Talos has added and modified multiple rules in the blacklist, browser-chrome, browser-firefox, browser-ie, browser-other, browser-plugins, browser-webkit, content-replace, exploit-kit, file-executable, file-flash, file-identify, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, indicator-scan, indicator-shellcode, malware-cnc, malware-other, netbios, os-linux, os-mobile, os-other, os-solaris, os-windows, policy-other, policy-social, protocol-dns, protocol-ftp, protocol-icmp, protocol-imap, protocol-pop, protocol-rpc, protocol-scada, protocol-services, protocol-snmp, protocol-telnet, protocol-tftp, protocol-voip, pua-other, server-apache, server-iis, server-mail, server-mssql, server-mysql, server-oracle, server-other, server-samba, server-webapp and x11 rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2972.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34348 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit payload download (exploit-kit.rules) * 1:34347 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection attempt (malware-cnc.rules) * 1:34346 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection attempt (malware-cnc.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34344 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34343 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34339 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules) * 1:34338 <-> ENABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34337 <-> ENABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34336 <-> ENABLED <-> MALWARE-OTHER Html.Phishing.Crea outbound connection attempt (malware-other.rules)
* 1:16341 <-> DISABLED <-> SERVER-OTHER IBM DB2 Database Server invalid data stream denial of service attempt (server-other.rules) * 1:16342 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile truncated media file processing memory corruption attempt (file-multimedia.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules) * 1:16351 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules) * 1:16352 <-> DISABLED <-> OS-LINUX Linux Kernel NFSD Subsystem overflow attempt (os-linux.rules) * 1:16353 <-> DISABLED <-> FILE-MULTIMEDIA FFmpeg OGV file format memory corruption attempt (file-multimedia.rules) * 1:16359 <-> DISABLED <-> FILE-OTHER Adobe Illustrator DSC comment overflow attempt (file-other.rules) * 1:16360 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Image Description Atom sign extension memory corruption attempt (file-multimedia.rules) * 1:16367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access memory corruption attempt (browser-ie.rules) * 1:16369 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt - public exploit (browser-ie.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules) * 1:16376 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:16377 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:16378 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object cells reference memory corruption vulnerability (browser-ie.rules) * 1:16382 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML+TIME animatemotion property memory corruption attempt (browser-ie.rules) * 1:16383 <-> DISABLED <-> SERVER-ORACLE MDSYS drop table trigger injection attempt (server-oracle.rules) * 1:16384 <-> DISABLED <-> SERVER-OTHER VMware Server ISAPI Extension remote denial of service attempt (server-other.rules) * 1:16392 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0u7 authorization digest heap overflow (server-webapp.rules) * 1:16393 <-> DISABLED <-> SERVER-OTHER PostgreSQL bit substring buffer overflow attempt (server-other.rules) * 1:16397 <-> DISABLED <-> OS-WINDOWS SMB andx invalid server name share access (os-windows.rules) * 1:16398 <-> DISABLED <-> OS-WINDOWS SMB invalid server name share access (os-windows.rules) * 1:16399 <-> DISABLED <-> OS-WINDOWS SMB unicode andx invalid server name share access (os-windows.rules) * 1:16400 <-> DISABLED <-> OS-WINDOWS SMB unicode invalid server name share access (os-windows.rules) * 1:16401 <-> DISABLED <-> OS-WINDOWS SMB andx invalid server name share access (os-windows.rules) * 1:16402 <-> DISABLED <-> OS-WINDOWS SMB invalid server name share access (os-windows.rules) * 1:16403 <-> DISABLED <-> OS-WINDOWS SMB unicode andx invalid server name share access (os-windows.rules) * 1:16404 <-> DISABLED <-> OS-WINDOWS SMB unicode invalid server name share access (os-windows.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16409 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:16411 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:16412 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt (file-office.rules) * 1:16414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules) * 1:16416 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed MSODrawing Record attempt (file-office.rules) * 1:16417 <-> DISABLED <-> OS-WINDOWS SMB Negotiate Protocol Response overflow attempt (os-windows.rules) * 1:16419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules) * 1:16421 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:16422 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Paint JPEG with malformed SOFx field (file-image.rules) * 1:16423 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect attempt (browser-ie.rules) * 1:16424 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Script Host Shell Object ActiveX clsid access (browser-plugins.rules) * 1:16425 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file download request (file-identify.rules) * 1:16428 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Express and Windows Mail NNTP handling buffer overflow attempt (file-office.rules) * 1:16435 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected (file-identify.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules) * 1:1644 <-> DISABLED <-> SERVER-WEBAPP test-cgi attempt (server-webapp.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules) * 1:16445 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 ack response denial of service attempt (protocol-voip.rules) * 1:16447 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin request attempt (protocol-rpc.rules) * 1:16452 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer .hlp samba share download attempt (browser-ie.rules) * 1:16461 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel EntExU2 write access violation attempt (file-office.rules) * 1:16462 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 formulas from records parsing code execution attempt (file-office.rules) * 1:16463 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF5 formulas from records parsing code execution attempt (file-office.rules) * 1:16464 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ContinueFRT12 heap overflow attempt (file-office.rules) * 1:16465 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ContinueFRT12 and MDXSet heap overflow attempt (file-office.rules) * 1:16466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel uninitialized stack variable code execution attempt (file-office.rules) * 1:16467 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 1 (file-office.rules) * 1:16468 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 2 (file-office.rules) * 1:16469 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (file-office.rules) * 1:16470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:16471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:16473 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16474 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules) * 1:16482 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:16490 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules) * 1:16492 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari inline text box use after free attempt (browser-webkit.rules) * 1:16501 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt - TrueType (browser-firefox.rules) * 1:16502 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt - CFF-based (browser-firefox.rules) * 1:16503 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handling remote code execution attempt (browser-ie.rules) * 1:16506 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:16507 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange memory corruption attempt (browser-ie.rules) * 1:16508 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 non-IE8 compatibility mode htmltime remote code execution attempt (browser-ie.rules) * 1:16510 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by CLSID (browser-plugins.rules) * 1:16511 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by ProgID (browser-plugins.rules) * 1:16512 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed span/div html document heap corruption attempt (browser-ie.rules) * 1:16514 <-> DISABLED <-> PUA-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (pua-other.rules) * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules) * 1:16516 <-> DISABLED <-> SERVER-ORACLE Database sys.olapimpl_t package odcitablestart overflow attempt (server-oracle.rules) * 1:16517 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing comment overflow attempt (file-other.rules) * 1:16518 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing announce overflow attempt (file-other.rules) * 1:16519 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing name overflow attempt (file-other.rules) * 1:16520 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing path overflow attempt (file-other.rules) * 1:16522 <-> DISABLED <-> SERVER-OTHER Novell QuickFinder server cross-site-scripting attempt (server-other.rules) * 1:16524 <-> DISABLED <-> PROTOCOL-FTP ProFTPD username sql injection attempt (protocol-ftp.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:10011 <-> DISABLED <-> SERVER-MAIL Novell NetMail APPEND command buffer overflow attempt (server-mail.rules) * 1:10015 <-> DISABLED <-> BROWSER-PLUGINS Oracle ORADC ActiveX clsid access (browser-plugins.rules) * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules) * 1:10024 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ClientDBMiniAgentClose attempt (netbios.rules) * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules) * 1:10036 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor ASRemotePFC overflow attempt (netbios.rules) * 1:10050 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 ASDBLoginToComputer overflow attempt (netbios.rules) * 1:10116 <-> DISABLED <-> POLICY-SOCIAL AIM GoChat URL access attempt (policy-social.rules) * 1:10117 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGCBHandleFromGroupName overflow attempt (netbios.rules) * 1:10126 <-> DISABLED <-> FILE-IMAGE Apple QuickTime JPEG Huffman Table integer underflow attempt (file-image.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:10132 <-> DISABLED <-> PROTOCOL-RPC portmap BrightStor ARCserve denial of service attempt (protocol-rpc.rules) * 1:10133 <-> DISABLED <-> PROTOCOL-RPC portmap BrightStor ARCserve denial of service attempt (protocol-rpc.rules) * 1:10135 <-> DISABLED <-> SERVER-OTHER Squid proxy FTP denial of service attempt (server-other.rules) * 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules) * 1:10192 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Ierpplug.dll ActiveX clsid access (browser-plugins.rules) * 1:10193 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Ierpplug.dll ActiveX function call access (browser-plugins.rules) * 1:10194 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Ierpplug.dll ActiveX function call access (browser-plugins.rules) * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules) * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) * 1:1028 <-> DISABLED <-> SERVER-IIS query.asp access (server-iis.rules) * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules) * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules) * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules) * 1:10482 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp request (protocol-rpc.rules) * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 15,16,17 attempt (netbios.rules) * 1:10504 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:10505 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules) * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules) * 1:11000 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:11176 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office PowerPoint Viewer ActiveX clsid access (browser-plugins.rules) * 1:11180 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie ftyp buffer underflow (file-multimedia.rules) * 1:11181 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Excel Viewer ActiveX clsid access (browser-plugins.rules) * 1:11185 <-> DISABLED <-> SERVER-OTHER CA eTrust key handling dos via username attempt (server-other.rules) * 1:11187 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Word Viewer ActiveX clsid access (browser-plugins.rules) * 1:11192 <-> DISABLED <-> FILE-EXECUTABLE download of executable content (file-executable.rules) * 1:11199 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Viewer ActiveX clsid access (browser-plugins.rules) * 1:11204 <-> DISABLED <-> SERVER-ORACLE Oracle Database DBMS_AQADM_SYS package GRANT_TYPE_ACCESS procedure SQL injection attempt (server-oracle.rules) * 1:11228 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 3 ActiveX clsid access (browser-plugins.rules) * 1:11258 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Named Graph Information unicode overflow attempt (file-office.rules) * 1:11267 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop PNG file handling stack buffer overflow attempt (file-image.rules) * 1:11288 <-> DISABLED <-> PROTOCOL-RPC portmap mountd tcp request (protocol-rpc.rules) * 1:11289 <-> DISABLED <-> PROTOCOL-RPC portmap mountd tcp zero-length payload denial of service attempt (protocol-rpc.rules) * 1:11290 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed named graph information ascii overflow attempt (file-office.rules) * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:1147 <-> DISABLED <-> SERVER-WEBAPP cat_ access (server-webapp.rules) * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules) * 1:11679 <-> DISABLED <-> SERVER-APACHE Apache mod_rewrite buffer overflow attempt (server-apache.rules) * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (server-webapp.rules) * 1:11687 <-> DISABLED <-> SERVER-APACHE Apache SSI error page cross-site scripting attempt (server-apache.rules) * 1:11822 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid access (browser-plugins.rules) * 1:11826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Voice Control Recognition ActiveX clsid access (browser-plugins.rules) * 1:11830 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Direct Speech Recognition ActiveX clsid access (browser-plugins.rules) * 1:11834 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer navcancl.htm url spoofing attempt (browser-ie.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:11836 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio version number anomaly (file-office.rules) * 1:11838 <-> DISABLED <-> OS-WINDOWS Microsoft Windows API res buffer overflow attempt (os-windows.rules) * 1:11947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows schannel security package (os-windows.rules) * 1:11966 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS tag memory corruption attempt (browser-ie.rules) * 1:11970 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:12027 <-> ENABLED <-> SQL Ingres Database uuid_from_char buffer overflow attempt (sql.rules) * 1:12046 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind RPC Library unix authentication buffer overflow attempt (protocol-rpc.rules) * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules) * 1:12070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed version field (file-office.rules) * 1:12075 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (protocol-rpc.rules) * 1:12076 <-> DISABLED <-> SERVER-OTHER Ipswitch WS_FTP log server long unicode string (server-other.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer Heap buffer overflow (server-other.rules) * 1:12081 <-> DISABLED <-> SERVER-OTHER BakBone NetVault server heap overflow attempt (server-other.rules) * 1:12099 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWindow1 record handling arbitrary code execution attempt (file-office.rules) * 1:12100 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP ca-alert function 16,23 overflow attempt (netbios.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12183 <-> DISABLED <-> FILE-FLASH Adobe FLV long string script data buffer overflow attempt (file-flash.rules) * 1:12184 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel workbook workspace designation handling arbitrary code execution attempt (file-office.rules) * 1:12187 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 tcp rename_principal attempt (protocol-rpc.rules) * 1:12193 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Widgets Engine ActiveX clsid access (browser-plugins.rules) * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules) * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules) * 1:12199 <-> DISABLED <-> SERVER-OTHER RIM BlackBerry SRP negative string size (server-other.rules) * 1:12202 <-> DISABLED <-> SERVER-OTHER Ingres long message heap buffer overflow attempt (server-other.rules) * 1:12203 <-> DISABLED <-> BROWSER-PLUGINS VMWare Vielib.dll ActiveX clsid access (browser-plugins.rules) * 1:12213 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search date command buffer overflow attempt (server-mail.rules) * 1:12216 <-> DISABLED <-> SERVER-OTHER Borland interbase Create Request opcode string length buffer overflow attempt (server-other.rules) * 1:12218 <-> DISABLED <-> SERVER-OTHER Borland interbase string length buffer overflow attempt (server-other.rules) * 1:12219 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer SMIL wallclock parsing buffer overflow (file-multimedia.rules) * 1:12222 <-> DISABLED <-> SERVER-OTHER Squid proxy long WCCP packet (server-other.rules) * 1:12223 <-> DISABLED <-> SERVER-OTHER Novell WebAdmin long user name (server-other.rules) * 1:12250 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX clsid access (browser-plugins.rules) * 1:12256 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:1226 <-> DISABLED <-> X11 xopen (x11.rules) * 1:12269 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TLIApplication ActiveX clsid access (browser-plugins.rules) * 1:12278 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player compressed skin download request (file-identify.rules) * 1:12279 <-> DISABLED <-> OS-WINDOWS Microsoft XML substringData integer overflow attempt (os-windows.rules) * 1:12280 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML source file memory corruption attempt (browser-ie.