Security Details


Essential App Protect Detection Events

There are three types of detection events in Essential App Protect: Threat Campaigns, Malicious IP, and High-risk Mitigation.

Threat Campaigns

Threat Campaign detected: The system examines the HTTP message for known threat campaigns by matching it against known attack patterns. HTTPS requests are blocked or reported, depending on the configuration, if they are found to belong to an active, known Threat Campaign.

Malicious IP

Access from malicious IP address: The IP Intelligence database checks every source IP address against a dynamic deny list, that is continuously being updated. It can identify IP addresses associated with high risk, such as anonymous proxies, Tor proxies, phishing proxies, botnets, and scanners. More information about different Malicious IP Categories is shown below. blacklist

Risk: Accepting traffic coming from these source IP addresses may result in a successful attack.

Examples: There is a use case for each category; here are two examples.

  • Example 1: For many websites, the chances that good traffic is coming from a Tor exit node are close to zero.
  • Example 2: To deny access from source IP addresses that are serving as phishing proxies. If you own a forum then you may want to deny access from web spammers.

High-Risk Attack Mitigation

Category Name Description
Access from disallowed Geolocation

The system checks whether users are accessing the web application from allowed geographical locations, or from disallowed geographical locations, according to the security policy.

Risk: Prevents illegal access from disallowed geographical locations.

Examples: Ensures that web applications are to be accessed by users from certain geographical locations.

Attack signature detected

The system examines the HTTP message for known attacks by matching it against known attack patterns. The attack categories that can be detected are:

  • Cross Site Scripting (XSS)
  • SQL-Injection
  • Command Execution
  • Server Side Code
  • Injection, LDAP Injection
  • XPath Injection…

If you see an attack pattern that matches multiple requests from multiple IP addresses, consider disabling it as it may be a false positive. Signatures in staging are in Alarm only mode. There are multiple overlapping signatures for the same attacks, so in case you need to disable a signature, you still get protection.

Bad WebSocket handshake request

The system checks that the WebSocket opening handshake complies with the WebSocket RFC.

Risk: By deviating from the standard, an attacker can take advantage of WebSocket stack vulnerabilities and cause unauthorized access to the WebSocket subsystem - enabling data leakage and denial of service.

Examples: By sending an obsolete WebSocket protocol version, the stack can be exposed to vulnerabilities present in draft versions of the WebSocket RFC.

Data Guard: Information leakage detected

The system examines responses and searches for sensitive information.

Risk: Information leakage can occur due to server misconfiguration, improper application design, SQL injection, and other attacks.

Examples: Use this check to prevent sensitive information leakage.

Disallowed file upload content detected

The system checks that the file upload content is not a binary executable file format.

Risk: An attempt to upload an executable file may be an indication of a Trojan, virus, backdoor/shell attack, or other server compromise.

Examples: After successfully uploading malicious code to the web server, the attacker runs the program to gain remote access to the server or spread malware to other users of the application.

Evasion technique detected

This category contains a list of evasion techniques that attackers use to bypass detection.

Failure in Websocket framing protocol

The system checks that the WebSocket frames are well-formed and that the frames pertaining to the same message arrive contiguously, complying with the WebSocket RFC.

Risk: By deviating from the standard, an attacker can take advantage of WebSocket stack vulnerabilities and cause denial of service and the execution of disallowed code.

Examples: By sending a reserved opcode in the frame, the attacker may invoke unexpected behavior in the WebSocket stack, that in turn may grant access to privileged resources.

HTTP protocol compliance failed

This category contains a list of validation checks that the system performs on HTTP requests to ensure that the requests are formatted properly.

Sub-violations:

  • Bad HTTP version - The system examines the requests to verify that the client requests are using HTTP protocol version 1.0 or higher.
  • Null in request - The system examines the request for the presence of any NULL character (except for a NULL in the binary part of a multipart request).
  • Unparseable request content - The system examines requests for content that cannot be parsed.
  • Multiple host headers - The system examines requests to ensure that they contain only a single “Host” header.
  • No Host header in HTTP/1.1 request - The system examines requests sent by a client using the HTTP version 1.1 protocol to see if it contains a Host header. This is required per RFC 2616 - Hypertext Transfer Protocol – HTTP/1.1.

Risk: Various attacks can be launched over non-standard HTTP requests, for example, response splitting, buffer overflows, and denial of service.

Illegal file type

The system checks that the requested file type is configured as a valid file type, or not configured as an invalid file type, within the security policy.

Risk: Prevents forceful browsing and access to sensitive files.

Examples: Allowing files of the type ‘.php’, or blocking files of the type ‘.exe’. By enforcing the legal file types that the application is using, it is possible to prevent access to operating system files, default installation files, and other files that may reside on the server and contain sensitive information.

Illegal HTTP status in response

The server response contains an HTTP status code that is not defined as valid in the security policy.

Risk: Attackers take advantage of web servers’ error responses to gain information on the underlying infrastructure.

Examples: Prevents information leakage and hides web server errors. Essential App Protect can block responses by their HTTP status code. This can be used to stop the viewing of potentially sensitive error pages.

Illegal metacharacter in header

The system checks that the values of all headers within the request only contain meta characters defined as allowed in the security policy.

Risk: Illegal header. Prevents many attacks, for example, SQL Injection and XSS.

Examples: Send ‘<script (malicious JavaScript here)’. Essential App Protect can stop this request by configuring the ‘<’ as an illegal character within a header. Note: Due to the nature of the traffic, it is very common to see almost all metacharacters in headers, so configure this detection event’s settings carefully.

Illegal metacharacter in parameter name

The system checks that all parameter names within the incoming request only contain meta characters defined as allowed in the security policy.

Risk: Meta characters can be used to execute many attacks, for example XSS, SQL injection, and command injection.

Examples: Essential App Protect can block a request after identifying the character ‘<’ which can be used in a cross site scripting attack.

Illegal metacharacter in URL

The system checks that the incoming request includes a URL that contains only meta characters defined as allowed in the security policy. Enforces a desired set of acceptable characters.

Risk: Meta characters can be used to execute many attacks, for example, XSS, SQL injection, and command injection.

Examples: Essential App Protect can block a request after identifying the character ‘<’ which can be used in a cross site scripting attack.

Illegal metacharacter in value

The system checks that all parameter values, XML element/attribute values, or JSON values within the request only contain meta characters defined as allowed in the security policy. Enforces proper input values.

Risk: Illegal value for user-input. Prevents many attacks, for example, SQL Injection and XSS.

Examples: Send ‘<script> (malicious JavaScript here)’ within a parameter, XML or JSON input value. Essential App Protect can stop this request by configuring the ‘<’ as an illegal character within the value. In case the meta-character is valid, other ways to mitigate these attacks include restricting the length of the input, and applying attack patterns.

Illegal method

The system checks that the request references an HTTP request method that is found in the security policy. Enforces desired HTTP methods; GET and POST are always allowed.

Risk: Attacks and problem that can be avoided:
  • Deleted files from the web server by using the DELETE method.
  • The use of other methods in some cases can lead to information leakage, a compromised server, and data manipulation.
Examples:
  • Using the OPTIONS method on web servers can expose all methods which the web server supports.
  • Using the DELETE method can delete files on the web server. However, in some cases, the use of this method is important for the proper functionality of the web application.
IP is denylisted

The detection event is issued when a request comes from an IP address that falls in the range of an IP address exception marked for “always blocking”, that is, the deny list of IPs. blacklist

Risk: IP addresses are denylisted when they are found to belong to attackers that may compromise the application in diverse ways.

Malformed JSON data

The system checks that the request contains JSON content that is well-formed. Enforces parsable JSON requests.

Risk: Sending a request which the web application was not expecting to handle can result in various attacks, like denial of service.

Malformed XML data

The system checks that the request contains XML data that is well-formed, according to W3C standards. Enforces proper XML requests.

Risk: Sending a document which the application was not expecting to handle can result in various attacks, like denial of service.

Note: When a validation file such as a schema is enforced, and the document is malformed, this detection event may not be triggered. Therefore it is not recommended to turn off the ‘XML data does not comply with schema or WSDL document’ detection event when a validation file is used.

Modified Essential cookie

Risks: Illegal cookie. Prevents using other users’ credentials to access the web site. Provides session hijacking mitigation.

Examples: If there are no false positives, this detection event should never happen, and if it does, it means that this is an attack. Null character found in WebSocket text message.

Null character found in WebSocket text message

The detection event is issued if a null character is found in a textual message payload.

Risks: There is a broad range of attacks that can use null byte injection, like OS command injection, directory traversal, and SQL injection.

Request length exceeds defined buffer size

The system checks that the request length is not larger than the maximum memory buffer size in Essential App Protect. Note that this is an internal parameter that protects Essential App Protect from consuming too much memory across all security policies which are active on the device.

Risk: Depletion of BIG-IP resources leaving the application unprotected.

Examples: By default, this limit is set to 10 megabytes. In case a website receives large file uploads, consider raising this limit by changing the parameter long_request_buffer_size on the Advanced Configuration screen. F5 recommends consulting with support before modifying advanced options.


Malicious IP Categories

Malicious IP Categories shows various ways Essential App Protect determines that an IP address is malicious. The Access from malicious IP address detection event occurs when your protected application receives a request from an IP address that falls into one or more of the categories listed below.

Category Name Description
Anonymous Proxy IP addresses that are associated with web proxies that shield the originator’s IP address (such as proxy and anonymization services). This category also includes TOR anonymizer addresses.
Botnets IP addresses of computers that are infected with malicious software (Botnet Command and Control channels, and infected zombie machines) and are controlled as a group by a Bot master, and are now part of a botnet. Hackers can exploit botnets to send spam messages, launch various attacks, or cause target systems to behave in other unpredictable ways.
Cloud-based Services  
Cloud Provider Networks IP addresses and networks that belong to cloud providers, which offer services hosted on their servers via the internet.
Denial-of-Service IP addresses that have launched denial-of-service (DoS) attacks, distributed denial-of-service (DDoS) attacks, anomalous SYN flood attacks, or anomalous traffic detection. These attacks are usually requests for legitimate services, but occur at such a fast rate that targeted systems cannot respond quickly enough and become bogged down or unable to service legitimate clients.
Illegal Websites IP addresses that contain criminally obscene or potentially criminal internet copyright and intellectual property violations.
Infected Sources Active IP addresses that issue HTTP requests with a low reputation index score, or that are known malicious web sites offering or distributing malware, shell code, rootkits, worms, or viruses.
Mobile Threats IP addresses of malicious and unwanted mobile applications.
Phishing Proxies IP addresses that host phishing sites, and other kinds of fraud activities, such as ad click fraud or gaming fraud.
Scanners IP addresses that are involved in reconnaissance, such as probes, host scan, domain scan, and password brute force, typically to identify vulnerabilities for later exploits.
Spam Sources IP addresses that are known to distribute large amounts of spam email by tunneling spam messages through proxy, anomalous SMTP activities, and forum spam activities.
Tor Proxies IP addresses acting as exit nodes for the Tor Network. Exit nodes are the last point along the proxy chain and make a direct connection to the originator’s intended destination.
Web Attacks IP addresses involved in cross site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute force.
Windows Exploits Active IP addresses that have exercised various exploits against Windows resources by offering or distributing malware, shell code, rootkits, worms, or viruses using browsers, programs, downloaded files, scripts, or operating system vulnerabilities.

Attack Types

Attack types the rules or patterns that identify attacks or classes of attacks on a web application and its components. Essential App Protect compares patterns in the attack signatures against the contents of requests and responses looking for potential attacks. Some of the signatures are designed to protect specific operating systems, web servers, databases, frameworks or applications.

Attack Type Description
Abuse of Functionality Uses a web site’s own features and functionality to consume, defraud, or circumvent the application’s access control mechanisms.
Authentication/Authorization Attacks Targets a web site’s method of validating the identity of a user, service or application. Authorization attacks target a web site’s method of determining if a user, service, or application has the necessary permissions to perform a requested action.
Buffer Overflow Alters the flow on an application by overwriting parts of memory. An attacker could trigger a buffer overflow by sending a large amount of unexpected data to a vulnerable component of the web server.
Command Execution Occurs when an attacker manipulates the data in a user-input field, by submitting commands that could alter the web page content or web application by running a shell command on a remote server to reveal sensitive data-for example, a list of users on a server.
Cross-site Scripting (XSS) Forces a web site to echo attacker-supplied executable code, which loads in a user’s browser.
Denial of Service Overwhelms system resources to prevent a web site from serving normal user activity.
Detection Evasion Attempts to disguise or hide an attack to avoid detection by an attack signature.
Directory Indexing Involves a web server function that lists all of the files within a requested directory if the normal base file is not present.
HTTP Response Splitting Pertains to an attempt to deliver a malicious response payload to an application user.
Information Leakage Occurs when a web site reveals sensitive data, such as developer comments or error messages, which may aid an attacker in exploiting the system.
LDAP Injection Concerns an attempt to exploit web sites that construct LDAP statements from user-supplied input.
Non-browser Client Relates to an attempt by automated client access to obtain sensitive information. HTML comments, error messages, source code, or accessible files may contain sensitive information.
Other Application Attacks Represents attacks that do not fit into the more explicit attack classifications, including email injection, HTTP header injection, attempts to access local files, potential worm attacks, CDATA injection, and session fixation.
Path Traversal Forces access to files, directories, and commands that potentially reside outside the web document root directory.
Predictable Resource Location Attempts to uncover hidden web site content and functionality.
Remote File Include Occurs as a result of unclassified application attacks such as when applications use parameters to pass URLs between pages.
Server Side Code Injection Attempts to exploit the server and allow an attacker to send code to a web application, which the web server runs locally.
SQL-Injection Attempts to exploit web sites that construct SQL statements from user-supplied input.
Trojan/Backdoor/Spyware Tries to circumvent a web server’s or web application’s built-in security by masking the attack within a legitimate communication. For example, an attacker may include an attack in an email or Microsoft Word document, and when a user opens the email or document, the attack starts.
Vulnerability Scan Uses an automated security program to probe a web application for software vulnerabilities.
XPath Injection Occurs when an attempt is made to inject XPath queries into the vulnerable web application.

Attack Signatures

Attack signatures are rules or patterns that identify attack sequences or classes of attacks on a web application and its components. Attack signatures can apply to both requests and responses. F5 releases a new attack signature updates on a regular basis. An attack signature update includes new attack signatures as well as enhancements to existing attack signatures. Attack signature updates are cumulative; each update provides the latest signatures and all signatures from the previous updates. Updating the attack signatures also provides any revisions to existing attack signatures.

The table below lists the attack signatures used with Essential App Protect. This list is updated regularly with both new signatures and updates to old signatures, if required.

The Signature ID column shows the unique ID for the signature, and can be used where a signature id is required in the Portal or through the API. The other columns give various information about the attack signature.

To find a particular signature or a group of signatures, enter a search string into the Search Filter below and press the Enter/Return key or click the Filter Signatures button. For example, entering “vbscript” will reduce the table to only those entries that reference “vbscript”, and is a quick way to see only Visual Basic Script related attack types. Similarly, if you’re looking for signature id 200101375, you can simply enter “1375” (part of the id) to quickly find the attack signature. Note that this is a large table, so response time will vary depending on your system.

 

Signature ID Name Attack Type Risk At-risk Systems Security References Last Updated
200002195 SQL-INJ sysoledbusers SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003117 "pkill" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200009157 PHP source code leakage (10) Information Leakage 2 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200020169 Java code injection - JNDIConnectionSource (2) (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-17531 2020/02/02
18:42:51
200001368 .ShellExecute (Parameter) Cross Site Scripting (XSS) 3 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/12/23
12:26:07
200001946 onTabShow (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101540 [].find() (URI) Cross Site Scripting (XSS) 3 All systems 2018/03/20
13:54:15
200002196 SQL-INJ sysremotelogins SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002293 SQL-INJ "*_id()" sql functions (Headers) SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/06/06
13:37:33
200019107 Malicious program ( /lol.php ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200002662 SQL-INJ pg_database (Parameter) SQL-Injection 3 PostgreSQL http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200004599 Python code injection - os.fchdir (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200004822 Java code injection - jmx.StatisticsService (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200021072 Automated client access "pavuk" Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2012/02/27
06:30:01
200022030 PHP remote file include attempt - ssh2:// (Parameter) Remote File Include 2 PHP http://php.net/manual/en/wrappers.php 2020/02/10
17:00:22
200003742 "fgrep" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004451 JSP Expression Language Expression Injection (2) (Header) Server Side Code Injection 3 JBoss 2018/05/06
17:10:16
200004577 Python code injection - import subprocess (Header) Server Side Code Injection 2 Python 2019/04/16
13:29:05
200010065 JBOSS admin panel URL 2 Predictable Resource Location 2 JBoss CVE-2010-0738 2019/12/11
17:48:52
200012012 DOS "Range Header DoS Attempt" (Headers) (2) Denial of Service 1 Apache Tomcat CVE-2018-15756, CVE-2011-3192 2019/11/04
22:53:54
200003155 "time" execution attempt Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200004244 JavaScript Code Injection - process.cwd() (Header) Server Side Code Injection 3 All systems 2017/05/04
10:03:31
200004892 Java code injection - unmarshaller.Base64Data (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200004893 Java code injection - unmarshaller.Base64Data (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200019108 Malicious program ( /zehir.php ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200021037 Malicious Web Site crawler "combine" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2019/12/11
17:48:52
200022022 PHP remote file include attempt - zlib:// (Parameter) Remote File Include 2 PHP http://php.net/manual/en/wrappers.php 2020/02/10
17:00:22
200000140 applet tag (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200101037 oncompositionupdate (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101208 onobsolete (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101209 onobsolete (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002452 SQL-INJ like " ' AND 1 IN ( " (Parameters) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002480 SQL-INJ expressions like "sleep()" (2) (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2018/06/06
14:02:07
200003243 "fmt" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004897 Java code injection - c3p0.WrapperConnectionPoolDataSource (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001519 onforminput (URI) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2012/11/21
13:22:14
200101375 vbscript: link target (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/07/24
09:52:07
200101463 HTML5 Entity (Tab) (Header) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200004305 Java code injection - org.codehaus.groovy.runtime.MethodClosure (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-15095, CVE-2015-32531 2020/02/02
18:42:51
200009045 ASP source code leakage (9) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200002061 SQL-INJ encode() SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200002189 SQL-INJ alter column SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002309 SQL-INJ "MySQL comment" (Headers) SQL-Injection 1 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/10/29
16:02:19
200002793 NoSQL Injection /_log (Header) SQL-Injection 3 CouchDB http://docs.couchdb.org/en/2.0.0/api/ 2020/02/02
18:42:51
200002858 SQL-INJ - MySQL Interpreted Comment (UNION) (Parameter) SQL-Injection 2 MySQL 2020/02/19
19:10:33
200004003 PHP injection attempt ( ftp_nb_fput ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200001358 document.write (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200001880 onMozTouchDown (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101531 jQuery Camel Cased Attribute Names Infinite Recursion DoS (Header) Cross Site Scripting (XSS) 2 jQuery https://github.com/jquery/jquery/issues/3133, CVE-2016-10707 2018/03/18
15:16:32
200002180 SQL-INJ owa_util SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200001032 onclick (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001385 escape() (URI) Cross Site Scripting (XSS) 3 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200003472 Java code injection com.opensymphony (URI) Server Side Code Injection 3 Java Servlets/JSP https://struts.apache.org/docs/s2-029.html, https://struts.apache.org/docs/s2-046.html, CVE-2016-0785, CVE-2017-5638 2017/07/24
12:16:47
200001632 touchmove (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/30
17:43:40
200001964 onanimationiteration (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200000015 Revision Control System dir access (/RCS/) Predictable Resource Location 1 CGI http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200005012 LDAP Injection ( (uid=*) ) LDAP Injection 3 All systems 2019/02/26
19:42:00
200003296 "more" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/08/11
21:03:22
200100078 Server configuration disclosure Predictable Resource Location 2 PHP CVE-2006-0125 2016/09/13
19:09:13
200013004 Oracle Portal Privilege Escalation (Encoded) Authentication/Authorization Attacks 3 Oracle Application Server 2018/03/12
16:09:07
200019033 Malicious program ( /zehir.asp ) Trojan/Backdoor/Spyware 3 IIS 2017/08/07
15:48:54
200003041 "ls" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003350 "scp" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200012034 Redis CONFIG SET out of bounds write (Header) Denial of Service 2 Redis https://www.talosintelligence.com/reports/TALOS-2016-0206/, CVE-2016-8339 2018/03/08
15:07:56
200020132 Localhost SSRFmap tool evasion (127.42.42.42) (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001536 onloadedmetadata (Header) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101593 location.assign() (Parameter) Cross Site Scripting (XSS) 3 All systems 2019/11/04
22:53:54
200002326 SQL-INJ "bulk insert" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2015/01/01
16:30:30
200002739 SQL-INJ sp_password (Parameter) SQL-Injection 3 Microsoft SQL Server http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200018058 ConvertPlus Plugin cp_set_user Privilege Escalation Other Application Attacks 3 WordPress https://www.wordfence.com/blog/2019/05/critical-vulnerability-patched-in-popular-convert-plus-plugin/ 2019/06/23
14:01:54
250000068 (PSM) SQL-INJ select to_char SQL-Injection 3 PSM 2013/06/27
07:12:08
200001073 copyparentfolder (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001538 onloadstart (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200004126 PHP injection attempt (code) Server Side Code Injection 2 PHP 2017/08/07
15:48:54
200004566 Python code injection - import urllib (Parameter) Server Side Code Injection 2 Python 2019/04/16
13:29:05
200001376 CURSOR:url (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/06/06
14:02:07
200002228 SQL-INJ "SELECT IF()" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200002428 SQL-INJ expressions like (1) "' || 1 --" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004605 Python code injection - os.getenvb (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200021058 Malicious Web Site crawler "Butch__" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200004469 Node.js "funcster" Deserialization Library Arbitrary Code Execution (Header) Server Side Code Injection 3 Node.js https://www.acunetix.com/blog/web-security-zone/deserialization-vulnerabilities-attacking-deserialization-in-js/ 2020/02/02
18:42:51
200001036 onload (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001742 onDOMAttrModified (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200003107 "fc" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003766 "mkfifo" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004344 ASP.NET code injection - System.Windows.Data.ObjectDataProvider (Header) Server Side Code Injection 3 ASP.NET CVE-2017-9424, CVE-2017-9822, CVE-2012-0161 2020/02/02
18:42:51
200004445 Java code injection - org.springframework.web.context.request.RequestContextHolder (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2017-8046 2020/02/02
18:42:51
200009217 DBNETLIB ASP.NET Error Message Information Leakage 2 ASP.NET http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200000025 IIS hidden dir access (/_tests/) Predictable Resource Location 1 IIS http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200019041 Malicious program ( /lala.ph ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200019115 Malicious program ( /rwwwshell.pl ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001565 onstorage (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101230 onpopuphidden (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002420 SQL-INJ expressions like "' and 1 --" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004287 Java code injection - Content-Type class github.com/joaomatosf/jexboss Server Side Code Injection 3 Apache Struts CVE-2015-5317, CVE-2016-3427, CVE-2016-8735, CVE-2017-5638 2017/09/14
19:36:47
200004531 PHP injection attempt - hex (system) (Parameter) Server Side Code Injection 3 PHP 2019/01/22
22:41:09
200009056 PHP source code leakage (3) Information Leakage 2 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200015065 Web Server Probe ( NeXpose ) Vulnerability Scan 2 All systems 2011/12/21
06:12:43
200101069 ondeviceproximity (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200003415 "sleep" execution attempt (Parameter) Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/08/25
16:10:39
200004008 PHP injection attempt (fread) (Parameter) Server Side Code Injection 2 PHP http://php.net/manual/en/function.fread.php 2016/12/12
11:41:09
200002262 SQL-INJ UTL_SMTP (Headers) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002411 SQL-INJ XMLFileFromClob (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003421 Elasticsearch Remote Code Execution Command Execution 3 Unix/Linux http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1427, CVE-2015-1427 2016/06/27
17:23:26
200010042 "httpd.conf" access (Parameter) Predictable Resource Location 2 Apache/NCSA HTTP Server http://www.owasp.org/index.php/PHP_Top_5#P5:_File_system_attacks 2012/11/21
13:22:14
200010125 Oracle application server xsql/document/docdemo.html Access Predictable Resource Location 2 Oracle Application Server 2018/03/12
16:09:07
200012056 Apache Struts REST Plugin XMLMessage DoS (Header) Denial of Service 2 Apache Struts CVE-2018-1327 2019/07/28
16:35:03
200001287 onStop() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001792 onDOMMouseScroll (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003349 "scp" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004804 Java code injection - ee.RegistryManagedRuntime (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200006000 XPath Injection "ancestor-or-self" XPath Injection 3 All systems 2014/03/09
06:42:17
200007024 Directory Traversal attempt (../PROGRA~) (Header) Path Traversal 2 Microsoft Windows http://projects.webappsec.org/w/page/13246952/Path%20Traversal 2019/08/25
11:24:25
250000017 (PSM) eval; Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200003399 "who or whoami" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004288 Java code injection - jexboss webshell Server Side Code Injection 3 Java Servlets/JSP CVE-2015-5317, CVE-2016-3427, CVE-2016-8735, CVE-2017-5638 2017/09/14
19:36:47
200004886 Java code injection - keyvalue.TiedMapEntry (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200004931 Java code injection - functors.InstantiateTransformer (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001860 onMozPressTapGesture (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200006018 XPath Injection "attribute()" XPath Injection 3 All systems 2019/08/25
11:24:25
200101034 oncompositionstart (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002516 SQL-INJ drop function (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200003286 "lsof" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004866 Java code injection - support.DefaultBeanFactoryPointcutAdvisor (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001266 onRepeat() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001710 Angular.js attribute ng-model (Header) Cross Site Scripting (XSS) 3 AngularJS https://docs.angularjs.org/api/ng/directive/ngModel 2020/01/15
14:12:31
200002232 SQL-INJ "EXECUTE IMMEDIATE" (Headers) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002514 SQL-INJ drop column (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200004885 Java code injection - keyvalue.TiedMapEntry (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200100025 CodeRed root.exe access Trojan/Backdoor/Spyware 3 IIS www.cert.org/advisories/CA-2001-19.html, CVE-2001-0500 2017/08/07
15:48:54
200003174 "at" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200001132 src vbscript (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001164 href ecmascript (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001241 onHelp() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001417 FRAMESET tag (URL) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200001771 onDOMLinkAdded (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002279 SQL-INJ "delete from" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/06/06
13:37:33
200011055 PCRE Named Subgroups Heap Overflow Buffer Overflow 2 All systems CVE-2016-1283 2017/11/12
11:00:47
200002315 SQL-INJ "preg_" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200004712 Python code injection - socket.recvmsg (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200015076 Web Server Probe ( Qualys-Scan ) Vulnerability Scan 3 All systems 2016/03/17
17:22:00
200021018 Malicious Web Site crawler "athens" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
200001800 onDOMNodeRemoved (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002168 SQL-INJ insert into (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200003067 "/..namedfork/data" execution attempt (Headers) Detection Evasion 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2013/03/11
02:26:00
200004341 ASP.NET code injection - System.Windows.ResourceDictionary (Parameter) Server Side Code Injection 3 ASP.NET CVE-2017-9424, CVE-2017-9822, CVE-2012-0161 2020/02/02
18:42:51
200004976 Java code injection - ch.qos.logback.core.db.JNDIConnectionSource (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-14439, CVE-2019-14379 2019/08/07
18:44:15
200021118 Malicious Web Site crawler (bwh3_user_agent) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
200001455 Malformed US-ASCII - script tags (URL) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001892 onSSTabClosing (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101001 oncardstatechange (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101294 ontext (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200004489 Java code injection - org.apache.openjpa.ee.RegistryManagedRuntime Server Side Code Injection 2 Java Servlets/JSP CVE-2018-14718, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721 2020/02/02
18:42:51
200000016 IIS SiteServer dir access (/SiteServer/) Predictable Resource Location 1 IIS http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200101331 onuploadprogress (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200004413 Java code injection - java.util.ServiceLoader$LazyIterator (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2016-5229, CVE-2017-2608 2020/02/02
18:42:51
200000026 IIS hidden dir access (/_themes/) Predictable Resource Location 1 IIS http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200019131 BeEF HTML detection (1) Trojan/Backdoor/Spyware 3 All systems http://beefproject.com/ 2014/04/16
08:26:56
200010083 "/proc/1/cgroup" access (Header) Predictable Resource Location 2 Unix/Linux http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2017/06/15
16:17:42
200012046 PHP exif_read_data() MakerNote DoS Denial of Service 2 PHP https://bugs.php.net/bug.php?id=76130, CVE-2018-10549 2018/08/05
11:08:36
250000031 (PSM) src vbscript Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200010044 "php.ini" access (Parameter) Predictable Resource Location 2 PHP http://www.owasp.org/index.php/PHP_Top_5#P5:_File_system_attacks 2012/11/21
13:22:14
200010092 /flyway access Predictable Resource Location 2 Spring Boot http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2017/09/24
15:40:00
200101507 HTML5 Entity (period) (Parameter) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200002426 SQL-INJ expressions like (1) "' having 1 --" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200009243 ASP Error Information Leakage (2) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2011/10/25
08:45:21
200012051 Apache Santuario Empty KeyInfo Object Denial of Service 2 XML https://issues.apache.org/jira/browse/SANTUARIO-491 2019/01/22
22:41:09
200001741 onDOMActivate (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200004610 Python code injection - os.getgid (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200009023 SQL Information Leakage (14) Information Leakage 2 IIS http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200009093 ASP source code leakage (35) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200009101 (GHDB) MySQL error (1) Information Leakage 2 MySQL http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200020063 SSRF attempt (Oracle Metadata Server) - Dot-less decimal with overflow representation (Host header) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001617 onhashchange (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101086 ondisconnecting (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002533 SQL-INJ information_tables (URI) SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/11/19
14:17:01
200003335 "python" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200006020 XPath Injection "string-length()" XPath Injection 3 All systems 2014/03/09
06:42:17
200003686 "verify" execution attempt (URI) Command Execution 1 Microsoft Windows 2020/02/17
22:44:27
200004766 ThinkPHP _method Parameter Remote Code Execution Server Side Code Injection 3 PHP https://blog.thinkphp.cn/910675 2019/07/08
18:55:42
200022014 PHP remote file include attempt - memory Remote File Include 2 PHP http://www.owasp.org/index.php/Top_10_2007-Malicious_File_Execution 2014/03/09
06:42:17
200002665 SQL-INJ inet_server_port() (Parameter) SQL-Injection 3 PostgreSQL http://www.owasp.org/index.php/SQL_Injection 2017/01/18
15:31:20
200000034 Shell command processor (ash/bash) access Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2018/06/06
14:02:07
200003451 Java code injection java.lang.System (URI) Server Side Code Injection 3 Java Servlets/JSP https://struts.apache.org/docs/s2-029.html, CVE-2016-0785 2017/07/24
12:16:47
200001283 onSeek() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200101296 ontext (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002731 SQL-INJ DBA_USERS (URI) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200003192 "chmod" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200004108 Server-Side Include Injection Attempt - 2 (Headers) Server Side Code Injection 3 SSI (Server Side Includes) 2012/02/27
06:30:01
200000175 Access to Oracle Java Process Manager Predictable Resource Location 2 Oracle Application Server http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200011054 GHOST attempt (ftp://) Buffer Overflow 3 Unix/Linux https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235, CVE-2015-0235 2016/06/27
17:23:26
200001185 onBefore...() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200101520 HTML5 Entity (dollar) (Header) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200003311 "nohup" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/05
15:24:30
200004420 Apache Solr injection attempt (solr.RunExecutableListener) (Header) Server Side Code Injection 3 Apache/NCSA HTTP Server CVE-2017-12629 2018/03/15
13:12:46
200009151 (GHDB) Apache Tomcat error Information Leakage 2 Apache Tomcat http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200003088 "more" execution attempt Command Execution 1 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2020/08/11
21:03:22
200001302 seekSegmentTime() (URI) Cross Site Scripting (XSS) 2 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200002383 SQL-INJ sysdatabases (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004183 Unix injection attempt (/bin/bash) (Header) Server Side Code Injection 3 Unix/Linux http://www.owasp.org/index.php/Code_Injection 2020/02/10
17:00:22
200004598 Python code injection - os.fchdir (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200009163 JSP Error ServletException Information Leakage 3 Java Servlets/JSP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200004609 Python code injection - os.geteuid (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200101122 onheld (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002713 SQL-INJ APEX_040200 (Parameter) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200019024 Malicious program ( /go.php.txt ) Trojan/Backdoor/Spyware 3 PHP 2017/08/07
15:48:54
200021038 Malicious Web Site crawler "Black Hole" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
200021062 Malicious Web Site crawler "BecomeBot" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200101119 ongamepaddisconnected (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002387 SQL-INJ sysobjects (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002757 SQLINJ - NoSQL [$gt] (JSON) (Parameter) SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/operator/query-comparison/ 2020/02/02
18:42:51
200003022 "chmod" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200010137 "/.ftpconfig" access Predictable Resource Location 3 All systems 2018/06/18
18:18:44
200001794 onDOMNodeInserted (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101212 ononconnectedconnected (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002669 SQL-INJ current_setting() (Header) SQL-Injection 3 PostgreSQL http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200003752 "groff" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004432 Java code injection - org.hibernate.jmx.StatisticsService (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2017-7525, CVE-2017-17485, CVE 2017-15095 2020/02/02
18:42:51
200010148 "/administrator/components/com_comprofiler/" access Predictable Resource Location 3 All systems 2018/06/18
18:18:44
200001301 onURLFlip() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/05
09:30:33
200004434 Java code injection - org.apache.ibatis.datasource.jndi.JndiDataSourceFactory (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2017-7525, CVE-2017-17485, CVE 2017-15095 2020/02/02
18:42:51
200004706 Python code injection - socket.sendall (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200023003 HTTP Response Splitting (3)(Parameter) HTTP Response Splitting 3 All systems http://projects.webappsec.org/HTTP-Response-Splitting 2020/01/30
17:43:40
200004149 PHP injection attempt ( ini_get_all ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200009132 (GHDB) SQLiteManager Page Information Leakage 1 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200002327 SQL-INJ "bulk insert" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003727 "diff3" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200009156 PHP source code leakage (9) Information Leakage 2 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200010051 /cgi/ access Predictable Resource Location 1 CGI http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200010124 Oracle application server xsql/insertxml/newsstorydemo.html Access Predictable Resource Location 2 Oracle Application Server 2018/03/12
16:09:07
200001296 onTrackChange() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200001406 eval; (Headers) Cross Site Scripting (XSS) 3 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/12/23
12:26:07
200004273 PHP short object serialization injection attempt (URI) Server Side Code Injection 3 PHP http://www.owasp.org/index.php/Code_Injection, CVE-2017-12933, CVE-2017-12934 2020/08/11
15:45:14
200101029 oncomplete (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101485 HTML5 Entity (verbar) (URI) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200006008 XPath Injection "fn:id" XPath Injection 3 All systems 2019/08/25
11:24:25
200022027 PHP remote file include attempt - glob:// (Header) Remote File Include 2 PHP http://php.net/manual/en/wrappers.php 2020/02/10
17:00:22
200000117 div tag: behavior (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/06/12
18:54:57
200101151 onmouseenter (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200001480 type = application / script (Parameter) (2) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200002641 SQL-INJ sql_logins (Parameter) SQL-Injection 3 Microsoft SQL Server http://www.owasp.org/index.php/SQL_Injection 2017/02/01
18:32:44
200004424 Drupal Core Remote Code Execution - Drupalgeddon 2 (2) Server Side Code Injection 3 PHP https://www.drupal.org/sa-core-2018-002, CVE-2018-7600 2018/05/01
18:05:58
200010081 .php.inc file access Predictable Resource Location 3 PHP 2017/03/26
21:49:03
200100006 iisadmin access Predictable Resource Location 2 IIS CVE-1999-1538 2016/08/04
15:33:35
200011043 Generic Format String attack attempt 4 (headers) Buffer Overflow 3 All systems http://www.webappsec.org/projects/threat/classes/format_string_attack.shtml 2014/03/09
06:42:17
200002390 SQL-INJ sysremotelogins (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003142 "fold" execution attempt Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200100312 "ifconfig" execution attempt (URI) Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2018/08/05
11:08:36
200003932 rConfig ajaxServerSettingsChk unauthenticated command injection Command Execution 3 PHP https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/, CVE-2019-16662 2019/11/19
14:31:38
200004130 PHP injection attempt ( $_COOKIE ) Server Side Code Injection 3 PHP 2017/08/07
15:48:54
200002603 SQL-INJ expressions like ' and 1=1 (6) (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2020/06/09
13:40:17
200004373 Java code injection - com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-9805, CVE-2017-7504, CVE-2017-7504, CVE-2017-5878, CVE-2017-5586, CVE-2016-9299 2020/02/02
18:42:51
200004937 Java code injection - map.LazyMap (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001174 HTML entity - &#x... (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/06/12
18:54:57
200101579 SVG img tag: xlink/href (Parameter) Cross Site Scripting (XSS) 2 All systems 2019/06/18
11:55:10
200004710 Python code injection - socket.recvfrom (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200010040 Weblogic i4web_status page Predictable Resource Location 2 BEA Systems WebLogic Server http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200020114 Localhost SSRFmap tool evasion (127.1) (Host header) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001116 url shell (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2015/12/23
13:52:23
200101422 onEvent (URI) Cross Site Scripting (XSS) 1 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002756 SQLINJ - NoSQL [$gt] (JSON) (Header) SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/operator/query-comparison/ 2020/02/02
18:42:51
200003247 "ftp or ncftp" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003706 "aptitude" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200009245 ASP Error Information Leakage (4) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2011/10/25
08:45:21
200011058 Redis struct_pack Integer Overflow DoS (Header) Buffer Overflow 3 Redis https://github.com/antirez/redis/issues/2855, CVE-2015-8080 2019/03/07
19:45:45
200001148 type = application / script (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001779 onDOMMenuItemInactive (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002285 SQL-INJ "CREATE USER SET PASSWORD" (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2015/01/01
16:30:30
200002688 SQL-INJ db.getMongo (URI) SQL-Injection 3 MongoDB http://www.owasp.org/index.php/SQL_Injection 2020/02/02
18:42:51
200004490 Java code injection - org.apache.openjpa.ee.JNDIManagedRuntime (Parameter) Server Side Code Injection 2 Java Servlets/JSP CVE-2018-14718, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721 2020/02/02
18:42:51
200010057 cgi-bin/php access Predictable Resource Location 3 All systems 2020/02/10
17:00:22
200013003 Oracle Portal Privilege Escalation (GRANT DBA TO PUBLIC) Authentication/Authorization Attacks 3 Oracle Application Server 2018/03/12
16:09:07
200004920 Java code injection - trax.TemplatesImpl (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200000027 IIS Front Page Extensions dir access (/_vti_*/) Predictable Resource Location 2 Front Page Server Extensions (FPSE) http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2018/06/06
14:02:07
200019088 Malicious program ( Gamma Web Shell ) upload Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200020030 SMB SSRF attempt (UNC) (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001083 getparentfolder (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200101137 onlanguagechange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101409 onpointerup (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002502 SQL-INJ @@ variables (URI) SQL-Injection 3 Microsoft SQL Server http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002674 SQL-INJ iicolumns (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2017/01/18
15:31:20
200010001 "DMSDump" access Predictable Resource Location 1 Oracle Application Server http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml, CVE-2002-0563 2018/05/01
18:05:58
200101002 oncardstatechange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200010136 "/.git/" access Predictable Resource Location 3 All systems 2018/06/18
18:18:44
200000153 xml tag (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200001198 onRow...() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200022023 PHP remote file include attempt - zlib:// (Header) Remote File Include 2 PHP http://php.net/manual/en/wrappers.php 2020/02/10
17:00:22
200004896 Java code injection - naming.QName (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001037 onload (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001441 CSSHttpRequest (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200101376 vbscript: link target (Header) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/07/24
09:52:07
200002122 SQL-INJ xp_execresultset SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002706 SQL-INJ dba_sys_privs (URI) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200003719 "chpasswd" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004254 PHP injection attempt ( gzinflate ) (URI) Server Side Code Injection 3 PHP http://www.owasp.org/index.php/Code_Injection 2017/07/24
09:52:07
200009145 (GHDB) Ntop Page Information Leakage 2 Various systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200009147 (GHDB) Analysis Console for Incident Databases (ACID) Page Information Leakage 2 Various systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
250000033 (PSM) url javascript Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200021032 Malicious Web Site crawler "bew" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2019/12/11
17:48:52
200101303 ontouchend (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200003445 Java code injection - Runtime.getRuntime (URI) Server Side Code Injection 3 Java Servlets/JSP http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852, CVE-2015-4852 2018/04/30
18:19:08
200003912 "nc" execution attempt (3) Command Execution 3 Unix/Linux 2019/02/26
22:46:23
200004524 Java code injection - com.vaadin.data.util.PropertysetItem Server Side Code Injection 3 Apache Tomcat 2020/02/02
18:42:51
200004714 Python code injection - socket.getaddrinfo (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200004957 Java code injection - connector.OracleManagedConnectionFactory (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200009135 (GHDB) WhatsUp Gold Page Information Leakage 1 Various systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200101552 Function.call() (Header) Cross Site Scripting (XSS) 2 All systems 2018/08/23
13:36:09
200003366 "ssh" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200019044 Malicious program ( /.dump/ ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200022029 PHP remote file include attempt - phar:// (Header) Remote File Include 2 PHP http://php.net/manual/en/wrappers.php 2020/02/10
17:00:22
200004933 Java code injection - functors.InvokerTransformer (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001655 document.createElement (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200001671 {:document} (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/xss-faq.html, http://en.wikipedia.org/wiki/Cross_site_scripting 2015/07/19
14:11:00
200003112 "ifconfig" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200010154 "/mysql-admin/" access Predictable Resource Location 3 All systems 2018/06/18
18:18:44
200100045 globals.jsa access Predictable Resource Location 2 Oracle Application Server CVE-2002-0562 2018/05/01
18:05:58
200101592 location.href (URI) Cross Site Scripting (XSS) 3 All systems 2019/11/04
22:53:54
200002137 SQL-INJ tbcreator SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002648 SQL-INJ IS_SRVROLEMEMBER (Header) SQL-Injection 3 Microsoft SQL Server http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200003004 "traceroute" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003722 "cpio" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004289 OGNL Java code injection (redirect:) (content) Server Side Code Injection 3 Apache Struts CVE-2013-2251 2020/02/10
17:00:22
200004500 Java code injection - flex.messaging.util.concurrent.AsynchBeansWorkManagerExecutor (Header) Server Side Code Injection 2 Java Servlets/JSP CVE-2018-14718, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721 2020/02/02
18:42:51
200020138 SSRF attempt (127.0.0.1) - Dot-less decimal representation (Host header) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200021082 Automated client access "CopyGuard" Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
200001316 <BASE HREF (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200101170 onmozbrowserclose (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101468 HTML5 Entity (lsqb) (Parameter) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200003156 "touch" execution attempt Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200001201 onBounce() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001567 ontimeupdate (URI) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2012/11/21
13:22:14
200001659 document[] (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/xss-faq.html, http://en.wikipedia.org/wiki/Cross_site_scripting 2015/07/19
14:11:00
200019074 Malicious program ( PHP-Terminal ) upload Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200002784 NoSQL Injection db.getCollectionNames() (Header) SQL-Injection 3 MongoDB 2020/02/02
18:42:51
200003145 "lynx" execution attempt Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200004252 PHP injection attempt ( gzinflate ) (Parameter) Server Side Code Injection 3 PHP http://www.owasp.org/index.php/Code_Injection 2017/07/24
09:52:07
200009111 (GHDB) MySQL error (3) Information Leakage 2 MySQL http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200015053 Web Server Probe ( Bruteforce ) Vulnerability Scan 2 All systems 2011/12/21
06:12:43
200002090 SQL-INJ column_id SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004884 Java code injection - map.ReferenceMap (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200000060 Temporary file (\\$) access Information Leakage 3 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200020021 Suspicious URL (.sslip.io domain service) (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200020060 SSRF attempt (Oracle Metadata Server) - Dot-less hexadecimal representation (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200002348 SQL-INJ create trigger (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200100059 "Error Occurred While Processing Request" ColdFusion SQL Error Information Leakage 2 Macromedia ColdFusion http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200100064 Authorization Basic overflow attempt Buffer Overflow 3 Oracle CVE-2003-0727 2020/01/15
14:12:31
200020158 Java code injection - P6DataSource (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-16942, CVE-2019-16943 2020/02/02
18:42:51
200021136 Automated client access "Microsoft-WebDAV-MiniRedir" Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2016/03/17
17:22:00
200021084 Automated client access "NEWT ActiveX" Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200001834 onMozEdgeUIGesture (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101467 HTML5 Entity (plus) (URI) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200002054 SQL-INJ constraint_type SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003123 "shutdown" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003733 "egrep" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004998 Citrix NetScaler NSC_USER Remote Code Execution Server Side Code Injection 3 Citrix https://www.tripwire.com/state-of-security/vert/citrix-netscaler-cve-2019-19781-what-you-need-to-know/, https://www.mdsec.co.uk/2020/01/deep-dive-to-citrix-adc-remote-code-execution-cve-2019-19781/, CVE-2019-19781 2020/01/14
17:03:21
200021127 Malicious Web Site crawler (EmailSpider) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
200001493 Generic XSS evasion (Headers) - unicode characters Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/06/06
14:02:07
200002259 SQL-INJ DBMS_PIPE SQL-Injection 2 Oracle http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003091 "mv" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200001573 onvolumechange (URI) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2012/11/21
13:22:14
200101064 ondevicemotion (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003143 "link" execution attempt Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200003901 "nc" command execution attempt (URI) Command Execution 3 Unix/Linux 2019/04/04
14:31:10
200004117 Server-Side Include Injection Attempt - 6 (Parameter) Server Side Code Injection 3 SSI (Server Side Includes) 2012/02/27
06:30:01
200015020 Web Server Probe ( DataCha0s ) Vulnerability Scan 2 All systems 2012/02/27
06:30:01
200009172 AXIS error Information Leakage 2 XML http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2012/02/27
06:30:01
200001939 onTabOpen (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101429 console.warn (Parameter) Cross Site Scripting (XSS) 2 All systems 2017/07/24
09:52:07
200101590 location.href (Parameter) Cross Site Scripting (XSS) 3 All systems 2019/11/04
22:53:54
200002068 SQL-INJ syscat SQL-Injection 3 IBM DB2 http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/11/07
11:49:00
200003053 "pwd" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200002284 SQL-INJ "CREATE USER SET PASSWORD" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003914 "dir" execution attempt (2) Command Execution 3 Unix/Linux 2019/03/04
15:38:33
200009066 SQL Information Leakage (20) Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
299999999 Unicode Fullwidth ASCII variant Detection Evasion 1 IIS https://infosecauditor.wordpress.com/2013/05/27/bypassing-asp-net-validaterequest-for-script-injection-attacks/ 2019/07/08
17:39:59
200001433 asfunction: (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200101461 HTML5 Entity (rpar) (URI) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200002733 SQL-INJ USER_OBJECTS (URI) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200004888 Java code injection - spi.ContinuationDirContext (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200009178 "Error processing SSI file" Information Leakage 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200002081 SQL-INJ attrelid SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004171 OGNL open redirection Server Side Code Injection 2 Apache Struts CVE-2013-2248 2020/02/02
18:42:51
200000179 Apache mod_ntlm overflow / format string vulnerability Buffer Overflow 3 Apache/NCSA HTTP Server http://www.webappsec.org/projects/threat/classes/buffer_overflow.shtml 2010/03/01
02:22:28
200019071 Malicious program ( iMHaBiRLiGi PhpFtp ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001788 onDOMModalDialogClosed (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002163 SQL-INJ select to_char (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/06/06
14:02:07
200001138 src http: (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200101133 onincoming (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002128 SQL-INJ xp_cmdshell SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200100100 "%PROGRAMFILES%" access (parameter) Predictable Resource Location 1 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/07/30
07:45:27
200003149 "paste" execution attempt Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200009039 ASP source code leakage (3) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200010169 "/etc/shadow" access (Header) Predictable Resource Location 3 Unix/Linux 2019/12/11
17:48:52
200020139 SSRF attempt (127.0.0.1) - Dot-less decimal representation (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001145 type = text / script (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/01/22
22:41:09
200101428 console.info (URI) Cross Site Scripting (XSS) 2 All systems 2017/07/24
09:52:07
200002404 SQL-INJ user_users (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003369 "tail" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004496 Java code injection - org.slf4j.ext.EventData (Parameter) Server Side Code Injection 2 Java Servlets/JSP CVE-2018-14718, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721 2020/02/02
18:42:51
200019109 Malicious program ( /c99.php ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001182 onAfter...() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200001363 .send (Headers) Cross Site Scripting (XSS) 2 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/12/23
12:26:07
200101047 onconnectionInfoUpdate (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002792 NoSQL Injection /_log (Parameter) SQL-Injection 3 CouchDB http://docs.couchdb.org/en/2.0.0/api/ 2020/02/02
18:42:51
200003137 "emacs" execution attempt Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200004004 PHP injection attempt ( fgets, fgetss, fgetc ) Server Side Code Injection 2 PHP 2017/08/07
15:48:54
200011067 Perl Regex - Sensitive Information Disclosure Buffer Overflow 2 Other Web Server CVE-2018-18313 2019/01/22
22:41:09
200021036 Malicious Web Site crawler "zeus" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2019/12/11
17:48:52
200020103 Localhost SSRFmap tool evasion (127.1) (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001911 onSVGAbort (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101217 onorientationchange (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101304 ontouchend (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003222 "dig" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004539 PHP injection attempt - variable assignment (passthru) (Parameter) Server Side Code Injection 3 PHP 2019/01/22
22:41:09
200004778 Java code injection - jodd.db.connection.DataSourceConnectionProvider (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2018-12022, CVE-2018-12023 2019/07/28
16:35:03
200004928 Java code injection - runtime.ConvertedClosure (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200021139 DoS tool (SIEGE) Non-browser client 3 All systems http://www.joedog.org/siege-home/ 2014/04/16
08:26:56
200001048 onfocus (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001061 onabort (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001423 type = application / x-shockwave-flash (URL) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200101067 ondeviceorientation (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101293 ontabviewshown (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101570 new Function() (URI) Cross Site Scripting (XSS) 3 All systems 2019/02/26
19:42:00
200002712 SQL-INJ XS$NULL (URI) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200001186 onBefore...() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/05/28
05:07:16
200001197 onRow...() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200004475 Object Graph Navigation Library Expression Injection (2) (URI) Server Side Code Injection 3 Apache Struts CVE-2018-11776 2018/08/23
14:52:52
200020179 Java code injection - EhcacheJtaTransactionManagerLookup (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-17267 2020/02/02
18:42:51
200101134 onincoming (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101302 ontouchcancel (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200004506 Java code injection - org.apache.axis2.jaxws.spi.handler.HandlerResolverImpl (Header) Server Side Code Injection 2 Java Servlets/JSP CVE-2018-14718, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721 2020/02/02
18:42:51
200001240 onHelp() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001533 onloadeddata (Header) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101171 onmozbrowsercontextmenu (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101392 onpointerdown (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/06/12
18:54:57
200101494 HTML5 Entity (percnt) (URI) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200002075 SQL-INJ user_tab_columns SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002699 SQL-INJ SPATIAL_WFS_ADMIN_USR (Header) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200002646 SQL-INJ fn_varbintohexstr (URI) SQL-Injection 3 Microsoft SQL Server http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200003250 "g++" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200004656 Python code injection - os.write (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200000008 Concurrent Versions System dir access (/CVS/) Predictable Resource Location 1 CGI http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2018/06/06
13:37:33
200015021 Web Server Probe ( Mosiac 1. ) Vulnerability Scan 2 All systems 2012/02/27
06:30:01
200019133 BeEF injection detection Trojan/Backdoor/Spyware 3 All systems http://beefproject.com/ 2014/04/16
08:26:56
200002201 SQL-INJ "SA_EXEC_SCRIPT" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002433 SQL-INJ "load_file()" (Parameter) SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200003783 "renice" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200004621 Python code injection - os.putenv (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200100077 Server global settings disclosure Predictable Resource Location 2 IIS 2014/03/09
06:42:17
200018023 HTTP Headers Injection (5) HTTP Response Splitting 3 All systems 2018/05/02
15:37:39
200001574 onvolumechange (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101483 HTML5 Entity (verbar) (Parameter) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200002141 SQL-INJ into outfile SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2015/01/01
16:30:30
200002653 SQL-INJ pg_user (Parameter) SQL-Injection 3 PostgreSQL http://www.owasp.org/index.php/SQL_Injection 2017/01/18
15:31:20
200100307 Cacti graph_image.php Command Execution attempt (local_graph_id) Command Execution 3 PHP CVE-2005-2148, 14128, 14129 2017/11/12
11:00:47
200020016 Suspicious URL (.xip.io domain service) (Header) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200004214 Flask Server Side Template Injection (.__mro__[) (Header) Server Side Code Injection 3 All systems 2020/02/02
18:42:51
200001420 link rel stylesheet href (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001496 src &# (Headers) (2) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200002237 SQL-INJ "SELECT LOAD_FILE" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002352 SQL-INJ drop database (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200004839 Java code injection - registry.BindingEnumeration (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200004996 PHP-FPM path_info Remote Code Execution Server Side Code Injection 3 PHP CVE-2019-11043 2019/10/29
15:47:20
200100075 MS Site Server 2.0 allow to upload ASP files and run them Predictable Resource Location 2 IIS CVE-1999-0360 2016/08/04
15:33:35
200001526 oninput (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200004327 DotNetNuke - ObjectStateFormatter Server Side Code Injection 3 ASP.NET CVE-2017-9822 2020/02/02
18:42:51
200004629 Python code injection - os.setuid (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200008003 Directory Listing (3) Directory Indexing 2 All systems http://www.webappsec.org/projects/threat/classes/directory_indexing.shtml 2020/01/30
17:43:40
200009026 SQL Information Leakage (17) Information Leakage 2 IIS http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200021108 Malicious Web Site crawler (Indy Library) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
200003820 "docker" execution attempt (Windows) (Header) Command Execution 3 Microsoft Windows 2020/07/05
15:16:45
200003092 "grep" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2020/08/11
21:03:22
200019111 (GHDB) MyShell backdoor Page Trojan/Backdoor/Spyware 3 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2010/03/01
02:22:28
200001818 onDOMWindowClose (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200001986 onbroadcast (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101100 onendEvent (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101196 onmozbrowsershowmodalprompt (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101388 onpointercancel (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200004409 Java code injection - com.sun.jndi.rmi.registry.BindingEnumeration (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2016-5229, CVE-2017-2608 2020/02/02
18:42:51
200015054 Web Server Probe ( NV32ts ) Vulnerability Scan 2 All systems 2011/12/21
06:12:43
200021063 Malicious Web Site crawler "8484 Boston Project" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200001412 param tag (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001902 onSSWindowClosing (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101446 console.group (URI) Cross Site Scripting (XSS) 2 All systems 2017/07/24
09:52:07
200002247 SQL-INJ 1,1,1 SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002328 SQL-INJ "SYS.USER_TRIGGERS" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200007016 Directory Traversal attempt "../" (Parameter) Path Traversal 3 All systems 2019/11/04
22:53:54
200001221 onDblClick() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200002512 SQL-INJ create trigger (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2015/06/03
20:52:59
200002680 SQL-INJ sysibm.sysdummy1 (Parameter) SQL-Injection 3 IBM DB2 http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200004027 PHP injection attempt ( passthru ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200004563 ColdFusion Arbitrary File Upload Server Side Code Injection 3 Macromedia ColdFusion CVE-2019-7816, CVE-2019-7838 2019/07/28
16:35:03
200020137 Localhost SSRFmap tool evasion (Enclosed alphanumeric - 127.0.0.1) (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200021054 Malicious Web Site crawler "POE-Component-Client" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200001147 type = application / script (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200101477 HTML5 Entity (rbrack) (Parameter) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200002031 SQL-INJ 'dbo' SQL-Injection 1 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200011029 Generic buffer overflow attempt 30 Buffer Overflow 3 All systems http://www.webappsec.org/projects/threat/classes/buffer_overflow.shtml 2020/01/15
14:12:31
200019067 Malicious program ( CEHENNEMDEN ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200021099 Automated client access (PHPCrawl) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
200001076 createtextrange (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200002397 SQL-INJ tbcreator (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002841 SQL-INJ expressions like "sleep()" (3) (Parameter) SQL-Injection 2 General Database 2019/02/19
15:31:31
200001966 onanimationiteration (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101569 new Function() (Header) Cross Site Scripting (XSS) 3 All systems 2019/02/26
19:42:00
200004343 ASP.NET code injection - System.Windows.Data.ObjectDataProvider (Parameter) Server Side Code Injection 3 ASP.NET CVE-2017-9424, CVE-2017-9822, CVE-2012-0161 2020/02/02
18:42:51
200004414 Java code injection - java.util.ServiceLoader$LazyIterator (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2016-5229, CVE-2017-2608 2020/02/02
18:42:51
200016007 Windows alternative data stream access (2) Detection Evasion 3 Microsoft Windows https://msdn.microsoft.com/en-us/library/windows/desktop/aa364404(v=vs.85).aspx 2015/08/25
13:43:10
200101200 onmozbrowsertitlechange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003440 Java code injection - java/lang/Process (Parameter) Server Side Code Injection 3 Java Servlets/JSP http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852, CVE-2015-4852 2018/03/20
18:30:45
200015051 Web Server Probe ( wapiti ) Vulnerability Scan 2 All systems 2011/12/21
06:12:43
200004271 PHP short object serialization injection attempt (Parameter) Server Side Code Injection 3 PHP http://www.owasp.org/index.php/Code_Injection, CVE-2017-12933, CVE-2017-12934 2020/08/11
15:45:14
200003922 "who" execution attempt (2) Command Execution 3 Unix/Linux 2019/03/04
15:38:33
200004211 Flask Server Side Template Injection (.__class__) (Header) Server Side Code Injection 3 All systems 2020/02/02
18:42:51
200004358 ASP.NET code injection - System.Workflow.ComponentModel.Serialization.ActivitySurrogateSelector (Header) Server Side Code Injection 3 ASP.NET CVE-2017-9424, CVE-2017-9822, CVE-2012-0161 2020/02/02
18:42:51
200004526 PHP injection attempt - hex (passthru) (Header) Server Side Code Injection 3 PHP 2019/01/22
22:41:09
200010035 (GHDB) multimon.cgi access Predictable Resource Location 2 CGI http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2010/03/01
02:22:28
250000011 (PSM) CreateObject Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200004125 PHP injection attempt ( system ) Server Side Code Injection 3 PHP 2019/01/22
22:41:09
200010110 Oracle application server demo/sql/jdbc/JDBCQuery.jsp Access Predictable Resource Location 2 Oracle Application Server 2018/03/12
16:09:07
200010133 SSH known_hosts access (URI) Predictable Resource Location 3 All systems 2018/01/29
17:12:16
200009086 ASP source code leakage (28) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200001477 bgsound tag (Parameter) (2) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200101462 HTML5 Entity (Tab) (Parameter) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200101588 import() (Parameter) Cross Site Scripting (XSS) 3 All systems 2019/08/06
15:00:57
200002503 SQL-INJ alter column (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200003345 "route" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004540 PHP injection attempt - variable assignment (passthru) (Header) Server Side Code Injection 3 PHP 2019/01/22
22:41:09
200010020 "/winnt" access Predictable Resource Location 2 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2014/03/09
06:42:17
200015042 Web Server Probe ( n-stealth ) - 3 Vulnerability Scan 2 All systems 2012/02/27
06:30:01
200022012 PHP remote file include attempt - input Remote File Include 2 PHP http://www.owasp.org/index.php/Top_10_2007-Malicious_File_Execution 2014/03/09
06:42:17
200004982 Java code injection - manager.DefaultTransactionManagerLookup (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-14439, CVE-2019-14379 2019/08/07
18:44:15
200001315 <BASE HREF (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200101253 onsizemodechange (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200001364 .send (URI) Cross Site Scripting (XSS) 2 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/12/23
12:26:07
200101561 alert(1) (Header) Cross Site Scripting (XSS) 2 All systems 2019/02/19
11:23:14
200002416 SQL-INJ DBMS_AQADM_SYS (Headers) SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002783 NoSQL Injection db.getCollectionNames() (Parameter) SQL-Injection 3 MongoDB 2020/02/02
18:42:51
200003306 "netstat" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/05
15:24:30
200004203 JavaScript Code Injection - new Date(); (Header) Server Side Code Injection 3 All systems http://www.w3schools.com/js/js_dates.asp 2017/01/18
15:31:20
200010159 /conf/users/admin-users.xml access Predictable Resource Location 2 Apache Tomcat 2020/02/10
17:00:22
200020125 Localhost SSRFmap tool evasion (127.1) (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200000133 link tag (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200007017 Directory Traversal attempt (../ProgramData) (Parameter) Path Traversal 2 Microsoft Windows http://projects.webappsec.org/w/page/13246952/Path%20Traversal 2019/08/25
11:24:25
200020186 Java code injection - org.apache.commons.jxpath.xml.DocumentContainer Server Side Code Injection 3 Java Servlets/JSP 2020/02/02
18:42:51
200001228 onDrop() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200101214 onopen (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200003426 Java Base64 serialized object - java/lang/Runtime (Header) Server Side Code Injection 3 Java Servlets/JSP http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852, CVE-2015-4852, CVE-2013-2165 2020/02/02
18:42:51
200004285 Java code injection - org/apache/commons/collections Server Side Code Injection 3 Apache Struts CVE-2016-4398, CVE-2015-6420, CVE-2015-8765, CVE-2016-1985, CVE-2016-1986, CVE-2016-1997, CVE-2016-1998, CVE-2016-2000, CVE-2016-2003, CVE-2016-2009, CVE-2016-1114, CVE-2016-1999, CVE-2016-4369, CVE-2016-4368, CVE-2016-4373, CVE-2016-4385 2020/02/10
17:00:22
200009197 OleDbException Error Message Information Leakage 2 ASP.NET http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200000146 object tag: codebase (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200002108 SQL-INJ sp_prepare SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003342 "rm" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004238 JavaScript Code Injection - module.constructor() (Header) Server Side Code Injection 3 All systems 2017/05/04
10:03:31
200004624 Python code injection - os.uname (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200004685 Python code injection - socket.bind (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200020042 SSRF attempt (AWS Metadata Server) - Dotted decimal with overflow representation (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001054 onblur (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200101359 AngularJS Sandbox Escape - constructor.prototype.call (URI) Cross Site Scripting (XSS) 3 AngularJS 2018/12/23
12:26:07
200004316 Java code injection - java.util.logging.FileHandler (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-15095 2020/02/02
18:42:51
200004899 Java code injection - c3p0.WrapperConnectionPoolDataSource (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200100055 test.php access Information Leakage 1 PHP 11617 2020/01/30
17:43:40
200000017 Generic test dir access (/test/) Predictable Resource Location 1 All systems http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2018/04/30
18:19:08
200101246 onsearch (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200003085 "date" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200004618 Python code injection - os.getuid (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200004958 Java code injection - connector.OracleManagedConnectionFactory (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001631 touchstart (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/30
17:43:40
200004022 PHP injection attempt ( $_post ) Server Side Code Injection 3 PHP 2017/08/07
15:48:54
200003083 "ll" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200000007 ColdFusion cfdocs dir access Predictable Resource Location 1 Macromedia ColdFusion http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2019/12/11
17:48:52
250000022 (PSM) img tag: src/dynsrc Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200004299 Java code injection - org.apache.commons.collections(4).functors.InvokerTransformer (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-15095, CVE-2016-4398, CVE-2015-6420, CVE-2015-8765, CVE-2016-1985, CVE-2016-1986, CVE-2016-1997, CVE-2016-1998, CVE-2016-2000, CVE-2016-2003, CVE-2016-2009, CVE-2016-1114, CVE-2016-1999, CVE-2016-4369, CVE-2016-4368, CVE-2016-4373, CVE-2016-4385 2020/02/02
18:42:51
200004570 Python code injection - import os (Parameter) Server Side Code Injection 2 Python 2019/04/16
13:29:05
200009238 SQL Server Driver String Information Leakage 3 Microsoft SQL Server http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2011/12/21
06:12:43
200000002 Unix home dir access (/~) Predictable Resource Location 2 Unix/Linux http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2014/03/09
06:42:17
200015067 Web Server Probe ( Uniscan ) Vulnerability Scan 2 All systems http://en.wikipedia.org/wiki/Web_application_security_scanner 2011/12/25
08:07:59
200001705 Angular.js attribute ng-controller (URI) Cross Site Scripting (XSS) 3 AngularJS https://docs.angularjs.org/api/ng/directive/ngModel 2020/01/15
14:12:31
200003326 "pkill" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/05
15:24:30
200001165 href ecmascript (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001620 onoffline (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101416 <div tag: style (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/06/19
14:29:57
200009058 Cold Fusion Information Leakage Information Leakage 2 Macromedia ColdFusion http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200004160 Ruby On Rails injection attempt (Header) Server Side Code Injection 3 Ruby CVE-2013-0333 2019/09/09
20:56:48
200001822 onDOMWindowCreated (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002487 SQL-INJ "select --" (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/11/19
14:17:01
200002737 SQL-INJ ' UNION SELECT (Header) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200002849 updatexml DoS (Header) SQL-Injection 3 MySQL https://bugs.mysql.com/bug.php?id=42495, CVE-2009-0819 2019/03/12
14:21:41
200101541 top[]() (Parameter) Cross Site Scripting (XSS) 3 All systems 2020/05/19
15:00:52
200001713 Javascript with statement (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/30
17:43:40
200002570 SQL-INJ UTL_INADDR (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200003403 "xemacs" execution attempt (Header) Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004497 Java code injection - org.slf4j.ext.EventData (Header) Server Side Code Injection 2 Java Servlets/JSP CVE-2018-14718, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721 2020/02/02
18:42:51
200004865 Java code injection - support.DefaultBeanFactoryPointcutAdvisor (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200009154 PHP source code leakage (7) Information Leakage 2 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200019106 Malicious program ( /r.php ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200002192 SQL-INJ waitfor delay SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200003454 Java code injection java.lang.ClassLoader (URI) Server Side Code Injection 3 Java Servlets/JSP https://struts.apache.org/docs/s2-029.html, CVE-2016-0785 2017/07/24
12:16:47
200001347 new DOMParser (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200004595 Python code injection - os.environ (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200020156 Java code injection - SharedPoolDataSource Server Side Code Injection 3 Java Servlets/JSP CVE-2019-16942, CVE-2019-16943 2020/02/02
18:42:51
200004722 Python code injection - socket.gethostbyname_ex (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200009053 ASP source code leakage (17) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200020094 SSRF attempt (Alibaba Metadata Server) - Dotted octal representation (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200003732 "egrep" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200002553 SQL-INJ integer field UNION (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2015/08/25
13:43:10
200010054 /cgi-shl/ access Predictable Resource Location 1 CGI http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200003682 "vaultcmd" execution attempt (Header) Command Execution 3 Microsoft Windows 2020/07/05
15:16:45
200004396 Java code injection - oracle.jdbc.pool.OraclePooledConnection (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-9805, CVE-2017-7504, CVE-2017-7504, CVE-2017-5878, CVE-2017-5586, CVE-2016-9299 2020/02/02
18:42:51
200004780 Java code injection - transform.TransformerFactory (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200018008 cfinternaldebug access Other Application Attacks 2 Macromedia ColdFusion 2014/03/09
06:42:17
200001047 onresize (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200003189 "chkey" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200004798 Java code injection - jms.JMSOutTransportInfo (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200009048 JSP source code leakage (12) Information Leakage 2 Java Servlets/JSP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200010019 "/windows" access Predictable Resource Location 2 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2014/03/09
06:42:17
200003909 "/etc/passwd" access (Parameter) Predictable Resource Location 3 Unix/Linux 2019/02/26
19:42:00
200001065 livescript (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001992 oncached (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200001997 oncancel (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101014 onchecking (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002258 SQL-INJ DBMS_PIPE (Headers) SQL-Injection 2 Oracle http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003216 "cut" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200009161 PHP source code leakage (14) Information Leakage 2 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200019052 Malicious program ( /phpterm ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200003218 "date" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003688 "wevtutil" execution attempt (Header) Command Execution 3 Microsoft Windows 2020/07/05
15:16:45
200001042 ondrag... (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/07/24
05:34:00
200001136 src shell (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001402 MsgBox() (Parameter) Cross Site Scripting (XSS) 2 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200002744 SQLINJ - NoSQL [$gte] SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/operator/query-comparison/ 2020/02/02
18:42:51
200003269 "ifup" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200004671 Python code injection - sys.stdin (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200019016 Malicious program ( suntzu= ) Trojan/Backdoor/Spyware 3 PHP 2017/08/07
15:48:54
200001443 background: url() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001604 onsuspend (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2013/11/03
01:53:41
200002752 SQLINJ - NoSQL db.find() (URI) SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/method/db.collection.find/ 2020/02/02
18:42:51
200003081 "chfn" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200004246 JavaScript Code Injection - process.abort() (Parameter) Server Side Code Injection 3 All systems 2017/05/04
10:03:31
200011039 Generic Format String attack attempt 3 (URL) Buffer Overflow 3 All systems http://www.webappsec.org/projects/threat/classes/format_string_attack.shtml 2014/03/09
06:42:17
200012045 Node.js Buffer.alloc DoS (Header) Denial of Service 2 Node.js CVE-2018-7167 2018/08/05
11:08:36
200002628 SQL-INJ v$instance (URI) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200012016 #RefRef DoS tool (1) Denial of Service 3 All systems https://www.owasp.org/index.php/Denial_of_Service 2016/03/17
17:22:00
200021078 Automated client access "netants" Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2012/02/27
06:30:01
200002867 SQL-INJ - MySQL Interpreted Comment (WHERE) (Header) SQL-Injection 2 MySQL 2020/02/19
19:10:33
200002869 SQL-INJ - MySQL Interpreted Comment (LIKE) (Header) SQL-Injection 2 MySQL 2020/02/19
19:10:33
200004253 PHP injection attempt ( gzinflate ) (Header) Server Side Code Injection 3 PHP http://www.owasp.org/index.php/Code_Injection 2017/07/24
09:52:07
200004989 PHP injection attempt ( parse_str ) (Header) Server Side Code Injection 2 PHP 2019/08/25
11:24:25
200009218 Unclosed Quotation Mark Error Message Information Leakage 2 Microsoft SQL Server http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200010132 SSH known_hosts access (Parameter) Predictable Resource Location 3 All systems 2018/01/29
17:12:16
200021129 Malicious Web Site crawler (Franklin Locator) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
200001331 setRequestHeader() (Headers) Cross Site Scripting (XSS) 3 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200001481 <![CDATA[ (Parameter) (2) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200003897 "cat" execution attempt (2) (Parameter) Command Execution 3 Unix/Linux https://medium.com/secjuice/waf-evasion-techniques-718026d693d8 2018/06/27
11:50:56
200004825 Java code injection - util.ClassLoader (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001954 onValueChange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101519 HTML5 Entity (dollar) (Parameter) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200003165 Unix fork bomb code injection Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Fork_bomb 2013/05/16
06:32:42
200004764 Java code injection - com.mysql.cj.jdbc.admin.MiniAdmin (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-12086 2019/07/08
18:55:42
200100049 /*.shtml access Information Leakage 2 BEA Systems WebLogic Server CVE-2000-0683 2020/01/30
17:43:40
200019061 Malicious program ( PHP Commander ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001689 JavaScript obfuscation (JSF) (Header) Cross Site Scripting (XSS) 3 All systems http://www.jsfuck.com/ 2015/08/25
13:43:10
200002464 SQL-INJ Oracle PITRIG_DROPMETADATA (Parameters) SQL-Injection 2 Oracle http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200020033 SSRF attempt (AWS Metadata Server) - Dot-less decimal representation (Host header) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200101600 Vulnerability tool listener - Burp Suite (Header) Cross Site Scripting (XSS) 2 All systems 2020/02/25
10:29:15
200003453 Java code injection java.lang.ClassLoader (Header) Server Side Code Injection 3 Java Servlets/JSP 2017/12/25
11:20:15
200003921 "uname" execution attempt (2) Command Execution 3 Unix/Linux 2019/03/04
15:38:33
200004257 PHP injection attempt ( str_rot13 ) (URI) Server Side Code Injection 3 PHP http://www.owasp.org/index.php/Code_Injection 2017/07/24
09:52:07
200004593 Python code injection - pty.fork (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200004948 Java code injection - annotation.AnnotationInvocationHandler (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200003610 "pkgmgr" execution attempt (Header) Command Execution 3 Microsoft Windows 2020/06/09
13:40:17
200019125 Web Shell detection (PHP backdoor) Trojan/Backdoor/Spyware 3 PHP http://www.owasp.org/images/c/c3/ASDC12-Old_Webshells_New_Tricks_How_Persistent_Threats_haverevived_an_old_idea_and_how_you_can_detect_them.pdf 2013/03/11
02:26:00
200001354 CreateObject (Headers) Cross Site Scripting (XSS) 2 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200001571 onundo (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200001955 onafterprint (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002568 SQL-INJ UTL_INADDR (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200010096 /mappings access Predictable Resource Location 2 Spring Boot http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2017/09/24
15:40:00
200020088 SSRF attempt (Alibaba Metadata Server) - Dotted octal with padding representation (Host header) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001576 onwaiting (URI) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200010130 SSH id_rsa access (Parameter) Predictable Resource Location 3 All systems 2018/01/29
17:12:16
200022016 Generic Remote File/Path Include Attempt (7) Remote File Include 3 All systems http://www.owasp.org/index.php/Top_10_2007-Malicious_File_Execution 2014/10/06
08:58:58
200001289 onStop() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001367 .responseBody (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/05/28
05:07:16
200001714 Javascript with statement (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/30
17:43:40
200002094 SQL-INJ table_name SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2012/11/21
13:22:14
200001731 onCssRuleViewCSSLinkClicked (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101092 ondragexit (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200004853 Java code injection - map.Flat3Map (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200019036 Malicious program ( showUpload&thePath= ) Trojan/Backdoor/Spyware 3 IIS 2017/08/07
15:48:54
200019077 Malicious program ( PHVayv ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200020109 Localhost SSRFmap tool evasion (127.127.127.127) (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200000095 XSS script target (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/06/29
16:42:59
200001863 onMozRotateGesture (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101160 onmouseout (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101349 console.log (Header) Cross Site Scripting (XSS) 3 All systems 2017/03/21
14:07:40
200003429 Java Base64 serialized object - java/lang/Process (Header) Server Side Code Injection 3 Java Servlets/JSP http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852, CVE-2015-4852, CVE-2013-2165 2020/02/02
18:42:51
200001057 onunblur (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001709 Angular.js attribute ng-model (Parameter) Cross Site Scripting (XSS) 3 AngularJS https://docs.angularjs.org/api/ng/directive/ngModel 2020/01/15
14:12:31
200001761 onDOMFocusIn (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101560 alert(1) (Parameter) Cross Site Scripting (XSS) 2 All systems 2019/02/19
11:23:14
200002701 SQL-INJ session_privs (Parameter) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200004729 Python code injection - socket.getprotobyname (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200001051 onunfocus (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001558 onredo (URI) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101573 ReactJS code injection - memo (Parameter) Cross Site Scripting (XSS) 2 ReactJS 2019/04/16
13:29:05
200002169 SQL-INJ join statement (Header) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002736 SQL-INJ ' UNION SELECT (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200004687 Python code injection - socket.close (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200004693 Python code injection - socket.dup (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200000160 document.form (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200021105 Malicious Web Site crawler (Fetch API Request) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
200022024 PHP remote file include attempt - data:// (Parameter) Remote File Include 2 PHP http://php.net/manual/en/wrappers.php 2020/02/10
17:00:22
200001793 onDOMNodeInserted (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101270 onstksessionend (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002782 NoSQL Injection db.getCollection() (URI) SQL-Injection 3 MongoDB 2020/02/02
18:42:51
200004350 ASP.NET code injection - System.Data.DataViewManager (Header) Server Side Code Injection 3 ASP.NET CVE-2017-9424, CVE-2017-9822, CVE-2012-0161 2020/02/02
18:42:51
200004760 Java code injection - com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext Server Side Code Injection 3 Java Servlets/JSP CVE-2019-2725 2020/02/02
18:42:51
200019056 Malicious program ( News Remote PHP Shell Injection ) upload Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001336 unescape() (Parameter) Cross Site Scripting (XSS) 3 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200002294 SQL-INJ "*_user()" sql functions SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200009234 Oracle Connection String Information Leakage 2 Oracle http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200019098 Malicious program ( PHP Shell ) upload Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200022033 PHP remote file include attempt - rar:// (Header) Remote File Include 2 PHP http://php.net/manual/en/wrappers.php 2020/02/10
17:00:22
200002264 SQL-INJ UTL_TCP (Headers) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004348 ASP.NET code injection - Microsoft.Exchange.Management.SystemManager.WinForms.ExchangeSettingsProvider (Header) Server Side Code Injection 3 ASP.NET CVE-2017-9424, CVE-2017-9822, CVE-2012-0161 2020/02/02
18:42:51
200010073 MySQL Configuration file my.cnf (URI) Predictable Resource Location 3 General Database http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200018064 Leading tab in header name Detection Evasion 2 All systems 2019/12/05
15:15:38
250000061 (PSM) SQL-INJ exec() SQL-Injection 3 PSM 2013/06/27
07:12:08
200101198 onmozbrowsertitlechange (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101274 onstoragecommit (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101306 ontouchenter (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200009069 SQL Information Leakage (23) Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200003354 "sendmail" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200003449 Java code injection java.lang.System (Parameter) Server Side Code Injection 3 Java Servlets/JSP https://struts.apache.org/docs/s2-029.html, CVE-2016-0785 2017/07/24
12:16:47
200104004 Java code injection - net.sf.ehcache.transaction.manager.selector.GlassfishSelector Server Side Code Injection 3 Java Servlets/JSP CVE-2019-20330 2020/01/27
18:47:48
200001026 onkeyup (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/05
09:30:33
200004196 PHP injection attempt (phpversion) (Header) Server Side Code Injection 2 PHP http://www.owasp.org/index.php/Code_Injection 2016/12/06
11:17:59
200010063 Titan FTP password disclosure Predictable Resource Location 3 All systems http://www.rapid7.com/db/modules/auxiliary/scanner/http/titan_ftp_admin_pwd, CVE-2013-1625 2016/06/27
17:23:26
200019078 Malicious program ( Remote Explorer ) upload Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200020073 SSRF attempt (Oracle Metadata Server) - Dotted octal with padding representation (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
250000023 (PSM) input tag: dynsrc Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200016003 Unrestricted File Upload on IIS with ASP Other Application Attacks 3 Microsoft Windows 2020/02/02
18:42:51
200001158 .innerhtml (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200001647 jQuery command $.post() (Parameter) Cross Site Scripting (XSS) 3 jQuery http://api.jquery.com/jquery.getscript/ 2014/08/25
09:12:13
200101361 AngularJS Sandbox Escape - constructor.prototype (Header) Cross Site Scripting (XSS) 3 AngularJS 2018/12/23
12:26:07
200002583 SQL-INJ db.members (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200004051 ASP injection attempt ( Scripting.FileSystemObject ) Server Side Code Injection 2 ASP.NET 2018/01/25
18:15:14
200004756 Java code injection - oracle.toplink.internal.sessions.UnitOfWorkChangeSet Server Side Code Injection 3 BEA Systems WebLogic Server CVE-2019-2725 2020/02/02
18:42:51
200010120 Oracle application server webapp/admin/showbc4jrtdetails.jsp Access Predictable Resource Location 2 Oracle Application Server 2018/03/12
16:09:07
250000065 (PSM) SQL-INJ group by having SQL-Injection 3 PSM 2013/06/27
07:12:08
200001936 onTabHide (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003360 "shutdown" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003407 "zcat" execution attempt (Header) Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200020076 SSRF attempt (Oracle Metadata Server) - Enclosed alphanumeric representation (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200009017 SQL Information Leakage (8) Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200001817 onDOMWindowClose (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200003707 "aptitude" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004206 JavaScript Code Injection - Math(); (Header) Server Side Code Injection 3 All systems http://www.w3schools.com/js/js_math.asp 2017/01/18
15:31:20
200004313 Java code injection - com.sun.rowset.JdbcRowSetImpl (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-15095, CVE-2016-9606, CVE-2017-3159, CVE-2016-8744, CVE-2016-8749 2020/02/02
18:42:51
200004837 Java code injection - registry.BindingEnumeration (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200009006 Statistics Software Information Leakage (3) Information Leakage 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200009046 ASP source code leakage (10) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200020170 Java code injection - JNDIConnectionSource (2) (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-17531 2020/02/02
18:42:51
200002647 SQL-INJ IS_SRVROLEMEMBER (Parameter) SQL-Injection 3 Microsoft SQL Server http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200003206 "cp" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004367 Java code injection - getWriter (Header) Server Side Code Injection 3 JavaServer Faces (JSF) 2018/02/01
14:02:09
200004383 Java code injection - org.apache.xbean.naming.context.WritableContext (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-9805, CVE-2017-7504, CVE-2017-7504, CVE-2017-5878, CVE-2017-5586, CVE-2016-9299 2020/02/02
18:42:51
200020164 Java code injection - P6DataSource (2) (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-16942, CVE-2019-16943 2020/02/02
18:42:51
200003024 "cmd" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003734 "egrep" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200001254 onPause() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200004198 Joomla user registration privilege escalation Server Side Code Injection 3 Joomla http://blog.sucuri.net/2016/10/details-on-the-privilege-escalation-vulnerability-in-joomla.html, CVE-2016-8869, CVE-2016-8870 2020/02/10
17:00:22
200009152 PHP source code leakage (5) Information Leakage 2 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200009272 Apache Tomcat .JSP files source code disclosure ($DATA) Information Leakage 3 Apache Tomcat CVE-2017-12616 2017/12/25
11:20:15
200020191 Java code injection - org.apache.commons.configuration.ConfigurationFactory (Header) Server Side Code Injection 3 Java Servlets/JSP 2020/02/02
18:42:51
200101330 onuploadprogress (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200003730 "dmesg" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004267 PHP injection attempt ( passthru ) (URI) Server Side Code Injection 3 PHP http://www.owasp.org/index.php/Code_Injection 2017/07/24
09:52:07
200004683 Python code injection - socket.accept (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200011027 Generic buffer overflow attempt 28 Buffer Overflow 3 All systems http://www.webappsec.org/projects/threat/classes/buffer_overflow.shtml 2020/01/15
14:12:31
200020146 Java code injection - XSLTJaxbProvider (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-14540 2020/02/02
18:42:51
200020162 Java code injection - SharedPoolDataSource (2) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-16942, CVE-2019-16943 2020/02/02
18:42:51
200002257 SQL-INJ DBMS_LOCK SQL-Injection 2 Oracle http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003434 Java Base64 serialized object - groovy.runtime (Parameter) Server Side Code Injection 3 Java Servlets/JSP http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852, CVE-2015-4852, CVE-2013-2165 2020/02/02
18:42:51
200004048 ASP/JSP injection attempt ( <% ) Server Side Code Injection 3 Java Servlets/JSP 2020/02/02
18:42:51
200004717 Python code injection - socket.getfqdn (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200013001 Django authentication header evasion Authentication/Authorization Attacks 3 Django http://www.djangoproject.com/weblog/2015/jan/13/security/#s-issue-wsgi-header-spoofing-via-underscore-dash-conflation, https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0219, CVE-2015-0219 2016/06/27
17:23:26
200002371 SQL-INJ REVOKE FROM (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002053 SQL-INJ mysql.user SQL-Injection 3 MySQL http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200003337 "reboot" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004698 Python code injection - socket.shutdown (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200004912 Java code injection - logging.FileHandler (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200019064 Malicious program ( Aventis KlasVayv ) upload Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001238 onFinish() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001745 onDOMAttributeNameChanged (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200001977 onbeforeprint (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200004294 Java code injection - org/jboss/invocation/MarshalledValue Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372 2020/02/02
18:42:51
200000084 SQL-INJ Stored procedure "exec sp_" (Parameter) SQL-Injection 3 Sybase/ASE http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/08/05
11:08:36
200002672 SQL-INJ dbmsinfo (Header) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2017/01/18
15:31:20
200004225 JSP Expression Language Expression Injection Server Side Code Injection 3 Apache Struts 2020/02/02
18:42:51
200004776 Java code injection - oracle.jdbc.rowset.OracleJDBCRowSet Server Side Code Injection 3 Java Servlets/JSP CVE-2018-12022, CVE-2018-12023 2019/07/28
16:35:03
200009219 SQLServer Syntax Error Message Information Leakage 3 Microsoft SQL Server http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2011/09/13
09:40:59
200022020 PHP remote file include attempt - file:// (Parameter) Remote File Include 2 PHP http://php.net/manual/en/wrappers.php 2020/02/10
17:00:22
200001084 activexobject (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001766 onDOMFrameContentLoaded (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002684 SQL-INJ db.getName (Header) SQL-Injection 3 MongoDB http://www.owasp.org/index.php/SQL_Injection 2020/02/02
18:42:51
200002696 SQL-INJ SPATIAL_CSW_ADMIN_USR (Header) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200003390 "umask" execution attempt (URI) Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200012010 DOS "Double-precision floating-point number dos attack" (Headers) (5) Denial of Service 3 All systems http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/, CVE-2010-4645 2017/11/12
11:00:47
200101308 ontouchenter (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200100057 "java.sql.SQLException" Error Message Information Leakage 2 Java Servlets/JSP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2011/07/21
06:33:38
200018035 localhost URL found - http://0/ (Header) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200018056 Python local file include attempt - local_file:// (Parameter) Other Application Attacks 3 Python CVE-2019-9948 2020/02/10
17:00:22
200001257 onProgress() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001674 {:window} (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/xss-faq.html, http://en.wikipedia.org/wiki/Cross_site_scripting 2015/07/19
14:11:00
200001772 onDOMLinkRemoved (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101550 Directory Traversal attempt (Content) Path Traversal 1 All systems 2018/06/27
11:50:56
200002740 SQL-INJ sp_password (Header) SQL-Injection 3 Microsoft SQL Server http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200007018 Directory Traversal attempt (../ProgramData) (Header) Path Traversal 2 Microsoft Windows http://projects.webappsec.org/w/page/13246952/Path%20Traversal 2019/08/25
11:24:25
200009064 JSP source code leakage (21) Information Leakage 3 Java Servlets/JSP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200009148 (GHDB) SnortSnarf Page Information Leakage 2 Various systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2010/03/01
02:22:28
200001858 onMozOrientation (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002612 SQL-INJ UNION SELECT 1,1 (Header) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2017/01/26
15:15:44
200003427 Java Base64 serialized object - java/lang/Runtime (URI) Server Side Code Injection 3 Java Servlets/JSP http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852, CVE-2015-4852, CVE-2013-2165 2020/02/02
18:42:51
200003750 "groff" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200004135 PHP injection attempt ( $http_response_header ) Server Side Code Injection 3 PHP 2017/08/07
15:48:54
200009114 (GHDB) IIS error (3) Information Leakage 2 IIS http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2010/03/01
02:22:28
200101329 onupgradeneeded (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003709 "bzip2" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004155 Java Code Injection (sensitive attributes) (Headers) Server Side Code Injection 3 Java Servlets/JSP http://www.exploit-db.com/exploits/18329/, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394 2016/08/04
15:33:35
200015055 Web Server Probe ( TL32Sn ) Vulnerability Scan 2 All systems 2011/12/21
06:12:43
200020052 SSRF attempt (AWS Metadata Server) - Dot-less hexadecimal representation (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001933 onTabClose (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200100046 Oracle XSQLConfig.xml access Predictable Resource Location 2 Oracle Application Server CVE-2002-0568 2018/05/01
18:05:58
200018037 External entity DOCTYPE injection attempt Other Application Attacks 2 All systems CVE-2017-12629 2020/02/02
18:42:51
200004951 Java code injection - reflect.InvocationHandler (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200000112 div tag: background-image (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200001578 onwaiting (Header) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002435 SQL-INJ "mid()" (Parameter) SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200002586 SQL-INJ sqlite_version (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2015/10/19
17:50:00
200003135 "command" execution attempt Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200004011 PHP injection attempt ( gzcompress ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200004657 Python code injection - os.write (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200004983 Java code injection - manager.DefaultTransactionManagerLookup (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-14439, CVE-2019-14379 2019/08/07
18:44:15
200020099 SSRF attempt (Google Metadata Server) - Enclosed alphanumeric upper-case representation (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200004631 Python code injection - os.close (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200101602 Vulnerability tool listener - Acunetix (Parameter) Cross Site Scripting (XSS) 2 All systems 2020/08/27
14:26:28
200021089 Automated client access "SQ Webscanner" Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200021142 Malicious Web Site crawler (Jorgee) Non-browser client 3 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
200001882 onMozTouchDown (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101322 onunderflow (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002519 SQL-INJ drop trigger (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002626 SQL-INJ v$instance (Parameter) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200003728 "diff3" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200010112 Oracle application server bc4jadmin/bc4jadmin.htm Access Predictable Resource Location 2 Oracle Application Server 2018/03/12
16:09:07
200001949 onTabUnpinned (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101218 onorientationchange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002825 Oracle Application Server mod_plsql Injection (wwv_dynxml_generator) SQL-Injection 3 Oracle Application Server 2018/03/12
16:09:07
200004054 ASP injection attempt ( Server.HtmlEncode ) Server Side Code Injection 2 ASP.NET 2018/01/25
18:15:14
200004573 Python code injection - import sys (Header) Server Side Code Injection 2 Python 2019/04/16
13:29:05
200100002 "index of /" response Directory Indexing 2 All systems 2014/03/09
06:42:17
200002473 SQL-INJ REPLACE VALUES (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200021126 Malicious Web Site crawler (Educate Search VxB) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
200100019 server-info access Predictable Resource Location 2 Apache/NCSA HTTP Server httpd.apache.org/docs/mod/mod_info.html 2014/03/09
06:42:17
200001232 onEnd() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001995 oncallschanged (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200004404 Java code injection - javax.script.ScriptEngineManager (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2016-9606, CVE-2017-3159, CVE-2016-8744 2020/02/02
18:42:51
200004661 Python code injection - sys.argv (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200001323 eval() (URI) Cross Site Scripting (XSS) 3 Ruby http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/09/16
17:29:43
200004868 Java code injection - autoproxy.AspectJAwareAdvisorAutoProxyCreator$PartiallyComparableAdvisorHolder (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200006034 XPath Injection child::processing-instruction() XPath Injection 3 All systems 2019/02/25
18:54:57
200009012 SQL Information Leakage (3) Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200015095 Web Server Probe (commix) Vulnerability Scan 3 All systems https://github.com/commixproject/commix 2020/02/10
17:00:22
200101052 ondatachange (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003130 "/proc/self/environ" execution attempt (Parameter) Command Execution 3 Unix/Linux http://www.owasp.org/index.php/PHP_Top_5#P5:_File_system_attacks 2013/03/11
02:26:00
200004012 PHP injection attempt ( gzopen ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200004052 ASP injection attempt ( Server.CreateObject ) Server Side Code Injection 2 ASP.NET 2018/01/25
18:15:14
200009129 (GHDB) PhpMyExplorer Page Information Leakage 2 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200021030 Malicious Web Site crawler "takeout" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2019/12/11
17:48:52
200004881 Java code injection - context.ContextUtil$ReadOnlyBinding (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001260 onPropertyChange() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/08/07
17:40:28
200001838 onMozGamepadButtonDown (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101397 onpointerleave (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101403 onpointerout (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003378 "telnet" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/05
15:24:30
200004332 WordPress PHPMailer Remote Code Execution Server Side Code Injection 3 WordPress https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html, CVE-2016-10033 2017/12/27
12:42:24
200012062 ASP.NET w3wp - COM Components DOS - ../aspnetlogs\\log1.logs Denial of Service 2 ASP.NET CVE-2006-1364 2019/10/09
02:15:14
200013012 Jenkins config.xml Move Authentication Bypass Authentication/Authorization Attacks 3 Jenkins https://securitynews.sonicwall.com/xmlpost/jenkins-ci-server-at-risk-high-risk-vulnerbaility/, CVE-2018-1999001 2018/09/25
10:58:05
200100311 CFNEWINTERNALADMINSECURITY access (ColdFusion) Abuse of Functionality 3 Macromedia ColdFusion CVE-1999-0760 2016/08/04
15:33:35
200001023 onkeydown (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/05
09:30:33
200002382 SQL-INJ sysconstraints (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002634 SQL-INJ master.dbo (URI) SQL-Injection 3 Microsoft SQL Server http://www.owasp.org/index.php/SQL_Injection 2017/01/26
11:44:00
200006016 XPath Injection "element()" XPath Injection 3 All systems 2019/08/25
11:24:25
200010009 "/pls/admin_/help" access Predictable Resource Location 2 All systems http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
250000038 (PSM) SQL-INJ "*_id()" sql functions SQL-Injection 3 PSM 2013/06/27
07:12:08
200001278 onScroll() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001874 onMozSwipeGesture (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200004179 Node.js JS-YAML code execution !!js/regexp Server Side Code Injection 3 Node.js http://nealpoole.com/blog/2013/06/code-execution-via-yaml-in-js-yaml-nodejs-module/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4660, CVE-2013-4660 2016/06/27
17:23:26
200004231 JavaScript Code Injection - process.kill() (Parameter) Server Side Code Injection 3 All systems 2017/05/04
10:03:31
200101518 HTML5 Entity (num) (URI) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200002463 SQL-INJ "SELECT extractvalue" (Header) SQL-Injection 3 MySQL CVE-2009-0819 2018/01/25
18:15:14
200003221 "dig" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004178 Node.js JS-YAML code execution !!js/undefined Server Side Code Injection 3 Node.js http://nealpoole.com/blog/2013/06/code-execution-via-yaml-in-js-yaml-nodejs-module/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4660, CVE-2013-4660 2016/06/27
17:23:26
200009098 ASP source code leakage (40) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200001514 onemptied (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002324 SQL-INJ "BACKUP DATABASE" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2015/01/01
16:30:30
200002597 SQL Injection: commit; (URI) SQL-Injection 3 General Database https://msdn.microsoft.com/en-us/library/ms190295.aspx 2020/02/10
17:00:22
200001353 CreateObject (Parameter) Cross Site Scripting (XSS) 2 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200021053 Malicious Web Site crawler "DTS Agent" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200001605 <MATH href (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet 2020/01/15
14:12:31
200101027 oncomplete (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002115 SQL-INJ xp_regread SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003272 "jobs" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004391 Java code injection - org.springframework.aop.support.DefaultBeanFactoryPointcutAdvisor (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-9805, CVE-2017-7504, CVE-2017-7504, CVE-2017-5878, CVE-2017-5586, CVE-2016-9299 2020/02/02
18:42:51
200004867 Java code injection - autoproxy.AspectJAwareAdvisorAutoProxyCreator$PartiallyComparableAdvisorHolder (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200000108 Javascript Entity (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200101241 onreceived (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101581 SVG img tag: xlink/href (URI) Cross Site Scripting (XSS) 2 All systems 2019/06/18
11:55:10
200002421 SQL-INJ expressions like "' having 1 --" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003214 "curl" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004020 PHP injection attempt ( proc_open ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200001508 oncanplay (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002610 SQL-INJ MySQL rewrite my.cnf (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, CVE-2016-6662 2016/11/10
17:09:31
200003915 "cat" execution attempt (3) Command Execution 3 Unix/Linux 2019/02/26
22:46:23
200012042 SAP NetWeaver DoS Attempt - <a> (Header) Denial of Service 2 XML CVE-2016-10311 2018/03/18
15:16:32
200101262 onstatechange (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003474 ImageMagick arbitrary file deletion (ephemeral) Command Execution 3 All systems http://imagetragick.com/, CVE-2016-3715 2020/01/30
17:43:40
200003785 "renice" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200101028 oncomplete (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200003825 Ghostscript Type Confusion Arbitrary Command Execution Command Execution 2 All systems CVE-2017-8291 2017/06/12
18:54:57
200004626 Python code injection - os.umask (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200010055 /cgi-win/ access Predictable Resource Location 1 CGI http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200101266 onstatuschange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003120 "route" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200004000 PHP injection attempt ( ftp_fget ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200004460 Unix special variable $0 (URI) Server Side Code Injection 1 Unix/Linux 2018/05/01
18:05:58
200004639 Python code injection - os.fchown (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200004857 Java code injection - typeddata.ValueHolder (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200009078 SQL Information Leakage (32) Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200012035 libxml xmlSnprintfElementContent DoS (Parameter) Denial of Service 3 All systems http://www.openwall.com/lists/oss-security/2017/05/15/1, CVE-2017-9047 2018/02/01
14:02:09
250000027 (PSM) onkeypress Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
250000058 (PSM) SQL-INJ create table SQL-Injection 3 PSM 2013/06/27
07:12:08
200001282 onSeek() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001361 .open (URI) Cross Site Scripting (XSS) 2 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/12/23
12:26:07
200001391 urn() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/06/06
14:02:07
200002091 SQL-INJ mb_users SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004584 Python code injection - import Requests (Parameter) Server Side Code Injection 2 Python 2019/04/16
13:29:05
200004453 Spring Expression Language (SpEL) Expression Injection (Header) Server Side Code Injection 3 JBoss 2018/05/06
17:10:16
200003698 "winmgmt" execution attempt (URI) Command Execution 3 Microsoft Windows 2020/07/05
15:16:45
200002454 SQL-INJ like " ' || 1=1 " (Parameters) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200007022 Directory Traversal attempt (../Program Files) (Header) Path Traversal 2 Microsoft Windows http://projects.webappsec.org/w/page/13246952/Path%20Traversal 2019/08/25
11:24:25
200000063 Suspicious "test/testing" file access Predictable Resource Location 1 All systems http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2018/08/05
11:08:36
200020075 SSRF attempt (Oracle Metadata Server) - Dotted hexadecimal representation (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
250000066 (PSM) SQL-INJ insert into SQL-Injection 3 PSM 2013/06/27
07:12:08
200002182 SQL-INJ drop trigger SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002563 SQL-INJ sys.user$ (Header) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2015/10/19
17:50:00
200004390 Java code injection - org.springframework.aop.aspectj.autoproxy.AspectJAwareAdvisorAutoProxyCreator$PartiallyComparableAdvisorHolder (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-9805, CVE-2017-7504, CVE-2017-7504, CVE-2017-5878, CVE-2017-5586, CVE-2016-9299 2020/02/02
18:42:51
200004465 Java code injection - org.apache.commons.fileupload.disk.DiskFileItem (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2016-1000031 2020/02/02
18:42:51
200009191 Couldn't prepare SQL statement" Error Message Information Leakage 3 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200004369 Java serialized object (Raw) Server Side Code Injection 3 JavaServer Faces (JSF) 2020/02/02
18:42:51
200001243 onLayoutComplete (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/05/30
14:57:08
200001725 onAlertClose (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200001845 onMozMagnifyGesture (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002508 SQL-INJ create function (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200003412 "uname" execution attempt (Headers) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200003762 "lsmod" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200003182 "cc" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004878 Java code injection - context.WritableContext (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200009105 PHP Information Leakage (5) Information Leakage 3 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200022007 Remote File Inclusion Attempt include() Remote File Include 2 All systems 2014/03/09
06:42:17
200001411 param tag (Parameter) Cross Site Scripting (XSS) 1 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/04/30
18:19:08
200002172 SQL-INJ expressions like "and 1=1" (8) (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2019/03/20
17:09:57
200002596 SQL Injection: commit; (Header) SQL-Injection 3 General Database https://msdn.microsoft.com/en-us/library/ms190295.aspx 2020/02/10
17:00:22
200004924 Java code injection - runtime.MethodClosure (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200015013 Web Server Probe ( .nasl ) Vulnerability Scan 2 All systems 2020/02/10
17:00:22
200019105 Malicious program ( /r57eng.php ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200002161 SQL-INJ select data-type (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/06/06
14:02:07
200004513 ASP.NET code injection - System.Diagnostics.Process.Start (Parameter) Server Side Code Injection 2 ASP.NET 2019/01/22
22:41:09
200019047 Malicious program ( ./xkernel ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001439 -moz-binding (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/09/17
17:54:37
200001706 Angular.js attribute ng-view (Parameter) Cross Site Scripting (XSS) 3 AngularJS https://docs.angularjs.org/api/ng/directive/ngModel 2020/01/15
14:12:31
200003913 "ls" execution attempt (2) Command Execution 3 Unix/Linux 2020/05/19
05:58:45
200002844 SQL-INJ expressions like AND SELECT * FROM (Parameter) SQL-Injection 3 General Database 2019/02/26
23:23:07
200010007 "/fcgi-bin/echo" access Predictable Resource Location 2 CGI http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200002423 SQL-INJ expressions like "' || 1 --" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004001 PHP injection attempt ( ftp_fput ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200004623 Python code injection - os.unsetenv (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200012065 Apache mod_proxy Connection DoS Denial of Service 3 Apache/NCSA HTTP Server CVE-2014-0117 2019/10/16
22:02:00
200001237 onFinish() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200002116 SQL-INJ xp_regdeletevalue SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002249 SQL-INJ "UPDATE SET WHERE" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002515 SQL-INJ drop database (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002690 SQL-INJ sqlite_master (Header) SQL-Injection 3 SQLite http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200003294 "mkdir" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/05
15:24:30
200101194 onmozbrowsersecuritychange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101313 ontouchmove (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002832 SQLINJ - NoSQL [$regex] (JSON) (Parameter) SQL-Injection 3 MongoDB https://blog.websecurify.com/2014/08/attacks-nodejs-and-mongodb-part-to.html 2020/02/02
18:42:51
200004961 Java code injection - rowset.OracleJDBCRowSet (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200000023 IIS hidden dir access (/_private/) Predictable Resource Location 1 IIS http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200002675 SQL-INJ iicolumns (Header) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2017/01/18
15:31:20
200001707 Angular.js attribute ng-view (Header) Cross Site Scripting (XSS) 3 AngularJS https://docs.angularjs.org/api/ng/directive/ngModel 2020/01/15
14:12:31
200004653 Python code injection - os.readv (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200101082 ondisconnected (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101096 onenabled (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101277 onsuccess (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002340 SQL-INJ benchmark() (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/06/06
14:02:07
200002552 SQL-INJ "end-quote UNION" (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/06/06
14:02:07
200003352 "sed" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200011057 Redis struct_pack Integer Overflow DoS (Parameter) Buffer Overflow 3 Redis https://github.com/antirez/redis/issues/2855, CVE-2015-8080 2019/03/07
19:45:45
200003726 "diff3" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200004046 ASP injection attempt ( .getfile ) Server Side Code Injection 2 ASP.NET 2018/01/25
18:15:14
200009018 SQL Information Leakage (9) Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200009174 JSP Error RuntimeException Information Leakage 3 Java Servlets/JSP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200010152 "/msd1.24" access Predictable Resource Location 3 All systems 2018/06/18
18:18:44
200020098 SSRF attempt (Alibaba Metadata Server) - Enclosed alphanumeric representation (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200003223 "dir" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003405 "xterm" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200003768 "ncat" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200004682 Python code injection - socket.accept (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200009106 Tomcat Information Leakage (1) Information Leakage 2 Apache Tomcat http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200010121 Oracle application server xsql/lib/XSQLConfig.xml Access Predictable Resource Location 2 Oracle Application Server 2018/03/12
16:09:07
200019051 Malicious program ( /phpbb2_patch ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
250000050 (PSM) SQL-INJ "SELECT CONCAT" SQL-Injection 3 PSM 2013/06/27
07:12:08
200001366 .responseBody (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/05/28
05:07:16
200001506 onformchange (Header) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101077 ondisabled (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101589 import() (Header) Cross Site Scripting (XSS) 3 All systems 2019/08/06
15:00:57
200003322 "pico" execution attempt (URI) Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200000067 Unparsed PHP directive in response "<?" Information Leakage 3 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200000005 ASP caspdoc dir access Predictable Resource Location 1 ASP http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2019/12/11
17:48:52
200101454 createPopup (Header) Cross Site Scripting (XSS) 2 All systems 2017/09/13
17:29:54
200003078 "jobs" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200004935 Java code injection - functors.InvokerTransformer (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200004984 Java code injection - manager.DefaultTransactionManagerLookup Server Side Code Injection 3 Java Servlets/JSP CVE-2019-14439, CVE-2019-14379 2019/08/07
18:44:15
200001468 src javascript (URI) (2) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200101530 jQuery Camel Cased Attribute Names Infinite Recursion DoS (Parameter) Cross Site Scripting (XSS) 2 jQuery https://github.com/jquery/jquery/issues/3133, CVE-2016-10707 2018/03/18
15:16:32
200003129 Shell command execution using the JET SQL interface (Headers) Command Execution 3 ASP.NET http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2018/01/25
18:15:14
200004347 ASP.NET code injection - Microsoft.Exchange.Management.SystemManager.WinForms.ExchangeSettingsProvider (Parameter) Server Side Code Injection 3 ASP.NET CVE-2017-9424, CVE-2017-9822, CVE-2012-0161 2020/02/02
18:42:51
200011052 GHOST attempt (http://) Buffer Overflow 3 Unix/Linux https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235, CVE-2015-0235 2016/06/27
17:23:26
200101393 onpointerenter (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002676 SQL-INJ iicolumns (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2017/01/18
15:31:20
200009248 PHP Parse Error Information Leakage Information Leakage 2 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2011/12/11
06:49:36
200004765 Java code injection - com.mysql.cj.jdbc.admin.MiniAdmin Server Side Code Injection 3 Java Servlets/JSP CVE-2019-12086 2019/07/08
18:55:42
200009033 IIS Information Leakage (6) Information Leakage 2 IIS http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200012011 DOS "Range Header DoS Attempt" (Headers) Denial of Service 3 Apache Tomcat CVE-2018-15756, CVE-2011-3192 2019/11/04
22:53:54
200019066 Malicious program ( CEHENNEMDEN ) upload Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200020135 Localhost SSRFmap tool evasion (383.256.256.257) (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001319 <EMBED SRC (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200101153 onmouseleave (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101576 ReactJS code injection - createFactory (Header) Cross Site Scripting (XSS) 2 ReactJS 2019/04/16
13:29:05
200003106 "dig" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003357 "sftp" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200018032 WordPress REST API content injection (POST 1) Other Application Attacks 3 PHP https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html 2017/02/06
16:00:03
200021079 Automated client access "eCatch" Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
200002588 SQL-INJ sqlite_version (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2015/10/19
17:50:00
200009235 Oracle Driver String Information Leakage 2 Oracle http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200020087 SSRF attempt (Alibaba Metadata Server) - Dotted octal representation (Host header) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200003194 "chown" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200006005 XPath Injection "local-name(" XPath Injection 3 All systems 2014/03/09
06:42:17
200002604 SQL-INJ expressions like " and 1=1 (6) (Header) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2020/06/09
13:40:17
200100089 "%HOMEPATH%" access (URI) Predictable Resource Location 1 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/07/30
07:45:27
200009077 SQL Information Leakage (31) Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200003347 "rsh" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200000113 div tag: background-image (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200001352 .documentElement (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/05/28
05:07:16
200001371 .SaveToFile (Parameter) Cross Site Scripting (XSS) 3 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/12/23
12:26:07
200101044 onconnecting (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101074 ondialing (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101532 jQuery Camel Cased Attribute Names Infinite Recursion DoS (URI) Cross Site Scripting (XSS) 2 jQuery https://github.com/jquery/jquery/issues/3133, CVE-2016-10707 2018/03/18
15:16:32
200002611 SQL-INJ UNION SELECT 1,1 (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2017/01/26
15:15:44
200004029 PHP injection attempt ( shell_exec ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200001404 eval; (URI) Cross Site Scripting (XSS) 3 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/12/23
12:26:07
200003228 "ed" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003298 "mount" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003774 "pgrep" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200003808 "unrar" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004480 Ruby 2.X Universal Deserialization Gadget Server Side Code Injection 3 Ruby https://www.elttam.com.au/blog/ruby-deserialization/ 2020/02/02
18:42:51
200000019 IIS hidden dir access (/_derived/) Predictable Resource Location 1 IIS http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200001644 jQuery command $.ajax() (Parameter) Cross Site Scripting (XSS) 3 jQuery http://api.jquery.com/jquery.getscript/ 2014/08/25
09:12:13
200015035 Web Server Probe ( Nessus ) - 1 Vulnerability Scan 2 All systems 2020/02/10
17:00:22
200002738 SQL-INJ ' UNION SELECT (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200003289 "mail" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200100318 "netcat" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200001951 onTabUnpinned (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200004835 Java code injection - dir.LazySearchEnumerationImpl (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200020041 SSRF attempt (AWS Metadata Server) - Dot-less decimal with overflow representation (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200020182 Java code injection - EhcacheJtaTransactionManagerLookup (2) (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-17267 2020/02/02
18:42:51
200020189 Java code injection - clojure.lang.ASeq Server Side Code Injection 3 Java Servlets/JSP 2020/02/02
18:42:51
200001419 link href rel stylesheet (URL) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200101367 AngularJS Sandbox Escape - constructor.prototype.charAt.join (Header) Cross Site Scripting (XSS) 3 AngularJS 2018/12/23
12:26:07
200019006 Malicious program ( newfile ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200020180 Java code injection - EhcacheJtaTransactionManagerLookup Server Side Code Injection 3 Java Servlets/JSP CVE-2019-17267 2020/02/02
18:42:51
200022041 Generic Remote File/Path Include Attempt 6 Remote File Include 3 All systems 2020/02/10
17:00:22
200001306 STYLE tag: binding (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200101269 onstkcommand (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003385 "touch" execution attempt (Header) Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200019038 Malicious program ( /gif.ph ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200020192 Java code injection - org.apache.commons.configuration.ConfigurationFactory Server Side Code Injection 3 Java Servlets/JSP 2020/02/02
18:42:51
200101311 ontouchleave (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200004250 ASP.NET injection attempt (Convert.FromBase64String) (Header) Server Side Code Injection 3 ASP.NET 2017/05/04
10:03:31
200006024 XPath Injection "ancestor" XPath Injection 3 All systems 2019/08/25
11:24:25
200001291 onSyncRestored (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/05/30
14:57:08
200101109 onfullscreenchange (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200010059 /var execution attempt (Header) Predictable Resource Location 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2014/10/21
04:06:49
200100062 CISCO VoIP Portinformation access Predictable Resource Location 1 Cisco CVE-2002-0882 2016/08/04
15:33:35
200020166 Java code injection - JNDIConnectionSource (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-17531 2020/02/02
18:42:51
200015023 Web Server Probe ( S.T.A.L.K.E.R. ) Vulnerability Scan 2 All systems 2012/02/27
06:30:01
200001317 <EMBED SRC (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200001407 button tag (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001915 onSVGError (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101289 ontabviewsearchenabled (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003764 "lsmod" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200010067 phpMoAdmin management page Predictable Resource Location 3 MongoDB https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2208, CVE-2015-2208 2019/12/11
17:48:52
200001214 onControlSelect() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/05
09:30:33
200002307 SQL-INJ "order by" (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200004571 Python code injection - import os (Header) Server Side Code Injection 2 Python 2019/04/16
13:29:05
200000024 IIS hidden dir access (/_scripts/) Predictable Resource Location 1 IIS http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200000093 XSS script tag end (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200003807 "unrar" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200101276 onsuccess (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200100008 rcmd attempt Command Execution 3 Microsoft Windows 2014/03/09
06:42:17
200004114 Server-Side Include Injection Attempt - 5 (Headers) Server Side Code Injection 3 SSI (Server Side Includes) 2012/02/27
06:30:01
200015014 Web Server Probe ( internet explorer ) Vulnerability Scan 2 All systems 2012/02/27
06:30:01
200001265 onReadyStateChange() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/05
09:30:33
200001543 onpagehide (URI) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2012/11/21
13:22:14
200101317 ontouchstart (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101399 onpointermove (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200004604 Python code injection - os.getenvb (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200018038 Couchbase diag/eval Remote Code Execution Other Application Attacks 2 General Database CVE-2018-15728 2019/01/22
22:41:09
200003309 "nmap" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/05
15:24:30
200004925 Java code injection - runtime.MethodClosure (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200009020 SQL Information Leakage (11) Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200009180 "Oracle SQL invalidation" Error Message Information Leakage 2 Oracle http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200100037 test.cgi access Predictable Resource Location 1 CGI 2020/02/10
17:00:22
200015011 Web Server Probe ( Acunetix ) Vulnerability Scan 2 All systems 2020/02/10
17:00:22
200021014 Malicious Web Site crawler "eirgrabber" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200021104 Malicious Web Site crawler (Bork-edition) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
200001290 onSyncRestored() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/08/07
17:40:28
200101348 console.log (Parameter) Cross Site Scripting (XSS) 3 All systems 2017/03/21
14:07:40
200002549 SQL-INJ waitfor time (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200004849 Java code injection - configuration.JNDIConfiguration (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200004985 Java code injection - core.db.JNDIConnectionSource (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-14439, CVE-2019-14379 2019/08/07
18:44:15
200101072 ondialing (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101271 onstksessionend (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200004812 Java code injection - disk.DiskFileItem (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001156 .execscript (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001688 JavaScript obfuscation (JSF) (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.jsfuck.com/ 2015/08/25
13:43:10
200001749 onDOMAutoComplete (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002414 SQL-INJ XMLVarcharFromFile (Headers) SQL-Injection 3 IBM DB2 http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004770 Java code injection - org.apache.ibatis.parsing.XPathParser (Header) Server Side Code Injection 2 JavaServer Faces (JSF) CVE-2018-11307 2019/07/24
23:31:34
200019057 Malicious program ( News Remote PHP Shell Injection ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001584 video poster (Header) Cross Site Scripting (XSS) 2 All systems http://html5sec.org/ 2013/02/11
00:13:25
200002785 NoSQL Injection db.getCollectionNames() (URI) SQL-Injection 3 MongoDB 2020/02/02
18:42:51
200003767 "mkfifo" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004887 Java code injection - keyvalue.TiedMapEntry (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200010075 MySQL Configuration file my.ini (Header) Predictable Resource Location 3 General Database http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200010126 Oracle application server forms90/f90servlet Access Predictable Resource Location 2 Oracle Application Server 2018/03/12
16:09:07
200015064 IWeb Server Probe ( Trustwave App Scanner - Cenzic ) Vulnerability Scan 2 All systems 2017/12/25
15:32:05
200001768 onDOMFrameContentLoaded (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003441 Java code injection - java/lang/Process (Header) Server Side Code Injection 3 Java Servlets/JSP http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852, CVE-2015-4852 2018/03/20
18:30:45
200100020 jrun directory browse attempt Directory Indexing 2 Macromedia JRun CVE-2001-1510 2020/01/30
17:43:40
200001932 onTabClose (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200004956 Java code injection - db.DriverManagerConnectionSource (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200003508 "cscript" execution attempt (Header) Command Execution 3 Microsoft Windows 2020/06/09
13:40:17
200004439 Java code injection - org.springframework.context.support.FileSystemXmlApplicationContext Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2017-7525, CVE-2017-17485, CVE 2017-15095 2020/02/02
18:42:51
200004572 Python code injection - import sys (Parameter) Server Side Code Injection 2 Python 2019/04/16
13:29:05
200020059 SSRF attempt (Oracle Metadata Server) - Dotted octal with padding representation (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001015 onmove... (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001789 onDOMModalDialogClosed (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003290 "mail" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004737 Python code injection - socket.inet_ntoa (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200010070 Drupal module coder upgrade URL Predictable Resource Location 1 PHP http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2016/09/13
19:09:13
200020167 Java code injection - JNDIConnectionSource (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-17531 2020/02/02
18:42:51
200101594 location.assign() (Header) Cross Site Scripting (XSS) 3 All systems 2019/11/04
22:53:54
200004197 PHP injection attempt (phpversion) (URI) Server Side Code Injection 2 PHP http://www.owasp.org/index.php/Code_Injection 2016/12/06
11:17:59
200004446 Java code injection - org.springframework.web.context.request.RequestContextHolder (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2017-8046 2020/02/02
18:42:51
200002616 SQL-INJ SELECT USER() (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200010142 "/FileZilla.xml" access Predictable Resource Location 3 All systems 2018/06/18
18:18:44
200020100 SSRF attempt (Google Metadata Server) - Enclosed alphanumeric lower-case representation (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200003027 "passwd" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2020/01/05
15:24:30
200020096 SSRF attempt (Alibaba Metadata Server) - Dot-less hexadecimal representation (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200010036 (GHDB) Smb.conf access Predictable Resource Location 2 All systems http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2010/03/01
02:22:28
200023004 HTTP Response Splitting (4)(Parameter) HTTP Response Splitting 3 All systems http://projects.webappsec.org/HTTP-Response-Splitting 2020/01/30
17:43:40
200000014 /phpmyadmin/ dir access (/phpmyadmin/) Predictable Resource Location 1 PHP http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200001199 onRow...() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200101183 onmozbrowserloadstart (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002546 SQL-INJ select substring (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002571 SQL-INJ UTL_HTTP (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200002732 SQL-INJ USER_USERS (URI) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200004247 JavaScript Code Injection - process.abort() (Header) Server Side Code Injection 3 All systems 2017/05/04
10:03:31
200004308 Java code injection - org.springframework.beans.factory.ObjectFactory (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-15095 2020/02/02
18:42:51
200001894 onSSTabClosing (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002567 SQL-INJ v$database (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2015/10/19
17:50:00
200003786 "rsync" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200100026 PHPLIB remote command attempt Command Execution 2 PHP CVE-2001-1370 2016/08/04
15:33:35
200018029 HTTP Headers Injection (HTML) HTTP Response Splitting 2 All systems http://blogs.msdn.com/b/esiu/archive/2007/09/22/http-header-injection-vulnerabilities.aspx 2018/06/26
15:15:52
200002073 SQL-INJ user_constraints SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002587 SQL-INJ sqlite_version (Header) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2015/10/19
17:50:00
200003132 "/proc/self/environ" execution attempt (URI) Command Execution 3 Unix/Linux http://www.owasp.org/index.php/PHP_Top_5#P5:_File_system_attacks 2013/03/11
02:26:00
200004134 PHP injection attempt ( $HTTP_RAW_POST_DATA ) Server Side Code Injection 3 PHP 2017/08/07
15:48:54
200004830 Java code injection - dbcp2.BasicDataSource (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200004747 Python code injection - base64.b64encode (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200001755 onDOMContentLoaded (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200001938 onTabOpen (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002339 SQL-INJ autonomous_transaction (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003098 "at" execution attempt Command Execution 3 Microsoft Windows http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200004562 SharePoint ItemPicker Unsafe Deserialization Server Side Code Injection 3 SharePoint https://www.zerodayinitiative.com/blog/2019/3/13/cve-2019-0604-details-of-a-microsoft-sharepoint-rce-vulnerability, CVE-2019-0604 2020/02/02
18:42:51
200001345 .createDocument (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/05/28
05:07:16
200101387 onpointercancel (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002139 SQL-INJ openquery SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200009126 (GHDB) PRTG Traffic Grapher monitoring results Information Leakage 2 Various systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200001255 onPause() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001667 [window] (Header) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/xss-faq.html, http://en.wikipedia.org/wiki/Cross_site_scripting 2015/09/17
15:27:14
200101167 onmouseup (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200004864 Java code injection - support.DefaultBeanFactoryPointcutAdvisor (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200009067 SQL Information Leakage (21) Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200022015 PHP remote file include attempt - temp Remote File Include 2 PHP http://www.owasp.org/index.php/Top_10_2007-Malicious_File_Execution 2014/03/09
06:42:17
200001957 onafterprint (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101245 onresuming (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200021133 DoS tool (killemall) Non-browser client 3 All systems http://en.wikipedia.org/wiki/Denial-of-service_attack 2013/09/16
00:52:19
200101261 onstatechange (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101287 ontabviewsearchdisabled (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200004357 ASP.NET code injection - System.Workflow.ComponentModel.Serialization.ActivitySurrogateSelector (Parameter) Server Side Code Injection 3 ASP.NET CVE-2017-9424, CVE-2017-9822, CVE-2012-0161 2020/02/02
18:42:51
200004668 Python code injection - sys.platform (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200003902 Couchdb Query Servers Arbitrary Command Execution Command Execution 3 CouchDB https://github.com/vulhub/vulhub/tree/master/couchdb/CVE-2017-12636, CVE-2017-12636 2018/06/14
17:05:33
200004426 Java code injection - org.apache.tomcat.dbcp.dbcp2.BasicDataSource (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2017-7525, CVE-2017-17485, CVE 2017-15095 2020/02/02
18:42:51
200100081 boot.ini access (URI) Predictable Resource Location 2 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2019/08/25
