This alert is triggered when detecting an attempt to exploit CVE-2013-5486 a directory traversal vulnerability in Cisco Prime Data Center Network Manager (DCNM). The Cisco Prime DCNM is a management solution for data centers. This rule is particularly looking for signs of an attacker trying to manipulate the fileUpload URI and upload files to unintended directories, potentially aiming to overwrite system files or place malicious scripts on the server.

• Cyber Attack
• Server-Webapp

This alert is triggered when detecting an attempt to exploit CVE-2013-5486 a directory traversal vulnerability in Cisco Prime Data Center Network Manager (DCNM). The Cisco Prime DCNM is a management solution for data centers. This rule is particularly looking for signs of an attacker trying to manipulate the fileUpload URI and upload files to unintended directories, potentially aiming to overwrite system files or place malicious scripts on the server.

• Cyber Attack
• Server-Webapp

This alert is triggered when detecting an attempt to exploit CVE-2013-5486 a directory traversal vulnerability in Cisco Prime Data Center Network Manager (DCNM) The Cisco Prime DCNM is a management solution for data centers. This rule is particularly looking for requests aimed to manipulate the 'chartid' parameter to gain unauthorized access to files and directories outside the intended path.

• Cyber Attack
• Server-Webapp

This alert is triggered when detecting an attempt to exploit CVE-2013-5486 a directory traversal vulnerability in Cisco Prime Data Center Network Manager (DCNM) The Cisco Prime DCNM is a management solution for data centers. This rule is particularly looking for requests aimed to manipulate the 'chartid' parameter to gain unauthorized access to files and directories outside the intended path.

• Cyber Attack
• Server-Webapp

This alert is triggered when detecting an attempt to exploit a directory traversal vulnerability in Zimbra Collaboration Suite, to potentially extract sensitive configuration details. Zimbra Collaboration Suite is an open-source email, calendaring, and collaboration software. This rule is particularly looking for requests aimed at retrieving the localconfig.xml file by exploiting a path traversal vulnerability. This XML file can potentially contain sensitive configuration details.

• Cyber Attack
• Server-Webapp

This alert is triggered when detecting an adversary attempt to exploit CVE-2013-4837 a directory traversal vulnerability in the HP LoadRunner, which could allow them to read arbitrary files on the server. HP LoadRunner is a software testing tool from HP. It is used to test applications and to measure system behavior, and performance under load. The rule checks for a specific pattern indicating an attempt at directory traversal, where an attacker tries to access and read files and directories that are stored outside the web root folder.

• Cyber Attack
• Server-Webapp

This alert is triggered when an adversary is attempting to exploit CVE-2013-4822 a file upload vulnerability in the HP Intelligent Management Center (IMC) BIMS UploadServlet. HP Intelligent Management Center (IMC) is an integrated management platform for IT networks. The rule checks for a specific pattern indicating malicious file upload activity. Legitimate uploads to HP IMC shouldn't be attempting to traverse directories or upload JSP files in this manner.

• Cyber Attack
• Server-Webapp

This alert is triggered when detecting an adversary attempting to exploit a remote code execution vulnerability in the Tenda W302R wireless router. Tenda W302R is a type of wireless router. This vulnerability allows an attacker to gain access and subsequently execute commands with elevated privileges on the affected device.

• Cyber Attack
• Server-Webapp

This alert is triggered when detecting an adversary attempting to exploit a remote code execution vulnerability in the Tenda W302R wireless router. Tenda W302R is a type of wireless router. This vulnerability allows an attacker to gain root-level access and subsequently execute commands with elevated privileges on the affected device.

• Cyber Attack
• Server-Webapp

This alert is triggered when detecting an attempt to exploit a vulnerability in the WebTester application, specifically targeting the install2.php script. WebTester is an online testing and quiz system. The specific rule is designed to detect an adversary trying to exploit a command execution vulnerability in WebTester by injecting malicious commands into the installation process via malicious requests to the "install2.php" file.

• Cyber Attack
• Server-Webapp