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWnDesk record memory corruption exploit attempt (file-office.rules) * 1:12286 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (file-other.rules) * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules) * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules) * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules) * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules) * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules) * 1:12358 <-> DISABLED <-> SERVER-OTHER Helix DNA Server RTSP require tag heap overflow attempt (server-other.rules) * 1:12392 <-> DISABLED <-> SERVER-MAIL GNU Mailutils request tag format string vulnerability attempt (server-mail.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules) * 1:12448 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent Control ActiveX clsid access (browser-plugins.rules) * 1:12454 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12455 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12456 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file magic detected (file-identify.rules) * 1:12459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules) * 1:12489 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrWkstaGetInfo attempt (netbios.rules) * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (server-apache.rules) * 1:12592 <-> DISABLED <-> SERVER-MAIL Recipient arbitrary command injection attempt (server-mail.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules) * 1:12618 <-> DISABLED <-> FILE-OTHER Microsoft Visual Basic VBP file reference overflow attempt (file-other.rules) * 1:12629 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint cross site scripting attempt (server-webapp.rules) * 1:12630 <-> DISABLED <-> INDICATOR-SHELLCODE unescape unicode encoded shellcode (indicator-shellcode.rules) * 1:12635 <-> DISABLED <-> OS-WINDOWS RPC NTLMSSP malformed credentials attempt (os-windows.rules) * 1:12641 <-> DISABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detected (file-identify.rules) * 1:12665 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGSever username buffer overflow attempt (server-other.rules) * 1:12666 <-> DISABLED <-> SERVER-OTHER HP OpenView OVTrace buffer overflow attempt (server-other.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manger Express CAD Host buffer overflow (server-other.rules) * 1:12688 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:12706 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement data overflow (server-mail.rules) * 1:12707 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer lyrics heap overflow attempt (file-multimedia.rules) * 1:12713 <-> DISABLED <-> SERVER-ORACLE pitrig_dropmetadata buffer overflow attempt (server-oracle.rules) * 1:12728 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks SMIL wallclock stack overflow attempt (file-multimedia.rules) * 1:12729 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX clsid access (browser-plugins.rules) * 1:12741 <-> DISABLED <-> SERVER-OTHER Apple Quicktime TCP RTSP sdp type buffer overflow attempt (server-other.rules) * 1:12743 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC picture description metadata buffer overflow attempt (file-multimedia.rules) * 1:12744 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC VORBIS string buffer overflow attempt (file-multimedia.rules) * 1:12745 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC picture metadata buffer overflow attempt (file-multimedia.rules) * 1:12746 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD atom overflow attempt (file-multimedia.rules) * 1:12757 <-> DISABLED <-> FILE-IMAGE Apple QuickTime uncompressed PICT stack overflow attempt (file-image.rules) * 1:12766 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX clsid access (browser-plugins.rules) * 1:12767 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX function call access (browser-plugins.rules) * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules) * 1:12770 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows obfuscated RDS.Dataspace ActiveX exploit attempt (browser-plugins.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:1279 <-> DISABLED <-> PROTOCOL-RPC portmap snmpXdmi request UDP (protocol-rpc.rules) * 1:12798 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12799 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12800 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12802 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12807 <-> DISABLED <-> FILE-IDENTIFY Lotus 123 file attachment (file-identify.rules) * 1:12904 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup vmd shared library buffer overflow attempt (server-other.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules) * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules) * 1:12971 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:12972 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:12977 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt (os-windows.rules) * 1:12978 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal overflow attempt (os-windows.rules) * 1:12983 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX SAMI file CRawParser buffer overflow attempt (file-multimedia.rules) * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules) * 1:13210 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat overflow attempt (os-windows.rules) * 1:13211 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat overflow attempt (os-windows.rules) * 1:13219 <-> DISABLED <-> BROWSER-PLUGINS HP Software Update RulesEngine.dll ActiveX clsid access (browser-plugins.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:13224 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Toolbar YShortcut ActiveX clsid access (browser-plugins.rules) * 1:13249 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 10/8 address detected (protocol-dns.rules) * 1:1325 <-> DISABLED <-> INDICATOR-SHELLCODE ssh CRC32 overflow filler (indicator-shellcode.rules) * 1:13252 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp procedure 4 attempt (protocol-rpc.rules) * 1:13258 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 6 ActiveX clsid access (browser-plugins.rules) * 1:13260 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 6 ActiveX function call access (browser-plugins.rules) * 1:13262 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX clsid access (browser-plugins.rules) * 1:13264 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX function call access (browser-plugins.rules) * 1:13288 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote kernel tcp/ip icmp vulnerability exploit attempt (os-windows.rules) * 1:13291 <-> DISABLED <-> SERVER-SAMBA Samba send_mailslot buffer overflow attempt (server-samba.rules) * 1:13292 <-> DISABLED <-> PUA-OTHER Skype skype4com URI handler memory corruption attempt (pua-other.rules) * 1:13293 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules) * 1:13294 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX clsid access (browser-plugins.rules) * 1:13296 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX clsid access (browser-plugins.rules) * 1:13300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:13302 <-> DISABLED <-> SERVER-APACHE Apache mod_imagemap cross site scripting attempt (server-apache.rules) * 1:13303 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro 2 ActiveX clsid access (browser-plugins.rules) * 1:13317 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing nam buffer overflow attempt (file-multimedia.rules) * 1:13321 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Package and Deployment Wizard ActiveX clsid access (browser-plugins.rules) * 1:13356 <-> ENABLED <-> SQL SAP MaxDB shell command injection attempt (sql.rules) * 1:13361 <-> DISABLED <-> FILE-OTHER ClamAV MEW PE file integer overflow attempt (file-other.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules) * 1:13364 <-> DISABLED <-> SERVER-MAIL Novell GroupWise client IMG SRC buffer overflow (server-mail.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules) * 1:13366 <-> DISABLED <-> SERVER-ORACLE Oracle database SYS.LT.FINDRICSET SQL injection attempt (server-oracle.rules) * 1:13419 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX clsid access (browser-plugins.rules) * 1:13449 <-> DISABLED <-> OS-WINDOWS Microsoft Windows vbscript/jscript scripting engine end buffer overflow attempt (os-windows.rules) * 1:13455 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX function call access (browser-ie.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules) * 1:13465 <-> DISABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13466 <-> DISABLED <-> FILE-OFFICE Microsoft Works file converter file section length headers memory corruption attempt (file-office.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:13472 <-> DISABLED <-> FILE-OFFICE Microsoft Works invalid chunk size (file-office.rules) * 1:13473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file download request (file-identify.rules) * 1:13513 <-> DISABLED <-> SQL generic sql insert injection attempt - GET parameter (sql.rules) * 1:13515 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13516 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime HTTP error response buffer overflow (file-multimedia.rules) * 1:13517 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime malformed idsc atom (file-multimedia.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules) * 1:13523 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:13525 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:13539 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX clsid access (browser-plugins.rules) * 1:13551 <-> DISABLED <-> SERVER-ORACLE Oracle XDB.XDB_PITRIG_PKG sql injection attempt (server-oracle.rules) * 1:13552 <-> DISABLED <-> SERVER-OTHER Symantec VERITAS Storage Foundation Suite buffer overflow attempt (server-other.rules) * 1:13553 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink username string buffer overflow (server-other.rules) * 1:13569 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:13570 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel cf record arbitrary code excecution attempt (file-office.rules) * 1:13571 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel dval record arbitrary code excecution attempt (file-office.rules) * 1:13572 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:13573 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook arbitrary command line attempt (file-office.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13603 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Download Handler ActiveX function call access (browser-plugins.rules) * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules) * 1:13621 <-> DISABLED <-> BROWSER-PLUGINS CA BrightStor ListCtrl ActiveX clsid access (browser-plugins.rules) * 1:13626 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access file magic detected (file-identify.rules) * 1:13631 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services log handling format string attempt (server-other.rules) * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (server-webapp.rules) * 1:13663 <-> DISABLED <-> SERVER-MAIL Alt-N MDaemon IMAP Server FETCH command buffer overflow attempt (server-mail.rules) * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:13665 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file invalid memory allocation exploit attempt (file-office.rules) * 1:13672 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control 2 ActiveX clsid access (browser-plugins.rules) * 1:13677 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer data stream memory corruption attempt (browser-ie.rules) * 1:13693 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules) * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules) * 1:13714 <-> DISABLED <-> SERVER-MYSQL yaSSL SSLv3 Client Hello Message Cipher Specs Buffer Overflow attempt (server-mysql.rules) * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:13734 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 10 ActiveX clsid access (browser-plugins.rules) * 1:13800 <-> DISABLED <-> SERVER-OTHER ARCServe LGServer service data overflow attempt (server-other.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13807 <-> DISABLED <-> FILE-IMAGE Microsoft Windows metafile SetPaletteEntries heap overflow attempt (file-image.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:13820 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PGM denial of service attempt (os-windows.rules) * 1:13834 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer request header overwrite (browser-ie.rules) * 1:13838 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IFRAME style change handling code execution (browser-firefox.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules) * 1:1384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP malformed advertisement (os-windows.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:13846 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent password overflow attempt (server-other.rules) * 1:13865 <-> DISABLED <-> FILE-IMAGE BMP image handler buffer overflow attempt (file-image.rules) * 1:13893 <-> DISABLED <-> FILE-OTHER Microsoft malformed saved search heap corruption attempt (file-other.rules) * 1:13894 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook Web Access From field cross-site scripting attempt (server-mail.rules) * 1:13895 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook Web Access invalid CSS escape sequence script execution attempt (server-mail.rules) * 1:13896 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL server MTF file download (server-mssql.rules) * 1:1390 <-> DISABLED <-> INDICATOR-SHELLCODE x86 inc ebx NOOP (indicator-shellcode.rules) * 1:13901 <-> DISABLED <-> NETBIOS SMB server response heap overflow attempt (netbios.rules) * 1:13902 <-> DISABLED <-> SERVER-OTHER IBM Lotus Sametime multiplexer stack buffer overflow attempt (server-other.rules) * 1:13905 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access (browser-plugins.rules) * 1:13911 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file download request (file-identify.rules) * 1:13913 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX function call access (browser-plugins.rules) * 1:13916 <-> DISABLED <-> SERVER-WEBAPP Alt-N SecurityGateway username buffer overflow attempt (server-webapp.rules) * 1:13917 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:13919 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:13920 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Obji Atom parsing stack buffer overflow attempt (file-multimedia.rules) * 1:13925 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager PASV stack overflow attempt (protocol-ftp.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules) * 1:13928 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp r0 SQL injection attempt (server-webapp.rules) * 1:13929 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp rx SQL injection attempt (server-webapp.rules) * 1:13949 <-> DISABLED <-> PROTOCOL-DNS excessive outbound NXDOMAIN replies - possible spoof of domain run by local DNS servers (protocol-dns.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules) * 1:13951 <-> DISABLED <-> SERVER-WEBAPP Oracle Database Server buffer overflow attempt (server-webapp.rules) * 1:13971 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (file-office.rules) * 1:13972 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel country record arbitrary code execution attempt (file-office.rules) * 1:13980 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer http status response memory corruption vulnerability (browser-ie.rules) * 1:13981 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed chart arbitrary code execution attempt (file-office.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:14013 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX clsid access (browser-plugins.rules) * 1:14015 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX function call access (browser-plugins.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14018 <-> DISABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:14021 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX clsid access (browser-plugins.rules) * 1:14025 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX clsid access (browser-plugins.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules) * 1:14037 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:14038 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:14039 <-> DISABLED <-> FILE-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt (file-other.rules) * 1:14255 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX clsid access (browser-plugins.rules) * 1:14261 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI VML gradient size heap overflow attempt (os-windows.rules) * 1:14262 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote iframe caller exploit attempt (file-office.rules) * 1:14264 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:14642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded ActiveX control (file-office.rules) * 1:14643 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer location and location.href cross domain security bypass vulnerability (browser-ie.rules) * 1:14644 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain unfocusable HTML element (browser-ie.rules) * 1:14645 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain setExpression exploit attempt (browser-ie.rules) * 1:14649 <-> DISABLED <-> OS-WINDOWS SMB Search Search filename size integer underflow attempt (os-windows.rules) * 1:14657 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain componentFromPoint memory corruption attempt (browser-ie.rules) * 1:14710 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss EnumJobs attempt (os-windows.rules) * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules) * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules) * 1:14743 <-> DISABLED <-> PROTOCOL-FTP RNTO directory traversal attempt (protocol-ftp.rules) * 1:14748 <-> DISABLED <-> BROWSER-PLUGINS Autodesk LiveUpdate ActiveX clsid access (browser-plugins.rules) * 1:14756 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX clsid access (browser-plugins.rules) * 1:14760 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX clsid access (browser-plugins.rules) * 1:14764 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service Agent ActiveX clsid access attempt (browser-plugins.