11:24:25
200100069 MS Site Server default login attempt Authentication/Authorization Attacks 3 Microsoft Windows CVE-2002-1769, 11018 2017/12/18
18:25:00
200019084 Malicious program ( c99shell ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200010158 "/wp-content/uploads/XAttacker.php" access Predictable Resource Location 3 All systems 2018/06/18
18:18:44
200101504 HTML5 Entity (sol) (Parameter) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200002225 SQL-INJ openrowset (Headers) SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004718 Python code injection - socket.gethostbyname (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200004794 Java code injection - concurrent.AsynchBeansWorkManagerExecutor (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200005000 LDAP injection attempt ( objectcategory ) LDAP Injection 3 All systems 2014/03/09
06:42:17
200009237 SQLNCLI Connection String Information Leakage 3 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2011/12/21
06:12:43
200011053 GHOST attempt (file://) Buffer Overflow 3 Unix/Linux https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235, CVE-2015-0235 2016/06/27
17:23:26
200001820 onDOMWindowCreated (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200003075 "netstat" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2020/01/05
15:24:30
200100097 "%COMPUTERNAME%" access (URI) Predictable Resource Location 1 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/07/30
07:45:27
200019136 Web Shell detection (b374k) Trojan/Backdoor/Spyware 3 PHP http://www.owasp.org/images/c/c3/ASDC12-Old_Webshells_New_Tricks_How_Persistent_Threats_haverevived_an_old_idea_and_how_you_can_detect_them.pdf 2014/07/08
08:28:32
200001304 seekSegmentTime() (Headers) Cross Site Scripting (XSS) 2 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200001923 onSVGScroll (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002530 SQL-INJ GRANT TO (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200003782 "pwck" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200019127 Web Shell detection (r57) Trojan/Backdoor/Spyware 3 PHP http://www.owasp.org/images/c/c3/ASDC12-Old_Webshells_New_Tricks_How_Persistent_Threats_haverevived_an_old_idea_and_how_you_can_detect_them.pdf 2013/03/11
02:26:00
200021034 Malicious Web Site crawler "rsync" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2019/12/11
17:48:52
200009097 ASP source code leakage (39) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200001831 onMozBeforeResize (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200004128 PHP injection attempt ( $_SERVER ) Server Side Code Injection 3 PHP 2017/08/07
15:48:54
200004248 JavaScript Code Injection - process.abort() (URI) Server Side Code Injection 3 All systems 2017/05/04
10:03:31
200004567 Python code injection - import urllib (Header) Server Side Code Injection 2 Python 2019/04/16
13:29:05
200004775 Java code injection - oracle.jdbc.rowset.OracleJDBCRowSet (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2018-12022, CVE-2018-12023 2019/07/28
16:35:03
200004945 Java code injection - invocation.MarshalledValue (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
250000040 (PSM) SQL-INJ "*_user()" sql functions SQL-Injection 3 PSM 2013/06/27
07:12:08
200001161 Form injection (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200002402 SQL-INJ user_tab_columns (Headers) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200009181 "Frontbase SQL invalidation" Error Message Information Leakage 1 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2011/07/21
06:33:38
200020128 Localhost SSRFmap tool evasion (127.0.1) (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200101237 onpopupshown (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200001264 onReadyStateChange (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/05/30
14:57:08
200001972 onaudioprocess (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101596 Vulnerability tool listener - XSShunter (Parameter) Cross Site Scripting (XSS) 2 All systems 2020/02/25
10:29:15
200002615 SQL-INJ SELECT USER() (Header) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200003410 "zip" execution attempt (URI) Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200011066 Nginx Range Filter Module Integer Overflow Buffer Overflow 2 Nginx https://github.com/nixawk/labs/issues/15, CVE-2017-7529 2018/12/06
11:54:07
200004395 Java code injection - oracle.jdbc.pool.OraclePooledConnection (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-9805, CVE-2017-7504, CVE-2017-7504, CVE-2017-5878, CVE-2017-5586, CVE-2016-9299 2020/02/02
18:42:51
200101249 onsent (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002087 SQL-INJ pg_attribute SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002366 SQL-INJ mysql.user (Headers) SQL-Injection 3 MySQL http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002582 SQL-INJ syscat.dbauth (URI) SQL-Injection 3 IBM DB2 http://www.owasp.org/index.php/SQL_Injection 2018/11/05
13:03:57
200002679 SQL-INJ sysibm.sysversions (URI) SQL-Injection 3 IBM DB2 http://www.owasp.org/index.php/SQL_Injection 2017/01/18
15:31:20
200004119 Server-Side Include Injection Attempt - 7 (Parameter) Server Side Code Injection 3 SSI (Server Side Includes) 2012/02/27
06:30:01
200004467 Apache mod_php Line Break Parsing Server Side Code Injection 3 Apache/NCSA HTTP Server CVE-2017-15715 2018/06/28
12:22:08
200004482 Apache Spark Job Schedule Remote Code Execution Server Side Code Injection 3 Java Servlets/JSP https://github.com/aRe00t/rce-over-spark/ 2020/02/10
17:00:22
200101377 vbscript: link target (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/07/24
09:52:07
200002350 SQL-INJ dbms_java (Headers) SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200001279 onScroll() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200100309 Cacti graph.php Command Execution attempt (local_graph_id) Command Execution 3 PHP www.hardened-php.net/index.30.html, www.hardened-php.net/index.31.html, CVE-2005-2148, 14128, 14129 2017/11/12
11:00:47
200009054 PHP source code leakage (1) Information Leakage 2 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200001491 confirm (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200002640 SQL-INJ SYSTEM_USER (URI) SQL-Injection 3 MySQL http://www.owasp.org/index.php/SQL_Injection 2017/01/26
11:44:00
200004814 Java code injection - request.RequestContextHolder (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200004882 Java code injection - map.ReferenceMap (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200004987 Java code injection - core.db.JNDIConnectionSource Server Side Code Injection 3 Java Servlets/JSP CVE-2019-14439, CVE-2019-14379 2019/08/07
18:44:15
200001527 oninput (Header) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101333 onuserproximity (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200004454 Spring/JBoss Expression Language (EL) Injection (1) (Parameter) Server Side Code Injection 3 JBoss CVE-2018-12533 2018/11/05
13:03:57
200004911 Java code injection - server.UnicastRemoteObject (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200006014 XPath Injection "text()" XPath Injection 3 All systems 2019/08/25
11:24:25
200101197 onmozbrowsershowmodalprompt (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002242 SQL-INJ "SELECT pg_sleep()" SQL-Injection 3 Sybase/ASE http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200003788 "rsync" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200020185 Java code injection - org.apache.commons.jxpath.xml.DocumentContainer (Header) Server Side Code Injection 3 Java Servlets/JSP 2020/02/02
18:42:51
200021086 Malicious Web Site crawler "BigCliqueBOT" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200001515 onemptied (Header) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200100317 "ipconfig" execution attempt Command Execution 3 Microsoft Windows http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2014/03/09
06:42:17
200004872 Java code injection - aspectj.AspectJPointcutAdvisor (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200015061 Web Server Probe ( NOSEC.Jsky ) Vulnerability Scan 2 All systems 2011/12/21
06:12:43
200015024 Web Server Probe ( NeuralBot ) Vulnerability Scan 2 All systems 2012/02/27
06:30:01
200002028 SQL-INJ coalesce SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2015/01/01
16:30:30
200003065 "cat" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003161 "zcat" execution attempt Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200004923 Java code injection - factory.ObjectFactory (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200012060 PHP xmlrpc_decode Base64 Out of Bounds Read Denial of Service 2 PHP CVE-2019-9024 2019/08/06
15:00:57
200001724 onAlertClose (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200009008 Statistics Software Information Leakage (5) Information Leakage 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200009130 (GHDB) AppServ Open Project Page Information Leakage 1 Other Web Server http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200004547 PHP injection attempt - variable assignment (exec) (Parameter) Server Side Code Injection 3 PHP 2019/01/22
22:41:09
200001853 onMozMousePixelScroll (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101053 ondatachange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101172 onmozbrowsercontextmenu (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002270 SQL-INJ CHAR() SQL-Injection 3 General Database http://msdn.microsoft.com/en-us/library/ms187323.aspx, http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_char, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002448 SQL-INJ expressions like "or TRUE" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003230 "emacs" execution attempt (URI) Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200004949 Java code injection - annotation.AnnotationInvocationHandler (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200009072 SQL Information Leakage (26) Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200013002 OpenMRS authentication bypass Authentication/Authorization Attacks 3 All systems https://packetstormsecurity.com/files/128748/OpenMRS-2.1-Access-Bypass-XSS-CSRF.html, CVE-2014-8072 2017/11/12
11:00:47
200003439 Java code injection - java/lang/Runtime (URI) Server Side Code Injection 3 Java Servlets/JSP http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852, CVE-2015-4852, CVE-2017-8046 2018/03/20
18:30:45
200001658 document[] (Header) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/xss-faq.html, http://en.wikipedia.org/wiki/Cross_site_scripting 2015/07/19
14:11:00
200101115 ongamepadconnected (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101582 = alert; (Parameter) Cross Site Scripting (XSS) 3 JavaScript 2019/06/20
11:56:43
200002381 SQL-INJ syscolumns (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002695 SQL-INJ SPATIAL_CSW_ADMIN_USR (Parameter) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200003126 "top" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003330 "printenv" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/05
15:24:30
200003729 "dmesg" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200009120 (GHDB) SQUID statistics program - calamaris Information Leakage 1 Various systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200015037 Web Server Probe ( Nessus ) - 3 Vulnerability Scan 2 All systems 2020/02/10
17:00:22
200001095 .addimport (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/05/28
05:07:16
200101091 ondragexit (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101300 ontouchcancel (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101439 console.dir (Header) Cross Site Scripting (XSS) 2 All systems 2017/07/24
09:52:07
200002319 SQL-INJ "oem_temp" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2012/11/21
13:22:14
200004314 Java code injection - com.sun.rowset.JdbcRowSetImpl (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-15095, CVE-2016-9606, CVE-2017-3159, CVE-2016-8744, CVE-2016-8749 2020/02/02
18:42:51
200009031 IIS Information Leakage (3) Information Leakage 2 IIS http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2012/02/27
06:30:01
200019091 Malicious program ( IP HACK TEAM ) upload Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200004368 Java code injection - getWriter (URI) Server Side Code Injection 3 JavaServer Faces (JSF) 2018/02/01
14:02:09
200020200 SSRF attempt - Local network IP range 192.168.x.x (Parameter) Other Application Attacks 2 All systems 2020/01/05
15:24:30
200001438 -moz-binding (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/09/17
17:54:37
200101016 onclose (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002105 SQL-INJ sp_addextendedproc SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002166 SQL-INJ into dumpfile (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2012/11/21
13:22:14
200002875 SQL-INJ - MySQL Interpreted Comment (HAVING) (Header) SQL-Injection 2 MySQL 2020/02/27
18:00:59
200003136 "cut" execution attempt Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200021025 Malicious Web Site crawler "floodgate" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
200101125 onholding (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101370 AngularJS Sandbox Escape - constructor.prototype.charAt.trim (Header) Cross Site Scripting (XSS) 3 AngularJS 2018/12/23
12:26:07
200002396 SQL-INJ sysxlogins (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002692 SQL-INJ APEX_PUBLIC_USER (Parameter) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200004307 Java code injection - org.springframework.beans.factory.ObjectFactory (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-15095 2020/02/02
18:42:51
200100000 SQLXML content type overflow (.xsl) Buffer Overflow 3 Microsoft SQL Server www.microsoft.com/technet/security/bulletin/MS02-030.mspx, www.westpoint.ltd.uk/advisories/wp-02-0007.txt, http://seclists.org/bugtraq/2002/Jun/113, CVE-2002-0186, 11304 2017/11/12
11:00:47
200020159 Java code injection - P6DataSource Server Side Code Injection 3 Java Servlets/JSP CVE-2019-16942, CVE-2019-16943 2020/02/02
18:42:51
200001460 url vbscript (URI) (2) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001324 eval() (Parameter) Cross Site Scripting (XSS) 3 Ruby http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/09/16
17:29:43
200001962 onanimationend (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101453 createPopup (Parameter) Cross Site Scripting (XSS) 2 All systems 2017/09/13
17:29:54
200002590 SQL-INJ ATTACH DATABASE (Header) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200003259 "head" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004418 PHP parse_url() wrong parsing (?@) Server Side Code Injection 2 PHP https://bugs.php.net/bug.php?id=73192, CVE-2016-10397 2018/01/25
18:15:14
200004674 Python code injection - sys.stderr (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200021128 Malicious Web Site crawler (ESurf15a) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
200004647 Python code injection - os.openpty (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200001485 escape() (Parameter) (2) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001650 jQuery command $().load() (Parameter) Cross Site Scripting (XSS) 3 jQuery http://api.jquery.com/jquery.getscript/ 2014/08/25
09:12:13
200101019 oncommand (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101058 ondelivered (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200003317 "paste" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004399 Java code injection - org.apache.commons.collections.map.Flat3Map (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-9805, CVE-2017-7504, CVE-2017-7504, CVE-2017-5878, CVE-2017-5586, CVE-2016-9299, CVE-2016-4398, CVE-2015-6420, CVE-2015-8765, CVE-2016-1985, CVE-2016-1986, CVE-2016-1997, CVE-2016-1998, CVE-2016-2000, CVE-2016-2003, CVE-2016-2009, CVE-2016-1114, CVE-2016-1999, CVE-2016-4369, CVE-2016-4368, CVE-2016-4373, CVE-2016-4385 2020/02/02
18:42:51
200004715 Python code injection - socket.getaddrinfo (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200010097 /shutdown access Predictable Resource Location 2 Spring Boot http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2017/09/24
15:40:00
200002359 SQL-INJ information_schema (Headers) SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004192 JBoss InvokerServlet MarshalledInvocation (Parameter) Server Side Code Injection 2 JBoss http://docs.jboss.org/jbossas/javadoc/3.2.7/server/org/jboss/invocation/MarshalledInvocation.html 2016/09/15
16:48:06
200001612 onactivate (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200003470 Java code injection com.opensymphony (Parameter) Server Side Code Injection 3 Java Servlets/JSP https://struts.apache.org/docs/s2-029.html, https://struts.apache.org/docs/s2-046.html, CVE-2016-0785, CVE-2017-5638 2017/07/24
12:16:47
200006027 XPath Injection "preceding-sibling" XPath Injection 3 All systems 2014/03/09
06:42:17
200017001 localhost IPv6 URL found - http://::1/ (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001553 onplaying (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002861 SQL-INJ - MySQL Interpreted Comment (SELECT) (Header) SQL-Injection 2 MySQL 2020/02/19
19:10:33
200004473 Java code injection - ProcessBuilder (Header) Server Side Code Injection 3 JBoss 2018/08/23
13:13:12
200009223 Oracle Connect Failed Error Message Information Leakage 2 Oracle http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200009242 ASP Error Information Leakage Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2011/10/25
08:45:21
200101498 HTML5 Entity (rbrace) (Parameter) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200002024 SQL-INJ sqloledb SQL-Injection 3 Microsoft SQL Server http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200010095 /metrics access Predictable Resource Location 2 Spring Boot http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2017/09/24
15:40:00
200101174 onmozbrowsererror (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002721 SQL-INJ ORACLE_OCM (URI) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200002826 Oracle Application Server mod_plsql Injection (CTXSYS.DRILOAD.VALIDATE_STMT) SQL-Injection 3 Oracle Application Server 2018/03/12
16:09:07
200004410 Java code injection - com.sun.jndi.rmi.registry.BindingEnumeration (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2016-5229, CVE-2017-2608 2020/02/02
18:42:51
200016004 Windows alternative data stream access Detection Evasion 3 Microsoft Windows http://www.owasp.org/index.php/Windows_::DATA_alternate_data_stream 2020/01/30
17:43:40
200003148 "nice" execution attempt Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200019015 Malicious program ( /dblib.php ) Trojan/Backdoor/Spyware 3 PHP 2017/08/07
15:48:54
200001344 .createDocument (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/05/28
05:07:16
200101233 onpopuphiding (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002074 SQL-INJ user_objects SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2012/11/21
13:22:14
200009240 XPath Exception Error Leakage Information Leakage 2 XML http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200000097 XSS script tag (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200101384 XSS script tag with namespace (Parameter) Cross Site Scripting (XSS) 3 All systems http://en.wikipedia.org/wiki/Cross_site_scripting, http://www.cgisecurity.com/articles/xss-faq.shtml 2017/06/12
18:54:57
200002742 SQLINJ - NoSQL [$eq] SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/operator/query-comparison/ 2020/02/02
18:42:51
200004218 Flask Server Side Template Injection (.__subclasses__()[) (Parameter) Server Side Code Injection 3 All systems 2020/02/02
18:42:51
200100038 testcgi access Predictable Resource Location 1 CGI 2019/12/11
17:48:52
200021042 Malicious Web Site crawler "SAFEXPLORER TL" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200003224 "dir" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200000119 div tag: binding (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001356 document.write (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200001444 background: url() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001498 history.replaceState() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200101154 onmouseleave (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101584 = prompt; (Parameter) Cross Site Scripting (XSS) 3 JavaScript 2019/06/20
11:56:43
200002147 SQL-INJ expressions like "or 1=1" (3) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2019/01/22
22:41:09
200004870 Java code injection - aspectj.AspectJPointcutAdvisor (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200010010 "repair/sam" access Predictable Resource Location 2 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml, CVE-2007-6483 2016/06/27
17:23:26
200021119 Malicious Web Site crawler (China Local Browse) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
200001601 onseeking (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101062 ondevicelight (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200021076 Automated client access "big brother" Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
200009074 SQL Information Leakage (28) Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200100044 Oracle Java Process Manager access Predictable Resource Location 2 Oracle Application Server 4293, 10851 2018/05/01
18:05:58
200019023 Malicious program ( /r57en.php ) Trojan/Backdoor/Spyware 3 PHP 2017/08/07
15:48:54
200020005 Velocity Template Injection ( set ) (Header) Server Side Code Injection 3 Java Servlets/JSP 2020/02/02
18:42:51
200001537 onloadstart (URI) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2012/11/21
13:22:14
200001672 {:document} (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/xss-faq.html, http://en.wikipedia.org/wiki/Cross_site_scripting 2015/07/19
14:11:00
200101347 onvoicechange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003231 "env" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200002086 SQL-INJ object_id SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/03/12
20:11:53
200010085 /tmp dir access Predictable Resource Location 2 All systems http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2017/08/03
11:44:58
200021114 Malicious Web Site crawler (compatible ;) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2019/08/25
11:24:25
200001934 onTabHide (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101008 onchargingchange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002323 SQL-INJ "declare begin" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002765 SQLINJ - NoSQL [$lt] (JSON) (Header) SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/operator/query-comparison/ 2020/02/02
18:42:51
200002521 "exec" injection attempt (URI) Server Side Code Injection 3 Ruby http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/09/17
16:56:48
200004972 Java code injection - org.jdom.transform.XSLTransformer Server Side Code Injection 3 Java Servlets/JSP CVE-2019-14439, CVE-2019-14379 2019/08/07
18:44:15
200010018 "/wwwroot" access Predictable Resource Location 2 IIS http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2014/03/09
06:42:17
200018004 Session Fixation Attempt - 3 (Parameter) Other Application Attacks 2 All systems 2014/03/09
06:42:17
200000096 XSS script target (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/09/11
23:31:20
200101321 onunderflow (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101401 onpointermove (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/06/12
18:54:57
200100048 php.exe access Command Execution 3 PHP www.securitytracker.com/alerts/2002/Jan/1003104.html 2014/03/09
06:42:17
200001162 link rel stylesheet href (Parameters) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200002456 SQL-INJ like " ' && 1=1 " (Parameters) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003456 Java code injection java.lang.Shutdown (Header) Server Side Code Injection 3 Java Servlets/JSP https://struts.apache.org/docs/s2-029.html, CVE-2016-0785 2017/07/24
12:16:47
200004517 Phar Deserialization Attempt (Parameter) Server Side Code Injection 3 PHP CVE-2019-11831 2020/02/02
18:42:51
200006009 XPath Injection "name()" XPath Injection 3 All systems 2018/06/26
14:01:21
200001747 onDOMAttributeNameChanged (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002424 SQL-INJ expressions like (1) "' or 1 --" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003281 "links" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003743 "fgrep" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200015012 Web Server Probe ( webinspect ) Vulnerability Scan 2 All systems 2012/02/27
06:30:01
200003836 "net config" execution attempt (Header) Command Execution 3 Microsoft Windows 2020/06/30
10:08:35
200100091 "%SYSTEMDRIVE%" access (URI) Predictable Resource Location 1 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/07/30
07:45:27
200101288 ontabviewsearchenabled (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002093 SQL-INJ rownum SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2015/01/01
16:30:30
200003316 "passwd" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/05
15:24:30
200003327 "poweroff" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004204 JavaScript Code Injection - new Date(); (URI) Server Side Code Injection 3 All systems http://www.w3schools.com/js/js_dates.asp 2017/01/18
15:31:20
200009250 PHP Fatal Error Information Leakage Information Leakage 2 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2011/12/11
06:49:36
200001467 url javascript (Headers) (2) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001535 onloadedmetadata (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101005 oncfstatechange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003196 "chsh" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200019020 Malicious program ( /ipn.php ) Trojan/Backdoor/Spyware 3 PHP 2017/08/07
15:48:54
250000048 (PSM) SQL-INJ "select --" SQL-Injection 3 PSM 2013/06/27
07:12:08
200004806 Java code injection - ee.RegistryManagedRuntime (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200011071 PHP exif_read_data Invalid Offset Buffer Overflow 2 PHP CVE-2016-6291 2019/05/30
14:57:08
200001019 onkeypress (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001842 onMozGamepadButtonUp (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200004939 Java code injection - functors.ChainedTransformer (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200100110 "%PROCESSOR_ARCHITECTURE%" access (parameter) Predictable Resource Location 1 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/07/30
07:45:27
200015071 Havij SQL injection (Header) Vulnerability Scan 3 General Database http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet 2020/08/05
13:37:36
200020046 SSRF attempt (AWS Metadata Server) - Dotted hexadecimal representation (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001041 onunload (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200101440 console.dir (URI) Cross Site Scripting (XSS) 2 All systems 2017/07/24
09:52:07
200004043 PHP injection attempt ( ftp_nb_put ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200004449 IBM Data Server Driver connlicj.bin Unsafe Deserialization (Header) Server Side Code Injection 3 IBM DB2 CVE-2017-1677 2020/02/02
18:42:51
200015049 Web Server Probe ( core-project ) Vulnerability Scan 2 All systems 2011/12/21
06:12:43
200001586 HTML comment (Header) Cross Site Scripting (XSS) 2 All systems http://html5sec.org/ 2013/02/11
00:13:25
200004057 Encoded script injection attempt ( Script.Encode ) Server Side Code Injection 2 All systems 2017/08/07
15:48:54
200001297 onTrackChange() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/05/30
14:57:08
200100300 CFADMIN_REGISTRY_DELETE access Abuse of Functionality 3 Macromedia ColdFusion CVE-1999-0760 2016/08/04
15:33:35
200015093 Web Server Probe (Morfeus Scanner) Vulnerability Scan 1 All systems 2017/09/24
15:40:00
200000041 ASP.NET configuration file access (web.config) (URI) Predictable Resource Location 2 ASP.NET http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2019/08/25
11:24:25
200001985 onbroadcast (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002154 SQL-INJ 'msdasql' SQL-Injection 2 Microsoft SQL Server http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002664 SQL-INJ pg_database (URI) SQL-Injection 3 PostgreSQL http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200004185 POpen injection attempt (Parameter) Server Side Code Injection 3 Microsoft Windows http://www.owasp.org/index.php/Code_Injection 2020/02/10
17:00:22
200007019 Directory Traversal attempt (../Users) (Parameter) Path Traversal 2 Microsoft Windows http://projects.webappsec.org/w/page/13246952/Path%20Traversal 2019/08/25
11:24:25
200101327 onupgradeneeded (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002077 SQL-INJ user_ind_columns SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002753 SQLINJ - NoSQL db.findOne() (Parameter) SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/method/db.collection.find/ 2020/02/02
18:42:51
200020174 Java code injection - HikariDataSource Server Side Code Injection 3 Java Servlets/JSP CVE-2019-16335 2020/02/02
18:42:51
200001459 url shell (Headers) (2) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001675 {:window} (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/xss-faq.html, http://en.wikipedia.org/wiki/Cross_site_scripting 2015/07/19
14:11:00
200003134 "comm" execution attempt Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200006007 XPath Injection "fn:doc" XPath Injection 3 All systems 2019/08/25
11:24:25
200100063 web agent redirect overflow attempt Buffer Overflow 3 IIS CVE-2005-1471, 13524 2017/11/12
11:00:47
250000012 (PSM) document.cookie Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200000121 div tag: expression (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001427 CreateTextFile() (URI) Cross Site Scripting (XSS) 2 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200101063 ondevicemotion (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002636 SQL-INJ ALL_TABLES (Header) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200002656 SQL-INJ pg_shadow (Parameter) SQL-Injection 3 PostgreSQL http://www.owasp.org/index.php/SQL_Injection 2017/01/18
15:31:20
200019049 Malicious program ( /.it/viewde ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001958 onalerting (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200003111 "host" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200001223 onDblClick() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/05
09:30:33
200001849 onMozMagnifyGestureStart (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003102 "less" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200004260 PHP injection attempt ( str_replace ) (URI) Server Side Code Injection 3 PHP http://www.owasp.org/index.php/Code_Injection 2017/07/24
09:52:07
200003685 "verify" execution attempt (Header) Command Execution 1 Microsoft Windows 2020/02/17
22:44:27
200004986 Java code injection - core.db.JNDIConnectionSource (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-14439, CVE-2019-14379 2019/08/07
18:44:15
200007011 Directory Traversal attempt "../" (Header) Path Traversal 2 All systems http://www.webappsec.org/projects/threat/classes/path_traversal.shtml 2019/09/15
17:27:05
200001079 getspecialfolder (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200002410 SQL-INJ Xmlclobfromfile (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200000171 Shell command execution using the JET SQL interface Command Execution 3 ASP.NET http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2018/01/25
18:15:14
200004787 Java code injection - handler.HandlerResolverImpl (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200020022 Suspicious URL (.sslip.io domain service) (Header) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001322 <OBJECT data (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200001572 onundo (Header) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200001630 touchstart (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/30
17:43:40
200001746 onDOMAttributeNameChanged (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200001769 onDOMLinkAdded (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200001859 onMozPressTapGesture (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200003348 "rsh" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004999 Java code injection - net.sf.ehcache.transaction.manager.selector.GenericJndiSelector (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-20330 2020/01/27
18:47:48
200003193 "chown" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200004448 IBM Data Server Driver connlicj.bin Unsafe Deserialization (Parameter) Server Side Code Injection 3 IBM DB2 CVE-2017-1677 2020/02/02
18:42:51
200101013 onchecking (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200004229 JavaScript Code Injection - module.load() (Header) Server Side Code Injection 3 All systems 2017/05/04
10:03:31
200009215 ASP ADODB Record Deleted Error Message Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200001235 onFilterChange() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/05
09:30:33
200003284 "ll" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004943 Java code injection - beanutils.BeanComparator (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
250000049 (PSM) SQL-INJ "select 0x" SQL-Injection 3 PSM 2013/06/27
07:12:08
200020190 Java code injection - org.apache.commons.configuration.ConfigurationFactory (Parameter) Server Side Code Injection 3 Java Servlets/JSP 2020/02/02
18:42:51
200000169 onsubmit (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001210 onContextMenu() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/05/30
14:57:08
200001963 onanimationend (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003007 "tclsh" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2020/01/05
15:24:30
200019025 Malicious program ( /aflast.txt ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200019120 Web Shell detection (c99) Trojan/Backdoor/Spyware 3 PHP http://www.owasp.org/images/c/c3/ASDC12-Old_Webshells_New_Tricks_How_Persistent_Threats_haverevived_an_old_idea_and_how_you_can_detect_them.pdf 2013/03/11
02:26:00
200002689 SQL-INJ sqlite_master (Parameter) SQL-Injection 3 SQLite http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200004650 Python code injection - os.pipe2 (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200006013 XPath Injection "node()" XPath Injection 3 All systems 2014/03/09
06:42:17
200009239 PHP Function Warning Message Information Leakage 2 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200020047 SSRF attempt (AWS Metadata Server) - Dot-less decimal representation (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001100 @import (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200100085 "%windir%" access (URI) Predictable Resource Location 1 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/07/30
07:45:27
200004200 "system" injection attempt (Header) Server Side Code Injection 3 Ruby 2020/09/17
16:04:09
200003220 "diff" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004560 Java code injection - javax.naming.InitialContext.doLookup Server Side Code Injection 3 Macromedia ColdFusion CVE-2019-7091 2020/02/02
18:42:51
200009230 PostgreSQL Connection String Information Leakage 3 PostgreSQL http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2011/12/21
06:12:43
200010171 Coremail WebServices Disclosure Predictable Resource Location 2 Other Web Server https://blog.csdn.net/qq_41770175/article/details/91971177 2019/06/25
17:57:51
200001207 onCellChange() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/05/30
14:57:08
200101450 console.trace (Parameter) Cross Site Scripting (XSS) 2 All systems 2017/07/24
09:52:07
200004557 PHP injection attempt ( @print ) (URI) Server Side Code Injection 2 PHP 2019/02/19
11:23:14
200004913 Java code injection - logging.FileHandler (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200010098 /trace access Predictable Resource Location 2 Spring Boot http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2017/09/24
15:40:00
250000053 (PSM) SQL-INJ "UNION SELECT" SQL-Injection 3 PSM 2013/06/27
07:12:08
200004583 Python code injection - import Scapy (Header) Server Side Code Injection 2 Python 2019/04/16
13:29:05
200001087 alert (URI) Cross Site Scripting (XSS) 2 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200001507 oncanplay (URI) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200001872 onMozScrolledAreaChanged (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200001878 onMozTapGesture (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101265 onstatuschange (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002170 SQL-INJ expressions like "having 1=1" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2019/03/20
17:09:57
200002358 SQL-INJ GRANT TO (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200001432 OpenAsTextStream() (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001332 XMLHttpRequest() (URI) Cross Site Scripting (XSS) 3 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/12/23
12:26:07
200001776 onDOMMenuItemActive (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101382 action vbscript (Header) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/06/12
18:54:57
200003240 "find" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003814 "vdir" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200012021 Neutrino DoS Tool Denial of Service 3 All systems http://malware.dontneedcoffee.com/2014/06/neutrino-bot-aka-kasidet.html 2016/09/15
16:48:06
200000136 meta tag (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200001847 onMozMagnifyGestureStart (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101431 console.warn (URI) Cross Site Scripting (XSS) 2 All systems 2017/07/24
09:52:07
200002171 SQL-INJ expressions like "or 1=1" (3) (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003162 "zip" execution attempt Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200003325 "pkill" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/05
15:24:30
200000176 Access to Oracle dynamic monitoring services Predictable Resource Location 2 Oracle Application Server http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2018/05/01
18:05:58
200001142 src &# (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200004699 Python code injection - socket.shutdown (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200010109 Oracle application server xsql/adhocsql/sqltoxml.html Access Predictable Resource Location 2 Oracle Application Server 2018/03/12
16:09:07
200013018 WordPress ThemeGrill Demo Importer - Authentication Bypass Authentication/Authorization Attacks 3 WordPress 2020/02/19
09:58:08
250000054 (PSM) SQL-INJ "UPDATE SET" SQL-Injection 3 PSM 2013/06/27
07:12:08
200101039 onconnected (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002436 SQL-INJ "if(Expression,value,value)" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200003329 "printenv" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/05
15:24:30
200003818 "whereis" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200015018 Web Server Probe ( WebRoot ) Vulnerability Scan 2 All systems 2012/02/27
06:30:01
200021026 Malicious Web Site crawler "pcbrowser" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
200101156 onmousemove (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002704 SQL-INJ dba_sys_privs (Parameter) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200004378 Java code injection - org.apache.commons.collections.keyvalue.TiedMapEntry (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-9805, CVE-2017-7504, CVE-2017-7504, CVE-2017-5878, CVE-2017-5586, CVE-2016-9299, CVE-2016-4398, CVE-2015-6420, CVE-2015-8765, CVE-2016-1985, CVE-2016-1986, CVE-2016-1997, CVE-2016-1998, CVE-2016-2000, CVE-2016-2003, CVE-2016-2009, CVE-2016-1114, CVE-2016-1999, CVE-2016-4369, CVE-2016-4368, CVE-2016-4373, CVE-2016-4385 2020/02/02
18:42:51
200004759 Java code injection - com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-2725 2020/02/02
18:42:51
200101585 = alert; (Header) Cross Site Scripting (XSS) 3 All systems 2019/06/20
11:56:43
200003817 "whereis" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200009021 SQL Information Leakage (12) Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200009271 Apache Tomcat .JSP files source code disclosure (Space) Information Leakage 3 Apache Tomcat CVE-2017-12616 2017/12/25
11:20:15
200101041 onconnected (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101571 ReactJS code injection - createElement (Parameter) Cross Site Scripting (XSS) 2 ReactJS 2019/04/16
13:29:05
200002310 SQL-INJ "select 0x" (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2019/01/22
22:41:09
200011065 PHP exif_read_data use-after-free Buffer Overflow 2 PHP CVE-2018-12882 2018/11/07
10:57:50
200004411 Java code injection - com.sun.jndi.toolkit.dir.LazySearchEnumerationImpl (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2016-5229, CVE-2017-2608 2020/02/02
18:42:51
200001670 {:document} (Header) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/xss-faq.html, http://en.wikipedia.org/wiki/Cross_site_scripting 2015/07/19
14:11:00
200001918 onSVGLoad (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101535 @font-face unicode-range abuse (URI) Cross Site Scripting (XSS) 2 All systems http://mksben.l0.cm/2015/10/css-based-attack-abusing-unicode-range.html 2018/03/12
16:09:07
200002351 SQL-INJ drop column (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002528 SQL-INJ expressions like "sleep()" (1) (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/06/06
14:02:07
200002777 SQLINJ - NoSQL [$nin] (JSON) (Header) SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/operator/query-comparison/ 2020/02/02
18:42:51
200002865 SQL-INJ - MySQL Interpreted Comment (FROM) (Header) SQL-Injection 2 MySQL 2020/02/19
19:10:33
200021096 Automated client access (HTTP::Lite) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2013/08/11
08:26:39
200001329 setRequestHeader() (URI) Cross Site Scripting (XSS) 3 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200001522 onhaschange (URI) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2012/11/21
13:22:14
200002314 SQL-INJ "preg_" (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200002391 SQL-INJ systables (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003356 "setenv" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/05
15:24:30
200000116 div tag: behavior (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/06/12
18:54:57
200101050 oncuechange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200009041 ASP source code leakage (5) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200009270 Apache Tomcat Remote Information Disclosure Information Leakage 3 Apache Tomcat CVE-2007-3382, CVE-2007-3385 2017/11/12
11:00:47
200101499 HTML5 Entity (rbrace) (Header) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200003159 "xargs" execution attempt Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200011064 HP iLO authentication bypass and execution of code vulnerability Buffer Overflow 3 Other Web Server CVE-2017-12542 2018/07/12
14:01:07
200101220 onoverflow (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003090 "sort" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/04/04
15:39:13
200001320 <OBJECT data (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200101098 onenabled (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200003406 "xterm" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200010015 "/phpinfo.php" access Predictable Resource Location 2 PHP http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2018/09/17
17:18:25
200013015 Apache Karaf - Gogo unauthenticated webshell access Authentication/Authorization Attacks 2 Other Web Server CVE-2018-11787 2019/01/22
22:41:09
200000138 meta tag (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200004512 PHP injection attempt (imap_open) (Header) Server Side Code Injection 3 PHP https://github.com/Bo0oM/PHP_imap_open_exploit/blob/master/exploit.php 2019/01/22
22:41:09
200004579 Python code injection - import pty (Header) Server Side Code Injection 2 Python 2019/04/16
13:29:05
200021117 Malicious Web Site crawler (atSpider) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
200004484 Java code injection - org.jboss.util.propertyeditor.DocumentEditor (Parameter) Server Side Code Injection 2 Java Servlets/JSP CVE-2018-14718, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721 2020/02/02
18:42:51
