IPS Signature Database Update
| Name | ips.sig | |||
| Version | 2.1.602 | |||
| StoneOS | StoneOS 5.0R4F3.1 or above | |||
| Release Date | 2025-04-14 | |||
| New Signature (31) |
Rule ID | Rule Name | StonesOS | Detail |
| 105410 | Ransomware Activity: Ransomware/Cerber Onion Domain Lookup | 5.5R5 or above | click for more information | |
| 338785 | GLPI Pre-Auth SQL Injection Vulnerability (CVE-2025-24799) | 5.5R5 or above | click for more information | |
| 338787 | Wangkang NS-ASG API index.php Remote Command Execution Vulnerability | 5.5R5 or above | click for more information | |
| 331094 | PHPMailer mail escapeshellarg Command Injection Vulnerability (CVE-2016-10045) | 5.5R5 or above | click for more information | |
| 338784 | KUBERNETES INGRESS-NGINX Remote Command Execution Vulnerability (CVE-2025-1974) | 5.5R5 or above | click for more information | |
| 105393 | Ransomware Activity: DNS Query to Cerber Domain | 5.5R5 or above | click for more information | |
| 105391 | Ransomware Activity: CryptoWall .onion Proxy Domain (7oqnsnzwwnm6zb7y) | 5.5R5 or above | click for more information | |
| 332585 | Ransomware Activity: Jaff Ransomware Checkin | 5.5R5 or above | click for more information | |
| 338791 | Fumasoft System API LicManage SQL Injection Vulnerability | 5.5R5 or above | click for more information | |
| 105396 | Ransomware Activity: Ransomware Locky .onion Payment Domain (mphtadhci5mrdlju) | 5.5R5 or above | click for more information | |
| 105394 | Ransomware Activity: DNS Query to Cerber Domain | 5.5R5 or above | click for more information | |
| 105401 | Ransomware Activity: DNS Query to Cerber Domain | 5.5R5 or above | click for more information | |
| 332598 | Ransomware Activity: HTML/Xbash Hex Encoded PS WebClient Object Inbound - Stage 1 | 5.5R5 or above | click for more information | |
| 105392 | Ransomware Activity: TeslaCrypt/AlphaCrypt Variant .onion Proxy Domain | 5.5R5 or above | click for more information | |
| 105390 | Ransomware Activity: Ransomware/Cerber Onion Domain Lookup | 5.5R5 or above | click for more information | |
| 338790 | Huhui API ServicePage.aspx Arbitrary File Read Vulnerability | 5.0R4 or above | click for more information | |
| 332605 | Trojan Activity: StealerNeko CnC Checkin | 5.5R5 or above | click for more information | |
| 105408 | Ransomware Activity: Xbash CnC DNS Lookup | 5.5R5 or above | click for more information | |
| 338786 | Ganglia Web Interface Cross Site Scripting Vulnerability (CVE-2024-52762) | 5.5R5 or above | click for more information | |
| 105399 | Ransomware Activity: ABUSE.CH Domain Detected (Locky C2) | 5.5R5 or above | click for more information | |
| ...... | ||||
| Updated Signature (42) |
Rule ID | Rule Name | StonesOS | Detail |
| 333537 | Nagios XI ajaxhelper Command Injection Vulnerability (CVE-2020-15901) | 5.0R4 or above | Click here for more information | |
| 331206 | Mida Solutions eFramework ajaxreq.php Command Injection Vulnerability (CVE-2020-15920) | 5.5R5 or above | Click here for more information | |
| 334007 | Advantech iView runProViewUpgrade Handling Remote Command Injection Vulnerability (CVE-2021-32930) | 5.5R5 or above | Click here for more information | |
| 332481 | Nagios3 statuswml.cgi Ping Command Execution Vulnerability (CVE-2009-2288) | 5.5R5 or above | Click here for more information | |
| 333972 | Jenkins Repository Connector Plugin Stored Cross Site Scripting Vulnerability (CVE-2021-21618) | 5.5R5 or above | Click here for more information | |
| 331710 | FlexDotnetCMS Arbitrary ASP File Upload Vulnerability (CVE-2020-27386) | 5.0R4 or above | Click here for more information | |
| 333384 | SaltOS Erp Crm 3.1 r8126 SQL Injection Vulnerability (CVE-2018-18763) | 5.5R5 or above | Click here for more information | |
| 334183 | Nagios XI Deploy Dashboards Stored Cross Site Scripting Vulnerability (CVE-2020-27989) | 5.5R5 or above | Click here for more information | |
| 332465 | Moodle TeX Stored XSS Vulnerability (CVE-2021-20186) | 5.5R5 or above | Click here for more information | |
| 334221 | Centreon HostGroupDependency.php Dep_id SQL Injection Vulnerability | 5.5R5 or above | Click here for more information | |
| 331425 | FireEye Red Team Tool Backdoor CSBundle USAToday GET | 5.5R5 or above | Click here for more information | |
| 334068 | Joomla Core Cross Site Scripting Vulnerability (CVE-2021-26030) | 5.5R5 or above | Click here for more information | |
| 333961 | Jenkins Build With Parameters Plugin Stored Cross Site Scripting Vulnerability (CVE-2021-21628) | 5.5R5 or above | Click here for more information | |
| 332487 | Matt Wright guestbook.pl Arbitrary Command Execution Vulnerability (CVE-1999-1053) | 5.0R4 or above | Click here for more information | |
| 333925 | Moodle 3.10 Spellchecker Plugin Command Execution Vulnerability (CVE-2021-21809) | 5.5R5 or above | Click here for more information | |
| 330958 | Indexhibit Cms v2.1.5 Getshell Vulnerability (CVE-2019-8954) | 5.5R5 or above | Click here for more information | |
| 333964 | Jenkins Config File Provider Plugin External Entity Injection Vulnerability (CVE-2021-21642) | 5.0R4 or above | Click here for more information | |
| 331331 | Active Collab chat module Remote PHP Code Injection Exploit Vulnerability (CVE-2012-6554) | 5.5R5 or above | Click here for more information | |
| 333974 | Jenkins Scriptler Plugin Script Content Stored Cross Site Scripting Vulnerability (CVE-2021-21668) | 5.5R5 or above | Click here for more information | |
| 334181 | Nagios XI Account main.php Stored Cross Site Scripting Vulnerability (CVE-2020-10821) | 5.5R5 or above | Click here for more information | |
| ...... | ||||