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules) * 1:14769 <-> ENABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules) * 1:14770 <-> DISABLED <-> PROTOCOL-FTP Ipswitch WS_FTP client format string attempt (protocol-ftp.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:14782 <-> ENABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (os-windows.rules) * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules) * 1:14986 <-> DISABLED <-> INDICATOR-SHELLCODE x86 fldz get eip shellcode (indicator-shellcode.rules) * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules) * 1:14991 <-> ENABLED <-> SQL IBM DB2 Universal Database xmlquery buffer overflow attempt (sql.rules) * 1:14992 <-> DISABLED <-> SERVER-WEBAPP Openwsman HTTP basic authentication buffer overflow attempt (server-webapp.rules) * 1:1500 <-> DISABLED <-> SERVER-WEBAPP ExAir access (server-webapp.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15014 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:15015 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (os-windows.rules) * 1:15078 <-> DISABLED <-> SERVER-OTHER HP Openview Network Node Manager OValarmsrv buffer overflow attempt (server-other.rules) * 1:15079 <-> DISABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15080 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player WAV processing integer overflow attempt (file-multimedia.rules) * 1:15081 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start xml encoding buffer overflow attempt (file-java.rules) * 1:15082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rtf malformed dpcallout buffer overflow attempt (file-office.rules) * 1:15098 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic FlexGrid ActiveX function call access (browser-plugins.rules) * 1:15100 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX clsid access (browser-plugins.rules) * 1:15104 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (file-multimedia.rules) * 1:15105 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules) * 1:15106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file integer overflow attempt (file-office.rules) * 1:15107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file stylesheet buffer overflow attempt (file-office.rules) * 1:15108 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Server elevation of privilege exploit attempt (server-webapp.rules) * 1:15114 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer embed src buffer overflow attempt (browser-ie.rules) * 1:15116 <-> DISABLED <-> OS-WINDOWS Microsoft Windows search protocol remote command injection attempt (os-windows.rules) * 1:15122 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 2 ActiveX clsid access (browser-plugins.rules) * 1:15126 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt (browser-ie.rules) * 1:15143 <-> DISABLED <-> SERVER-MSSQL sp_replwritetovarbin unicode vulnerable function attempt (server-mssql.rules) * 1:15145 <-> DISABLED <-> SERVER-OTHER Apple CUPS TrueColor PNG filter overly large image height integer overflow attempt (server-other.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:15153 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server setup Authentication bypass attempt (pua-other.rules) * 1:15157 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF memory corruption attempt (file-multimedia.rules) * 1:15158 <-> DISABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15163 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio Object Header Buffer Overflow attempt (file-office.rules) * 1:15164 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG Layout Engine Index Parameter memory corruption attempt (browser-firefox.rules) * 1:15166 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player RealText buffer overflow attempt (file-multimedia.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15190 <-> DISABLED <-> SERVER-WEBAPP Youngzsoft CCProxy CONNECT Request buffer overflow attempt (server-webapp.rules) * 1:15192 <-> DISABLED <-> BROWSER-PLUGINS SizerOne ActiveX clsid access (browser-plugins.rules) * 1:15196 <-> DISABLED <-> OS-WINDOWS SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules) * 1:15220 <-> DISABLED <-> OS-WINDOWS SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules) * 1:15230 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Viewer 2 ActiveX clsid access (browser-plugins.rules) * 1:15236 <-> DISABLED <-> FILE-IMAGE ACD Systems ACDSee XPM file format overflow attempt (file-image.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15238 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime for Java toQTPointer function memory corruption attempt (file-multimedia.rules) * 1:15239 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15240 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15241 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC real.c ReadRealIndex real demuxer integer overflow attempt (file-multimedia.rules) * 1:15243 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX clsid access (browser-plugins.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules) * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules) * 1:15264 <-> DISABLED <-> SERVER-WEBAPP Oracle TimesTen In-Memory Database evtdump CGI module format string exploit attempt (server-webapp.rules) * 1:15266 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Barcode ActiveX clsid access (browser-plugins.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15302 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange System Attendant denial of service attempt (server-mail.rules) * 1:15304 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt (browser-ie.rules) * 1:15305 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:15306 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable binary file magic detected (file-executable.rules) * 1:15311 <-> DISABLED <-> BROWSER-PLUGINS Research In Motion AxLoader ActiveX clsid access (browser-plugins.rules) * 1:15357 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 remote code execution attempt (file-pdf.rules) * 1:15364 <-> DISABLED <-> SERVER-OTHER Ganglia Meta Daemon process_path stack buffer overflow attempt (server-other.rules) * 1:15367 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook web access script injection attempt (file-office.rules) * 1:15382 <-> DISABLED <-> SERVER-OTHER X.Org X Font Server QueryXBitmaps and QueryXExtents Handlers integer overflow attempt (server-other.rules) * 1:15383 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBL Event Handler Tags Removal memory corruption attempt (browser-firefox.rules) * 1:15384 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:15385 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wpad dynamic update request (os-windows.rules) * 1:15387 <-> DISABLED <-> OS-WINDOWS udp WINS WPAD registration attempt (os-windows.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules) * 1:15431 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules) * 1:15443 <-> DISABLED <-> SERVER-MYSQL XML Functions UpdateXML Scalar XPath denial of service attempt (server-mysql.rules) * 1:15445 <-> DISABLED <-> SERVER-ORACLE Application Server BPEL module cross site scripting attempt (server-oracle.rules) * 1:15446 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory management console Accept-Language buffer overflow attempt (server-webapp.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15466 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad WordPerfect 6.x converter buffer overflow attempt (file-office.rules) * 1:15467 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office Text Converters PlcPcd aCP buffer overflow attempt (file-office.rules) * 1:15468 <-> DISABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15472 <-> DISABLED <-> FILE-MULTIMEDIA Multiple MP3 player PLS buffer overflow attempt (file-multimedia.rules) * 1:15473 <-> DISABLED <-> FILE-MULTIMEDIA Multiple media players M3U playlist file handling buffer overflow attempt (file-multimedia.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules) * 1:15478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15485 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules) * 1:15488 <-> DISABLED <-> SERVER-ORACLE Oracle Database Application Express Component APEX password hash disclosure attempt (server-oracle.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules) * 1:15492 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader spell.customDictionaryOpen exploit attempt (file-pdf.rules) * 1:15493 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:15499 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 Component buffer overflow attempt (file-office.rules) * 1:15500 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint LinkedSlide memory corruption (file-office.rules) * 1:15504 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Download of version 4.0 file (file-office.rules) * 1:15505 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (file-office.rules) * 1:15506 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (file-office.rules) * 1:15509 <-> DISABLED <-> SERVER-OTHER IBM DB2 database server CONNECT denial of service attempt (server-other.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:15514 <-> DISABLED <-> SERVER-OTHER Multiple Vendors NTP Daemon Autokey stack buffer overflow attempt (server-other.rules) * 1:15515 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server RollbackWorkspace SQL injection attempt (server-oracle.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15517 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI DirectShow QuickTime parsing overflow attempt (file-multimedia.rules) * 1:15518 <-> DISABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:15539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Formula record remote code execution attempt (file-office.rules) * 1:15540 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM memory corruption attempt (browser-ie.rules) * 1:15541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record remote code execution attempt (file-office.rules) * 1:15542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Qsir and Qsif record remote code execution attempt (file-office.rules) * 1:15555 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System Intel Alert Originator Service buffer overflow attempt (server-other.rules) * 1:15559 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules) * 1:15575 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:15580 <-> DISABLED <-> SERVER-OTHER Squid oversized reply header handling exploit attempt (server-other.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules) * 1:15670 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 6 ActiveX clsid access (browser-plugins.rules) * 1:15672 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 7 ActiveX clsid access (browser-plugins.rules) * 1:15681 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 file format arbitrary code execution attempt (file-office.rules) * 1:15682 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow QuickTime file stsc atom parsing heap corruption attempt (file-multimedia.rules) * 1:15685 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 10 Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:15693 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table overflow attempt (file-other.rules) * 1:15694 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (file-other.rules) * 1:15697 <-> DISABLED <-> INDICATOR-OBFUSCATION rename of javascript unescape function detected (indicator-obfuscation.rules) * 1:15698 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules) * 1:15702 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules) * 1:15707 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITPC protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules) * 1:15709 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader FlateDecode integer overflow attempt (file-pdf.rules) * 1:15710 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x3B null strings attempt (netbios.rules) * 1:15711 <-> DISABLED <-> PUA-OTHER mIRC PRIVMSG message processing overflow attempt (pua-other.rules) * 1:15722 <-> DISABLED <-> SERVER-ORACLE Oracle database server Workspace Manager multiple SQL injection attempt (server-oracle.rules) * 1:15723 <-> DISABLED <-> SERVER-ORACLE Oracle database server CompressWorkspaceTree SQL injection attempt (server-oracle.rules) * 1:15724 <-> DISABLED <-> SERVER-ORACLE Oracle database server MergeWorkspace SQL injection attempt (server-oracle.rules) * 1:15725 <-> DISABLED <-> SERVER-ORACLE Oracle database server RemoveWorkspace SQL injection attempt (server-oracle.rules) * 1:15727 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules) * 1:15731 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript deleted reference arbitrary code execution attempt (browser-ie.rules) * 1:15732 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS handling memory corruption attempt (browser-ie.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:15850 <-> DISABLED <-> OS-WINDOWS Remote Desktop orderType remote code execution attempt (os-windows.rules) * 1:15854 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile media file processing memory corruption attempt (file-multimedia.rules) * 1:15858 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:15860 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrGetJoinInformation attempt (os-windows.rules) * 1:15861 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX clsid access (browser-plugins.rules) * 1:15863 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX function call access (browser-plugins.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules) * 1:15867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF font processing memory corruption attempt (file-pdf.rules) * 1:15868 <-> DISABLED <-> SQL Borland InterBase username buffer overflow (sql.rules) * 1:15869 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:15870 <-> DISABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15871 <-> DISABLED <-> FILE-MULTIMEDIA FFmpeg 4xm processing memory corruption attempt (file-multimedia.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:15896 <-> DISABLED <-> SERVER-OTHER Firebird SQL op_connect_request denial of service attempt (server-other.rules) * 1:15900 <-> DISABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules) * 1:15902 <-> DISABLED <-> INDICATOR-SHELLCODE x86 win2k-2k3 decoder base shellcode (indicator-shellcode.rules) * 1:15906 <-> DISABLED <-> OS-LINUX Linux Kernel DCCP Protocol Handler dccp_setsockopt_change integer overflow attempt (os-linux.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules) * 1:15909 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime VR Track Header Atom heap corruption attempt (file-multimedia.rules) * 1:15910 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getElementById object corruption attempt (browser-ie.rules) * 1:15921 <-> DISABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:15922 <-> DISABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules) * 1:15934 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 172.16/12 address detected (protocol-dns.rules) * 1:15940 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer Multiple Products RA file processing overflow attempt (file-multimedia.rules) * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15944 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory crafted LDAP request denial of service attempt (os-windows.rules) * 1:15945 <-> DISABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15946 <-> DISABLED <-> FILE-OTHER Microsoft Windows Vista Feed Headlines Gagdet code execution attempt (file-other.rules) * 1:15947 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Web Access Cross-Site Scripting attempt (file-office.rules) * 1:15948 <-> DISABLED <-> SERVER-OTHER CA License Software invalid command overflow attempt (server-other.rules) * 1:15950 <-> DISABLED <-> SERVER-OTHER McAfee LHA Type-2 file handling overflow attempt (server-other.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules) * 1:15954 <-> DISABLED <-> SERVER-MAIL SpamAssassin malformed email header DoS attempt (server-mail.rules) * 1:15955 <-> DISABLED <-> SERVER-ORACLE Application Server 9i Webcache file corruption attempt (server-oracle.rules) * 1:15956 <-> DISABLED <-> SERVER-ORACLE http Server mod_access restriction bypass attempt (server-oracle.rules) * 1:15957 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus zip file handling DoS attempt (file-other.rules) * 1:15958 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules) * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (server-other.rules) * 1:15961 <-> DISABLED <-> SERVER-OTHER 3Com Network Supervisor directory traversal attempt (server-other.rules) * 1:15962 <-> DISABLED <-> SERVER-WEBAPP Sybase EAServer WebConsole overflow attempt (server-webapp.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:15990 <-> DISABLED <-> SERVER-WEBAPP Multiple Vendor server file disclosure attempt (server-webapp.rules) * 1:15993 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript intrf_count integer overflow attempt (file-flash.rules) * 1:15994 <-> DISABLED <-> SERVER-OTHER Squid strListGetItem denial of service attempt (server-other.rules) * 1:15995 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed avi file mjpeg compression arbitrary code execution attempt (file-multimedia.rules) * 1:15997 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JIT escape function memory corruption attempt (browser-firefox.rules) * 1:15998 <-> DISABLED <-> SERVER-OTHER HP OpenView Client Configuration Manager Radia Notify Daemon code execution attempt (server-other.rules) * 1:15999 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products frame comment objects manipulation memory corruption attempt (browser-firefox.rules) * 1:16000 <-> DISABLED <-> FILE-IMAGE Sun Microsystems Java gif handling memory corruption attempt (file-image.