200001203 onBegin() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001767 onDOMFrameContentLoaded (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101140 onlevelchange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002190 SQL-INJ create schema SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200003291 "make" execution attempt (Header) Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003448 Java code injection - org/codehaus/groovy/runtime (URI) Server Side Code Injection 3 Java Servlets/JSP http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852, CVE-2015-4852 2018/03/20
18:30:45
200020188 Java code injection - clojure.lang.ASeq (Header) Server Side Code Injection 3 Java Servlets/JSP 2020/02/02
18:42:51
200001125 href javascript (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200101523 HTML5 Entity (ast) (Header) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200002206 SQL-INJ "SA_FORWARD_TO" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200009110 (GHDB) MySQL error (2) Information Leakage 2 MySQL http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200009192 "unable to perform query" Error Message Information Leakage 2 Oracle http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200001680 = window; (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/xss-faq.html, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200101114 ongamepadconnected (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002050 SQL-INJ msysrelationships SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003759 "logname" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200004284 Node.js Serialized Object Remote Code Execution (URI) Server Side Code Injection 3 Node.js https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/, CVE-2017-5941, CVE-2017-5954 2020/02/02
18:42:51
200101501 HTML5 Entity (grave) (Parameter) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200003241 "finger" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004574 Python code injection - import socket (Parameter) Server Side Code Injection 2 Python 2019/04/16
13:29:05
200004813 Java code injection - request.RequestContextHolder (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200003846 "net helpmsg" execution attempt (Header) Command Execution 3 Microsoft Windows 2020/06/30
10:08:35
200018036 External entity DOCTYPE injection attempt (Parameter) Other Application Attacks 2 All systems CVE-2017-12629 2020/02/02
18:42:51
250000021 (PSM) iframe tag Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
250000045 (PSM) SQL-INJ "declare begin" SQL-Injection 3 PSM 2013/06/27
07:12:08
200001637 touchend (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/30
17:43:40
200101070 ondeviceproximity (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101529 new Image().src (URI) Cross Site Scripting (XSS) 3 All systems 2018/02/01
14:02:09
200002447 SQL-INJ "SELECT REGEXP" SQL-Injection 3 MySQL http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200003738 "fdisk" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200009159 PHP source code leakage (12) Information Leakage 2 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200020117 Localhost SSRFmap tool evasion (127.0.1) (Host header) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200004713 Python code injection - socket.recvmsg (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200001463 href vbscript (Headers) (2) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200002774 SQLINJ - NoSQL [$in] (JSON) (Header) SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/operator/query-comparison/ 2020/02/02
18:42:51
200004154 Java Code Injection (sensitive attributes) (Params) Server Side Code Injection 2 Java Servlets/JSP http://www.exploit-db.com/exploits/18329/, CVE-2012-0391, CVE-2012-0392, CVE-2012-0394 2016/08/04
15:33:35
200004417 PHP parse_url() wrong parsing (#@) Server Side Code Injection 2 PHP https://bugs.php.net/bug.php?id=73192, CVE-2016-10397 2018/01/25
18:15:14
200004493 Java code injection - org.apache.axis2.transport.jms.JMSOutTransportInfo (Parameter) Server Side Code Injection 2 Java Servlets/JSP CVE-2018-14718, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721 2020/02/02
18:42:51
200004702 Python code injection - socket.create_connection (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200100014 .wwwacl access Predictable Resource Location 3 Apache/NCSA HTTP Server 2014/03/09
06:42:17
200012039 WordPress load-scripts.php/load-styles.php DoS Denial of Service 2 WordPress CVE-2018-6389 2019/11/04
22:53:54
200019048 Malicious program ( /kaiten.c ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200009186 "Interbase SQL invalidation" Error Message Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200001144 type = text / script (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/01/22
22:41:09
200001421 link rel stylesheet href (URL) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001564 onstorage (URI) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200001948 onTabShow (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002751 SQLINJ - NoSQL db.find() (Header) SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/method/db.collection.find/ 2020/02/02
18:42:51
200003353 "sendmail" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200021131 Malicious Web Site crawler (Full Web Bot) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
200004793 Java code injection - concurrent.AsynchBeansWorkManagerExecutor (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200012015 FireFart hash collision tool (Java) Denial of Service 3 Java Servlets/JSP https://github.com/FireFart/HashCollision-DOS-POC, CVE-2011-5034, CVE-2011-5035, CVE-2011-4858 2018/04/30
18:19:08
200001716 ontoggle (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002746 SQLINJ - NoSQL [$lte] SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/operator/query-comparison/ 2020/02/02
18:42:51
200004415 Java code injection - com.rometools.rome.feed.impl.EqualsBean (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2016-5229, CVE-2017-2608 2020/02/02
18:42:51
250000055 (PSM) SQL-INJ CHAR() SQL-Injection 3 PSM 2013/06/27
07:12:08
250000062 (PSM) SQL-INJ expressions like "or 1=1" (1) SQL-Injection 3 PSM 2013/06/27
07:12:08
200001035 onselect... (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200002278 SQL-INJ "delete from" (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2019/01/22
22:41:09
200004040 PHP injection attempt ( ftp_get ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200021070 Automated client access "libwww" Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2012/02/27
06:30:01
200001159 .innerhtml (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200001490 confirm (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200101559 " src http: (Header) Cross Site Scripting (XSS) 2 All systems 2019/02/19
11:23:14
200003924 "echo" execution attempt (2) Command Execution 3 Unix/Linux 2019/03/04
15:38:33
200020106 Localhost SSRFmap tool evasion (127.0.1) (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
250000024 (PSM) meta tag Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200002056 SQL-INJ attnotnull SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003305 "netstat" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/05
15:24:30
200003458 Java code injection ognl.OgnlContext (Parameter) Server Side Code Injection 3 Java Servlets/JSP https://struts.apache.org/docs/s2-029.html, CVE-2016-0785, CVE-2016-4438, CVE-2016-3081 2017/07/24
12:16:47
200015041 Web Server Probe ( n-stealth ) - 2 Vulnerability Scan 2 All systems 2010/03/01
02:22:28
200018060 Telerik UI Encryption Keys Disclosure Other Application Attacks 2 ASP.NET CVE-2017-9248 2019/08/06
15:00:57
200001056 onblur (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001375 CURSOR:url (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/06/06
14:02:07
200001530 oninvalid (Header) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200004491 Java code injection - org.apache.openjpa.ee.JNDIManagedRuntime (Header) Server Side Code Injection 2 Java Servlets/JSP CVE-2018-14718, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721 2020/02/02
18:42:51
200001618 onhashchange (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003087 "ed" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003248 "ftp or ncftp" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004807 Java code injection - propertyeditor.DocumentEditor (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200004895 Java code injection - naming.QName (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001192 onError...() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200004799 Java code injection - jms.JMSOutTransportInfo (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200004874 Java code injection - aspectj.AspectJAroundAdvice (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200019043 Malicious program ( /tool ) Trojan/Backdoor/Spyware 1 All systems 2018/04/30
18:19:08
200001017 onmove... (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200003031 "ps" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200021075 Automated client access "curl" Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2012/02/27
06:30:01
200000151 xml tag (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200002256 SQL-INJ DBMS_LOCK (Headers) SQL-Injection 2 Oracle http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004236 JavaScript Code Injection - process.exit() (URI) Server Side Code Injection 3 All systems 2019/08/25
11:24:25
200021021 Malicious Web Site crawler "webemailextrac" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
200001299 onURLFlip() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200003212 "cu" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003285 "lsof" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004191 PrimeFaces 5.x Expression Language Injection Server Side Code Injection 3 JavaServer Faces (JSF) http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html 2020/02/02
18:42:51
200020105 Localhost SSRFmap tool evasion ([::]) (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200019103 Malicious program ( /r57.php ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001378 XMLData. (Headers) SQL-Injection 2 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/12/23
12:26:07
200001782 onDOMMetaAdded (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003878 "reg save" execution attempt (Header) Command Execution 3 Microsoft Windows 2020/06/30
10:08:35
200002700 SQL-INJ SPATIAL_WFS_ADMIN_USR (URI) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200003455 Java code injection java.lang.Shutdown (Parameter) Server Side Code Injection 3 Java Servlets/JSP https://struts.apache.org/docs/s2-029.html, CVE-2016-0785 2017/07/24
12:16:47
200004521 PHP injection attempt (get_defined_functions) (Header) Server Side Code Injection 3 PHP https://www.secjuice.com/php-rce-bypass-filters-sanitization-waf/ 2019/01/22
22:41:09
200011040 Generic Format String attack attempt 3 (headers) Buffer Overflow 3 All systems http://www.webappsec.org/projects/threat/classes/format_string_attack.shtml 2014/03/09
06:42:17
200019021 Malicious program ( /ssh2.php ) Trojan/Backdoor/Spyware 3 PHP 2017/08/07
15:48:54
200001517 onended (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200015087 Web Server Probe ( Springenwerk ) Vulnerability Scan 3 All systems 2017/07/24
09:52:07
200020152 Java code injection - XSLTJaxbProvider (2) (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-14540 2020/02/02
18:42:51
200001829 onMozBeforeResize (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200003398 "wget" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200004741 Python code injection - socket.getsockname (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200009051 ASP source code leakage (15) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200020054 SSRF attempt (AWS Metadata Server) - Enclosed alphanumeric representation (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200101112 onfullscreenerror (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101503 HTML5 Entity (grave) (URI) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200000076 SQL-INJ "mysql" (Headers) SQL-Injection 2 MySQL http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002585 SQL-INJ db.members (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200002724 SQL-INJ GSMADMIN_INTERNAL (URI) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200015027 Web Server Probe ( INTERNET EXPLOITER ) Vulnerability Scan 2 All systems 2012/02/27
06:30:01
200100106 "%ProgramData%" access (parameter) Predictable Resource Location 1 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/07/30
07:45:27
200001855 onMozMousePixelScroll (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200001897 onSSTabRestored (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002343 SQL-INJ constraint_type (Headers) SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004551 PHP injection attempt - variable assignment (die) (Parameter) Server Side Code Injection 3 PHP 2019/01/22
22:41:09
200019039 Malicious program ( /jpg.ph ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200003359 "shutdown" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200001028 onchange (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200101157 onmousemove (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003299 "mv" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004800 Java code injection - jms.JMSOutTransportInfo (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200009095 ASP source code leakage (37) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200020083 SSRF attempt (Alibaba Metadata Server) - Dotted hexadecimal representation (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200002102 SQL-INJ select to_number SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002305 SQL-INJ "' #" (SQL comment) (Parameter) SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/11/13
13:28:32
200101350 console.log (URI) Cross Site Scripting (XSS) 3 All systems 2017/03/21
14:07:40
200004586 Python code injection - import Scrapy (Parameter) Server Side Code Injection 2 Python 2019/04/16
13:29:05
200019022 Malicious program ( /sfdg2.php ) Trojan/Backdoor/Spyware 3 PHP 2017/08/07
15:48:54
200000111 bgsound tag (URI) Cross Site Scripting (XSS) 1 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200001388 style display:none (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200100102 "%USERPROFILE%" access (parameter) Predictable Resource Location 1 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/07/30
07:45:27
200003871 "reg add" execution attempt (Parameter) Command Execution 3 Microsoft Windows 2020/06/30
10:08:35
200002227 SQL-INJ OPENDATASOURCE SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004644 Python code injection - os.open (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200019059 Malicious program ( r57shell ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001155 .execscript (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001695 onbeforescriptexecute (Header) Cross Site Scripting (XSS) 3 All systems 2019/06/05
09:30:33
200101512 HTML5 Entity (semi) (URI) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200003125 "tcpdump" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200004182 Unix injection attempt (/bin/bash) (Parameter) Server Side Code Injection 3 Unix/Linux http://www.owasp.org/index.php/Code_Injection 2020/02/10
17:00:22
200019002 Malicious program ( /cse. ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200020089 SSRF attempt (Alibaba Metadata Server) - Dot-less hexadecimal representation (Host header) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001654 document.createElement (Header) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200003169 "alias" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003781 "pwck" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004774 Java code injection - oracle.jdbc.rowset.OracleJDBCRowSet (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2018-12022, CVE-2018-12023 2019/07/28
16:35:03
200004852 Java code injection - map.Flat3Map (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200010151 "/es/fcgi-bin/" access Predictable Resource Location 3 All systems 2018/06/18
18:18:44
200001732 onCssRuleViewCSSLinkClicked (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002198 SQL-INJ syslogin SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002557 SQL-INJ mysql.db (Header) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200010072 MySQL Configuration file my.cnf (Header) Predictable Resource Location 3 General Database http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200101352 AngularJS Sandbox Escape - constructor.constructor (Header) Cross Site Scripting (XSS) 3 AngularJS 2020/06/28
15:30:59
200020082 SSRF attempt (Alibaba Metadata Server) - Dot-less hexadecimal representation (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001815 onDOMWillOpenModalDialog (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101491 HTML5 Entity (quest) (URI) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200002114 SQL-INJ xp_regremovemultistring SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002623 SQL-INJ GLOBAL_NAME (Parameter) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200004858 Java code injection - pool.OraclePooledConnection (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200010111 Oracle application server xsql/java/xsql/demo/adhocsql/query.xsql Access Predictable Resource Location 2 Oracle Application Server 2018/03/12
16:09:07
200001362 .send (Parameter) Cross Site Scripting (XSS) 2 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/12/23
12:26:07
200001377 XMLData. (Parameter) SQL-Injection 2 JavaScript 2018/12/23
12:26:07
200001614 onbeforeupdate (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101513 HTML5 Entity (excl) (Parameter) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200002419 SQL-INJ expressions like "' or 1 --" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002874 SQL-INJ - MySQL Interpreted Comment (HAVING) (Parameter) SQL-Injection 2 MySQL 2020/02/27
18:00:59
200004879 Java code injection - context.ContextUtil$ReadOnlyBinding (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200010141 "/.vscode/" access Predictable Resource Location 3 All systems 2018/06/18
18:18:44
200020198 SSRF attempt - Local network IP range 10.x.x.x (Parameter) Other Application Attacks 2 All systems 2020/01/05
15:24:30
200021132 DoS tool (ab) Non-browser client 3 All systems http://en.wikipedia.org/wiki/Denial-of-service_attack 2020/01/30
17:43:40
200002266 SQL-INJ bitand() SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200004504 Java code injection - com.sun.deploy.security.ruleset.DRSHelper Server Side Code Injection 2 Java Servlets/JSP CVE-2018-14718, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721 2020/02/02
18:42:51
200004552 PHP injection attempt - variable assignment (die) (Header) Server Side Code Injection 3 PHP 2019/01/22
22:41:09
200004727 Python code injection - socket.getnameinfo (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200001227 onDrop() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001589 ondurationchange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2013/11/03
01:53:41
200101150 onmouseenter (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200006032 XPath Injection role='admin' XPath Injection 3 All systems 2019/02/26
19:42:00
200000172 PageServices Directory Browsing Directory Indexing 2 Other Web Server http://www.webappsec.org/projects/threat/classes/directory_indexing.shtml 2014/03/09
06:42:17
200100015 .htaccess access Information Leakage 3 Apache/NCSA HTTP Server 2014/03/09
06:42:17
200000178 /SessionServlet access Predictable Resource Location 2 Macromedia JRun http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2014/03/09
06:42:17
200013007 JWT none algorithm Authentication/Authorization Attacks 3 All systems https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ 2017/11/12
11:00:47
200016006 Multiple applications detected in Content-Type declaration (Multipart) Detection Evasion 3 All systems 2018/08/05
11:08:36
200019116 Shell access ( Bad command or filename ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001139 src http: (Parameter) Cross Site Scripting (XSS) 1 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/04/30
18:19:08
200001456 href shell (URI) (2) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001970 onaudioprocess (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002863 SQL-INJ - MySQL Interpreted Comment (ORDER) (Header) SQL-Injection 2 MySQL 2020/02/19
19:10:33
200004805 Java code injection - ee.RegistryManagedRuntime (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200011026 Generic buffer overflow attempt 27 Buffer Overflow 3 All systems http://www.webappsec.org/projects/threat/classes/buffer_overflow.shtml 2020/01/15
14:12:31
200001919 onSVGResize (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101229 onpopuphidden (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002374 SQL-INJ 'sa' (Headers) SQL-Injection 3 Microsoft SQL Server http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004603 Python code injection - os.getenv (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200101207 onobsolete (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101567 alert() (2) (Header) Cross Site Scripting (XSS) 3 All systems 2019/02/25
11:12:53
200100009 /iissamples access Predictable Resource Location 2 IIS 10370 2019/12/11
17:48:52
200002781 NoSQL Injection db.getCollection() (Header) SQL-Injection 3 MongoDB 2020/02/02
18:42:51
200003266 "id" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200009029 IIS Information Leakage (1) Information Leakage 2 IIS http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200015036 Web Server Probe ( Nessus ) - 2 Vulnerability Scan 2 All systems 2020/02/10
17:00:22
200001983 onblocked (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101435 console.error (Parameter) Cross Site Scripting (XSS) 2 All systems 2017/07/24
09:52:07
200003465 Java code injection ognl.TypeConverter (Header) Server Side Code Injection 3 Java Servlets/JSP https://struts.apache.org/docs/s2-029.html, CVE-2016-0785 2017/07/24
12:16:47
200004018 PHP injection attempt ( readdir ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200004144 PHP injection attempt ( phpinfo ) Server Side Code Injection 2 PHP http://www.owasp.org/index.php/Code_Injection 2014/03/09
06:42:17
200004909 Java code injection - server.UnicastRemoteObject (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200009231 PostgreSQL Driver String Information Leakage 3 PostgreSQL http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2011/12/21
06:12:43
200020171 Java code injection - JNDIConnectionSource (2) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-17531 2020/02/02
18:42:51
200021125 Malicious Web Site crawler (EBrowse) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
250000059 (PSM) SQL-INJ drop database SQL-Injection 3 PSM 2013/06/27
07:12:08
200001461 url vbscript (Headers) (2) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200002728 SQL-INJ UTL_HTTP.REQUEST (Parameter) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200004908 Java code injection - support.AbstractBeanFactoryPointcutAdvisor (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200011033 Generic Format String attack attempt 1 (URL) Buffer Overflow 3 All systems http://www.webappsec.org/projects/threat/classes/format_string_attack.shtml 2014/03/09
06:42:17
200019139 Malicious program ( WireX DDoS Android Malware ) Trojan/Backdoor/Spyware 3 All systems https://www.flashpoint-intel.com/blog/wirex-botnet-industry-collaboration/ 2017/09/14
19:36:47
200021015 Malicious Web Site crawler "extractorpro" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
250000032 (PSM) unescape() Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200001426 .FileSystemObject (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/05/28
05:07:16
200001442 CSSHttpRequest (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200019080 Malicious program ( zehir ) upload Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200002347 SQL-INJ create table (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002710 SQL-INJ XS$NULL (Parameter) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200004652 Python code injection - os.readv (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200010173 "/kubernetes.io/serviceaccount" access (Header) Predictable Resource Location 3 Other Web Server 2019/08/25
11:24:25
200020163 Java code injection - P6DataSource (2) (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-16942, CVE-2019-16943 2020/02/02
18:42:51
200004245 JavaScript Code Injection - process.cwd() (URI) Server Side Code Injection 3 All systems 2017/05/04
10:03:31
200011060 PHP wddx_deserialize malformed dateTime element BOF (Header) Buffer Overflow 2 PHP https://bugs.php.net/bug.php?id=74819, CVE-2017-11145 2018/02/01
14:02:09
200022032 PHP remote file include attempt - rar:// (Parameter) Remote File Include 2 PHP http://php.net/manual/en/wrappers.php 2020/02/10
17:00:22
200001261 onPropertyChange (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/05/30
14:57:08
200001562 onstalled (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200004180 Node.js JS-YAML code execution !!js/function Server Side Code Injection 3 Node.js http://nealpoole.com/blog/2013/06/code-execution-via-yaml-in-js-yaml-nodejs-module/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4660, CVE-2013-4660 2016/06/27
17:23:26
200021065 Malicious Web Site crawler "GameBoy, Powered by Nintendo" fake UA Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200001044 ondrag... (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/07/24
05:34:00
200002655 SQL-INJ pg_user (URI) SQL-Injection 3 PostgreSQL http://www.owasp.org/index.php/SQL_Injection 2017/01/18
15:31:20
200002862 SQL-INJ - MySQL Interpreted Comment (ORDER) (Parameter) SQL-Injection 2 MySQL 2020/02/19
19:10:33
200003371 "tar" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003920 "python" execution attempt (2) Command Execution 3 Unix/Linux 2019/08/25
11:24:25
200015015 Web Server Probe ( metis ) Vulnerability Scan 2 All systems 2020/02/10
17:00:22
200001140 src http: (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200100108 "%CommonProgramFiles%" access (parameter) Predictable Resource Location 1 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/07/30
07:45:27
200001143 src &# (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200002234 SQL-INJ order by (Headers) SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003032 "nasm" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200100315 "uname" execution attempt (URI) Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2018/09/17
17:18:25
200004162 PHP injection attempt (require) Server Side Code Injection 3 PHP http://www.owasp.org/index.php/Code_Injection 2013/05/16
05:37:16
200000091 XSS script tag end (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/08/28
17:26:23
200101480 HTML5 Entity (NewLine) (Parameter) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200001898 onSSTabRestoring (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200004607 Python code injection - os.getegid (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200015058 Web Server Probe ( cz32ts ) Vulnerability Scan 2 All systems 2011/12/21
06:12:43
200021116 Malicious Web Site crawler (Atomic_Email_Hunter) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
200000118 div tag: binding (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001200 onBounce() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200101163 onmouseover (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002766 SQLINJ - NoSQL [$lt] (JSON) (Parameter) SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/operator/query-comparison/ 2020/02/02
18:42:51
200003257 "halt" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200002032 SQL-INJ group by having SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002652 SQL-INJ getpgusername (URI) SQL-Injection 3 PostgreSQL http://www.owasp.org/index.php/SQL_Injection 2017/01/18
15:31:20
200014004 ImgPals Photo Host 1.0 - Admin Account Disactivation Abuse of Functionality 3 PHP https://www.exploit-db.com/exploits/18544/, CVE-2012-4925, CVE-2012-4926 2017/11/12
11:00:47
200020004 Velocity Template Injection ( set ) (Parameter) Server Side Code Injection 3 Java Servlets/JSP 2020/02/02
18:42:51
200101309 ontouchleave (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200004030 PHP injection attempt ( proc_terminate ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200009262 QNAP Photo Station Access Information Leakage 3 PHP https://www.cvedetails.com/cve/CVE-2013-5760/, cve-2013-5760 2017/03/21
14:07:40
200001075 createtextrange (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001510 oncanplaythrough (URI) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2012/11/21
13:22:14
200101281 ontabviewframeinitialized (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002298 SQL-INJ GRANT TO SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002697 SQL-INJ SPATIAL_CSW_ADMIN_USR (URI) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200002720 SQL-INJ ORACLE_OCM (Header) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200003388 "traceroute" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/05
15:24:30
200004633 Python code injection - os.dup (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200010008 "/config/" access Predictable Resource Location 1 All systems http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2018/04/30
18:19:08
200101558 " src http: (Parameter) Cross Site Scripting (XSS) 2 All systems 2019/02/19
11:23:14
200003300 "mv" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004025 PHP injection attempt ( <? ) Server Side Code Injection 3 PHP 2020/02/02
18:42:51
200004861 Java code injection - target.HotSwappableTargetSource (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200000006 Microsoft ActiveX Certificate Enrollment Control Certificate Destruction Predictable Resource Location 2 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2018/06/06
13:37:33
200001285 onStart() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200101391 onpointerdown (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003051 "mkdir" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2020/01/05
15:24:30
200009144 (GHDB) Samba Web Administration Page Information Leakage 2 Various systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200001220 onCut() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001389 urn() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/06/06
14:02:07
200101395 onpointerenter (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/06/12
18:54:57
200101458 HTML5 Entity (lpar) (URI) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200004141 PHP injection attempt ( base64_decode ) ( parameters ) Server Side Code Injection 3 PHP http://www.owasp.org/index.php/Code_Injection 2014/03/09
06:42:17
200104001 Java code injection - net.sf.ehcache.transaction.manager.selector.GenericJndiSelector Server Side Code Injection 3 Java Servlets/JSP CVE-2019-20330 2020/01/27
18:47:48
200009198 Microsoft JET Database Engine Error Message Information Leakage 2 Microsoft Windows http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200011028 Generic buffer overflow attempt 29 Buffer Overflow 3 All systems http://www.webappsec.org/projects/threat/classes/buffer_overflow.shtml 2020/01/15
14:12:31
200012054 libexpat Attribute List Multiple Colons DoS Denial of Service 2 XML CVE-2018-20843 2019/07/28
16:35:03
200000161 document.form (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200001038 onload (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001830 onMozBeforeResize (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101225 onpointerlockerror (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002870 SQL-INJ group by (Parameter) SQL-Injection 2 General Database 2020/02/27
18:00:59
200019034 Malicious program ( /docLib/cmd.asp ) Trojan/Backdoor/Spyware 3 IIS 2017/08/07
15:48:54
200019068 Malicious program ( CGI-Telnet ) upload Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001119 url vbscript (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001408 button tag (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200004767 Atlassian Jira Contact Administrators Template Injection Server Side Code Injection 3 Java Servlets/JSP CVE-2019-11581 2019/07/15
15:44:51
200001603 onsuspend (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101106 onfocusout (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200004172 Apache Struts ClassLoader code injection (parameter) Server Side Code Injection 3 Apache Struts http://devcentral.f5.com/articles/mitigating-the-apache-struts-classloader-manipulation-vulnerabilities-using-asm, CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0114, CVE-2014-0116 2016/06/27
17:23:26
200004641 Python code injection - os.fstat (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200002734 SQL-INJ OBJECT_TYPE (Header) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200019126 Web Shell detection (PHPJackal) Trojan/Backdoor/Spyware 3 PHP http://www.owasp.org/images/c/c3/ASDC12-Old_Webshells_New_Tricks_How_Persistent_Threats_haverevived_an_old_idea_and_how_you_can_detect_them.pdf 2013/03/11
02:26:00
200101099 onendEvent (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101188 onmozbrowserlocationchange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200009176 FireWall-1 error message Information Leakage 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200010101 /logfile access Predictable Resource Location 2 Spring Boot http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2017/09/24
15:40:00
250000018 (PSM) execute() Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200001328 getFromURL() (Headers) Cross Site Scripting (XSS) 3 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200001685 valueOf (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/xss-faq.html 2015/08/25
13:43:10
200001806 onDOMPopupBlocked (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002630 SQL-INJ DATABASE_NAME (Header) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/26
15:15:44
200009087 ASP source code leakage (29) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200009155 PHP source code leakage (8) Information Leakage 2 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200101345 onvoicechange (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200003104 "crontab" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200004952 Java code injection - reflect.InvocationHandler (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200015089 Web Server Probe ( DotDotPwn ) Vulnerability Scan 3 All systems 2017/07/24
09:52:07
200001071 settimeout (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001841 onMozGamepadButtonUp (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200010066 Citrix Command Center configuration Predictable Resource Location 2 Citrix CVE-2015-2682 2019/12/11
17:48:52
200010076 MySQL Configuration file my.ini (URI) Predictable Resource Location 3 General Database http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200021023 Malicious Web Site crawler "w3mir" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
200101554 SQLINJ - NoSQL [$exists] SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/operator/query-comparison/ 2020/02/02
18:42:51
200003708 "bzip2" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200004036 PHP injection attempt ( posix_mkfifo ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200020184 Java code injection - org.apache.commons.jxpath.xml.DocumentContainer (Parameter) Server Side Code Injection 3 Java Servlets/JSP 2020/02/02
18:42:51
200000163 .location (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200101199 onmozbrowsertitlechange (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200001025 onkeyup (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/05/30
14:57:08
200101056 ondataerror (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101202 onmoztimechange (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003049 "chown" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003749 "gawk" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200022003 Generic Remote File/Path Include Attempt 3 (dir param, ftp/ftps) Remote File Include 3 All systems 2014/03/09
06:42:17
200101018 oncommand (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101298 ontimeout (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002341 SQL-INJ CHAR()(Headers) SQL-Injection 3 General Database http://msdn.microsoft.com/en-us/library/ms187323.aspx, http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_char, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002725 SQL-INJ GSMCATUSER (Parameter) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200004680 Python code injection - socket.socket (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200004686 Python code injection - socket.close (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200004736 Python code injection - socket.inet_ntoa (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200101234 onpopupshowing (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002355 SQL-INJ drop table (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200004726 Python code injection - socket.getnameinfo (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200004782 Java code injection - transform.TransformerFactory (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200101046 onconnectionInfoUpdate (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002776 SQLINJ - NoSQL [$in] (JSON) (URI) SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/operator/query-comparison/ 2020/02/02
18:42:51
200004555 PHP injection attempt ( @print ) (Parameter) Server Side Code Injection 2 PHP 2019/02/19
11:23:14
200009103 PHP Information Leakage (3) Information Leakage 3 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200003466 Java code injection ognl.TypeConverter (URI) Server Side Code Injection 3 Java Servlets/JSP https://struts.apache.org/docs/s2-029.html, CVE-2016-0785 2017/07/24
12:16:47
200101210 ononconnectedconnected (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200004110 Server-Side Include Injection Attempt - 3 (Headers) Server Side Code Injection 3 SSI (Server Side Includes) 2012/02/27
06:30:01
200004545 PHP injection attempt - variable assignment (system) (Parameter) Server Side Code Injection 3 PHP 2019/01/22
22:41:09
200003655 "start" execution attempt (Header) Command Execution 3 Microsoft Windows 2020/07/05
15:16:45
200004818 Java code injection - support.FileSystemXmlApplicationContext (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200009256 httpoxy CGI vulnerability - HTTP_PROXY Information Leakage 3 All systems http://httpoxy.org/, CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388, CVE-2016-6286, CVE-2016-6287, CVE-2016-1000104, CVE-2016-1000105, CVE-2016-1000107, CVE-2016-1000108, CVE-2016-1000109, CVE-2016-1000110, CVE-2016-1000111, CVE-2016-1000212 2020/01/30
17:43:40
200020113 Localhost SSRFmap tool evasion (383.256.256.257) (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200012037 libxml xmlDictComputeFastKey DoS Denial of Service 3 All systems http://www.openwall.com/lists/oss-security/2017/05/15/1, CVE-2017-9049 2018/01/29
14:44:29
200019037 Malicious program ( theAct=inject&thePath= ) Trojan/Backdoor/Spyware 3 IIS 2017/08/07
15:48:54
200001529 oninvalid (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101232 onpopuphiding (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200019135 Pushdo botnet traffic - Probe request (2) Trojan/Backdoor/Spyware 1 All systems http://blog.trendmicro.com/trendlabs-security-intelligence/latest-pushdo-variants-challenge-antimalware-solution/ 2014/07/08
08:28:32
200021045 Malicious Web Site crawler "WebBandit" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
250000030 (PSM) src javascript Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200002354 SQL-INJ drop procedure (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002848 updatexml DoS (Parameter) SQL-Injection 3 MySQL https://bugs.mysql.com/bug.php?id=42495, CVE-2009-0819 2019/03/12
14:21:41
200009246 ASP Error Information Leakage (5) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2011/10/25
08:45:21
200020140 SSRF attempt (127.0.0.1) - Dot-less decimal representation (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200020160 Java code injection - SharedPoolDataSource (2) (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-16942, CVE-2019-16943 2020/02/02
18:42:51
200001250 onOutOfSync() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/05
09:30:33
200002434 SQL-INJ "mid()" (Headers) SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200003823 "docker" execution attempt (Unix/Linux) (Header) Command Execution 3 Unix/Linux 2018/09/17
17:18:25
200004452 Spring Expression Language (SpEL) Expression Injection (Parameter) Server Side Code Injection 3 JBoss 2018/05/06
17:10:16
200018055 Ghostscript .definemodifiedfont memory corruption Other Application Attacks 2 Other Web Server CVE-2018-16542 2019/03/31
12:31:14
200012052 PHP wddx_deserialize unclosed recordset item use-after-free Denial of Service 2 PHP CVE-2016-7413 2019/04/03
18:33:40
200001719 mhtml:res:// (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting, https://www.brokenbrowser.com/detecting-local-files-to-evade-analysts/ 2020/01/15
14:12:31
200001927 onSVGUnload (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200001950 onTabUnpinned (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101551 Function.call() (Parameter) Cross Site Scripting (XSS) 2 All systems 2018/08/23
13:36:09
200003803 "umount" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004427 Java code injection - org.apache.tomcat.dbcp.dbcp2.BasicDataSource Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2017-7525, CVE-2017-17485, CVE 2017-15095 2020/02/02
18:42:51
200019081 Malicious program ( zehir ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200020092 SSRF attempt (Alibaba Metadata Server) - Dot-less decimal with overflow representation (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200020193 Java code injection - org.htmlparser.lexer.Page (Parameter) Server Side Code Injection 3 Java Servlets/JSP 2020/02/02
18:42:51
200001058 onunblur (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200002446 SQL-INJ "SELECT REGEXP" (Headers) SQL-Injection 3 MySQL http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200004466 Java code injection - org.apache.commons.fileupload.disk.DiskFileItem Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2016-1000031, CVE-2013-2186, CVE-2013-2185 2020/02/02
18:42:51
200004692 Python code injection - socket.dup (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200009241 ASP.NET Web.Config Information Leakage Information Leakage 2 ASP.NET http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2011/10/25
08:45:21
200001783 onDOMMetaAdded (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003171 "arp" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003735 "eval" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200009014 SQL Information Leakage (5) Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200022034 PHP remote file include attempt - ogg:// (Parameter) Remote File Include 2 PHP http://php.net/manual/en/wrappers.php 2020/02/10
17:00:22
250000005 (PSM) .innerhtml Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200001294 onTimeError() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/05/30
14:57:08
200101506 HTML5 Entity (sol) (URI) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200002345 SQL-INJ create function (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002535 SQL-INJ insert into (2) (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200020077 SSRF attempt (Alibaba Metadata Server) - Dot-less decimal representation (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200004696 Python code injection - socket.send (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200101510 HTML5 Entity (semi) (Parameter) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200004249 ASP.NET injection attempt (Convert.FromBase64String) (Parameter) Server Side Code Injection 3 ASP.NET 2017/05/04
10:03:31
200021016 Malicious Web Site crawler "eo browse" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
200001440 CSSHttpRequest (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200003124 "su" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200002606 Joomla SQL Injection Probe SQL-Injection 2 General Database https://blog.sucuri.net/2015/10/joomla-sql-injection-attacks-in-the-wild.html, CVE-2015-7297, CVE-2015-7857, CVE-2015-7858 2017/11/12
11:00:47
200003520 "eventcreate" execution attempt (Header) Command Execution 3 Microsoft Windows 2020/06/09
13:40:17
200003840 "net file" execution attempt (Header) Command Execution 3 Microsoft Windows 2020/06/30
10:08:35
200003660 "systeminfo" execution attempt (Parameter) Command Execution 3 Microsoft Windows 2020/07/05
15:16:45
200004296 Java code injection - org/apache/commons/beanutils/BeanComparator Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2016-4398, CVE-2015-6420, CVE-2015-8765, CVE-2016-1985, CVE-2016-1986, CVE-2016-1997, CVE-2016-1998, CVE-2016-2000, CVE-2016-2003, CVE-2016-2009, CVE-2016-1114, CVE-2016-1999, CVE-2016-4369, CVE-2016-4368, CVE-2016-4373, CVE-2016-4385 2020/02/02
18:42:51
200004457 Python code object marshalling Server Side Code Injection 2 Python 2018/06/13
12:25:02
200004840 Java code injection - imageio.ImageIO$ContainsFilter (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200004974 Java code injection - net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-14439, CVE-2019-14379 2019/08/07
18:44:15
200010074 MySQL Configuration file my.ini (Parameter) Predictable Resource Location 3 General Database http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
250000067 (PSM) SQL-INJ inner join SQL-Injection 3 PSM 2013/06/27
07:12:08
200001091 input type=image (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001660 document[] (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/xss-faq.html, http://en.wikipedia.org/wiki/Cross_site_scripting 2015/07/19
14:11:00
200003370 "tail" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003473 ImageMagick shell command execution in MVG or External Request [fill url(] Command Execution 3 All systems http://imagetragick.com/, CVE-2016-3714, CVE-2016-3718 2016/06/27
17:23:26
200001509 oncanplay (Header) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200019008 Malicious program ( /juax. ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200020071 SSRF attempt (Oracle Metadata Server) - Dotted decimal with overflow representation (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200021056 Malicious Web Site crawler "Shockwave Flash" spam bot Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
200002025 SQL-INJ @@ variables SQL-Injection 3 Microsoft SQL Server http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/06/06
13:37:33
200004407 Java code injection - javax.imageio.ImageIO$ContainsFilter (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2016-5229, CVE-2017-2608 2020/02/02
18:42:51
200020142 Java code injection - HikariConfig (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-14540 2020/02/02
18:42:51
200002638 SQL-INJ SYSTEM_USER (Parameter) SQL-Injection 3 MySQL http://www.owasp.org/index.php/SQL_Injection 2017/01/26
11:44:00
200003039 "xterm" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200015000 Web Server Probe ( mozilla/4.0 (compatible) ) Vulnerability Scan 2 All systems 2010/03/01
02:22:28
250000042 (PSM) SQL-INJ "; shutdown" SQL-Injection 3 PSM 2013/06/27
07:12:08
200002316 SQL-INJ "change_on_install" (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2012/11/21
13:22:14
200002773 SQLINJ - NoSQL [$ne] (JSON) (URI) SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/operator/query-comparison/ 2020/02/02
18:42:51
200003180 "cat" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003414 "ls" execution attempt (Headers) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200009036 Zope Information Leakage Information Leakage 3 Various systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200009247 ASP Error Information Leakage (6) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2011/10/25
08:45:21
250000014 (PSM) document.write Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200003157 "umask" execution attempt Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
250000010 (PSM) alert Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200001101 @import (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200001917 onSVGLoad (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101336 onussdreceived (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002200 SQL-INJ waitfor time SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200003446 Java code injection - org/codehaus/groovy/runtime (Parameter) Server Side Code Injection 3 Java Servlets/JSP http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852, CVE-2015-4852 2018/03/20
18:30:45
200019017 Malicious program ( /suntzu .php ) Trojan/Backdoor/Spyware 3 PHP 2017/08/07
15:48:54
200021017 Malicious Web Site crawler "attache" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
200004138 Encoded script injection attempt ( Script.Encode ) (Parameters) Server Side Code Injection 2 All systems 2017/08/07
15:48:54
200012004 DOS "Double-precision floating-point number dos attack" (Parameter) (4) Denial of Service 3 All systems http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/, CVE-2010-4645 2017/11/12
11:00:47
200004381 Java code injection - org.apache.xbean.naming.context.ContextUtil$ReadOnlyBinding (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-9805, CVE-2017-7504, CVE-2017-7504, CVE-2017-5878, CVE-2017-5586, CVE-2016-9299 2020/02/02
18:42:51
200004917 Java code injection - rowset.JdbcRowSetImpl (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200020149 Java code injection - HikariConfig (2) (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-14540 2020/02/02
18:42:51
200021028 Malicious Web Site crawler "psurf" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
200101405 onpointerover (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200004833 Java code injection - impl.EqualsBean (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001795 onDOMNodeInserted (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101256 onsmartcard-insert (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002834 SQLINJ - NoSQL [$regex] (JSON) (URI) SQL-Injection 3 MongoDB https://blog.websecurify.com/2014/08/attacks-nodejs-and-mongodb-part-to.html 2020/02/02
18:42:51
200004209 JavaScript Code Injection - require(); (Header) Server Side Code Injection 3 All systems http://requirejs.org/ 2017/05/06
13:40:18
200011062 PHP timelib_meridian malformed dateTime element BOF (Header) Buffer Overflow 2 PHP https://www.exploit-db.com/exploits/43133/, CVE-2017-16642 2018/02/01
14:02:09
200001770 onDOMLinkAdded (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101505 HTML5 Entity (sol) (Header) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200003343 "rmdir" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003437 Java code injection - java/lang/Runtime (Parameter) Server Side Code Injection 3 Java Servlets/JSP http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852, CVE-2015-4852, CVE-2017-8046 2018/03/20
18:30:45
200002388 SQL-INJ sysoledbusers (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003072 "chdir" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200004751 Python code injection - base64.b64decode (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200000104 ASP caspsamp dir access Predictable Resource Location 1 ASP http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200101538 [].find() (Parameter) Cross Site Scripting (XSS) 3 All systems 2018/03/20
13:54:15
200004994 JavaScript Object Prototype Pollution (Header) Server Side Code Injection 3 JavaScript https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf 2019/08/25
11:24:25
200001167 url ecmascript (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001873 onMozScrolledAreaChanged (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200004113 Server-Side Include Injection Attempt - 4 (Parameter) Server Side Code Injection 3 SSI (Server Side Includes) 2012/02/27
06:30:01
200004159 Ruby On Rails injection attempt (Parameter) Server Side Code Injection 3 Ruby CVE-2013-0333 2019/09/09
20:56:48
200004377 Java code injection - org.apache.commons.collections.keyvalue.TiedMapEntry (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-9805, CVE-2017-7504, CVE-2017-7504, CVE-2017-5878, CVE-2017-5586, CVE-2016-9299, CVE-2016-4398, CVE-2015-6420, CVE-2015-8765, CVE-2016-1985, CVE-2016-1986, CVE-2016-1997, CVE-2016-1998, CVE-2016-2000, CVE-2016-2003, CVE-2016-2009, CVE-2016-1114, CVE-2016-1999, CVE-2016-4369, CVE-2016-4368, CVE-2016-4373, CVE-2016-4385 2020/02/02
18:42:51
200004678 Python code injection - sys.gettrace (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200004796 Java code injection - ext.EventData (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001049 onfocus (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001170 src ecmascript (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200101533 @font-face unicode-range abuse (Parameter) Cross Site Scripting (XSS) 2 All systems http://mksben.l0.cm/2015/10/css-based-attack-abusing-unicode-range.html 2018/03/12
16:09:07
200003108 "find" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200004739 Python code injection - socket.getpeername (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200021049 Malicious Web Site crawler "NICErsPRO" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200001482 seekSegmentTime() (Parameter) (2) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200003333 "pwd" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004459 Unix special variable $0 (Header) Server Side Code Injection 1 Unix/Linux 2018/05/01
18:05:58
200101368 AngularJS Sandbox Escape - constructor.prototype.charAt.join (URI) Cross Site Scripting (XSS) 3 AngularJS 2018/12/23
12:26:07
200003400 "who or whoami" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003905 Shell command processor (sh/ksh/zsh/csh/tcsh) execution attempt (Header) Command Execution 3 All systems 2018/08/05
11:08:36
200020173 Java code injection - HikariDataSource (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-16335 2020/02/02
18:42:51
200006029 XPath Injection "following" XPath Injection 3 All systems 2019/08/25
11:24:25
200001310 STYLE : behavior (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001876 onMozSwipeGesture (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200001930 onSVGZoom (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002349 SQL-INJ dba_users (Headers) SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004532 PHP injection attempt - hex (system) (Header) Server Side Code Injection 3 PHP 2019/01/22
22:41:09
200004666 Python code injection - sys.path (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200004894 Java code injection - naming.QName (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001253 onPaste() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200101346 onvoicechange (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003200 "cmmd" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004620 Python code injection - os.putenv (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200001401 MsgBox() (URI) Cross Site Scripting (XSS) 2 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200101566 alert() (2) (Parameter) Cross Site Scripting (XSS) 3 All systems 2019/02/25
11:12:53
200002155 SQL-INJ "cast (" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/08/25
09:12:13
200002504 SQL-INJ alter database (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002562 SQL-INJ sys.user$ (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2015/10/19
17:50:00
200003199 "cmmd" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200001062 onabort (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200002156 SQL-INJ group by having (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200003310 "nmap" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/05
15:24:30
200019060 Malicious program ( PHP Commander ) upload Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200021069 Automated client access "wget" Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2012/02/27
06:30:01
200001428 CreateTextFile() (Parameter) Cross Site Scripting (XSS) 2 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200101101 onendEvent (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101248 onsearch (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002760 SQLINJ - NoSQL [$gte] (JSON) (Parameter) SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/operator/query-comparison/ 2020/02/02
18:42:51
200003418 HTTP.sys Remote Code Execution Vulnerability Suspicion (1) Command Execution 3 IIS https://technet.microsoft.com/library/security/MS15-034, CVE-2015-1635 2016/06/27
17:23:26
200001513 onemptied (URI) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2012/11/21
13:22:14
200001532 onloadeddata (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200003089 "cp" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003267 "ifdown" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200101580 SVG img tag: xlink/href (Header) Cross Site Scripting (XSS) 2 All systems 2019/06/18
11:55:10
200004292 Java code injection - java/lang/reflect/InvocationHandler Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372 2020/02/02
18:42:51
200018061 HTTP Desync Attack Attempt Other Application Attacks 3 All systems https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn 2019/09/18
13:58:01
200004938 Java code injection - map.LazyMap (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001209 onContextMenu() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200101340 onversionchange (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101378 action javascript (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/06/12
18:54:57
200003138 "env" execution attempt Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200003268 "ifdown" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004224 Object Graph Navigation Library Expression Injection Server Side Code Injection 3 Apache Struts 2020/02/02
18:42:51
200001857 onMozOrientation (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003116 "nslookup" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003927 Bash Shellshock execution attempt (2) Command Execution 3 Unix/Linux http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6277, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6278, CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278 2019/03/12
14:21:41
200004221 Flask Server Side Template Injection (.__dict__) (Parameter) Server Side Code Injection 3 All systems 2020/02/02
18:42:51
200019012 Malicious program ( /cmd.dat ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001124 href javascript (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200002442 SQL-INJ "select --" (Value) (2) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2012/11/21
13:22:14
200004335 DotNetNuke - FileSystemsUtils (Parameter) Server Side Code Injection 3 ASP.NET CVE-2017-9822 2020/02/02
18:42:51
200000001 IIS Web Server log dir access (/W3SVC..) Predictable Resource Location 1 IIS http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2019/12/11
17:48:52
200001786 onDOMMetaRemoved (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101323 onunderflow (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200003898 "cat" execution attempt (2) (Header) Command Execution 3 Unix/Linux https://medium.com/secjuice/waf-evasion-techniques-718026d693d8 2018/08/05
11:08:36
200015016 Web Server Probe ( "an exploit" ) Vulnerability Scan 2 All systems 2012/02/27
06:30:01
200001734 onCssRuleViewChanged (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101471 HTML5 Entity (lbrack) (Parameter) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200020057 SSRF attempt (Oracle Metadata Server) - Dotted decimal with overflow representation (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200002496 SQL-INJ "SELECT TRANSLATE()" (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200004405 Java code injection - sun.rmi.server.UnicastRef (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2017-3066, CVE-2017-5641 2020/02/02
18:42:51
200006002 XPath Injection "attribute" XPath Injection 3 All systems 2014/03/09
06:42:17
200001785 onDOMMetaRemoved (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002143 SQL-INJ join statement (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002287 SQL-INJ "ALTER USER SET PASSWORD" (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2015/01/01
16:30:30
200002705 SQL-INJ dba_sys_privs (Header) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200020120 Localhost SSRFmap tool evasion (127.127.127.127) (Host header) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200004193 JBoss InvokerServlet MarshalledInvocation (Header) Server Side Code Injection 2 JBoss http://docs.jboss.org/jbossas/javadoc/3.2.7/server/org/jboss/invocation/MarshalledInvocation.html, CVE-2013-4810 2019/11/04
22:53:54
200003677 "tsdiscon" execution attempt (URI) Command Execution 3 Microsoft Windows 2020/07/05
15:16:45
200004278 Java code injection FreeMarker variable assign (Header) Server Side Code Injection 3 Apache Struts https://insinuator.net/2016/07/dilligent-bug/, http://blog.portswigger.net/2015/08/server-side-template-injection.html, CVE-2016-4462 2020/07/19
13:37:06
200004379 Java code injection - org.apache.commons.collections.map.ReferenceMap (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-9805, CVE-2017-7504, CVE-2017-7504, CVE-2017-5878, CVE-2017-5586, CVE-2016-9299, CVE-2016-4398, CVE-2015-6420, CVE-2015-8765, CVE-2016-1985, CVE-2016-1986, CVE-2016-1997, CVE-2016-1998, CVE-2016-2000, CVE-2016-2003, CVE-2016-2009, CVE-2016-1114, CVE-2016-1999, CVE-2016-4369, CVE-2016-4368, CVE-2016-4373, CVE-2016-4385 2020/02/02
18:42:51
200001077 createtextrange (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001690 JavaScript obfuscation (JSF) (URI) Cross Site Scripting (XSS) 3 All systems http://www.jsfuck.com/ 2015/08/25
13:43:10
200001928 onSVGZoom (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002138 SQL-INJ openrowset SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002280 SQL-INJ "CREATE SCHEMA" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002855 sqlmap percent signs evasion - union (URI) SQL-Injection 3 ASP 2020/02/04
17:50:37
200003187 "chgrp" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200020196 Telerik UI for ASP.NET - Encrypted AssemblyInstaller Deserialization Gadget Server Side Code Injection 3 ASP.NET https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui?utm_campaign=190101_Posts_Blog&utm_source=Caleb%20-%20Github, CVE-2019-18935 2020/02/02
18:42:51
250000036 (PSM) XSS script tag Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200001642 jQuery command $.getScript() (Header) Cross Site Scripting (XSS) 3 jQuery http://api.jquery.com/jquery.getscript/ 2014/08/25
09:12:13
200101061 ondevicelight (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200004614 Python code injection - os.getlogin (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200020040 SSRF attempt (AWS Metadata Server) - Dot-less decimal representation (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001295 onTimeError() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/05
09:30:33
200002291 SQL-INJ "*_name()" sql functions (Headers) SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/06/06
13:37:33
200002729 SQL-INJ UTL_HTTP.REQUEST (Header) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200001551 onplay (Header) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101135 onlanguagechange (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101282 ontabviewhidden (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101423 table background (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/30
17:43:40
200003459 Java code injection ognl.OgnlContext (Header) Server Side Code Injection 3 Java Servlets/JSP https://struts.apache.org/docs/s2-029.html, CVE-2016-0785, CVE-2016-4438, CVE-2016-3081 2017/07/24
12:16:47
200004045 ASP injection attempt ( .CreateTextFile ) Server Side Code Injection 2 ASP.NET 2018/01/25
18:15:14
200010146 "/WS_FTP.ini" access Predictable Resource Location 3 All systems 2018/06/18
18:18:44
200021074 Automated client access "custo" Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
200004518 Phar Deserialization Attempt (Header) Server Side Code Injection 3 PHP CVE-2019-11831 2020/02/02
18:42:51
200010143 "/MSD/sql.php" access Predictable Resource Location 3 All systems 2018/06/18
18:18:44
200001431 OpenAsTextStream() (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001599 onseeking (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200001909 onSSWindowStateReady (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200009128 (GHDB) phpSystem Page Information Leakage 2 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2010/03/01
02:22:28
200001337 unescape() (Headers) Cross Site Scripting (XSS) 3 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200101201 onmoztimechange (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101325 onupdateready (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002629 SQL-INJ DATABASE_NAME (Parameter) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/26
15:15:44
200003490 "bootcfg" execution attempt (Header) Command Execution 3 Microsoft Windows 2020/06/09
13:40:17
200101145 onlocalized (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003110 "halt" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003812 "unzip" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200003906 Nagios XI Chained Remote Root Command Execution 3 Unix/Linux http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers, CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736 2019/03/07
19:45:45
200009005 Statistics Software Information Leakage (2) Information Leakage 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200001879 onMozTapGesture (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101415 <div tag: style (Header) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/06/19
14:29:57
200002263 SQL-INJ UTL_SMTP SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002380 SQL-INJ syscat (Headers) SQL-Injection 3 IBM DB2 http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/11/07
11:49:00
200009003 Show web-server environment (envdisplay) Command Execution 2 CGI http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200015029 Web Server Probe ( T H A T ' S G O T T A H U R T ) exploit Vulnerability Scan 2 All systems 2012/02/27
06:30:01
200019097 Malicious program ( NTDaddy v1.9 ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200101152 onmouseenter (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003122 "sendmail" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003238 "fc" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200000028 Unix hidden (dot-file) access Predictable Resource Location 2 Unix/Linux http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2014/03/09
06:42:17
200011070 Phar Short Signature Buffer Overflow Buffer Overflow 2 PHP CVE-2016-7414 2019/05/30
14:57:08
200015046 Web Server Probe ( w3af ) Vulnerability Scan 2 All systems 2011/12/21
06:12:43
200009085 ASP source code leakage (27) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200003701 "wmic" execution attempt (URI) Command Execution 3 Microsoft Windows 2020/07/05
15:16:45
200001176 FSCommand() (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200003760 "logname" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200003826 AWStats Remote Code Execution Command Execution 3 Microsoft Windows CVE-2010-4367 2017/07/24
09:52:07
200004035 PHP injection attempt ( posix_kill ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200004669 Python code injection - sys.platform (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200009201 Oracle Result Columns Error Message Information Leakage 2 Oracle http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200019000 Malicious program ( =http:/ ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200010069 .inc.php access Predictable Resource Location 2 PHP http://www.owasp.org/index.php/PHP_Top_5#P5:_File_system_attacks 2016/03/17
17:22:00
200001511 oncanplaythrough (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101360 AngularJS Sandbox Escape - constructor.prototype (Parameter) Cross Site Scripting (XSS) 3 AngularJS 2018/12/23
12:26:07
200002458 SQL-INJ "Expression::Type=Expression" (Parameters) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2012/11/21
13:22:14
200004672 Python code injection - sys.stdout (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200007013 Directory Traversal attempt ".../" (URI) Path Traversal 2 All systems http://www.webappsec.org/projects/threat/classes/path_traversal.shtml 2015/12/23
13:52:23
200009264 GetSimple CMS - XML File Disclosure (/data/other/authorization.xml) Information Leakage 3 PHP https://nvd.nist.gov/vuln/detail/CVE-2014-8722, CVE-2014-8722 2020/01/30
17:43:40
200010003 "/dms/AggreSpy" access Predictable Resource Location 2 Oracle Application Server http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml, CVE-2002-0563 2020/02/10
17:00:22
200015080 Web Server Scan - IBM Security AppScan - Standard Edition Vulnerability Scan 3 All systems http://www-03.ibm.com/software/products/en/appscan-standard 2016/04/28
09:35:45
200020080 SSRF attempt (Alibaba Metadata Server) - Dotted octal representation (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200010115 Oracle application server repdemo/runrepIAS.html Access Predictable Resource Location 2 Oracle Application Server 2018/03/12
16:09:07
200001405 eval; (Parameter) Cross Site Scripting (XSS) 3 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/12/23
12:26:07
200101187 onmozbrowserlocationchange (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101374 javascript: link target (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/07/24
09:52:07
200012050 Jackson data-bind BigDecimal DoS (Header) Denial of Service 2 Apache Tomcat https://github.com/FasterXML/jackson-modules-java8/issues/90, CVE-2018-1000873 2019/01/22
22:41:09
200101414 <div tag: style (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/06/19
14:29:57
200003029 "perl" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003076 "rmdir" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200004771 Java code injection - oracle.jdbc.connector.OracleManagedConnectionFactory (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2018-12022, CVE-2018-12023 2019/07/28
16:35:03
200015090 Web Server Probe ( Vega ) Vulnerability Scan 3 All systems 2020/02/10
17:00:22
250000006 (PSM) .location Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200000135 link tag (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200004719 Python code injection - socket.gethostbyname (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200004757 Zimbra Collaboration ProxyServlet SSRF Server Side Code Injection 3 Java Servlets/JSP CVE-2019-9621, CVE-2019-9670 2020/02/02
18:42:51
200004930 Java code injection - functors.InstantiateTransformer (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200009207 ODBC Invalid Argument Error Message Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200020195 Java code injection - org.htmlparser.lexer.Page Server Side Code Injection 3 Java Servlets/JSP 2020/02/02
18:42:51
200001288 onStop() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200000086 SQL-INJ Stored procedure "exec *.dbo" (Parameter) SQL-Injection 3 Sybase/ASE http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/08/05
11:08:36
200003443 Java code injection - Runtime.getRuntime (Parameter) Server Side Code Injection 3 Java Servlets/JSP http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852, CVE-2015-4852 2018/04/30
18:19:08
200009136 (GHDB) Fastream NETFile Page Information Leakage 2 Various systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200015084 Web Server Probe ( Minimysqlat0r ) Vulnerability Scan 3 All systems 2017/07/24
09:52:07
200019075 Malicious program ( PHP-Terminal ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200000099 XSS script tag (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200002717 SQL-INJ SI_INFORMTN_SCHEMA (Header) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200003931 "ruby" execution attempt (Header) Command Execution 3 Ruby http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/08/25
11:24:25
200009115 (GHDB) IIS error (4) Information Leakage 2 IIS http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2010/03/01
02:22:28
200003372 "tar" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004121 Server-Side Include Injection Attempt - 8 (Parameter) Server Side Code Injection 3 SSI (Server Side Includes) 2012/02/27
06:30:01
200001554 onplaying (Header) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200001676 = document; (Header) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/xss-faq.html, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200004255 PHP injection attempt ( str_rot13 ) (Parameter) Server Side Code Injection 3 PHP http://www.owasp.org/index.php/Code_Injection 2017/07/24
09:52:07
200004947 Java code injection - invocation.MarshalledValue (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200019128 Web Shell detection (Sniper) Trojan/Backdoor/Spyware 3 PHP http://www.owasp.org/images/c/c3/ASDC12-Old_Webshells_New_Tricks_How_Persistent_Threats_haverevived_an_old_idea_and_how_you_can_detect_them.pdf 2013/03/11
02:26:00
200022039 Generic phpinfo.txt Remote File Include Attempt Remote File Include 3 PHP 2019/02/25
13:53:10
200001648 jQuery command $.post() (Header) Cross Site Scripting (XSS) 3 jQuery http://api.jquery.com/jquery.getscript/ 2014/08/25
09:12:13
200001754 onDOMContentLoaded (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200001803 onDOMNodeRemovedFromDocument (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200004817 Java code injection - support.FileSystemXmlApplicationContext (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200010011 "/xsl/demo/adhocsql/query.xsql" access Predictable Resource Location 2 All systems http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2014/03/09
06:42:17
200001905 onSSWindowStateBusy (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002027 SQL-INJ cast( SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/08/25
09:12:13
200100098 "%COMSPEC%" access (parameter) Predictable Resource Location 1 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/07/30
07:45:27
200003254 "grep" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/08/11
21:03:22
200004323 Java code injection - com.mchange.v2.c3p0.JndiRefForwardingDataSource (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-15095, CVE-2016-9606, CVE-2017-3159, CVE-2016-8744, CVE-2016-8749 2020/02/02
18:42:51
200004740 Python code injection - socket.getsockname (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200004907 Java code injection - support.AbstractBeanFactoryPointcutAdvisor (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200010052 /cgi-sys/ access Predictable Resource Location 1 CGI http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200002055 SQL-INJ charindex SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2015/01/01
16:30:30
200004485 Java code injection - org.jboss.util.propertyeditor.DocumentEditor (Header) Server Side Code Injection 2 Java Servlets/JSP CVE-2018-14718, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721 2020/02/02
18:42:51
200004520 PHP injection attempt (get_defined_functions) (Parameter) Server Side Code Injection 3 PHP https://www.secjuice.com/php-rce-bypass-filters-sanitization-waf/ 2019/01/22
22:41:09
200101546 //.source (URI) Cross Site Scripting (XSS) 3 All systems 2018/03/20
13:54:15
200003163 $SHELL execution attempt (Parameter) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/30
17:43:40
200003813 "vdir" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200004400 Java code injection - org.apache.commons.collections.map.Flat3Map (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-9805, CVE-2017-7504, CVE-2017-7504, CVE-2017-5878, CVE-2017-5586, CVE-2016-9299, CVE-2016-4398, CVE-2015-6420, CVE-2015-8765, CVE-2016-1985, CVE-2016-1986, CVE-2016-1997, CVE-2016-1998, CVE-2016-2000, CVE-2016-2003, CVE-2016-2009, CVE-2016-1114, CVE-2016-1999, CVE-2016-4369, CVE-2016-4368, CVE-2016-4373, CVE-2016-4385 2020/02/02
18:42:51
200011037 Generic Format String attack attempt 2 (headers) Buffer Overflow 3 All systems http://www.webappsec.org/projects/threat/classes/format_string_attack.shtml 2014/03/09
06:42:17
200021102 Automated client access (http client) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2013/08/11
08:26:39
200001903 onSSWindowClosing (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101490 HTML5 Entity (quest) (Header) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200101528 new Image().src (Header) Cross Site Scripting (XSS) 3 All systems 2018/02/01
14:02:09
200020013 Suspicious URL (lvh.me domain service) (Header) Other Application Attacks 2 All systems 2020/02/25
10:29:15
200003806 "unexpand" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004024 PHP injection attempt ( $_session ) Server Side Code Injection 3 PHP 2017/08/07
15:48:54
200004429 Java code injection - com.sun.org.apache.bcel.internal.util.ClassLoader (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2017-7525, CVE-2017-17485, CVE 2017-15095 2020/02/02
18:42:51
200020161 Java code injection - SharedPoolDataSource (2) (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-16942, CVE-2019-16943 2020/02/02
18:42:51
200001410 param tag (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200101442 console.dirxml (Header) Cross Site Scripting (XSS) 2 All systems 2017/07/24
09:52:07
200002693 SQL-INJ APEX_PUBLIC_USER (Header) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200009070 SQL Information Leakage (24) Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200010064 JBOSS admin panel URL 1 Predictable Resource Location 2 JBoss CVE-2010-0738 2019/12/11
17:48:52
200022002 Generic Remote File/Path Include Attempt 2 (path param, ftp/ftps) Remote File Include 3 All systems 2014/03/09
06:42:17
200000165 onmouse... (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200001657 WordPress Fancybox 0-day Cross Site Scripting (XSS) 3 WordPress http://blog.sucuri.net/2015/02/zero-day-in-the-fancybox-for-wordpress-plugin.html, CVE-2015-1494 2016/09/13
19:09:13
200004525 PHP injection attempt - hex (passthru) (Parameter) Server Side Code Injection 3 PHP 2019/01/22
22:41:09
200010004 "/email/sendmail.jsp" access Predictable Resource Location 2 Java Servlets/JSP http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml, CVE-2007-3383 2018/09/17
17:18:25
200101390 onpointerdown (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101437 console.error (URI) Cross Site Scripting (XSS) 2 All systems 2017/07/24
09:52:07
200101457 HTML5 Entity (lpar) (Header) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200101357 AngularJS Sandbox Escape - constructor.prototype.call (Parameter) Cross Site Scripting (XSS) 3 AngularJS 2018/12/23
12:26:07
200004694 Python code injection - socket.listen (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200003680 "tskill" execution attempt (URI) Command Execution 3 Microsoft Windows 2020/07/05
15:16:45
200010103 WordPress Username Enumeration Attempt Predictable Resource Location 2 WordPress http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml, CVE-2017-5487 2017/09/14
19:36:47
200018025 HTTP Headers Injection (7) HTTP Response Splitting 3 All systems 2017/11/12
11:00:47
200002392 SQL-INJ "sys.tab" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200000188 Directory Listing Directory Indexing 2 All systems http://www.webappsec.org/projects/threat/classes/directory_indexing.shtml 2020/01/30
17:43:40
200000101 Web-Server samples dir access Predictable Resource Location 1 All systems http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2018/06/06
13:37:33
200001602 onsuspend (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101343 onvisibilitychange (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200002299 SQL-INJ REVOKE FROM SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200003313 "nslookup" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/03
21:08:37
200003769 "ncat" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200009001 Show web-server environment (dumpenv) Command Execution 2 CGI http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200003338 "reboot" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004606 Python code injection - os.getegid (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200015052 Web Server Probe ( Webtrends Security Analyzer ) Vulnerability Scan 2 All systems 2011/12/21
06:12:43
200002204 SQL-INJ XMLFileFromClob SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002431 SQL-INJ "SELECT IF()" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200002649 SQL-INJ IS_SRVROLEMEMBER (URI) SQL-Injection 3 Microsoft SQL Server http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200003933 rConfig search.crud authenticated command injection Command Execution 3 PHP https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/, CVE-2019-16663 2019/11/19
14:31:38
200001646 jQuery command $.ajax() (URI) Cross Site Scripting (XSS) 3 jQuery http://api.jquery.com/jquery.getscript/ 2014/08/25
09:12:13
200004297 Java code injection - org/apache/commons/collections/functors/ChainedTransformer Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2016-4398, CVE-2015-6420, CVE-2015-8765, CVE-2016-1985, CVE-2016-1986, CVE-2016-1997, CVE-2016-1998, CVE-2016-2000, CVE-2016-2003, CVE-2016-2009, CVE-2016-1114, CVE-2016-1999, CVE-2016-4369, CVE-2016-4368, CVE-2016-4373, CVE-2016-4385 2020/02/02
18:42:51
200104005 SQL Server Reporting System - Serialized Object Server Side Code Injection 3 Microsoft SQL Server CVE-2020-0618 2020/02/19
18:12:53
200009183 "Sybase/MSSQL SQL invalidation" Error Message Information Leakage 2 Sybase/ASE http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200001998 oncancel (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101358 AngularJS Sandbox Escape - constructor.prototype.call (Header) Cross Site Scripting (XSS) 3 AngularJS 2018/12/23
12:26:07
200002707 SQL-INJ GRANTED_ROLE (Parameter) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200002856 sqlmap percent signs evasion - select (Parameter) SQL-Injection 3 ASP 2020/02/04
17:50:37
200101162 onmouseover (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002536 SQL-INJ instr() (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200003907 SaltStack "salt-api" Empty Token Arbitrary Command Execution Command Execution 3 Other Web Server https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html#security-fix, CVE-2018-15751 2018/12/20
16:04:20
200004310 Java code injection - com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-15095 2020/02/02
18:42:51
200013006 IBM DB2 Universal Database Default Credentials Authentication/Authorization Attacks 3 IBM DB2 CVE-2001-0051 2017/06/12
18:54:57
200001127 url javascript (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001999 oncancel (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101430 console.warn (Header) Cross Site Scripting (XSS) 2 All systems 2017/07/24
09:52:07
200002079 SQL-INJ user_password SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200004828 Java code injection - dbcp2.BasicDataSource (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200004362 ASP.NET code injection - System.Collections.Generic.ComparisonComparer (Header) Server Side Code Injection 3 ASP.NET CVE-2017-9424, CVE-2017-9822, CVE-2012-0161 2020/02/02
18:42:51
200010058 HNAP1 access Predictable Resource Location 2 All systems 2020/02/10
17:00:22
200015096 AppScan Open Redirect Exploit Attempt Vulnerability Scan 2 All systems 2019/02/25
11:12:53
200001738 onCssRuleViewRefreshed (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002302 SQL-INJ "IS (NOT) NULL" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002346 SQL-INJ create procedure (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200003435 Java Base64 serialized object - groovy.runtime (Header) Server Side Code Injection 3 Java Servlets/JSP http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852, CVE-2015-4852, CVE-2013-2165 2020/02/02
18:42:51
200012026 XStream void JSON DoS Denial of Service 2 Apache Struts https://struts.apache.org/docs/s2-051.html, http://x-stream.github.io/CVE-2017-7957.html, CVE-2017-7957, CVE-2017-9793 2019/03/07
19:45:45
200002556 SQL-INJ mysql.db (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200002719 SQL-INJ ORACLE_OCM (Parameter) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200003436 Java Base64 serialized object - groovy.runtime (URI) Server Side Code Injection 3 Java Servlets/JSP http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852, CVE-2015-4852, CVE-2013-2165 2020/02/02
18:42:51
200004210 JavaScript Code Injection - require(); (URI) Server Side Code Injection 3 All systems http://requirejs.org/ 2017/05/06
13:40:18
200004791 Java code injection - ruleset.DRSHelper (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200004997 vBulletin updateAvatar Remote Code Execution Server Side Code Injection 3 PHP CVE-2019-17132 2019/11/17
11:22:12
200020154 Java code injection - SharedPoolDataSource (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-16942, CVE-2019-16943 2020/02/02
18:42:51
200000098 XSS script tag (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200004014 PHP injection attempt ( session_start ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200004749 Python code injection - base64.b32encode (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200001886 onMozTouchUp (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200001887 onMozTouchUp (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101438 console.dir (Parameter) Cross Site Scripting (XSS) 2 All systems 2017/07/24
09:52:07
200002312 SQL-INJ "select --" (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2012/11/21
13:22:14
200002866 SQL-INJ - MySQL Interpreted Comment (WHERE) (Parameter) SQL-Injection 2 MySQL 2020/02/19
19:10:33
250000063 (PSM) SQL-INJ expressions like "or 1=1" (3) SQL-Injection 3 PSM 2013/06/27
07:12:08
200101406 onpointerover (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003047 "g++" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200004458 Unix special variable $0 (Parameter) Server Side Code Injection 1 Unix/Linux 2018/05/01
18:05:58
200004721 Python code injection - socket.gethostname (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200009037 ASP source code leakage (1) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200101258 onsmartcard-remove (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101473 HTML5 Entity (lbrack) (URI) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200002716 SQL-INJ SI_INFORMTN_SCHEMA (Parameter) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200004728 Python code injection - socket.getprotobyname (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200020129 Localhost SSRFmap tool evasion (127.0.0.0) (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001293 onTimeError() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200004735 Python code injection - socket.inet_aton (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200009089 ASP source code leakage (31) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200001694 onbeforescriptexecute (Parameter) Cross Site Scripting (XSS) 3 All systems 2019/05/30
14:57:08
200101078 ondischargingtimechange (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002179 SQL-INJ drop database SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200003756 "lastlog" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200004353 ASP.NET code injection - System.Xml.XmlDataDocument (Parameter) Server Side Code Injection 3 ASP.NET CVE-2017-9424, CVE-2017-9822, CVE-2012-0161 2020/02/02
18:42:51
200004991 Java code injection - com.opensymphony.xwork2.ognl.SecurityMemberAccess (Header) Server Side Code Injection 3 Java Servlets/JSP 2019/08/25
11:24:25
200001339 style: background-image (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200001920 onSVGResize (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101385 XSS script tag with namespace (Header) Cross Site Scripting (XSS) 3 All systems http://en.wikipedia.org/wiki/Cross_site_scripting, http://www.cgisecurity.com/articles/xss-faq.shtml 2017/06/12
18:54:57
200001314 <BASE HREF (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200001832 onMozEdgeUIGesture (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002229 SQL-INJ "SELECT CONCAT()" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200004240 JavaScript Code Injection - process.constructor() (Parameter) Server Side Code Injection 3 All systems 2017/05/04
10:03:31
