metacharacters in redmine_git_hosting plugin for Redmine. This attack can be archived in HTTP request URL. | |
| 90400018 - This signature prevents attackers from executing arbitrary OGNL expressions in the Apache Roller before 5.0.2, as known as "OGNL Injection". This attack can be archived in HTTP request URL and arguments. | |
| 90400019 - This signature prevents attackers from executing arbitrary OGNL expressions in the Apache Roller before 5.0.2, as known as "OGNL Injection". This attack can be archived in HTTP request URL and arguments. | |
| 90400020 - This signature prevents attackers from executing malicious code on Horde/IMP through logged the PHP code to the logfile(3.1.7-3.3.2). This attack can be archived in HTTP request URL. | |
| 90410001 - This rule prevents attackers from padding oracle attack in hex encode. | |
| This attack can be achieved in HTTP request URL or HTTP arguments. | |
| 90410002 - This rule prevents attackers from padding oracle attack in base64 encode. | |
| This attack can be achieved in HTTP request URL or HTTP arguments. | |
| 90420001 - This rule prevents attackers from executing arbitrary commands by GNU Bash Shellshock vulnerability . | |
| This attack can be achieved in HTTP request URL , HTTP arguments. or HTTP headers. | |
| 90430001 - This signature identity WordPress XML-RPC wp.getUsersBlogs Component Brute Force authentication errors in the response bodies and generate alerts. | |
| This injection can be achieved in HTTP Response Body. | |
| 90430002 - This signature prevents attackers from injecting JavaScript into comment boxes on WordPress posts and pages. | |
| This attack can be achieved in HTTP request args. | |
| 90430003 - This signature prevents attackers from downloading arbitry file on 'admin-ajax.php' of WordPress mulitple themes . This attack can be achieved in HTTP request URL. | |
| 90430004 - This signature prevents attackers from injecting a command on TimThumb plugin for WordPress (pre v2.8.14) which leads to remote command execution (CVE-2014-4663). This attack can be achieved in HTTP request URL. | |
| 90430005 - This signature prevents attackers from exploiting WordPress (pre v4.0) via Denial of Service (CVE-2014-9034). This attack can be achieved in HTTP request args. | |
| 90430006 - This signature prevents attackers from exploiting WordPress (pre v4.0) via Denial of Service (CVE-2014-9034). This attack can be achieved in HTTP request args. | |
| 90430007 - This signature prevents attackers from exploiting WordPress using XML-RPC Pingback DDoS Attack. This attack can be achieved in HTTP request body. | |
| 90430008 - This signature prevents attackers from exploiting WordPress using XML-RPC Pingback DDoS Attack. This attack can be achieved in HTTP request body. | |
| 90430009 - This signature prevents attackers from exploiting DB Backup plugin for WordPress to gain read access to arbitray files, which can be used in certain environments to elevate privileges and execute malicious PHP code (CVE-2014-9119). This attack can be archived in HTTP request URL. | |
| 90430010 - This signature prevents attackers from exploiting DukaPress plugin before 2.5.4 for WordPress to read arbitrary files (CVE-2014-8799). This attack can be archived in HTTP request URL. | |
| 90430011 - This signature prevents attackers from exploiting RevSlider Vulnerability that leads to massive WordPress SoakSoak Compromise, which results in a large malware campaign targeting and compromising over 100,000 WordPress sites. This attack can be archived in HTTP request URL. | |
| 90430012 - This signature prevents attackers from exploiting RevSlider Vulnerability that leads to massive WordPress SoakSoak Compromise, which results in a large malware campaign targeting and compromising over 100,000 WordPress sites. This attack can be archived in HTTP request URL. | |
| 90430013 - This signature prevents attackers from exploiting WordPress Wp Symposium 14.11 by unauthenticated shell Upload. This attack can be achived in HTTP request URL, Content-Type and arguments. | |
| 90430014 - This signature prevents attackers from exploiting WordPress Wp Symposium 14.11 by unauthenticated shell Upload. This attack can be achived in HTTP request URL, Content-Type and arguments. | |
| 90430015 - This signature prevents attackers from uploading arbitrary files in WordPress Shopping Cart 3.0.4 (CVE-2014-9308). This attack can be archived in HTTP request URL and request body. | |
