iSID Analyst Knowledge Base

Definitions, and additional context on iSID alerts along with helpful recommendations

SERVER-WEBAPP Tenda W302R root remote code execution attempt

This alert is triggered when detecting an adversary attempting to exploit a remote code execution vulnerability in the Tenda W302R wireless router. Tenda W302R is a type of wireless router. This vulnerability allows an attacker to gain root-level access and subsequently execute commands with elevated privileges on the affected device.

SERVER-WEBAPP WebTester install2.php arbitrary command execution attempt

This alert is triggered when detecting an attempt to exploit a vulnerability in the WebTester application, specifically targeting the install2.php script. WebTester is an online testing and quiz system. The specific rule is designed to detect an adversary trying to exploit a command execution vulnerability in WebTester by injecting malicious commands into the installation process via malicious requests to the "install2.php" file.

SERVER-WEBAPP Sophos Web Protection Appliance sblistpack arbitrary command execution attempt

This alert is triggered when detecting an adversary attempting to exploit CVE-2013-4983 and CVE-2013-4984 command injection vulnerabilities in the Sophos Web Protection Appliance. Sophos Web Protection Appliance is a security solution designed to filter and monitor web traffic to protect users from web-based threats.

SERVER-WEBAPP Microsoft Office SharePoint malicious serialized viewstate evaluation attempt

This alert is triggered when an adversary is attempting to exploit the CVE-2013-1330 a vulnerability in Microsoft Office SharePoint by sending malicious serialized viewstate data for evaluation. This vulnerability allows an attacker to execute arbitrary code. SharePoint is a web-based collaboration platform that integrates with Microsoft Office.

SERVER-WEBAPP HP System Management arbitrary command injection attempt

This alert is triggered when an adversary is attempting to exploit CVE-2013-3576 a command injection vulnerability in the HP System Management tool. This vulnerability allows attackers to execute arbitrary commands with the privileges of the application. HP System Management tool is a suite of utilities provided by Hewlett-Packard for server and network management.