200104000 Java code injection - net.sf.ehcache.transaction.manager.selector.GenericJndiSelector (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-20330 2020/01/27
18:47:48
200001912 onSVGAbort (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101178 onmozbrowsericonchange (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200101511 HTML5 Entity (semi) (Header) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200002106 SQL-INJ sp_sqlexec SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200000131 input tag: dynsrc (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200004319 Java code injection - org.springframework.aop.support.AbstractBeanFactoryPointcutAdvisor (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-15095, CVE-2016-5229, CVE-2017-2608 2020/02/02
18:42:51
200004855 Java code injection - typeddata.ValueHolder (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200101497 HTML5 Entity (lbrace) (URI) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200009200 Oracle Datatype Error Message Information Leakage 2 Oracle http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200012048 libxml2 xmlXPathCompOpEval Null Pointer Dereference (or) Denial of Service 2 XML CVE-2018-14404 2019/01/22
22:41:09
200020003 Jetty FileBasedSessionStore Session Stealing Session Hijacking 2 Jetty CVE-2018-12538 2019/08/05
17:22:45
200020181 Java code injection - EhcacheJtaTransactionManagerLookup (2) (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-17267 2020/02/02
18:42:51
200001568 ontimeupdate (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200004023 PHP injection attempt ( $_get ) Server Side Code Injection 3 PHP 2017/08/07
15:48:54
200012027 Apache Digest authentication uninitialized memory reflection Denial of Service 3 Apache/NCSA HTTP Server https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788, CVE-2017-9788 2017/09/14
15:28:52
200003805 "unexpand" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200003900 "nc" command execution attempt (Header) Command Execution 3 Unix/Linux 2019/04/04
14:31:10
200005001 LDAP injection attempt ( objectclass ) LDAP Injection 3 All systems 2014/03/09
06:42:17
200020093 SSRF attempt (Alibaba Metadata Server) - Dotted decimal with overflow representation (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200015007 Web Server Probe ( brutus ) Vulnerability Scan 2 All systems 2012/02/27
06:30:01
200004189 PHP object serialization injection attempt (Header) Server Side Code Injection 3 PHP http://www.owasp.org/index.php/Code_Injection 2020/08/11
15:45:14
200001226 onDeactivate() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200002709 SQL-INJ GRANTED_ROLE (URI) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200003471 Java code injection com.opensymphony (Header) Server Side Code Injection 3 Java Servlets/JSP https://struts.apache.org/docs/s2-029.html, https://struts.apache.org/docs/s2-046.html, CVE-2016-0785, CVE-2017-5638 2017/07/24
12:16:47
200004863 Java code injection - target.HotSwappableTargetSource (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200010139 "/.remote-sync.json" access Predictable Resource Location 3 All systems 2018/06/18
18:18:44
200015008 Web Server Probe ( bilbo ) Vulnerability Scan 2 All systems 2012/02/27
06:30:01
200001864 onMozRotateGesture (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003028 "python" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003442 Java code injection - java/lang/Process (URI) Server Side Code Injection 3 Java Servlets/JSP http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4852, CVE-2015-4852 2018/03/20
18:30:45
200004768 Atlassian Crowd Plugin Installer Remote Code Execution Server Side Code Injection 3 Java Servlets/JSP CVE-2019-11580 2019/07/15
15:44:51
200009140 (GHDB) PHP Uploader Downloader Page Information Leakage 2 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2010/03/01
02:22:28
200015097 AppScan Remote File Include Exploit Attempt Vulnerability Scan 2 All systems 2019/02/25
13:53:10
200001422 type = application / x-shockwave-flash (Header) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200004156 Code Injection Java (Accessing attributes) Server Side Code Injection 2 Java Servlets/JSP http://www.exploit-db.com/exploits/18329/, CVE-2012-0391, CVE-2012-0392, CVE-2016-3081, CVE-2012-0394, CVE-2016-4438, CVE-2017-5638, CVE-2016-3087, CVE-2011-3923, CVE-2010-1870, CVE-2013-1965, CVE-2013-1966, CVE-2013-2115 2017/11/12
11:00:47
200004660 Python code injection - sys.argv (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200004689 Python code injection - socket.connect (Header) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200004690 Python code injection - socket.detach (Parameter) Server Side Code Injection 3 Python 2019/04/16
16:06:16
200004869 Java code injection - autoproxy.AspectJAwareAdvisorAutoProxyCreator$PartiallyComparableAdvisorHolder (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200011036 Generic Format String attack attempt 2 (URL) Buffer Overflow 3 All systems http://www.webappsec.org/projects/threat/classes/format_string_attack.shtml 2014/03/09
06:42:17
200001030 onclick (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001961 onanimationend (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101295 ontext (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101564 style =expression ( (Header) Cross Site Scripting (XSS) 3 All systems 2020/01/30
17:43:40
200002475 SQL-INJ REPLACE VALUES (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200010127 Apache Struts 2 Config Browser Plugin Predictable Resource Location 2 Apache Struts https://cwiki.apache.org/confluence/display/WW/Config+Browser+Plugin, https://cwiki.apache.org/confluence/display/WW/S2-043 2020/02/10
17:00:22
200010140 "/.svn/" access Predictable Resource Location 3 All systems 2018/06/18
18:18:44
200018007 sql_debug=1 attempt Other Application Attacks 2 General Database 2017/11/12
11:00:47
200020034 SSRF attempt (AWS Metadata Server) - Dot-less decimal with overflow representation (Host header) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200020127 Localhost SSRFmap tool evasion ([::]) (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001846 onMozMagnifyGesture (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200001904 onSSWindowStateBusy (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101251 onsent (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002286 SQL-INJ "ALTER USER SET PASSWORD" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004643 Python code injection - os.fsync (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200004977 Java code injection - ch.qos.logback.core.db.JNDIConnectionSource (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-14439, CVE-2019-14379 2019/08/07
18:44:15
200009142 (GHDB) ASP FileMan Page Information Leakage 1 IIS http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200001063 livescript (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001808 onDOMSubtreeModified (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200001952 onValueChange (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002288 SQL-INJ "UPDATE SET" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002608 SQL-INJ MySQL rewrite my.cnf (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, CVE-2016-6662 2016/11/10
17:09:31
200004535 PHP injection attempt - hex (require) (Parameter) Server Side Code Injection 3 PHP 2019/01/22
22:41:09
200010038 (GHDB) /ojspdemos/ access Predictable Resource Location 1 Oracle Application Server http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking, CVE-2002-2347 2020/02/10
17:00:22
200004494 Java code injection - org.apache.axis2.transport.jms.JMSOutTransportInfo (Header) Server Side Code Injection 2 Java Servlets/JSP CVE-2018-14718, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721 2020/02/02
18:42:51
200004902 Java code injection - c3p0.JndiRefForwardingDataSource (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001661 window[] (Header) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/xss-faq.html, http://en.wikipedia.org/wiki/Cross_site_scripting 2015/09/17
15:27:14
200004820 Java code injection - jndi.JndiDataSourceFactory (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200010031 (GHDB) ipsec.secrets access Predictable Resource Location 2 All systems http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2010/03/01
02:22:28
200004507 Java code injection - org.apache.axis2.jaxws.spi.handler.HandlerResolverImpl Server Side Code Injection 2 Java Servlets/JSP CVE-2018-14718, CVE-2018-19362, CVE-2018-19361, CVE-2018-19360, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721 2020/02/02
18:42:51
200001213 onControlSelect() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200001249 onOutOfSync() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/05/30
14:57:08
200101280 ontabviewframeinitialized (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200000072 SQL-INJ "UNION SELECT" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200019010 Malicious program ( /iys. ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001325 eval() (Headers) Cross Site Scripting (XSS) 3 Ruby http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/09/16
17:29:43
200002789 NoSQL Injection /_all_dbs (Parameter) SQL-Injection 3 CouchDB http://docs.couchdb.org/en/2.0.0/api/ 2020/02/02
18:42:51
200004421 Apache Solr injection attempt (solr.RunExecutableListener) (URI) Server Side Code Injection 3 Apache/NCSA HTTP Server CVE-2017-12629 2018/03/15
13:12:46
200019112 (GHDB) PHPShell backdoor Page Trojan/Backdoor/Spyware 3 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2010/03/01
02:22:28
200021002 Automated client access "microsoft url control" Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2018/04/30
18:19:08
200002277 SQL-INJ expressions like ' || ' (Parameter) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/10/29
16:02:19
200002714 SQL-INJ APEX_040200 (Header) SQL-Injection 3 Oracle http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200002762 SQLINJ - NoSQL [$eq] (JSON) (Header) SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/operator/query-comparison/ 2020/02/02
18:42:51
200002823 SQL-INJ CASE WHEN THEN (Header) SQL-Injection 2 General Database http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2017/06/15
16:17:42
200003232 "env" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004642 Python code injection - os.fsync (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200001787 onDOMModalDialogClosed (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101128 onicccardlockerror (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002594 SQL Injection: End Transaction (URI) SQL-Injection 3 General Database https://msdn.microsoft.com/en-us/library/zh3heeb8.aspx 2020/02/10
17:00:22
200002788 NoSQL Injection /_active_tasks (URI) SQL-Injection 3 CouchDB http://docs.couchdb.org/en/2.0.0/api/ 2020/02/10
17:00:22
200004340 ASP.NET code injection - System.Configuration.Install.AssemblyInstaller (Header) Server Side Code Injection 3 ASP.NET CVE-2017-9424, CVE-2017-9822, CVE-2012-0161 2020/02/02
18:42:51
200004522 Java code injection - com.vaadin.data.util.PropertysetItem (Parameter) Server Side Code Injection 3 Apache Tomcat 2020/02/02
18:42:51
200100005 SAM Attempt Information Leakage 1 Microsoft Windows www.ciac.org/ciac/bulletins/h-45.shtml 2014/03/09
06:42:17
200015082 Web Server Probe ( Cisco-torch ) Vulnerability Scan 3 All systems 2017/07/24
09:52:07
200020085 SSRF attempt (Alibaba Metadata Server) - Dot-less decimal with overflow representation (Host header) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200021092 Automated client access "perl" (corrected) Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2012/07/24
05:34:00
200001085 activexobject (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200101460 HTML5 Entity (rpar) (Header) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200002160 SQL-INJ charindex (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2012/11/21
13:22:14
200002334 SQL-INJ alter database (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200019130 Tomcat Java.Tomdep backdoor Trojan/Backdoor/Spyware 2 Apache Tomcat http://www.symantec.com/security_response/writeup.jsp?docid=2013-111815-1359-99 2013/12/15
09:00:27
200009160 PHP source code leakage (13) Information Leakage 2 PHP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200000134 link tag (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/10/29
16:02:19
200001086 activexobject (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200002554 SQL-INJ integer field UNION (Header) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2015/08/25
13:43:10
200002618 SQL-INJ SELECT DATABASE() (Header) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2017/01/24
16:21:58
200002661 SQL-INJ current_database() (URI) SQL-Injection 3 PostgreSQL http://www.owasp.org/index.php/SQL_Injection 2017/01/18
15:31:20
200003778 "pstree" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200009080 ASP source code leakage (22) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200015039 Web Server Probe ( Acunetix ) - 2 Vulnerability Scan 2 All systems 2020/02/10
17:00:22
200001064 livescript (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200101081 ondisconnected (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200004037 PHP injection attempt ( posix_setpgid ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200004600 Python code injection - os.chdir (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200004960 Java code injection - rowset.OracleJDBCRowSet (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200009222 Oracle DML Error Message Information Leakage 2 Oracle http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200001166 href ecmascript (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001893 onSSTabClosing (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200003705 "aptitude" execution attempt (Parameter) Command Execution 3 Unix/Linux 2019/03/04
14:16:50
200004374 Java code injection - com.sun.xml.internal.bind.v2.runtime.unmarshaller.Base64Data (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-9805, CVE-2017-7504, CVE-2017-7504, CVE-2017-5878, CVE-2017-5586, CVE-2016-9299 2020/02/02
18:42:51
200009013 SQL Information Leakage (4) Information Leakage 2 General Database http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2012/02/27
06:30:01
200001875 onMozSwipeGesture (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200000022 IIS hidden dir access (/_objects/) Predictable Resource Location 1 IIS http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/02/10
17:00:22
200012058 Spring Framework STOMP ReDoS Denial of Service 2 Spring Boot CVE-2018-1257 2019/07/28
16:35:03
250000020 (PSM) href vbscript Cross Site Scripting (XSS) 3 PSM 2013/06/27
07:12:08
200001862 onMozRotateGesture (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101380 action javascript (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/06/12
18:54:57
200000109 bgsound tag (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001608 <EMBED code (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet 2020/01/30
17:43:40
200003166 Bash Shellshock execution attempt (Header) Command Execution 3 Unix/Linux http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6277, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6278, CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278 2018/11/07
10:57:50
200004152 Java Code Injection (java packages) (Params) Server Side Code Injection 3 Java Servlets/JSP https://www.owasp.org/index.php/Command_injection_in_Java, http://www.exploit-db.com/exploits/18329/, CVE-2012-0393 2018/08/05
11:08:36
200005003 LDAP injection attempt ( gidnumber ) LDAP Injection 3 All systems 2014/03/09
06:42:17
200010163 /CFIDE/install.cfm access Predictable Resource Location 2 Macromedia ColdFusion 2018/08/05
11:08:36
200001082 getparentfolder (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200002833 SQLINJ - NoSQL [$regex] (JSON) (Header) SQL-Injection 3 MongoDB https://blog.websecurify.com/2014/08/attacks-nodejs-and-mongodb-part-to.html 2020/02/02
18:42:51
200004044 ASP injection attempt ( .addheader ) Server Side Code Injection 2 ASP.NET 2018/01/25
18:15:14
200004651 Python code injection - os.pipe2 (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200010029 "/Shortcut to " access Predictable Resource Location 2 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2014/03/09
06:42:17
200019093 Malicious program ( jsp File browser ) upload Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200021112 Malicious Web Site crawler (WEP Search) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
200101110 onfullscreenchange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200012001 DOS "Double-precision floating-point number dos attack" (Parameter) Denial of Service 3 All systems http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/, CVE-2010-4645 2017/11/12
11:00:47
200020178 Java code injection - EhcacheJtaTransactionManagerLookup (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-17267 2020/02/02
18:42:51
200001973 onbeforeinstallprompt (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002375 SQL-INJ "SATENCRYPT" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200010046 a.out (URI) Predictable Resource Location 1 Unix/Linux http://projects.webappsec.org/w/page/13246953/Predictable%20Resource%20Location 2020/02/10
17:00:22
200021013 Malicious Web Site crawler "ecollector" Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2018/04/30
18:19:08
200002248 SQL-INJ "UPDATE SET WHERE" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002691 SQL-INJ sqlite_master (URI) SQL-Injection 3 SQLite http://www.owasp.org/index.php/SQL_Injection 2020/02/10
17:00:22
200002860 SQL-INJ - MySQL Interpreted Comment (SELECT) (Parameter) SQL-Injection 2 MySQL 2020/02/19
19:10:33
200004659 Python code injection - sys.exit (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200001117 url vbscript (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200009009 Statistics Software Information Leakage (6) Information Leakage 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200101120 onheld (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002120 SQL-INJ xp_regaddmultistring SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003086 "vi" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200004142 PHP injection attempt ( utf8_decode ) ( parameters ) Server Side Code Injection 2 PHP http://www.owasp.org/index.php/Code_Injection 2014/03/09
06:42:17
200009133 (GHDB) System statistics Page Information Leakage 1 Various systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200014000 /warez/ access Abuse of Functionality 2 All systems http://www.webappsec.org/projects/threat/classes/abuse_of_functionality.shtml 2014/03/09
06:42:17
200020157 Java code injection - P6DataSource (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-16942, CVE-2019-16943 2020/02/02
18:42:51
200001993 oncached (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101464 HTML5 Entity (Tab) (URI) Cross Site Scripting (XSS) 2 All systems https://www.quackit.com/character_sets/html5_entities/ 2017/11/12
11:00:47
200003297 "mount" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004971 Java code injection - org.jdom.transform.XSLTransformer (Header) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-14439, CVE-2019-14379 2019/08/07
18:44:15
200020107 Localhost SSRFmap tool evasion (127.0.0.0) (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200020130 Localhost SSRFmap tool evasion (127.0.1.3) (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200021083 Automated client access "Digimarc WebReader" Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200101240 onreceived (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002290 SQL-INJ "*_name()" sql functions SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200002333 SQL-INJ alter column (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200010022 "/_mmServerScripts" access Predictable Resource Location 1 Macromedia ColdFusion http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml, CVE-2004-1893 2020/02/10
17:00:22
200019073 Malicious program ( phpRemoteView ) access Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001245 onLoseCapture() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/08/07
17:40:28
200010087 .bash_history access Predictable Resource Location 2 All systems http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2017/08/03
11:44:58
200020201 SSRF attempt - Local network IP range 10.x.x.x (URI) Other Application Attacks 2 All systems 2020/01/05
15:24:30
200101084 ondisconnecting (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200002378 SQL-INJ substr() (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200001055 onblur (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001202 onBounce() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200003225 "echo" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200021100 Automated client access (URI::Fetch) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2013/08/11
08:26:39
200001334 XMLHttpRequest() (Headers) Cross Site Scripting (XSS) 3 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/12/23
12:26:07
200002157 SQL-INJ select substring (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200003802 "umount" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004784 Java code injection - util.PropertysetItem (2) (Header) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200018028 HTTP Headers Injection (Location) HTTP Response Splitting 2 All systems http://blogs.msdn.com/b/esiu/archive/2007/09/22/http-header-injection-vulnerabilities.aspx 2017/11/12
11:00:47
200021066 Automated client access "download demon" Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200000168 onsubmit (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001450 prompt (Headers) Cross Site Scripting (XSS) 2 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200001598 onseeked (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200003893 "nc" execution attempt (2) (Parameter) Command Execution 3 Unix/Linux https://medium.com/secjuice/waf-evasion-techniques-718026d693d8 2018/06/27
11:50:56
200004848 Java code injection - script.ScriptEngineManager (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200004646 Python code injection - os.openpty (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200002748 SQLINJ - NoSQL [$in] SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/operator/query-comparison/ 2020/02/02
18:42:51
200004258 PHP injection attempt ( str_replace ) (Parameter) Server Side Code Injection 3 PHP http://www.owasp.org/index.php/Code_Injection 2017/07/24
09:52:07
200009113 (GHDB) IIS error (2) Information Leakage 2 IIS http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2010/03/01
02:22:28
200019035 Malicious program ( pagename=AppFileExplorer ) Trojan/Backdoor/Spyware 3 IIS 2017/08/07
15:48:54
200022031 PHP remote file include attempt - ssh2:// (Header) Remote File Include 2 PHP http://php.net/manual/en/wrappers.php 2020/02/10
17:00:22
200000114 div tag: background-image (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200002577 SQL-INJ inet_server_addr (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2015/10/19
17:50:00
200007025 Directory Traversal attempt (../Windows) (Parameter) Path Traversal 2 Microsoft Windows http://projects.webappsec.org/w/page/13246952/Path%20Traversal 2019/08/25
11:24:25
200002489 SQL-INJ "SELECT COUNT()" (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200003186 "chfn" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/09/17
17:18:25
200019004 Malicious program ( anggands. ) Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001913 onSVGError (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002188 SQL-INJ drop table SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200004129 PHP injection attempt ( $_ENV ) Server Side Code Injection 3 PHP 2017/08/07
15:48:54
200022021 PHP remote file include attempt - file:// (Header) Remote File Include 2 PHP http://php.net/manual/en/wrappers.php 2020/02/10
17:00:22
200101147 onmousedown (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200003904 CSV Injection Attempt (2) Command Execution 3 All systems https://www.contextis.com/blog/comma-separated-vulnerabilities 2018/06/14
17:05:33
200004617 Python code injection - os.getresuid (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200004201 "system" injection attempt (URI) Server Side Code Injection 3 Ruby 2020/09/17
16:04:09
200021085 Automated client access "Crescent Internet ToolPak" Non-browser client 1 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200009040 ASP source code leakage (4) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200009092 ASP source code leakage (34) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200101224 onpointerlockchange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002268 SQL-INJ bitval() SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200003252 "gcc" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003928 Werkzeug Debug Shell Command Execution Command Execution 3 Python CVE-2018-14649 2019/04/04
14:31:10
200004133 PHP injection attempt ( $php_errormsg ) Server Side Code Injection 3 PHP 2017/08/07
15:48:54
200020108 Localhost SSRFmap tool evasion (127.0.1.3) (URI) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200002551 SQL-INJ "end-quote UNION" (Header) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/06/06
14:02:07
200100065 w3who.dll buffer overflow attempt Buffer Overflow 3 IIS CVE-2004-1134, 11820 2017/11/12
11:00:47
200012017 #RefRef DoS tool (2) Denial of Service 3 All systems https://www.owasp.org/index.php/Denial_of_Service 2013/12/15
05:55:10
200001072 copyparentfolder (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200002481 SQL-INJ expressions like "sleep()" (2) (Header) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2018/06/06
14:02:07
200004039 PHP injection attempt ( posix_setuid ) Server Side Code Injection 2 PHP 2019/01/22
22:41:09
200000068 Unparsed ASP/JSP directive in response "<%" Information Leakage 3 ASP.NET http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200002332 SQL-INJ "; shutdown" (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200004222 Flask Server Side Template Injection (.__dict__) (URI) Server Side Code Injection 3 All systems 2020/02/02
18:42:51
200009063 ASP/JSP source code leakage (20) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200101556 source tag: src/srcset (Header) Cross Site Scripting (XSS) 3 All systems https://www.w3schools.com/tags/tag_picture.asp 2019/01/22
22:41:09
200002846 SQL-INJ expressions like AND SELECT * FROM (URI) SQL-Injection 3 General Database 2019/02/26
23:23:07
200100090 "%SYSTEMDRIVE%" access (parameter) Predictable Resource Location 1 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/07/30
07:45:27
200003020 "chgrp" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003340 "rexec" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/05
15:24:30
200012036 libxml xmlSnprintfElementContent DoS (Header) Denial of Service 3 All systems http://www.openwall.com/lists/oss-security/2017/05/15/1, CVE-2017-9047 2018/02/01
14:02:09
200001629 touchstart (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/30
17:43:40
200001810 onDOMSubtreeModified (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002344 SQL-INJ create database (Headers) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200003392 "unalias" execution attempt (URI) Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200101149 onmousedown (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101192 onmozbrowsersecuritychange (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200004527 PHP injection attempt - hex (popen) (Parameter) Server Side Code Injection 3 PHP 2019/01/22
22:41:09
200001193 onError...() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001369 .ShellExecute (Headers) Cross Site Scripting (XSS) 3 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2018/12/23
12:26:07
200001561 onstalled (URI) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200001666 [document] (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/xss-faq.html, http://en.wikipedia.org/wiki/Cross_site_scripting 2015/07/19
14:11:00
200001757 onDOMElementNameChanged (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200001945 onTabSelect (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003118 "poweroff" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200020144 Java code injection - HikariConfig Server Side Code Injection 3 Java Servlets/JSP CVE-2019-14540 2020/02/02
18:42:51
200003872 "reg add" execution attempt (Header) Command Execution 3 Microsoft Windows 2020/06/30
10:08:35
200001211 onContextMenu() (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/05
09:30:33
200001224 onDeactivate() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200002368 SQL-INJ pg_attribute (Headers) SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002561 SQL-INJ BENCHMARK (URI) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection 2018/06/06
14:02:07
200010032 (GHDB) dead.letter access Predictable Resource Location 2 Unix/Linux http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2013/03/11
02:26:00
200010147 "/WinSCP.ini" access Predictable Resource Location 3 All systems 2018/06/18
18:18:44
200012024 XStream void tag DoS Denial of Service 2 Apache Struts https://struts.apache.org/docs/s2-051.html, http://x-stream.github.io/CVE-2017-7957.html, CVE-2017-7957, CVE-2017-9793 2017/09/14
19:36:47
200009141 (GHDB) File Upload Manager Page Information Leakage 2 Various systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2014/03/09
06:42:17
200001020 onkeypress (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200002183 SQL-INJ create procedure SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2020/02/10
17:00:22
200002202 SQL-INJ "SATENCRYPT" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200003160 "xemacs" execution attempt Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200009209 Oracle Invalid Argument Error Message Information Leakage 2 Oracle http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200010094 /liquibase access Predictable Resource Location 2 Spring Boot http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2017/09/24
15:40:00
200101257 onsmartcard-insert (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200004137 PHP injection attempt ( php_uname ) Server Side Code Injection 2 PHP 2017/08/07
15:48:54
200004565 Atlassian Confluence Server Side Template Injection (2) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-3396 2020/02/02
18:42:51
200020074 SSRF attempt (Oracle Metadata Server) - Dot-less hexadecimal representation (Parameter) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200001173 HTML entity - &#x... (URI) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2017/06/12
18:54:57
200003784 "renice" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004380 Java code injection - org.apache.commons.collections.map.ReferenceMap (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-9805, CVE-2017-7504, CVE-2017-7504, CVE-2017-5878, CVE-2017-5586, CVE-2016-9299, CVE-2016-4398, CVE-2015-6420, CVE-2015-8765, CVE-2016-1985, CVE-2016-1986, CVE-2016-1997, CVE-2016-1998, CVE-2016-2000, CVE-2016-2003, CVE-2016-2009, CVE-2016-1114, CVE-2016-1999, CVE-2016-4369, CVE-2016-4368, CVE-2016-4373, CVE-2016-4385 2020/02/02
18:42:51
200021097 Automated client access (PECL::HTTP) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2013/08/11
08:26:39
200000106 Javascript Entity (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/08/25
11:24:25
200000167 onmouse... (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200101216 onorientationchange (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200003172 "arp" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200009052 ASP source code leakage (16) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200010034 (GHDB) XcCDONTS.asp access Predictable Resource Location 2 ASP http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml, http://johnny.ihackstuff.com/ghdb.php, http://en.wikipedia.org/wiki/Google%20hacking 2010/03/01
02:22:28
200009108 IIS Information Leakage (10) Information Leakage 2 IIS http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200000145 object tag: codebase (Headers) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/15
14:12:31
200001393 decodeURIcomponent() (Parameter) Cross Site Scripting (XSS) 3 JavaScript http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200101250 onsent (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101344 onvisibilitychange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200003312 "nohup" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2020/01/05
15:24:30
200004177 Wordpress code uploading via Timthumb.php Server Side Code Injection 3 WordPress https://blog.sucuri.net/2011/08/attacks-against-timthumb-php-in-the-wild-list-of-themes-and-plugins-being-scanned.html, CVE-2014-4663 2016/09/13
19:09:13
200001242 onLayoutComplete() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200003718 "chpasswd" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004109 Server-Side Include Injection Attempt - 2 (Parameter) Server Side Code Injection 3 SSI (Server Side Includes) 2013/09/16
00:21:21
200004131 PHP injection attempt ( $_FILES ) Server Side Code Injection 3 PHP 2017/08/07
15:48:54
200020084 SSRF attempt (Alibaba Metadata Server) - Dot-less decimal representation (Host header) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200021029 Malicious Web Site crawler "digout4uagent" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200001877 onMozTapGesture (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101242 onreceived (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101572 ReactJS code injection - createElement (Header) Cross Site Scripting (XSS) 2 ReactJS 2019/04/16
13:29:05
200004306 Java code injection - org.codehaus.groovy.runtime.MethodClosure (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-15095, CVE-2015-32531 2020/02/02
18:42:51
200004515 ASP.NET code injection - Process.Start (Parameter) Server Side Code Injection 3 ASP.NET 2019/01/22
22:41:09
200020172 Java code injection - HikariDataSource (Parameter) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-16335 2020/02/02
18:42:51
200000132 input tag: dynsrc (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200002240 SQL-INJ "SELECT COUNT()" SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/09/25
17:14:53
200002659 SQL-INJ current_database() (Parameter) SQL-Injection 3 PostgreSQL http://www.owasp.org/index.php/SQL_Injection 2017/01/18
15:31:20
200003911 "sleep" execution attempt (2) Command Execution 3 Unix/Linux 2019/03/04
15:38:33
200004550 PHP injection attempt - variable assignment (require) (Header) Server Side Code Injection 3 PHP 2019/01/22
22:41:09
200021124 Malicious Web Site crawler (DSurf15a) Non-browser client 1 All systems http://en.wikipedia.org/wiki/Web_scraping 2020/01/30
17:43:40
200002772 SQLINJ - NoSQL [$ne] (JSON) (Parameter) SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/operator/query-comparison/ 2020/02/02
18:42:51
200001040 onunload (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001122 href vbscript (Headers) Cross Site Scripting (XSS) 2 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200101043 onconnecting (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200003133 Directory Traversal attempt (../var/) (Parameter) Path Traversal 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/10/29
16:02:19
200101175 onmozbrowsererror (Header) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200007014 Directory Traversal in SunPS iRunbook 2.5.2 "..:" Path Traversal 3 All systems CVE-2002-1034 2020/02/10
17:00:22
200010091 /configprops access Predictable Resource Location 2 Spring Boot http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2017/09/24
15:40:00
200004568 Python code injection - import sqlalchemy (Parameter) Server Side Code Injection 2 Python 2019/04/16
13:29:05
200001521 onforminput (Header) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/06/05
09:30:33
200001596 onseeked (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200101107 onfocusout (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101421 onEvent (Header) Cross Site Scripting (XSS) 1 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200003288 "lynx" execution attempt (URI) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200004537 PHP injection attempt - hex (die) (Parameter) Server Side Code Injection 3 PHP 2019/01/22
22:41:09
200004582 Python code injection - import Scapy (Parameter) Server Side Code Injection 2 Python 2019/04/16
13:29:05
200009042 ASP source code leakage (6) Information Leakage 2 ASP http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2010/03/01
02:22:28
200101036 oncompositionupdate (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002089 SQL-INJ column_name SQL-Injection 2 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2014/03/09
06:42:17
200002750 SQLINJ - NoSQL db.find() (Parameter) SQL-Injection 3 MongoDB https://docs.mongodb.com/manual/reference/method/db.collection.find/ 2020/02/02
18:42:51
200100087 "%HOMEDRIVE%" access (URI) Predictable Resource Location 1 Microsoft Windows http://www.webappsec.org/projects/threat/classes/predictable_resource_location.shtml 2020/07/30
07:45:27
200001748 onDOMAutoComplete (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200015044 Web Server Probe ( scanalert ) Vulnerability Scan 2 All systems 2011/12/21
06:12:43
200016008 "x-up-devcap-post-charset" ASP.NET Evasion Attempt Detection Evasion 3 ASP.NET https://soroush.secproject.com/blog/tag/waf-bypass/ 2019/05/23
15:55:31
200000141 applet tag (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200101179 onmozbrowsericonchange (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101222 onpointerlockchange (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200002609 SQL-INJ MySQL rewrite my.cnf (Header) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, CVE-2016-6662 2016/11/10
17:09:31
200003737 "eval" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004561 Apache Solr jmx.serviceUrl Remote Code Execution Server Side Code Injection 3 Other Web Server CVE-2019-0192 2019/03/13
10:34:21
200019087 Malicious program ( zehir 2 ) upload Trojan/Backdoor/Spyware 3 All systems 2017/08/07
15:48:54
200001497 history.pushState() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/30
17:43:40
200003404 "xemacs" execution attempt (URI) Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200012043 SAP NetWeaver DoS Attempt - <a> (URI) Denial of Service 2 XML CVE-2016-10311 2018/03/18
15:16:32
200001804 onDOMNodeRemovedFromDocument (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200002092 SQL-INJ xtype char SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/06/26
14:01:21
200002550 SQL-INJ "end-quote UNION" (Parameter) SQL-Injection 3 General Database http://www.owasp.org/index.php/SQL_Injection, http://www.webappsec.org/projects/threat/classes/sql_injection.shtml 2018/06/06
14:02:07
200003052 "curl" execution attempt Command Execution 3 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2019/03/04
14:16:50
200003926 "ruby" execution attempt (2) Command Execution 3 Unix/Linux 2019/03/03
21:59:04
200003694 "whoami" execution attempt (Header) Command Execution 3 Microsoft Windows 2020/07/05
15:16:45
200104360 Monolog RCE Gadget Chain (2) Server Side Code Injection 3 PHP 2020/09/03
13:47:11
200004264 Code Injection Java (Accessing attributes) (#_lastEvaluation) Server Side Code Injection 3 Apache Struts http://www.exploit-db.com/exploits/18329/, https://www.exploit-db.com/exploits/14360/, CVE-2012-0391, CVE-2012-0392, CVE-2016-3081, CVE-2012-0394, CVE-2016-4438, CVE-2017-5638 2017/08/03
11:44:58
200003476 ImageMagick arbitrary file read (label) Command Execution 3 All systems http://imagetragick.com/, CVE-2016-3717 2020/01/30
17:43:40
200004228 JavaScript Code Injection - module.load() (Parameter) Server Side Code Injection 3 All systems 2017/05/04
10:03:31
200018006 Mode=debug attempt Other Application Attacks 2 Macromedia ColdFusion 2014/03/09
06:42:17
200004831 Java code injection - impl.EqualsBean (2) (Parameter) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200001556 onpopstate (Parameter) Cross Site Scripting (XSS) 2 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200101433 console.debug (Header) Cross Site Scripting (XSS) 2 All systems 2017/07/24
09:52:07
200002850 extractvalue DoS (Parameter) SQL-Injection 3 MySQL https://bugs.mysql.com/bug.php?id=42495, CVE-2009-0819 2019/03/12
14:21:41
200003147 "nano" execution attempt Command Execution 2 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2019/03/04
14:16:50
200004356 ASP.NET code injection - System.Management.Automation.PSObject (Header) Server Side Code Injection 3 ASP.NET CVE-2017-9424, CVE-2017-9822, CVE-2012-0161 2020/02/02
18:42:51
200004384 Java code injection - org.apache.xbean.naming.context.WritableContext (Header) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-9805, CVE-2017-7504, CVE-2017-7504, CVE-2017-5878, CVE-2017-5586, CVE-2016-9299 2020/02/02
18:42:51
200004397 Java code injection - com.documentum.fc.client.impl.typeddata.ValueHolder (Parameter) Server Side Code Injection 3 JavaServer Faces (JSF) CVE-2015-7450, CVE-2015-4852, CVE-2015-8103, CVE-2016-3427, CVE-2016-0788, CVE-2016-3642, CVE-2016-4372, CVE-2017-7525, CVE-2017-9805, CVE-2017-7504, CVE-2017-7504, CVE-2017-5878, CVE-2017-5586, CVE-2016-9299 2020/02/02
18:42:51
200001188 onData...() (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2012/02/27
06:30:01
200001850 onMozMagnifyGestureUpdate (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2019/05/30
14:57:08
200004616 Python code injection - os.getresuid (Parameter) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200004665 Python code injection - sys.modules (Header) Server Side Code Injection 3 Python 2019/04/16
15:19:14
200009195 SqlException Error Message Information Leakage 3 ASP.NET http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2011/07/21
10:34:42
200001070 settimeout() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2014/03/09
06:42:17
200001204 onBegin() (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/articles/xss-faq.shtml, http://en.wikipedia.org/wiki/Cross_site_scripting 2020/01/02
15:08:09
200001681 = window; (URI) Cross Site Scripting (XSS) 3 All systems http://www.cgisecurity.com/xss-faq.html, http://en.wikipedia.org/wiki/Cross_site_scripting 2019/06/20
11:56:43
200001691 onshow (Parameter) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200001870 onMozRotateGestureUpdate (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2017/01/26
15:15:44
200101017 onclose (URI) Cross Site Scripting (XSS) 3 All systems http://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet#Event_Handlers 2020/01/02
15:08:09
200003363 "source" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200020062 SSRF attempt (Oracle Metadata Server) - Dot-less decimal representation (Host header) Other Application Attacks 2 All systems 2020/02/02
18:42:51
200020177 Java code injection - HikariDataSource (2) Server Side Code Injection 3 Java Servlets/JSP CVE-2019-16335 2020/02/02
18:42:51
200021011 Malicious Web Site crawler "emailsiphon" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2020/01/30
17:43:40
200004580 Python code injection - import BeautifulSoup (Parameter) Server Side Code Injection 2 Python 2019/04/16
13:29:05
200004785 Java code injection - util.PropertysetItem (2) Server Side Code Injection 3 IBM WebSphere 2019/07/28
16:35:03
200010107 JBOSS /jmx-console/ access Predictable Resource Location 2 Java Servlets/JSP CVE-2007-1036, CVE-2010-0738 2017/11/12
11:00:47
200002643 SQL-INJ sql_logins (URI) SQL-Injection 3 Microsoft SQL Server http://www.owasp.org/index.php/SQL_Injection 2017/02/01
18:32:44
200003055 Directory Traversal attempt (../etc/) (Header) Path Traversal 1 Unix/Linux http://www.webappsec.org/projects/threat/classes/os_commanding.shtml 2018/10/29
16:02:19
200003205 "cp" execution attempt (Header) Command Execution 3 Unix/Linux http://en.wikipedia.org/wiki/Arbitrary_code_execution 2018/08/05
11:08:36
200003751 "groff" execution attempt (Header) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200003761 "logname" execution attempt (URI) Command Execution 3 Unix/Linux 2018/08/05
11:08:36
200004127 PHP injection attempt ( $_REQUEST ) Server Side Code Injection 3 PHP 2017/08/07
15:48:54
200009190 ODBC Syntax Error Message Information Leakage 2 Microsoft Windows http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
200021041 Malicious Web Site crawler "CheeseBot" Non-browser client 2 All systems http://www.webappsec.org/projects/threat/classes/information_leakage.shtml 2014/03/09
06:42:17
250000016