| 90430016 - This signature prevents attackers from uploading arbitrary files in WordPress Shopping Cart 3.0.4 (CVE-2014-9308). This attack can be archived in HTTP request URL and request body. | |
| 90430017 - This signature prevents attackers from uploading arbitrary files on WordPress Timthumb Plugin 'timthumb' Cache Directory (CVE-2011-4106). This attack can be archived in HTTP request URL. | |
| 90430018 - This signature prevents attackers from exploiting WordPress XMLRPC service by sending a large size of payload, which attempt to crash PHP involved with vulnerable glibc function 'gethostbyname()'. This attack can be archived in HTTP request url and body. | |
| 90430021 - This signature prevents attackers from injecting malicious iframe redirecting to a "203koko" website using a Fancybox-for-WordPress Plugin vulnerability. This attack can be archived in HTTP request url and arguments. | |
| 90430023 - This signature prevents attackers from reading arbitrary files by directory traversal vulnerability in the WordPress Download Shortcode plugin 0.2.3. This attack can be archived in HTTP request URL. | |
| 90430024 - This signature prevents attackers from injecting and executing PHP code via special tags in WP Super Cache and W3 Total Cache. This attack can be archived in HTTP request arguments. | |
| 90440001 - This signature detects active probes and exploits of Reflected File Download vulnerabilities. | |
| This attack can be achieved in HTTP request URL . | |
| 90450001 - This signature prevents attackers from reading arbitrary files in SysAid On-Premise (pre 14.4.2) (CVE-2014-9436). This attack can be archived in HTTP request URL. | |
| 90460001 - This signature prevents attackers from executing malicious PHP code on vBSEO, which is widely used SEO module for vBulletin (CVE-2014-9463). This attack can be archived in HTTP request arguments. | |
| 90460002 - This signature prevents attackers from deleting arbitrary files on vBulletin MicroCART 1.1.4. This attack can be archived in HTTP request arguments. | |
| 90460003 - This signature prevents attackers from deleting arbitrary files on vBulletin MicroCART 1.1.4. This attack can be archived in HTTP request arguments. | |
| 90470001 - This signature prevents attackers from exploiting Zimbra through LFI to escalate privilege(CVE-2013-7091). This attack can be archived in HTTP request URL. | |
| 100000001 - This signature checks if there is credit card leakage in pages from web server. | |
| The leakage can be achieved in HTTP response body. | |
| 110000001 - This signature checks whether the request came from a known web scanner . | |
| The signature check region: user-agent field in http requst header | |
| 110000002 - This signature checks whether the request came from a known web scanner . | |
| The signature check region: user-agent field in http requst header | |
| 110000003 - This signature checks whether the request came from a known web scanner . | |
| The signature check region: user-agent field in http requst header | |
| 110000004 - This signature checks whether the request came from a known web scanner . | |
| The signature check region: http requst header name | |
| 110000005 - This signature checks whether the request came from a known web scanner . | |
| The signature check region: user-agent field in http requst header | |
| 110000006 - This signature checks whether the request came from a known web scanner . | |
| The signature check region: user-agent field in http requst header | |
| 110000007 - This signature checks whether the request came from a known web scanner . | |
| The signature check region: Origin field in http requst header | |
| 110000008 - This signature checks whether the request came from a known web scanner . | |
| The signature check region: user-agent field in http requst header | |
| 110000009 - This signature prevents Google Skipfish scanner from exploiting a vulnerability to include an arbitrary remote file with malicious PHP code and executing it in the context of the webserver process. | |
| This attack can be achieved in HTTP request arguments. | |
| 110000010 - This signature checks whether the request came from Google Skipfish Web scanner . | |
| The signature check region: user-agent field in http requst header | |
| 110000011 - This signature checks whether the request contains a string of a content scraper, which could be a part of virus. | |
| The signature check region: user-agent field in http requst header | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment