This alert is triggered when detecting an adversary attempting to exploit CVE-2013-4983 and CVE-2013-4984 command injection vulnerabilities in the Sophos Web Protection Appliance. Sophos Web Protection Appliance is a security solution designed to filter and monitor web traffic to protect users from web-based threats.

• Cyber Attack
• Server-Webapp

This alert is triggered when an adversary is attempting to exploit the CVE-2013-1330 a vulnerability in Microsoft Office SharePoint by sending malicious serialized viewstate data for evaluation. This vulnerability allows an attacker to execute arbitrary code. SharePoint is a web-based collaboration platform that integrates with Microsoft Office.

• Cyber Attack
• Server-Webapp

This alert is triggered when an adversary is attempting to exploit CVE-2013-3576 a command injection vulnerability in the HP System Management tool. This vulnerability allows attackers to execute arbitrary commands with the privileges of the application. HP System Management tool is a suite of utilities provided by Hewlett-Packard for server and network management.

• Cyber Attack
• Server-Webapp

This alert is triggered when an adversary is attempting to exploit CVE-2013-3576 a command injection vulnerability in the HP System Management tool. This vulnerability allows attackers to execute arbitrary commands with the privileges of the application. HP System Management tool is a suite of utilities provided by Hewlett-Packard for server and network management.

• Cyber Attack
• Server-Webapp

This alert is triggered when detecting an access attempt to the HP OpenView Operations Agent. HP OpenView Operations Agent is a component of the HP OpenView suite that offers centralized monitoring and management of IT environments. The rule specifically checks for requests to the "/Hewlett-Packard/OpenView/Coda" URI, which is related to the OpenView Operations Agent. This alert may be triggered when an adversary is attempting to exploit known vulnerabilities in the HP OpenView Operations Agent, such as CVE-2012-2019 and CVE-2012-2020.

• Cyber Attack
• Server-Webapp

This alert is designed to detect an attempt to exploit a command execution vulnerability in SAP systems using the ConfigServlet. The rule is specifically searching for network traffic directed at port 50000 (often used by SAP applications) containing a specific sequence of URI patterns indicating a possible attack.

• Cyber Attack
• Server-Webapp

This alert is triggered when an adversary is attempting to exploit a remote command execution vulnerability in the HTTP server (httpd) of the DD-WRT firmware for wireless routers. DD-WRT is an open-source Linux-based firmware for wireless routers, and its HTTP server is used for its web-based configuration interface.

• Cyber Attack
• Server-Webapp

This alert is triggered when detecting an access attempt to the JBoss JMX console. The JBoss JMX (Java Management Extensions) console is a web-based interface used for managing and monitoring JBoss Application Server resources. The rule checks for access attempts to the /jmx-console/ URI, which indicates an effort to access this management console. This alert may be triggered when an adversary is attempting to exploit known vulnerabilities in the JBoss JMX, such as CVE-2007-1036 and CVE-2013-2185. These vulnerabilities can allow unauthorized remote code execution and administrative access.

• Cyber Attack
• Server-Webapp

This alert is triggered when detecting an attempt to access the admin console of a JBoss application server. The JBoss admin console is a web-based interface used for managing and configuring JBoss Application Server resources. This alert may be triggered when an adversary is attempting to exploit known vulnerabilities in the JBoss admin console, such as CVE-2007-1036 and CVE-2013-2185. These vulnerabilities can allow unauthorized remote code execution and administrative access.

• Cyber Attack
• Server-Webapp

This alert is triggered when detecting specific content indicative of an attempt to exploit CVE-2009-2011 a vulnerability in Worldweaver DX Studio Player. Worldweaver DX Studio Player is a multimedia application that's used for creating interactive 3D web applications. The rule is detecting an attempt to exploit a known vulnerability in the application that enables command execution via the shell.execute command.

• Cyber Attack
• Server-Webapp