Talos has added and modified multiple rules in the file-image, file-other, file-pdf and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules) * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47348 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules) * 1:47349 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules) * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules) * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47355 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules) * 1:47347 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API account information disclosure attempt (server-webapp.rules) * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47354 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules) * 1:47358 <-> ENABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules) * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 3:47363 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules) * 3:47341 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules) * 3:47364 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules) * 3:47342 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0637 attack attempt (server-other.rules) * 3:47340 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules)
* 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules) * 1:46081 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules) * 1:42857 <-> ENABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:47239 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules) * 1:47240 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules) * 1:46080 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules) * 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules) * 1:26275 <-> ENABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47347 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API account information disclosure attempt (snort3-server-webapp.rules) * 1:47348 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (snort3-server-webapp.rules) * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules) * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (snort3-file-image.rules) * 1:47354 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (snort3-file-other.rules) * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules) * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules) * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (snort3-file-other.rules) * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (snort3-file-image.rules) * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (snort3-file-image.rules) * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (snort3-file-image.rules) * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (snort3-file-image.rules) * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (snort3-file-image.rules) * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (snort3-file-other.rules) * 1:47355 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (snort3-file-other.rules) * 1:47358 <-> ENABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (snort3-server-webapp.rules) * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (snort3-file-image.rules) * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (snort3-file-pdf.rules) * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (snort3-file-pdf.rules) * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (snort3-file-image.rules) * 1:47349 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (snort3-server-webapp.rules) * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (snort3-file-image.rules)
* 1:42857 <-> ENABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (snort3-server-webapp.rules) * 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (snort3-server-webapp.rules) * 1:46081 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (snort3-server-webapp.rules) * 1:46080 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (snort3-server-webapp.rules) * 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (snort3-server-webapp.rules) * 1:47240 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (snort3-file-pdf.rules) * 1:47239 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (snort3-file-pdf.rules) * 1:26275 <-> ENABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules) * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47358 <-> ENABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules) * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47354 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules) * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules) * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47355 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules) * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47347 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API account information disclosure attempt (server-webapp.rules) * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47348 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules) * 1:47349 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules) * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 3:47364 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules) * 3:47342 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0637 attack attempt (server-other.rules) * 3:47363 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules) * 3:47340 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules) * 3:47341 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules)
* 1:46080 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules) * 1:46081 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules) * 1:47239 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules) * 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules) * 1:42857 <-> ENABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules) * 1:26275 <-> ENABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules) * 1:47240 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47349 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules) * 1:47348 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules) * 1:47347 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API account information disclosure attempt (server-webapp.rules) * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules) * 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules) * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47358 <-> ENABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules) * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47355 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules) * 1:47354 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules) * 3:47340 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules) * 3:47363 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules) * 3:47364 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules) * 3:47341 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules) * 3:47342 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0637 attack attempt (server-other.rules)
* 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules) * 1:46081 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules) * 1:26275 <-> ENABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules) * 1:42857 <-> ENABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules) * 1:47239 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules) * 1:46080 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules) * 1:47240 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:47345 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules) * 1:47343 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47349 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules) * 1:47348 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API set_VM_passwd command injection attempt (server-webapp.rules) * 1:47362 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47360 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47350 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47346 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EMR_CREATEDIBPATTERNBRUSHPT record buffer overflow attempt (file-other.rules) * 1:47365 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47361 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47347 <-> ENABLED <-> SERVER-WEBAPP QNAP QCenter API account information disclosure attempt (server-webapp.rules) * 1:47366 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader double free attempt (file-pdf.rules) * 1:47357 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47355 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules) * 1:47354 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawPath out of bounds read attempt (file-other.rules) * 1:47344 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47359 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Reader malformed TIFF out of bounds read attempt (file-image.rules) * 1:47353 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47352 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47351 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG heap overflow attempt (file-image.rules) * 1:47356 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro out of bounds read attempt (file-image.rules) * 1:47358 <-> ENABLED <-> SERVER-WEBAPP CCTV-DVR command injection attempt (server-webapp.rules) * 3:47363 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules) * 3:47364 <-> ENABLED <-> FILE-OTHER Cisco WebEx Network Recording Player out of bounds write attempt (file-other.rules) * 3:47341 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules) * 3:47342 <-> ENABLED <-> SERVER-OTHER TRUFFLEHUNTER TALOS-2018-0637 attack attempt (server-other.rules) * 3:47340 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2018-0639 attack attempt (file-pdf.rules)
* 1:46081 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules) * 1:47239 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules) * 1:42857 <-> ENABLED <-> SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (server-webapp.rules) * 1:47240 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader U3D data stream heap overflow attempt (file-pdf.rules) * 1:26276 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules) * 1:26277 <-> DISABLED <-> SERVER-WEBAPP Linksys E1500/E2500 apply.cgi submit_button page redirection attempt (server-webapp.rules) * 1:26275 <-> ENABLED <-> SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt (server-webapp.rules) * 1:46080 <-> DISABLED <-> SERVER-WEBAPP Linksys E-Series apply.cgi cross site scripting attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