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:16004 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16005 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules) * 1:16006 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime color table id memory corruption attempt (file-multimedia.rules) * 1:16007 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt (browser-ie.rules) * 1:16008 <-> DISABLED <-> OS-WINDOWS Multiple Products excessive HTTP 304 Not Modified responses exploit attempt (os-windows.rules) * 1:16009 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products overflow event handling memory corruption attempt (browser-firefox.rules) * 1:16010 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Javascript Page update race condition attempt (browser-ie.rules) * 1:16011 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS property method handling memory corruption attempt (browser-ie.rules) * 1:16013 <-> DISABLED <-> SERVER-OTHER IBM solidDB logging function format string exploit attempt (server-other.rules) * 1:16014 <-> DISABLED <-> SERVER-OTHER Novell eDirectory HTTP headers denial of service attempt (server-other.rules) * 1:16016 <-> DISABLED <-> OS-WINDOWS Microsoft client for netware overflow attempt (os-windows.rules) * 1:16017 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino LDAP server invalid DN message buffer overflow attempt (server-other.rules) * 1:16018 <-> DISABLED <-> SERVER-OTHER HP OpenView network node manager buffer overflow (server-other.rules) * 1:16019 <-> DISABLED <-> SERVER-OTHER Novell Distributed Print Services integer overflow attempt (server-other.rules) * 1:16020 <-> DISABLED <-> SERVER-MYSQL login handshake information disclosure attempt (server-mysql.rules) * 1:16021 <-> DISABLED <-> SERVER-APACHE Apache http Server mod_tcl format string attempt (server-apache.rules) * 1:16022 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Vista Windows mail file execution attempt (file-executable.rules) * 1:16027 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp midi file header overflow attempt (file-multimedia.rules) * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules) * 1:16031 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested object tag memory corruption attempt (browser-ie.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules) * 1:16033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer compressed content attempt (browser-ie.rules) * 1:16035 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:16036 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products QueryInterface method memory corruption attempt (browser-firefox.rules) * 1:16037 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products graphics and XML features integer overflows attempt (browser-firefox.rules) * 1:16039 <-> DISABLED <-> SERVER-OTHER EMC Dantz Retrospect Backup Agent denial of service attempt (server-other.rules) * 1:16041 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime FLIC animation file buffer overflow attempt (file-multimedia.rules) * 1:16042 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers CSS moz-binding cross domain scripting attempt (browser-firefox.rules) * 1:16045 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:16046 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia file format processing heap corruption attempt (file-multimedia.rules) * 1:16047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox layout frame constructor memory corruption attempt (browser-firefox.rules) * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules) * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules) * 1:16052 <-> DISABLED <-> SERVER-OTHER Novell iManager Tree parameter denial of service attempt (server-other.rules) * 1:16054 <-> DISABLED <-> FILE-IMAGE Apple QuickTime bitmap multiple header overflow (file-image.rules) * 1:16055 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes AAC file handling integer overflow attempt (file-multimedia.rules) * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:16059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed file format parsing code execution attempt (file-office.rules) * 1:16060 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino LDAP server memory exception attempt (server-other.rules) * 1:16061 <-> DISABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16063 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isindex buffer overflow attempt (browser-ie.rules) * 1:16064 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onBeforeUnload address bar spoofing attempt (browser-ie.rules) * 1:16065 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer location.replace memory corruption attempt (browser-ie.rules) * 1:16066 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server driver crafted SMB data denial of service (os-windows.rules) * 1:16067 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:16069 <-> DISABLED <-> SERVER-OTHER IBM Informix server argument processing overflow attempt (server-other.rules) * 1:16070 <-> DISABLED <-> FILE-OTHER X.org PCF parsing buffer overflow attempt (file-other.rules) * 1:16071 <-> DISABLED <-> SERVER-OTHER CA ARCServe Backup Discovery Service denial of service attempt (server-other.rules) * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules) * 1:16075 <-> DISABLED <-> SQL Suspicious SQL ansi_padding option (sql.rules) * 1:16079 <-> DISABLED <-> SERVER-WEBAPP uselang code injection (server-webapp.rules) * 1:16083 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp request (protocol-rpc.rules) * 1:16087 <-> DISABLED <-> FILE-OTHER Multiple vendor AV gateway virus detection bypass attempt (file-other.rules) * 1:16089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded web font handling buffer overflow attempt (os-windows.rules) * 1:16090 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Core XML core services XMLHTTP control open method code execution attempt (browser-plugins.rules) * 1:16091 <-> DISABLED <-> SERVER-OTHER Macromedia Flash Media Server administration service denial of service attempt (server-other.rules) * 1:16142 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PKCS11 module installation code execution attempt (browser-firefox.rules) * 1:16143 <-> DISABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16145 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:16147 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS malformed URL .dll denial of service attempt (server-iis.rules) * 1:16148 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime and iTunes heap memory corruption attempt (file-multimedia.rules) * 1:16169 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:16187 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectShow MJPEG arbitrary code execution attempt (os-windows.rules) * 1:16188 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (file-office.rules) * 1:16189 <-> DISABLED <-> SERVER-ORACLE Database REPCAT_RPC.VALIDATE_REMOTE_RC SQL injection attempt (server-oracle.rules) * 1:16190 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server property_box.php command injection attempt (server-oracle.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:16197 <-> DISABLED <-> SERVER-OTHER OpenLDAP ber_get_next BER decoding denial of service attempt (server-other.rules) * 1:16199 <-> DISABLED <-> SERVER-MAIL SpamAssassin long message header denial of service attempt (server-mail.rules) * 1:16200 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox command line URL shell command injection attempt (browser-firefox.rules) * 1:16201 <-> DISABLED <-> SERVER-MAIL Ipswitch Collaboration Suite SMTP format string exploit attempt (server-mail.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS server spoofing attempt (os-windows.rules) * 1:16207 <-> DISABLED <-> SERVER-WEBAPP MIT Kerberos V% KAdminD klog_vsyslog server overflow attempt (server-webapp.rules) * 1:16208 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Distributed Management Objects overflow attempt (server-mssql.rules) * 1:16209 <-> DISABLED <-> SERVER-OTHER FreeRADIUS RADIUS server rad_decode remote denial of service attempt (server-other.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules) * 1:16214 <-> DISABLED <-> SERVER-OTHER Squid Proxy invalid HTTP response code denial of service attempt (server-other.rules) * 1:16215 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server Portal cross site scripting attempt (server-oracle.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16231 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:16283 <-> DISABLED <-> SERVER-WEBAPP Borland StarTeam Multicast Service buffer overflow attempt (server-webapp.rules) * 1:16284 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ClearTextRun exploit attempt (browser-firefox.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16288 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt (file-java.rules) * 1:16291 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Network Security Services regexp heap overflow attempt (browser-firefox.rules) * 1:16292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla CSS value counter overflow attempt (browser-firefox.rules) * 1:16294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP stack zero window size exploit attempt (os-windows.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules) * 1:16300 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules) * 1:16301 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules) * 1:16310 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6/7 outerHTML invalid reference arbitrary code execution attempt (browser-ie.rules) * 1:16311 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6/7 single line outerHTML invalid reference arbitrary code execution attempt (browser-ie.rules) * 1:16318 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid ho tag attempt (file-office.rules) * 1:16319 <-> DISABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat attempt (browser-ie.rules) * 1:16331 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:16333 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:16334 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules) * 1:16339 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt - obfuscated (browser-ie.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules) * 1:16537 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player ActiveX unknow compression algorithm use arbitrary code execution attempt (browser-plugins.rules) * 1:16540 <-> DISABLED <-> OS-WINDOWS SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules) * 1:16541 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Service stack overflow attempt (os-windows.rules) * 1:16542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:16543 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player codec code execution attempt (file-multimedia.rules) * 1:16545 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed Richmedia annotation exploit attempt (file-pdf.rules) * 1:16549 <-> DISABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - npruntime-scriptable-plugin (file-other.rules) * 1:16554 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript getIcon method buffer overflow attempt (file-pdf.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules) * 1:16560 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint XSS attempt (server-webapp.rules) * 1:16574 <-> DISABLED <-> BROWSER-PLUGINS obfuscated ActiveX object instantiation via fromCharCode (browser-plugins.rules) * 1:16576 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix AgentX receive_agentx stack buffer overflow attempt (server-other.rules) * 1:16589 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX function call access (browser-plugins.rules) * 1:16593 <-> DISABLED <-> FILE-OFFICE Microsoft VBE6.dll stack corruption attempt (file-office.rules) * 1:16595 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail remote code execution attempt (server-mail.rules) * 1:16596 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari information disclosure and remote code execution attempt (browser-webkit.rules) * 1:16597 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent Email address processing buffer overflow attempt (server-mail.rules) * 1:16603 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Linux malformed U3D mesh deceleration block exploit attempt (file-pdf.rules) * 1:16605 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested SPAN tag memory corruption attempt (browser-ie.rules) * 1:16606 <-> DISABLED <-> SERVER-ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt (server-oracle.rules) * 1:16631 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari image use after remove attempt (browser-webkit.rules) * 1:16632 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari image use after reparent attempt (browser-webkit.rules) * 1:16633 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader File containing Flash use-after-free attack attempt (file-pdf.rules) * 1:16634 <-> DISABLED <-> FILE-FLASH Adobe Flash use-after-free attack attempt (file-flash.rules) * 1:16635 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:16637 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer security zone restriction bypass attempt (browser-ie.rules) * 1:16638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules) * 1:16639 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro (file-office.rules) * 1:16640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with linkFmla (file-office.rules) * 1:16641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro and linkFmla (file-office.rules) * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules) * 1:16643 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:16644 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:16645 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:16646 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record stack buffer overflow attempt (file-office.rules) * 1:16647 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt - 2 (file-office.rules) * 1:16648 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt - 1 (file-office.rules) * 1:16650 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 1 (file-office.rules) * 1:16651 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 2 (file-office.rules) * 1:16652 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 3 (file-office.rules) * 1:16653 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 4 (file-office.rules) * 1:16654 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Publisher record heap buffer overflow attempt (file-office.rules) * 1:16656 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF5 ExternSheet record stack overflow attempt (file-office.rules) * 1:16657 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DBQueryExt record memory corruption attempt (file-office.rules) * 1:16659 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style sheet array memory corruption attempt (browser-ie.rules) * 1:16660 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Server 2007 help.aspx denial of service attempt (server-webapp.rules) * 1:16661 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (file-multimedia.rules) * 1:16664 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader authplay.dll vulnerability exploit attempt (file-pdf.rules) * 1:16665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Help Centre escape sequence XSS attempt (os-windows.rules) * 1:16666 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari window.parent.close unspecified remote code execution vulnerability (browser-webkit.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16671 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access ActiveX exploit attempt (browser-plugins.rules) * 1:16672 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX control buffer overflow attempt (browser-plugins.rules) * 1:16673 <-> DISABLED <-> FILE-OTHER Adobe Shockwave DIR file PAMI chunk code execution attempt (file-other.rules) * 1:16674 <-> ENABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:16675 <-> DISABLED <-> BROWSER-PLUGINS CA BrightStor ListCtrl ActiveX control access (browser-plugins.rules) * 1:16676 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode colors declaration (file-pdf.rules) * 1:16677 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode colors declaration (file-pdf.rules) * 1:16683 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp CAF file processing integer overflow attempt (file-multimedia.rules) * 1:16684 <-> DISABLED <-> SERVER-SAMBA Samba smbd Session Setup AndX security blob length dos attempt (server-samba.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules) * 1:16688 <-> DISABLED <-> SERVER-OTHER iscsi target format string code execution attempt (server-other.rules) * 1:16694 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP request denial of service attempt (server-other.rules) * 1:16699 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v2 udp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16700 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v2 tcp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16701 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v3 udp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16702 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v3 tcp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16703 <-> DISABLED <-> SERVER-MYSQL Database COM_FIELD_LIST Buffer Overflow attempt (server-mysql.rules) * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules) * 1:16709 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETERS empty DataConvertBuffer header denial of service attempt (server-other.rules) * 1:16710 <-> DISABLED <-> SERVER-OTHER Oracle BEA Weblogic server console-help.portal cross-site scripting attempt (server-other.rules) * 1:16716 <-> DISABLED <-> FILE-IMAGE Oracle Java Web Start Splashscreen PNG processing buffer overflow attempt (file-image.rules) * 1:16717 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Enterprise Search search_p_groups cross-site scripting attempt (server-oracle.rules) * 1:16719 <-> DISABLED <-> FILE-OTHER CA multiple product AV engine CAB header parsing stack overflow attempt (file-other.rules) * 1:1672 <-> DISABLED <-> PROTOCOL-FTP CWD ~ attempt (protocol-ftp.rules) * 1:16720 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player TY processing buffer overflow attempt (file-multimedia.rules) * 1:16721 <-> DISABLED <-> FILE-OTHER Orbital Viewer .orb stack buffer overflow attempt (file-other.rules) * 1:16722 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE procedure SQL injection attempt (server-oracle.rules) * 1:16723 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server DBMS_CDC_PUBLISH.ALTER_CHANGE_SOURCE procedure SQL injection attempt (server-oracle.rules) * 1:16724 <-> DISABLED <-> OS-LINUX Linux kernel sctp_process_unk_param SCTPChunkInit buffer overflow attempt (os-linux.rules) * 1:16746 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX clsid access (browser-plugins.rules) * 1:16752 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16753 <-> DISABLED <-> SERVER-WEBAPP VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (server-webapp.rules) * 1:16754 <-> DISABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16755 <-> DISABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16756 <-> DISABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16757 <-> DISABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:16763 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX attempt (netbios.rules) * 1:16765 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX unicode attempt (netbios.rules) * 1:16772 <-> ENABLED <-> BROWSER-PLUGINS EMC Captiva QuickScan Pro ActiveX clsid access (browser-plugins.rules) * 1:16788 <-> DISABLED <-> SERVER-OTHER RealVNC VNC Server ClientCutText message memory corruption attempt (server-other.rules) * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules) * 1:16800 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FRTWrapper record buffer overflow attempt (file-office.rules) * 1:17034 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules) * 1:17035 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules) * 1:17036 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules) * 1:17037 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Access multiple control instantiation memory corruption attempt (browser-plugins.rules) * 1:17038 <-> DISABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 1 (file-office.rules) * 1:17039 <-> DISABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 2 (file-office.rules) * 1:17042 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitrary dll load attempt (file-other.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:17051 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access (browser-plugins.rules) * 1:17055 <-> DISABLED <-> SERVER-ORACLE Oracle Database DBMS TNS Listener denial of service attempt (server-oracle.rules) * 1:17056 <-> DISABLED <-> NETBIOS Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (netbios.rules) * 1:17057 <-> DISABLED <-> NETBIOS Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (netbios.rules) * 1:17092 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX clsid access (browser-plugins.rules) * 1:17094 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX function call access (browser-plugins.rules) * 1:17103 <-> DISABLED <-> SERVER-IIS IIS 5.1 alternate data stream authentication bypass attempt (server-iis.rules) * 1:17107 <-> DISABLED <-> SERVER-APACHE Apache Tomcat JK Web Server Connector long URL stack overflow attempt - 1 (server-apache.rules) * 1:17111 <-> DISABLED <-> INDICATOR-OBFUSCATION known JavaScript obfuscation routine (indicator-obfuscation.rules) * 1:17113 <-> ENABLED <-> OS-WINDOWS Microsoft SilverLight ImageSource redefine flowbit (os-windows.rules) * 1:17114 <-> DISABLED <-> OS-WINDOWS Microsoft SilverLight ImageSource remote code execution attempt (os-windows.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17117 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-multimedia.rules) * 1:17119 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority SPRM overflow attempt (file-office.rules) * 1:17120 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (file-office.rules) * 1:17121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (file-office.rules) * 1:17122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 3 (file-office.rules) * 1:17123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format invalid field size memory corruption attempt (file-office.rules) * 1:17124 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word malformed table record memory corruption attempt (file-office.rules) * 1:17128 <-> DISABLED <-> FILE-MULTIMEDIA Cinepak Codec VIDC decompression remote code execution attempt (file-multimedia.rules) * 1:17129 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules) * 1:17130 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer boundElements arbitrary code execution (browser-ie.rules) * 1:17133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:17134 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:17135 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker string size overflow attempt (file-multimedia.rules) * 1:17137 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center information disclosure attempt (server-webapp.rules) * 1:17138 <-> DISABLED <-> SERVER-OTHER iSCSI target multiple implementations iSNS stack buffer overflow attempt (server-other.rules) * 1:17139 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System HNDLRSVC arbitrary command execution attempt (server-other.rules) * 1:17140 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:17143 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 1 (file-image.rules) * 1:17144 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 2 (file-image.rules) * 1:17145 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ASL file processing buffer overflow attempt (file-image.rules) * 1:17146 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 GRD file processing buffer overflow attempt (file-image.rules) * 1:17147 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt (file-image.rules) * 1:17148 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 1 (file-multimedia.rules) * 1:17149 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 2 (file-multimedia.rules) * 1:17150 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 3 (file-multimedia.rules) * 1:17151 <-> DISABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17152 <-> DISABLED <-> SERVER-SAMBA Samba smbd flags2 header parsing denial of service attempt (server-samba.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules) * 1:17155 <-> DISABLED <-> SERVER-OTHER Multiple vendors OPIE off-by-one stack buffer overflow attempt (server-other.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules) * 1:17157 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 1 (server-webapp.rules) * 1:17158 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 2 (server-webapp.rules) * 1:17159 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 3 (server-webapp.rules) * 1:17160 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio LtXmlComHelp8.dll ActiveX OpenFile buffer overflow attempt (browser-plugins.rules) * 1:17161 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio ActiveX clsid access (browser-plugins.rules) * 1:17163 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio ActiveX function call access (browser-plugins.rules) * 1:17165 <-> DISABLED <-> BROWSER-OTHER Opera browser document writing uninitialized memory access attempt (browser-other.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:17179 <-> DISABLED <-> FILE-OTHER Adobe Director file pamm record exploit attempt (file-other.rules) * 1:17191 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17194 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC tag exploit attempt (file-other.rules) * 1:17202 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules) * 1:17207 <-> DISABLED <-> SERVER-OTHER IBM Cognos Server backdoor account remote code execution attempt (server-other.rules) * 1:17208 <-> DISABLED <-> SERVER-OTHER Squid Proxy HTCP packet processing denial of service attempt (server-other.rules) * 1:17209 <-> ENABLED <-> SQL IBM DB2 DATABASE SERVER SQL REPEAT Buffer Overflow (sql.rules) * 1:17210 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows executable file load from SMB share attempt (file-executable.rules) * 1:17211 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime marshaled punk remote code execution (file-multimedia.rules) * 1:17212 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript eval arbitrary code execution attempt (browser-firefox.rules) * 1:17214 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules) * 1:17215 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules) * 1:17219 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17223 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToURL cross-site scripting attempt (file-flash.rules) * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules) * 1:17225 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon WorldClient invalid user (server-other.rules) * 1:17227 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet name memory corruption attempt (file-office.rules) * 1:17229 <-> DISABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17231 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging small offset malformed tiff - little-endian (file-image.rules) * 1:17232 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules) * 1:17233 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules) * 1:17238 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XBM file handling buffer overflow attempt (file-other.rules) * 1:17239 <-> ENABLED <-> SERVER-MAIL Multiple IMAP server CREATE command buffer overflow attempt (server-mail.rules) * 1:17241 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17243 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 krb5_recvauth double free attempt (server-other.rules) * 1:17244 <-> DISABLED <-> FILE-OTHER Antivirus ACE file handling buffer overflow attempt (file-other.rules) * 1:17245 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox image dragging exploit attempt (browser-firefox.rules) * 1:17250 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules) * 1:17252 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler arbitrary file write attempt (os-windows.rules) * 1:17254 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:17256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows uniscribe fonts parsing memory corruption attempt (os-windows.rules) * 1:17258 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree element code execution attempt (browser-firefox.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17260 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (browser-firefox.rules) * 1:17261 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17264 <-> DISABLED <-> SERVER-ORACLE Permission declaration exploit attempt (server-oracle.rules) * 1:17265 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin access control bypass attempt (browser-firefox.rules) * 1:17266 <-> DISABLED <-> FILE-OTHER Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (file-other.rules) * 1:17268 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sidebar panel arbitrary code execution attempt (browser-firefox.rules) * 1:17270 <-> DISABLED <-> SERVER-ORACLE DBMS_METADATA Package SQL Injection attempt (server-oracle.rules) * 1:17271 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Web View script injection attempt (file-office.rules) * 1:17273 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (server-other.rules) * 1:17274 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (server-other.rules) * 1:17275 <-> DISABLED <-> SERVER-MAIL Symantec Brightmail AntiSpam nested Zip handling denial of service attempt (server-mail.rules) * 1:17276 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17279 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt (server-webapp.rules) * 1:17281 <-> DISABLED <-> FILE-OTHER Panda Antivirus ZOO archive decompression buffer overflow attempt (file-other.rules) * 1:17282 <-> DISABLED <-> SERVER-OTHER Panda Antivirus ZOO archive decompression buffer overflow attempt (server-other.rules) * 1:17283 <-> DISABLED <-> SERVER-MAIL Mercury Mail Transport System buffer overflow attempt (server-mail.rules) * 1:17284 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed routing slip code execution attempt (file-office.rules) * 1:17285 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PPT file parsing memory corruption attempt (file-office.rules) * 1:17286 <-> DISABLED <-> FILE-OTHER Microsoft Visual Basic for Applications document properties overflow attempt (file-other.rules) * 1:17287 <-> DISABLED <-> SERVER-WEBAPP Cisco IOS HTTP service HTML injection attempt (server-webapp.rules) * 1:17289 <-> DISABLED <-> FILE-OTHER GNU gzip LZH decompression make_table overflow attempt (file-other.rules) * 1:17291 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded uri data object found (indicator-obfuscation.rules) * 1:17292 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed data record code execution attempt (file-office.rules) * 1:17293 <-> DISABLED <-> SERVER-ORACLE sdo_lrs.convert_to_lrs_layer buffer overflow attempt (server-oracle.rules) * 1:17294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NAT Helper DNS query denial of service attempt (os-windows.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules) * 1:17297 <-> DISABLED <-> SERVER-OTHER McAfee VirusScan on-access scanner long unicode filename handling buffer overflow attempt (server-other.rules) * 1:17298 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Monitoring Express Universal Agent Buffer Overflow (server-other.rules) * 1:17299 <-> DISABLED <-> SERVER-OTHER ISC BIND RRSIG query denial of service attempt (server-other.rules) * 1:17301 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:17302 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules) * 1:17303 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer clone object memory corruption attempt (browser-ie.rules) * 1:17304 <-> DISABLED <-> FILE-OFFICE Microsoft Works file converter file section header index table stack overflow attempt (file-office.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules) * 1:17306 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine file processing denial of service attempt (os-windows.rules) * 1:17307 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server INSERT Statement Buffer Overflow attempt (server-mssql.rules) * 1:17308 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:17309 <-> DISABLED <-> FILE-OTHER CoolPlayer Playlist File Handling Buffer Overflow (file-other.rules) * 1:17310 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:17312 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS import cross-domain restriction bypass attempt (browser-ie.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17315 <-> DISABLED <-> FILE-OFFICE OpenOffice OLE file stream buffer overflow attempt (file-office.rules) * 1:17317 <-> DISABLED <-> SERVER-OTHER OpenSSH sshd identical blocks DoS attempt (server-other.rules) * 1:17318 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17321 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters name overflow attempt (netbios.rules) * 1:17322 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip dword xor decoder (indicator-shellcode.rules) * 1:17324 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Linux reverse connect shellcode (indicator-shellcode.rules) * 1:17325 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha numeric upper case decoder variant (indicator-shellcode.rules) * 1:17326 <-> DISABLED <-> SERVER-OTHER Citrix Program Neighborhood Client buffer overflow attempt (server-other.rules) * 1:17327 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules) * 1:17329 <-> DISABLED <-> PROTOCOL-FTP EPRT overflow attempt (protocol-ftp.rules) * 1:17330 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GRE WMF Handling Memory Read Exception attempt (file-image.rules) * 1:17331 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes HTML Speed Reader Long URL buffer overflow attempt (server-mail.rules) * 1:17332 <-> DISABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17333 <-> DISABLED <-> SERVER-MAIL Lotus Notes Attachment Viewer UUE file buffer overflow attempt (server-mail.rules) * 1:17334 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:17335 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip byte xor decoder (indicator-shellcode.rules) * 1:17336 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic call geteip byte xor decoder (indicator-shellcode.rules) * 1:17337 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Microsoft Win32 export table enumeration variant (indicator-shellcode.rules) * 1:17338 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Microsoft Windows 32-bit SEH get EIP technique (indicator-shellcode.rules) * 1:17339 <-> DISABLED <-> INDICATOR-SHELLCODE x86 generic OS alpha numeric mixed case decoder (indicator-shellcode.rules) * 1:1734 <-> DISABLED <-> PROTOCOL-FTP USER overflow attempt (protocol-ftp.rules) * 1:17340 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha numeric upper case decoder (indicator-shellcode.rules) * 1:17341 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha UTF8 tolower avoidance decoder (indicator-shellcode.rules) * 1:17342 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode mixed case decoder (indicator-shellcode.rules) * 1:17343 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode upper case decoder (indicator-shellcode.rules) * 1:17344 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic xor dword decoder (indicator-shellcode.rules) * 1:17345 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic dword additive feedback decoder (indicator-shellcode.rules) * 1:17346 <-> DISABLED <-> SERVER-OTHER IBM Lotus Notes Cross Site Scripting attempt (server-other.rules) * 1:17347 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:17350 <-> DISABLED <-> SERVER-ORACLE Application Server Forms Arbitrary System Command Execution Attempt (server-oracle.rules) * 1:17351 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp ID3v2 Tag Handling Buffer Overflow attempt (file-other.rules) * 1:17352 <-> DISABLED <-> FILE-OTHER ClamAV CHM File Handling Integer Overflow attempt (file-other.rules) * 1:17353 <-> DISABLED <-> OS-SOLARIS Oracle Solaris printd Daemon Arbitrary File Deletion attempt (os-solaris.rules) * 1:17354 <-> DISABLED <-> SERVER-APACHE Apache Byte-Range Filter denial of service attempt (server-apache.rules) * 1:17356 <-> DISABLED <-> FILE-OTHER NOD32 Anti-Virus ARJ Archive Handling Buffer Overflow attempt (file-other.rules) * 1:17357 <-> DISABLED <-> PUA-OTHER AOL GAIM AIM-ICQ Protocol Handling buffer overflow attempt (pua-other.rules) * 1:17358 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Buffer Overflow attempt (file-executable.rules) * 1:17359 <-> DISABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17360 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBM image processing buffer overflow attempt (browser-firefox.rules) * 1:17361 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF Catalog Handling denial of service attempt (file-pdf.rules) * 1:17362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel IMDATA buffer overflow attempt (file-office.rules) * 1:17363 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:17364 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules) * 1:17366 <-> DISABLED <-> FILE-OTHER Microsoft Help Workshop HPJ OPTIONS section buffer overflow attempt (file-other.rules) * 1:17368 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document stream handling code execution attempt (file-office.rules) * 1:17369 <-> DISABLED <-> SERVER-MAIL MailEnable service APPEND command handling buffer overflow attempt (server-mail.rules) * 1:17370 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17371 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17372 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime udta atom parsing heap overflow vulnerability (file-multimedia.rules) * 1:17373 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules) * 1:17376 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Expeditor cai URI handler command execution attempt (server-webapp.rules) * 1:17377 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Filter Records Handling Code Execution attempt (file-office.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17380 <-> DISABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17381 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime PDAT Atom parsing buffer overflow attempt (file-multimedia.rules) * 1:17382 <-> DISABLED <-> FILE-OTHER Microsoft Project Invalid Memory Pointer Code Execution attempt (file-other.rules) * 1:17383 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Object Handler Validation Code Execution attempted (file-office.rules) * 1:17387 <-> DISABLED <-> SERVER-APACHE Apache Tomcat allowLinking URIencoding directory traversal attempt (server-apache.rules) * 1:17389 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMNodeRemoved attack attempt (browser-firefox.rules) * 1:17390 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:17391 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform backslash directory traversal (server-apache.rules) * 1:17392 <-> DISABLED <-> INDICATOR-SHELLCODE JavaScript var shellcode (indicator-shellcode.rules) * 1:17393 <-> DISABLED <-> INDICATOR-SHELLCODE JavaScript var heapspray (indicator-shellcode.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17395 <-> DISABLED <-> FILE-IMAGE Oracle Java Web Start Splashscreen GIF decoding buffer overflow attempt (file-image.rules) * 1:17396 <-> DISABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17400 <-> DISABLED <-> INDICATOR-OBFUSCATION rename of javascript unescape function detected (indicator-obfuscation.rules) * 1:17401 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt - unescaped (browser-ie.rules) * 1:17402 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt (browser-ie.rules) * 1:17403 <-> DISABLED <-> FILE-OFFICE OpenOffice RTF File parsing heap buffer overflow attempt (file-office.rules) * 1:17404 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows help file download request (file-identify.rules) * 1:17408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX Targa image file heap overflow attempt (os-windows.rules) * 1:17409 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products IDN Spoofing Vulnerability Attempt (browser-firefox.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:17411 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDF cross-domain scripting attempt (browser-ie.rules) * 1:17412 <-> DISABLED <-> SERVER-MYSQL create function mysql.func arbitrary library injection attempt (server-mysql.rules) * 1:17414 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Engine Information Disclosure attempt (browser-firefox.rules) * 1:17416 <-> DISABLED <-> SERVER-ORACLE Database Intermedia Denial of Service Attempt (server-oracle.rules) * 1:17418 <-> DISABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17419 <-> DISABLED <-> SERVER-ORACLE Oracle database SQL compiler read-only join auth bypass attempt (server-oracle.rules) * 1:17420 <-> DISABLED <-> SERVER-WEBAPP Citrix Program Neighborhood Agent Arbitrary Shortcut Creation attempt (server-webapp.rules) * 1:17421 <-> DISABLED <-> FILE-OFFICE Microsoft OLE automation string manipulation overflow attempt (file-office.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:17423 <-> DISABLED <-> SERVER-WEBAPP Citrix Program Neighborhood Agent Buffer Overflow attempt (server-webapp.rules) * 1:17424 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IconURL Arbitrary Javascript Execution attempt (browser-firefox.rules) * 1:17425 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer ActiveX Import playlist name buffer overflow attempt (browser-plugins.rules) * 1:17426 <-> DISABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17427 <-> DISABLED <-> SERVER-ORACLE Oracle database DBMS_Scheduler privilege escalation attempt (server-oracle.rules) * 1:17428 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:17429 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:17430 <-> DISABLED <-> FILE-PDF BitDefender Antivirus PDF processing memory corruption attempt (file-pdf.rules) * 1:17431 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS SChannel improper certificate verification (server-iis.rules) * 1:17432 <-> DISABLED <-> SERVER-WEBAPP Squid Gopher protocol handling buffer overflow attempt (server-webapp.rules) * 1:17433 <-> DISABLED <-> OS-SOLARIS Oracle Solaris DHCP Client Arbitrary Code Execution attempt (os-solaris.rules) * 1:17434 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Unicode sequence handling stack corruption attempt (browser-firefox.rules) * 1:17435 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules) * 1:17436 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules) * 1:17437 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules) * 1:17438 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules) * 1:17439 <-> DISABLED <-> OS-WINDOWS Microsoft Distributed Transaction Controller TIP DoS attempt (os-windows.rules) * 1:17441 <-> DISABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17442 <-> DISABLED <-> FILE-OTHER Microsoft Windows download of .lnk file that executes cmd.exe detected (file-other.rules) * 1:17443 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft DirectShow AVI decoder buffer overflow attempt (file-multimedia.rules) * 1:17444 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules) * 1:17446 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:17448 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTTPS proxy information disclosure vulnerability (browser-ie.rules) * 1:17449 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks patch management SQL injection attempt (server-webapp.rules) * 1:17450 <-> DISABLED <-> SERVER-WEBAPP CommuniGate Systems CommuniGate Pro LDAP Server buffer overflow attempt (server-webapp.rules) * 1:17457 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:17458 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules) * 1:17462 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer marquee object handling memory corruption attempt (browser-ie.rules) * 1:17463 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer File Download Dialog Box Manipulation (browser-ie.rules) * 1:17466 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX exploit attempt (browser-plugins.rules) * 1:17469 <-> DISABLED <-> FILE-MULTIMEDIA Mplayer Real Demuxer stream_read heap overflow attempt (file-multimedia.rules) * 1:17470 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:17473 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.EXTEND_WINDOW arbitrary command execution attempt (server-oracle.rules) * 1:17481 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange and Outlook TNEF Decoding Integer Overflow attempt (server-mail.rules) * 1:17482 <-> DISABLED <-> BROWSER-FIREFOX Mozilla NNTP URL Handling Buffer Overflow attempt (browser-firefox.rules) * 1:17483 <-> DISABLED <-> PROTOCOL-DNS squid proxy dns A record response denial of service attempt (protocol-dns.rules) * 1:17484 <-> DISABLED <-> PROTOCOL-DNS squid proxy dns PTR record response denial of service attempt (protocol-dns.rules) * 1:17485 <-> DISABLED <-> PROTOCOL-DNS Symantec Gateway products DNS cache poisoning attempt (protocol-dns.rules) * 1:17486 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Chunked overflow attempt (server-webapp.rules) * 1:17487 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules) * 1:17488 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:17490 <-> DISABLED <-> FILE-OTHER Microsoft Windows itss.dll CHM File Handling Heap Corruption attempt (file-other.rules) * 1:17491 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word mso.dll LsCreateLine memory corruption attempt (file-office.rules) * 1:17492 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed SELECTION Record Code Execution attempt (file-office.rules) * 1:17493 <-> DISABLED <-> FILE-OTHER ClamAV UPX FileHandling Heap overflow attempt (file-other.rules) * 1:17496 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed NamedShows record code execution attempt (file-office.rules) * 1:17497 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed NamedShows record code execution attempt (file-office.rules) * 1:17504 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Asset Management buffer overflow attempt (server-other.rules) * 1:17506 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17510 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows .NET Deploy file download request (file-identify.rules) * 1:17511 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Graphic Code Execution (file-office.rules) * 1:17515 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Record Code Execution attempt (file-office.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules) * 1:17520 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup DB Engine Denial of Service (server-other.rules) * 1:17521 <-> DISABLED <-> SERVER-OTHER GoodTech SSH Server SFTP processing buffer overflow attempt (server-other.rules) * 1:17522 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Pack200 Decompression Integer Overflow (file-java.rules) * 1:17523 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime H.264 Movie File Buffer Overflow (file-multimedia.rules) * 1:17524 <-> DISABLED <-> SERVER-OTHER Fujitsu SystemcastWizard Lite PXEService UDP Handling Buffer Overflow (server-other.rules) * 1:17525 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 5.0 WebDav Request Directory Security Bypass (server-iis.rules) * 1:17526 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules) * 1:17527 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player MP4_BoxDumpStructure Buffer Overflow (file-multimedia.rules) * 1:17528 <-> DISABLED <-> SERVER-WEBAPP nginx URI parsing buffer overflow attempt (server-webapp.rules) * 1:17529 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp Server Arbitrary File Upload and Execute (server-webapp.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules) * 1:17531 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file JVTCompEncodeFrame heap overflow attempt (file-multimedia.rules) * 1:17532 <-> DISABLED <-> FILE-OFFICE Micrsoft Office Excel TXO and OBJ Records Parsing Stack Memory Corruption (file-office.rules) * 1:17533 <-> DISABLED <-> SERVER-APACHE Apache Struts Information Disclosure Attempt (server-apache.rules) * 1:17534 <-> DISABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17535 <-> DISABLED <-> SERVER-OTHER Apple CUPS Text to PostScript Filter Integer Overflow attempt (server-other.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules) * 1:17538 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17541 <-> DISABLED <-> FILE-OTHER Avast Antivirus Engine Remote LHA buffer overflow attempt (file-other.rules) * 1:17542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalete Record Memory Corruption attempt (file-office.rules) * 1:17543 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Column record handling memory corruption attempt (file-office.rules) * 1:17544 <-> DISABLED <-> SERVER-OTHER Wireshark LWRES Dissector getaddrsbyname buffer overflow attempt (server-other.rules) * 1:17545 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:17547 <-> DISABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17548 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime SMIL File Handling Integer Overflow attempt (file-multimedia.rules) * 1:17550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Font Parsing Buffer Overflow attempt (file-office.rules) * 1:17551 <-> DISABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:17552 <-> DISABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17553 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Font Name Buffer Overflow attempt (file-other.rules) * 1:17555 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service ActiveX exploit attempt (browser-plugins.rules) * 1:17556 <-> DISABLED <-> SERVER-OTHER Firebird database invalid state integer overflow attempt (server-other.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules) * 1:17558 <-> DISABLED <-> FILE-IMAGE CUPS Gif Decoding Routine Buffer Overflow attempt (file-image.rules) * 1:17559 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes Applix Graphics Parsing Buffer Overflow (file-other.rules) * 1:17560 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (file-office.rules) * 1:17561 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR Overly Long Filename Code Execution attempt (file-multimedia.rules) * 1:17562 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Pack200 Decompression Integer Overflow attempt (file-java.rules) * 1:17563 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR File Processing Stack Buffer Overflow (file-java.rules) * 1:17564 <-> DISABLED <-> SERVER-IIS WebDAV Request Directory Security Bypass attempt (server-iis.rules) * 1:17565 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 File Handling Memory Corruption attempt (file-office.rules) * 1:17566 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handler memory corruption attempt (browser-ie.rules) * 1:17567 <-> DISABLED <-> SERVER-OTHER LANDesk Management Suite Alerting Service buffer overflow attempt (server-other.rules) * 1:17569 <-> DISABLED <-> SERVER-OTHER BEA Weblogic Admin Console Cross Site Scripting Vulnerability attempt (server-other.rules) * 1:17571 <-> DISABLED <-> BROWSER-PLUGINS obfuscated instantiation of ActiveX object - likely malicious (browser-plugins.rules) * 1:19146 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (file-multimedia.rules) * 1:19147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:19148 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player SWF file MP4 data parsing memory corruption attempt (file-multimedia.rules) * 1:19149 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table tag memory corruption attempt (browser-ie.rules) * 1:19150 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table tag memory corruption attempt (browser-ie.rules) * 1:19151 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX clsid access (browser-plugins.rules) * 1:19152 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX function call access (browser-plugins.rules) * 1:19153 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word malformed index code execution attempt (file-office.rules) * 1:19154 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray parsing attempt (file-office.rules) * 1:19155 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector Media Operations SignInName Parameter overflow attempt (server-webapp.rules) * 1:19156 <-> ENABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules) * 1:19159 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager RDS attempt (server-other.rules) * 1:19160 <-> DISABLED <-> SERVER-OTHER NetSupport Manager client buffer overflow attempt (server-other.rules) * 1:19161 <-> DISABLED <-> SERVER-OTHER NetSupport Manager client buffer overflow attempt (server-other.rules) * 1:19162 <-> DISABLED <-> SERVER-ORACLE get_domain_index_metadata privilege escalation attempt (server-oracle.rules) * 1:19163 <-> DISABLED <-> SERVER-ORACLE get_v2_domain_index_tables privilege escalation attempt (server-oracle.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19167 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk UDPTL processing overflow attempt (protocol-voip.rules) * 1:19168 <-> DISABLED <-> SERVER-WEBAPP Oracle GoldenGate Veridata Server soap request overflow attempt (server-webapp.rules) * 1:19169 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer vidplin.dll avi header parsing execution attempt (file-multimedia.rules) * 1:1917 <-> DISABLED <-> INDICATOR-SCAN UPnP service discover attempt (indicator-scan.rules) * 1:19170 <-> ENABLED <-> FILE-OTHER Microsoft Windows .NET Framework XAML browser applications stack corruption (file-other.rules) * 1:19171 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (browser-ie.rules) * 1:19172 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (browser-ie.rules) * 1:19173 <-> ENABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules) * 1:19174 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista feed headlines cross-site scripting attack attempt (os-windows.rules) * 1:19180 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:19181 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules) * 1:19182 <-> DISABLED <-> SERVER-OTHER strongSwan Certificate and Identification payload overflow attempt (server-other.rules) * 1:19183 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:19184 <-> ENABLED <-> OS-WINDOWS Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (os-windows.rules) * 1:19186 <-> DISABLED <-> OS-WINDOWS Microsoft Certification service XSS attempt (os-windows.rules) * 1:19192 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:19193 <-> ENABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX clsid access (browser-plugins.rules) * 1:19194 <-> ENABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX function call access (browser-plugins.rules) * 1:19195 <-> ENABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX function call access (browser-plugins.rules) * 1:19196 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ATMFD Adobe font driver remote code execution attempt (os-windows.rules) * 1:19197 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX clsid access (browser-plugins.rules) * 1:19198 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:19201 <-> DISABLED <-> SQL waitfor delay function - possible SQL injection attempt (sql.rules) * 1:19202 <-> DISABLED <-> SQL declare varchar - possible SQL injection attempt (sql.rules) * 1:19203 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MsgBox arbitrary code execution attempt (browser-ie.rules) * 1:19204 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MsgBox arbitrary code execution attempt (browser-ie.rules) * 1:19205 <-> DISABLED <-> SERVER-OTHER Novell iManager Tree parameter denial of service attempt (server-other.rules) * 1:19206 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:19207 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System AMSSendAlertAck stack buffer overflow attempt (server-other.rules) * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules) * 1:19209 <-> ENABLED <-> SERVER-WEBAPP Symantec Alert Management System modem string buffer overflow attempt (server-webapp.rules) * 1:19210 <-> ENABLED <-> SERVER-OTHER IBM Informix Dynamic Server set environment buffer overflow attempt (server-other.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19213 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server Mailing List Message Subject buffer overflow (server-mail.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19216 <-> ENABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19217 <-> ENABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19218 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19219 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (file-other.rules) * 1:19220 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (file-other.rules) * 1:19221 <-> ENABLED <-> OS-WINDOWS SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules) * 1:19222 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:19223 <-> DISABLED <-> SERVER-OTHER SAP Crystal Reports 2008 directory traversal attempt (server-other.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19225 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SerAuxTrend biff record corruption attempt (file-office.rules) * 1:19226 <-> ENABLED <-> FILE-OTHER Cisco Webex Player .wrf stack buffer overflow (file-other.rules) * 1:19227 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Scenario heap memory overflow (file-office.rules) * 1:19228 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration preauth variable command injection attempt (server-webapp.rules) * 1:19237 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:19241 <-> DISABLED <-> BROWSER-IE Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (browser-ie.rules) * 1:19242 <-> DISABLED <-> BROWSER-IE Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (browser-ie.rules) * 1:19243 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:19245 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules) * 1:19246 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS expression defined to empty selection attempt (browser-ie.rules) * 1:19258 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:19259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:19260 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed MsoDrawingObject record attempt (file-office.rules) * 1:19262 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:19265 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:19266 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:19268 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules) * 1:19269 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules) * 1:19281 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic single-byte xor countodwn encoder (indicator-shellcode.rules) * 1:19282 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic cpuid-based context keyed encoder (indicator-shellcode.rules) * 1:19283 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic stat-based context keyed encoder (indicator-shellcode.rules) * 1:17572 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services cross-site information disclosure attempt (os-windows.rules) * 1:17573 <-> DISABLED <-> FILE-MULTIMEDIA ffdshow codec URL parsing buffer overflow attempt (file-multimedia.rules) * 1:17574 <-> DISABLED <-> FILE-OFFICE Sophos Anti-Virus Visio File Parsing Buffer Overflow attempt (file-office.rules) * 1:17575 <-> DISABLED <-> BROWSER-PLUGINS SizerOne 2 ActiveX clsid access (browser-plugins.rules) * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules) * 1:17578 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Section Table Array Buffer Overflow attempt (file-office.rules) * 1:17579 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing Record msofbtOPT Code Execution attempt (file-office.rules) * 1:17580 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:17581 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox tag order memory corruption attempt (browser-firefox.rules) * 1:17582 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton AntiVirus CcErrDisp ActiveX function call access (browser-plugins.rules) * 1:17584 <-> DISABLED <-> SERVER-ORACLE UTL_FILE directory traversal attempt (server-oracle.rules) * 1:17585 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer possible javascript onunload event memory corruption (browser-ie.rules) * 1:17586 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start malicious parameter value (file-java.rules) * 1:17587 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules) * 1:17590 <-> DISABLED <-> SERVER-ORACLE DBMS_ASSERT.simple_sql_name double quote SQL injection attempt (server-oracle.rules) * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word crafted sprm structure memory corruption attempt (file-office.rules) * 1:17596 <-> DISABLED <-> BROWSER-PLUGINS Microsoft ciodm.dll ActiveX clsid access (browser-plugins.rules) * 1:17597 <-> DISABLED <-> SERVER-WEBAPP TikiWiki jhot.php script file upload attempt (server-webapp.rules) * 1:17598 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17599 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database rdbname denial of service attempt (server-other.rules) * 1:17600 <-> DISABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17601 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox file type memory corruption attempt (browser-firefox.rules) * 1:17602 <-> DISABLED <-> FILE-OTHER ClamAV antivirus CHM file handling DOS (file-other.rules) * 1:17603 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox file type memory corruption attempt (browser-firefox.rules) * 1:17604 <-> DISABLED <-> SERVER-OTHER Oracle Java AWT ConvolveOp memory corruption attempt (server-other.rules) * 1:17605 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan CGI password decryption buffer overflow attempt (server-webapp.rules) * 1:17606 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:17607 <-> DISABLED <-> SERVER-OTHER Xi Software Net Transport eDonkey Protocol Buffer Overflow attempt (server-other.rules) * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:17610 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules) * 1:17611 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules) * 1:17612 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules) * 1:17613 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:17614 <-> DISABLED <-> BROWSER-PLUGINS SAP GUI SAPBExCommonResources ActiveX clsid access (browser-plugins.rules) * 1:17616 <-> DISABLED <-> BROWSER-PLUGINS SAP GUI SAPBExCommonResources ActiveX function call access (browser-plugins.rules) * 1:17618 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hraphics engine EMF rendering vulnerability (os-windows.rules) * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules) * 1:17620 <-> ENABLED <-> SERVER-OTHER Products Discovery Service Buffer Overflow (server-other.rules) * 1:17622 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object reference memory corruption attempt (browser-ie.rules) * 1:17623 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-java.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules) * 1:17629 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (browser-firefox.rules) * 1:17630 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products CSSValue array memory corruption attempt (browser-firefox.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:17633 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-other.rules) * 1:17635 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 little endian overflow attempt (netbios.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules) * 1:17639 <-> DISABLED <-> SERVER-SAMBA Samba Root File System access bypass attempt (server-samba.rules) * 1:17640 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opnum 43 overflow attempt (netbios.rules) * 1:17641 <-> DISABLED <-> FILE-PDF CUPS and Xpdf JBIG2 symbol dictionary buffer overflow attempt (file-pdf.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules) * 1:17645 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS strings parsing memory corruption attempt (browser-ie.rules) * 1:17649 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word array data handling buffer overflow attempt (file-office.rules) * 1:17650 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Key Strings Stack Buffer Overflow attempt (file-other.rules) * 1:17651 <-> DISABLED <-> FILE-OTHER Multiple AV vendor invalid archive checksum bypass attempt (file-other.rules) * 1:17653 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS source code disclosure attempt (server-iis.rules) * 1:17655 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed formula parsing code execution attempt (file-office.rules) * 1:17656 <-> DISABLED <-> SERVER-APACHE Apache HTTP server mod_rewrite module LDAP scheme handling buffer overflow attempt (server-apache.rules) * 1:17657 <-> DISABLED <-> SERVER-OTHER Symantec NetBackup BPCD Daemon exploit attempt (server-other.rules) * 1:17658 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:17659 <-> DISABLED <-> SERVER-ORACLE xdb.dbms_xmlschema buffer overflow attempt (server-oracle.rules) * 1:17660 <-> DISABLED <-> SERVER-OTHER Oracle Java Web Start arbitrary command execution attempt (server-other.rules) * 1:17661 <-> DISABLED <-> SERVER-SAMBA Samba send_mailslot buffer overflow attempt (server-samba.rules) * 1:17662 <-> DISABLED <-> SERVER-OTHER VMware Workstation DHCP service integer overflow attempt (server-other.rules) * 1:17666 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer invalid chunk size heap overflow attempt (file-multimedia.rules) * 1:17668 <-> DISABLED <-> FILE-PDF download of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules) * 1:17669 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules) * 1:17679 <-> DISABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17680 <-> DISABLED <-> SERVER-OTHER ISC BIND DNSSEC Validation Multiple RRsets DoS (server-other.rules) * 1:17685 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules) * 1:17686 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules) * 1:17687 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules) * 1:17688 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:17689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:17690 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:17692 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ExecWB security zone bypass attempt (browser-ie.rules) * 1:17698 <-> DISABLED <-> SERVER-MAIL RealNetworks RealPlayer wav chunk string overflow attempt in email (server-mail.rules) * 1:17701 <-> DISABLED <-> BROWSER-PLUGINS Office Viewer ActiveX arbitrary command execution attempt (browser-plugins.rules) * 1:17702 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrDfsCreateExitPoint dos attempt (os-windows.rules) * 1:17703 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup title bar spoofing attempt (browser-ie.rules) * 1:17704 <-> DISABLED <-> FILE-OTHER McAfee LHA file parsing buffer overflow attempt (file-other.rules) * 1:17705 <-> DISABLED <-> SERVER-IIS web agent chunked encoding overflow attempt (server-iis.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules) * 1:17708 <-> DISABLED <-> SERVER-OTHER VNC password request URL buffer overflow attempt (server-other.rules) * 1:17709 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMBED element memory corruption attempt (browser-ie.rules) * 1:17710 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup vmd shared library buffer overflow attempt (server-other.rules) * 1:17711 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASF parsing memory corruption attempt (os-windows.rules) * 1:17712 <-> DISABLED <-> OS-WINDOWS TFTP PUT Microsoft RIS filename overwrite attempt (os-windows.rules) * 1:17713 <-> DISABLED <-> SERVER-OTHER Novell NetMail NMAP STOR buffer overflow attempt (server-other.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17716 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules) * 1:17717 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes HTML input tag buffer overflow attempt (server-mail.rules) * 1:17718 <-> DISABLED <-> SERVER-ORACLE Oracle MDSYS drop table trigger injection attempt (server-oracle.rules) * 1:17719 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ClearTextRun exploit attempt (browser-firefox.rules) * 1:17720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer static text range overflow attempt (browser-ie.rules) * 1:17721 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS replication inform2 request memory corruption attempt (os-windows.rules) * 1:17722 <-> DISABLED <-> SERVER-ORACLE XDB.XDB_PITRIG_PKG buffer overflow attempt (server-oracle.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 1:17724 <-> DISABLED <-> OS-WINDOWS malicious ASP file upload attempt (os-windows.rules) * 1:17725 <-> DISABLED <-> BROWSER-OTHER Opera file URI handling buffer overflow (browser-other.rules) * 1:17726 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing attempt (browser-ie.rules) * 1:17727 <-> DISABLED <-> FILE-OTHER Oracle JDK image parsing library ICC buffer overflow attempt (file-other.rules) * 1:17729 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMBED element memory corruption attempt (browser-ie.rules) * 1:17730 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:17731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wpad dynamic update request (os-windows.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17734 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel REPT integer underflow attempt (file-office.rules) * 1:17738 <-> DISABLED <-> SERVER-OTHER Linux Kernel SNMP Netfilter Memory Corruption attempt (server-other.rules) * 1:17739 <-> DISABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17740 <-> DISABLED <-> FILE-IMAGE Apple Quicktime FlashPix processing overflow attempt (file-image.rules) * 1:17742 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:17743 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF parsing memory corruption (file-office.rules) * 1:17746 <-> DISABLED <-> OS-WINDOWS SMB client TRANS response Find_First2 filename overflow attempt (os-windows.rules) * 1:17747 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer compressed HDMX font processing integer overflow attempt (browser-ie.rules) * 1:17749 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v4 CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:17750 <-> DISABLED <-> SERVER-IIS Microsoft IIS 7.5 client verify null pointer attempt (server-iis.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17753 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player network sharing service RTSP code execution attempt (file-multimedia.rules) * 1:17756 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XP PLFLSInTableStream heap overflow attempt (file-office.rules) * 1:17757 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel CrErr record integer overflow attempt (file-office.rules) * 1:17758 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (file-office.rules) * 1:17759 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid SerAr object exploit attempt (file-office.rules) * 1:17760 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:17764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:17766 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 XSS in toStaticHTML API attempt (browser-ie.rules) * 1:17767 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 tostaticHTML CSS import vulnerability (browser-ie.rules) * 1:17768 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 object event handler use after free exploit attempt (browser-ie.rules) * 1:17769 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 CSS invalid mapping exploit attempt (browser-ie.rules) * 1:17770 <-> DISABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules) * 1:17771 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain information disclosure attempt (browser-ie.rules) * 1:17772 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Scriptlet Component ActiveX clsid access (browser-plugins.rules) * 1:17777 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow (server-mail.rules) * 1:17778 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17803 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:17804 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox html tag attributes memory corruption (browser-firefox.rules) * 1:17806 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:17807 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:18065 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint converter bad indirection remote code execution attempt (file-office.rules) * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:18067 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules) * 1:18068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed MsoDrawingObject record attempt (file-office.rules) * 1:18069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Art drawing invalid shape identifier attempt (file-office.rules) * 1:18076 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG URL XSS alternate attempt (os-windows.