All Vulnerabilities

Quest InTrust is prone to a remote code-execution vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application (typically Internet Explorer) using the ActiveX control. Failed exploit attempts will likely result in denial-of-service conditions.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1011587 - Microsoft Windows Server Service Tampering Vulnerability (CVE-2022-30216)


JBoss Remoting Connector Unified Invoker
1011570* - Red Hat JBoss Enterprise Application Platform Remote Code Execution Vulnerability


SolarWinds Information Service
1011586 - SolarWinds Network Performance Monitor 'DeserializeFromStrippedXml' Insecure Deserialization Vulnerability (CVE-2022-36958)


WSO2 Enterprise Integrator
1011580* - WSO2 Enterprise Integrator Cross-Site Scripting Vulnerability (CVE-2022-39810)


Web Application Common
1011588 - Dolibarr ERP And CRM Code Injection Vulnerability (CVE-2022-40871)
1011577* - Fastify Denial Of Service Vulnerability (CVE-2022-39288)
1007170* - Identified Suspicious China Chopper Webshell Communication (ATT&CK T1505.003)


Web Application PHP Based
1011574* - WordPress 'Ketchup Restaurant Reservations' Plugin Cross-Site Scripting Vulnerability (CVE-2022-2753)
1011579* - WordPress 'Litespeed' Plugin Cross-Site Scripting Vulnerability (CVE-2020-29172)
1011584 - WordPress 'WP Super Cache' Plugin Cross-Site Scripting Vulnerability (CVE-2021-24329)
1011582 - WordPress 'WPvivid Backup' Plugin Directory Traversal Vulnerability (CVE-2022-2863)


Web Server Miscellaneous
1011581* - Apache JSPWiki 'UserPreferences.jsp' Cross-Site Request Forgery Vulnerability (CVE-2022-28731)
1011572* - Vm2 Sandbox Remote Code Execution Vulnerability (CVE-2021-23449)
1011583 - XWiki Code Injection Vulnerability (CVE-2022-36100)
1011569 - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36094)
1011578 - XWiki Cross-Site Scripting Vulnerability (CVE-2022-36096)


Zoho ManageEngine
1011549* - Zoho ManageEngine Multiple Products SQL Injection Vulnerability (CVE-2022-40300)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)
1011453* - Microsoft Windows WMI Events - 1

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Apache Storm Nimbus
1011236* - Apache Storm Command Injection Vulnerability (CVE-2021-38294)


Directory Server LDAP
1011246 - Microsoft Windows Active Directory Domain Services Elevation of Privilege Vulnerability Over LDAP (CVE-2021-42278)


SolarWinds Network Performance Monitor
1011229* - SolarWinds Orion Patch Manager Insecure Deserialization Vulnerability (CVE-2021-35216)
1011221* - SolarWinds Orion Platform 'SaveUserSetting' Improper Access Control Vulnerability (CVE-2021-35213)
1011230 - SolarWinds Patch Manager 'WSAsyncExecuteTasks' Deserialization Vulnerability (CVE-2021-35217)


Web Application Common
1010423* - Primetek Primefaces Remote Code Execution Vulnerability (CVE-2017-1000486)
1011198 - Strapi Framework Remote Code Execution Vulnerability (CVE-2019-19609)


Web Server Common
1011249* - Apache Log4j Denial of Service Vulnerability (CVE-2021-45105)
1008581* - Identified Suspicious IP Addresses In XFF HTTP Header


Web Server HTTPS
1011232* - Montala Limited ResourceSpace Arbitrary File Deletion Vulnerability (CVE-2021-41950)


Web Server SharePoint
1011224* - Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2021-41344)


Web Server Squid
1011234* - Squid Proxy Multiple Denial of Service Vulnerabilities (CVE-2021-31806 and CVE-2021-31807)


Windows SMB Server
1011251 - Microsoft Windows Active Directory Domain Services Elevation of Privilege Vulnerability Over SMB (CVE-2021-42278)


Zoho ManageEngine
1011237* - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-20130)
1011248 - Zoho ManageEngine ADManager Plus Unrestricted File Upload Vulnerability (CVE-2021-37539)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1011250 - Web Server - Apache - 2

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Azure Open Management Infrastructure Tool
1011147* - Open Management Infrastructure Remote Code Execution Vulnerability (CVE-2021-38647)


Memcached
1011098* - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2390)


Suspicious Server Application Activity
1009549* - Detected Terminal Services (RDP) Server Traffic - 1 (ATT&CK T1021.001)


Web Application PHP Based
1011193 - WordPress 'iThemes Security' Plugin SQL Injection Vulnerability (CVE-2018-12636)


Web Client Common
1010806* - Identified Directory Traversal Attack In HTTP Response Headers
1011054* - Microsoft Exchange Server Remote Code Execution Vulnerability (CVE-2021-31206)


Web Server Apache
1011183* - Apache HTTP Server Server-Side Request Forgery Vulnerability (CVE-2021-40438)


Web Server HTTPS
1011196 - ACME mini_httpd Server Arbitrary File Read Vulnerability (CVE-2018-18778)
1011190 - Centreon 'ProceduresProxy.class.php' SQL Injection Vulnerability (CVE-2021-37558)


Web Server Nagios
1011191* - Nagios XI Arbitrary File Upload Vulnerability (CVE-2021-40344)


Zoho ManageEngine
1011188* - Zoho ManageEngine OpManager 'getReportData' SQL Injection Vulnerability (CVE-2021-41288)


Zoho ManageEngine ADSelfService Plus
1011194 - Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability (CVE-2021-40539)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1010002* - Microsoft PowerShell Command Execution (ATT&CK T1059.001)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Memcached
1011097* - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2389)
1011098 - Oracle MySQL Integer Underflow Vulnerability (CVE-2021-2390)


Web Client Common
1011127* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB21-55) - 2
1011185 - Chromium V8 Out Of Bounds Write Vulnerability (CVE-2021-30632)
1010207* - Microsoft Windows Multiple Type1 Font Parsing Remote Code Execution Vulnerabilities (CVE-2020-1020 and CVE-2020-0938)


Web Server HTTPS
1011100* - WordPress 'WooCommerce Blocks' Plugin SQL Injection Vulnerability (CVE-2021-32789)


Web Server Miscellaneous
1011177* - Atlassian Confluence Server Arbitrary File Read Vulnerability (CVE-2021-26085)
1011179* - Atlassian Jira Path Traversal Vulnerability (CVE-2021-26086)
1011163* - Spring Boot Actuator Directory Traversal Vulnerability (CVE-2021-21234)


Web Server Nagios
1011191 - Nagios XI Arbitrary File Upload Vulnerability (CVE-2021-40344)


Web Server Squid
1011159* - Squid HTTP Request Smuggling Vulnerability (CVE-2019-18678)


Zoho ManageEngine
1011188 - Zoho ManageEngine OpManager 'getReportData' SQL Injection Vulnerability (CVE-2021-41288)


Integrity Monitoring Rules:

1002786* - Microsoft Windows - Microsoft hotfixes registry keys modified (ATT&CK T1112)


Log Inspection Rules:

1004488* - Database Server - Microsoft SQL
1010595* - Microsoft LDAP Query Execution

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Port Mapper Windows
1001033* - Windows Port Mapper Decoder


Windows SMB Server
1011018 - Identified DCERPC AddPrinterDriverEx Call Over SMB Protocol


Windows Services RPC Server DCERPC
1011016 - Identified DCERPC AddPrinterDriverEx Call Over TCP Protocol


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

1011017 - Microsoft Windows - Print Spooler Failed Loading Plugin Module (PrintNightmare)

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

DCERPC Services
1009579 - Microsoft Windows SMB Information Disclosure Vulnerability (CVE-2019-0703)


Web Application Common
1009540 - Red Hat Ceph Storage Debug Shell Remote Command Injection (CVE-2018-14649)


Web Application PHP Based
1009545 - PHP 'phar_tar_writeheaders()' Function Stack Buffer Overflow Vulnerability (CVE-2016-2554)


Web Client Common
1009266 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 11
1009212* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 5
1009322 - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2018-8392)
1009428* - Microsoft Outlook Remote Code Execution Vulnerability (CVE-2018-8587)
1009475 - Microsoft Windows Data Sharing Service Elevation Of Privilege Vulnerability (CVE-2019-0571)
1009294 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8396)
1009486 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8595)
1009571 - Microsoft Windows Multiple Information Disclosure Vulnerabilities (March 2019)
1009576 - Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0666)
1009583 - Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2019-0797)
1009582 - Microsoft Windows Win32k Elevation Of Privilege Vulnerability (CVE-2019-0808)
1009554 - RARLAB WinRAR ACE Remote Code Execution Vulnerability (CVE-2018-20250)


Web Client Internet Explorer/Edge
1009415* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8629)
1009577 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0592)
1009574 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0639)
1009564 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0769)
1009565 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0770)
1009566 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0771)
1009567 - Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0773)
1009573 - Microsoft Edge Security Feature Bypass Vulnerability (CVE-2019-0612)
1009575 - Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-0609)
1009414* - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8631)
1009568 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2019-0763)
1009569 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-0680)
1009570 - Microsoft Internet Explorer Security Feature Bypass Vulnerability (CVE-2019-0768)
1009371* - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8552)
1009563 - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0665)
1009578 - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0667)


Web Server SharePoint
1009535 - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0604)


Integrity Monitoring Rules:

1009434 - Kubernetes Cluster Node


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Client Common
1009572 - Google Chrome FileReader Use-After-Free Vulnerability (CVE-2019-5786)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Application Common
1009477 - Identified Sensepost Ruler Traffic
1009457* - Jenkins CI Server XStream Insecure Deserialization Vulnerability (CVE-2016-0792)
1009496* - Microsoft Exchange Server Multiple Elevation Of Privilege Vulnerabilities
1009553 - Sonatype Nexus Repository Manager Remote Code Execution Vulnerability (CVE-2019-7238)


Web Client Common
1009495 - LibTIFF Arbitrary Sized JBIG Decoding Denial Of Service Vulnerability (CVE-2018-18557)


Web Server SharePoint
1009534 - Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0594)


Windows Services RPC Server DCERPC
1009478* - Identified Remote Service Creation Over DCE/RPC Protocol


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.

* indicates a new version of an existing rule

Deep Packet Inspection Rules:

Web Application Common
1009496* - Microsoft Exchange Server Elevation Of Privilege Vulnerability (CVE-2018-8581)


Web Client Common
1009536 - Adobe Acrobat And Reader Information Disclosure Vulnerability (CVE-2019-7815)


Integrity Monitoring Rules:

There are no new or updated Integrity Monitoring Rules in this Security Update.


Log Inspection Rules:

There are no new or updated Log Inspection Rules in this Security Update.