iSID Analyst Knowledge Base

Definitions, and additional context on iSID alerts along with helpful recommendations

Category: Cyber Attack

( 538 Alerts)

SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt

This alert is triggered when detecting an attempt to exploit CVE-2013-5486 a directory traversal vulnerability in Cisco Prime Data Center Network Manager (DCNM) The Cisco Prime DCNM is a management solution for data centers. This rule is particularly looking for requests aimed to manipulate the 'chartid' parameter to gain unauthorized access to files and directories outside the intended path.

SERVER-WEBAPP Tenda W302R iwpriv remote code execution attempt

This alert is triggered when detecting an adversary attempting to exploit a remote code execution vulnerability in the Tenda W302R wireless router. Tenda W302R is a type of wireless router. This vulnerability allows an attacker to gain access and subsequently execute commands with elevated privileges on the affected device.

SERVER-WEBAPP HP Intelligent Management Center BIMS UploadServlet arbitrary file upload attempt

This alert is triggered when an adversary is attempting to exploit CVE-2013-4822 a file upload vulnerability in the HP Intelligent Management Center (IMC) BIMS UploadServlet. HP Intelligent Management Center (IMC) is an integrated management platform for IT networks. The rule checks for a specific pattern indicating malicious file upload activity. Legitimate uploads to HP IMC shouldn't be attempting to traverse directories or upload JSP files in this manner.

SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt

This alert is triggered when detecting an adversary attempt to exploit CVE-2013-4837 a directory traversal vulnerability in the HP LoadRunner, which could allow them to read arbitrary files on the server. HP LoadRunner is a software testing tool from HP. It is used to test applications and to measure system behavior, and performance under load. The rule checks for a specific pattern indicating an attempt at directory traversal, where an attacker tries to access and read files and directories that are stored outside the web root folder.

SERVER-WEBAPP Sophos Web Protection Appliance sblistpack arbitrary command execution attempt

This alert is triggered when detecting an adversary attempting to exploit CVE-2013-4983 and CVE-2013-4984 command injection vulnerabilities in the Sophos Web Protection Appliance. Sophos Web Protection Appliance is a security solution designed to filter and monitor web traffic to protect users from web-based threats.

SERVER-WEBAPP WebTester install2.php arbitrary command execution attempt

This alert is triggered when detecting an attempt to exploit a vulnerability in the WebTester application, specifically targeting the install2.php script. WebTester is an online testing and quiz system. The specific rule is designed to detect an adversary trying to exploit a command execution vulnerability in WebTester by injecting malicious commands into the installation process via malicious requests to the "install2.php" file.

SERVER-WEBAPP Tenda W302R root remote code execution attempt

This alert is triggered when detecting an adversary attempting to exploit a remote code execution vulnerability in the Tenda W302R wireless router. Tenda W302R is a type of wireless router. This vulnerability allows an attacker to gain root-level access and subsequently execute commands with elevated privileges on the affected device.

SERVER-WEBAPP HP System Management arbitrary command injection attempt

This alert is triggered when an adversary is attempting to exploit CVE-2013-3576 a command injection vulnerability in the HP System Management tool. This vulnerability allows attackers to execute arbitrary commands with the privileges of the application. HP System Management tool is a suite of utilities provided by Hewlett-Packard for server and network management.

SERVER-WEBAPP HP System Management arbitrary command injection attempt

This alert is triggered when an adversary is attempting to exploit CVE-2013-3576 a command injection vulnerability in the HP System Management tool. This vulnerability allows attackers to execute arbitrary commands with the privileges of the application. HP System Management tool is a suite of utilities provided by Hewlett-Packard for server and network management.

SERVER-WEBAPP Microsoft Office SharePoint malicious serialized viewstate evaluation attempt

This alert is triggered when an adversary is attempting to exploit the CVE-2013-1330 a vulnerability in Microsoft Office SharePoint by sending malicious serialized viewstate data for evaluation. This vulnerability allows an attacker to execute arbitrary code. SharePoint is a web-based collaboration platform that integrates with Microsoft Office.