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:18102 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules) * 1:18103 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 5yvod.net (blacklist.rules) * 1:18104 <-> DISABLED <-> BLACKLIST DNS request for known malware domain b.9s3.info (blacklist.rules) * 1:18106 <-> DISABLED <-> BLACKLIST DNS request for known malware domain e.msssm.com (blacklist.rules) * 1:18108 <-> DISABLED <-> BLACKLIST DNS request for known malware domain phoroshop.es (blacklist.rules) * 1:18114 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.5fqq.com (blacklist.rules) * 1:18115 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ajs2002.com (blacklist.rules) * 1:18116 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.bnbsoft.co.kr (blacklist.rules) * 1:18117 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cineseoul.com (blacklist.rules) * 1:18118 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.hao1345.com (blacklist.rules) * 1:18119 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ilbondrama.net (blacklist.rules) * 1:18120 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.iwebdy.net (blacklist.rules) * 1:18121 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.linzhiling123.com (blacklist.rules) * 1:18122 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.opusgame.com (blacklist.rules) * 1:18123 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.phoroshop.es (blacklist.rules) * 1:18124 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.sijianfeng.com (blacklist.rules) * 1:18125 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.tpydb.com (blacklist.rules) * 1:18127 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.univus.co.kr (blacklist.rules) * 1:18128 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.uwonderfull.com (blacklist.rules) * 1:18129 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.w22rt.com (blacklist.rules) * 1:18130 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.wwmei.com (blacklist.rules) * 1:18133 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.001zs.com (blacklist.rules) * 1:18134 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.551sf.com (blacklist.rules) * 1:18135 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.555hd.com (blacklist.rules) * 1:18136 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.66xihu.com (blacklist.rules) * 1:18137 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.9292cs.cn (blacklist.rules) * 1:18138 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.chateaulegend.com (blacklist.rules) * 1:18139 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.china-aoben.com (blacklist.rules) * 1:18140 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cqtjg.com (blacklist.rules) * 1:18141 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.dspenter.com (blacklist.rules) * 1:18142 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.eastadmin.com (blacklist.rules) * 1:18143 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.fp0755.cn (blacklist.rules) * 1:18144 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.fp0769.com (blacklist.rules) * 1:18145 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.fp360.net (blacklist.rules) * 1:18146 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.gdfp365.cn (blacklist.rules) * 1:18147 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.gev.cn (blacklist.rules) * 1:18148 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.haoleyou.com (blacklist.rules) * 1:18149 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.haosf08.com (blacklist.rules) * 1:18150 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.jxbaike.com (blacklist.rules) * 1:18151 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.kingsoftduba2009.com (blacklist.rules) * 1:18152 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.mainhu.com (blacklist.rules) * 1:18154 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.nc57.com (blacklist.rules) * 1:18155 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.pplog.cn (blacklist.rules) * 1:18156 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.pxflm.com (blacklist.rules) * 1:18157 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.quyou365.com (blacklist.rules) * 1:18158 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.shzhaotian.cn (blacklist.rules) * 1:18159 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.soanala.com (blacklist.rules) * 1:18160 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.stony-skunk.com (blacklist.rules) * 1:18161 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.street08.com (blacklist.rules) * 1:18162 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.weilingcy.com (blacklist.rules) * 1:18163 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.yisaa.com (blacklist.rules) * 1:18164 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.yx240.com (blacklist.rules) * 1:18165 <-> DISABLED <-> BLACKLIST DNS request for known malware domain e.mssm.com (blacklist.rules) * 1:18167 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules) * 1:18168 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules) * 1:18184 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnf.gametime.co.kr (blacklist.rules) * 1:18185 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.dd0415.net (blacklist.rules) * 1:18196 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS importer use-after-free attempt (browser-ie.rules) * 1:18197 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:18198 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:18199 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:18200 <-> ENABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:18204 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Address Book wab32res.dll dll-load exploit attempt (os-windows.rules) * 1:18205 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt (os-windows.rules) * 1:18206 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Address Book wab32res.dll dll-load exploit attempt (os-windows.rules) * 1:18207 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt (os-windows.rules) * 1:18212 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher tyo.oty field heap overflow attempt (file-office.rules) * 1:18216 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6 #default#anim attempt (browser-ie.rules) * 1:18217 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer select element memory corruption attempt (browser-ie.rules) * 1:18218 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer time element memory corruption attempt (browser-ie.rules) * 1:18219 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver remote code execution attempt (file-other.rules) * 1:18221 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table remote code execution attempt (browser-ie.rules) * 1:18233 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Adobe Font Driver code execution attempt (file-office.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18235 <-> DISABLED <-> FILE-OFFICE Microsoft Office PICT graphics converter memory corruption attempt (file-office.rules) * 1:18237 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Flashpix graphics filter fpx32.flt remote code execution attempt (file-image.rules) * 1:18238 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint document conversion remote code excution attempt (server-webapp.rules) * 1:18239 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious JavaScript decryption routine (indicator-obfuscation.rules) * 1:18240 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS importer use-after-free attempt (browser-ie.rules) * 1:18241 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:18242 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI Administrator Tools Object Viewer ActiveX function call access (browser-plugins.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules) * 1:18265 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:18269 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnf.6bom.com (blacklist.rules) * 1:18270 <-> DISABLED <-> BLACKLIST DNS request for known malware domain koonol.com (blacklist.rules) * 1:18272 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.886.com (blacklist.rules) * 1:18277 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt (os-windows.rules) * 1:18278 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt (os-windows.rules) * 1:18280 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer oversize recordset object cache size exploit attempt (browser-ie.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules) * 1:18297 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules) * 1:18308 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:18309 <-> DISABLED <-> OS-WINDOWS Microsoft Vector Markup Language fill method overflow attempt (os-windows.rules) * 1:18310 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18329 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI Administrator Tools Object Viewer ActiveX function call access (browser-plugins.rules) * 1:18331 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF variable name overflow attempt (file-office.rules) * 1:18335 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MHTML XSS attempt (os-windows.rules) * 1:18398 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:18399 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BRAI record remote code execution attempt (file-office.rules) * 1:18401 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Base64 encoded script overflow attempt (browser-ie.rules) * 1:18402 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD Adobe font driver remote code execution attempt (file-other.rules) * 1:18403 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Data Source Object memory corruption attempt (browser-ie.rules) * 1:18404 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer document.insertBefore memory corruption attempt (browser-ie.rules) * 1:18416 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio ORMinfo classes length overflow attempt (file-office.rules) * 1:18417 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio ORMinfo classes length overflow attempt (file-office.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules) * 1:18448 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:18450 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed BMP RGBQUAD attempt (file-pdf.rules) * 1:18451 <-> ENABLED <-> FILE-PDF Adobe Acrobat ICC color integer overflow attempt (file-pdf.rules) * 1:18453 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:18454 <-> ENABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:18457 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (file-pdf.rules) * 1:18460 <-> ENABLED <-> SERVER-WEBAPP Symantec Alert Management System pin number buffer overflow attempt (server-webapp.rules) * 1:18461 <-> DISABLED <-> SERVER-MAIL IBM Lotus Domino nrouter.exe iCalendar MAILTO stack buffer overflow attempt (server-mail.rules) * 1:18463 <-> DISABLED <-> FILE-OTHER Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-other.rules) * 1:18464 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion locale directory traversal attempt (server-webapp.rules) * 1:18465 <-> DISABLED <-> SERVER-WEBAPP FreePBX recording interface file upload code execution attempt (server-webapp.rules) * 1:18469 <-> DISABLED <-> CONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt (content-replace.rules) * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules) * 1:18482 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer History.go method double free corruption attempt (browser-ie.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules) * 1:18494 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules) * 1:18495 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules) * 1:18496 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (os-windows.rules) * 1:18497 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (os-windows.rules) * 1:18498 <-> ENABLED <-> FILE-OTHER Microsoft Media Player dvr-ms file parsing remote code execution attempt (file-other.rules) * 1:18499 <-> DISABLED <-> OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt (os-windows.rules) * 1:18500 <-> DISABLED <-> OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt (os-windows.rules) * 1:18506 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules) * 1:18507 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules) * 1:18510 <-> DISABLED <-> FILE-IMAGE Apple QuickTime FlashPix Movie file integer overflow attempt (file-image.rules) * 1:18511 <-> DISABLED <-> SERVER-OTHER Sourcefire Snort packet fragmentation reassembly denial of service attempt (server-other.rules) * 1:18513 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message Buffer Overflow attempt (server-mysql.rules) * 1:18514 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:18515 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio VSD file icon memory corruption attempt (file-office.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18519 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:18524 <-> DISABLED <-> SERVER-OTHER Multiple vendor anti-virus extended ASCII filename scan bypass attempt (server-other.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules) * 1:18528 <-> DISABLED <-> SERVER-ORACLE Oracle TimesTen In-Memory Database HTTP request denial of service attempt (server-oracle.rules) * 1:18533 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC authentication denial of service attempt (server-other.rules) * 1:18534 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC authentication denial of service attempt (server-other.rules) * 1:18535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt (file-office.rules) * 1:18536 <-> DISABLED <-> FILE-OFFICE OpenOffice.org Microsoft Office Word file processing integer underflow attempt (file-office.rules) * 1:18537 <-> DISABLED <-> FILE-OTHER OpenOffice.org XPM file processing integer overflow attempt (file-other.rules) * 1:18538 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:18539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handling remote code execution attempt (browser-ie.rules) * 1:18541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 3 (file-office.rules) * 1:18542 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player ActiveX unknow compression algorithm use arbitrary code execution attempt (browser-plugins.rules) * 1:18543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:18544 <-> ENABLED <-> FILE-FLASH embedded Shockwave dropper in email attachment (file-flash.rules) * 1:18545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file transfer (file-office.rules) * 1:18546 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file transfer (file-office.rules) * 1:18547 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file transfer (file-office.rules) * 1:18548 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment (file-office.rules) * 1:18549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file attachment (file-office.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:18556 <-> DISABLED <-> SERVER-WEBAPP Symantec IM manager IMAdminReportTrendFormRun.asp sql injection attempt (server-webapp.rules) * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18559 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules) * 1:18560 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules) * 1:18561 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file overread buffer overflow attempt (file-image.rules) * 1:18575 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager LIST stack overflow attempt (protocol-ftp.rules) * 1:18578 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL cdda URI overflow attempt (browser-plugins.rules) * 1:18583 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules) * 1:18585 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18588 <-> DISABLED <-> PROTOCOL-FTP Ipswitch Ws_ftp XCRC overflow attempt (protocol-ftp.rules) * 1:18589 <-> DISABLED <-> NETBIOS Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (netbios.rules) * 1:18590 <-> DISABLED <-> OS-WINDOWS Outlook Express WAB file parsing buffer overflow attempt (os-windows.rules) * 1:18592 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music Jukebox ActiveX exploit (browser-plugins.rules) * 1:18593 <-> DISABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18594 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules) * 1:18595 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules) * 1:18596 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:18597 <-> DISABLED <-> BROWSER-OTHER Opera file URI handling buffer overflow (browser-other.rules) * 1:18599 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PictureViewer buffer overflow attempt (file-image.rules) * 1:18601 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Common Controls Animation Object ActiveX clsid access (browser-plugins.rules) * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:18615 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:18632 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed Label record exploit attempt (file-office.rules) * 1:18638 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:18643 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules) * 1:18654 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe format string attempt (protocol-scada.rules) * 1:18655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LLMNR invalid reverse name lookup stack corruption attempt (os-windows.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules) * 1:1866 <-> DISABLED <-> PROTOCOL-POP USER overflow attempt (protocol-pop.rules) * 1:18668 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows Messenger ActiveX clsid access (browser-plugins.rules) * 1:18670 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:18671 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:18675 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:18679 <-> ENABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules) * 1:18680 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18681 <-> DISABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript - JavaScript object detected (file-pdf.rules) * 1:18682 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules) * 1:18710 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services buffer overflow attempt (server-other.rules) * 1:18713 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS connection record handling denial of service attempt (server-other.rules) * 1:18714 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS connection record handling denial of service attempt (server-other.rules) * 1:18740 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:18753 <-> DISABLED <-> SERVER-OTHER Zend Server Java Bridge remote code execution attempt (server-other.rules) * 1:18754 <-> ENABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:18755 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio Data Type Memory Corruption (file-office.rules) * 1:18756 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner Windows 7/Server 2008R2 (indicator-compromise.rules) * 1:18757 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner Windows Vista (indicator-compromise.rules) * 1:18759 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules) * 1:18760 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules) * 1:18764 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18766 <-> DISABLED <-> SERVER-OTHER OpenSSL CMS structure OriginatorInfo memory corruption attempt (server-other.rules) * 1:18767 <-> DISABLED <-> PROTOCOL-TFTP Multiple TFTP product buffer overflow attempt (protocol-tftp.rules) * 1:18768 <-> ENABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules) * 1:18770 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit range object remote code execution attempt (browser-webkit.rules) * 1:18776 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director pamm chunk memory corruption attempt (file-other.rules) * 1:18777 <-> DISABLED <-> SERVER-OTHER HP data protector OmniInet service NULL dereference denial of service attempt (server-other.rules) * 1:18790 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe overflow attempt (server-other.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:18794 <-> DISABLED <-> SERVER-WEBAPP RedHat JBoss Enterprise Application Platform JMX authentication bypass attempt (server-webapp.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules) * 1:18796 <-> DISABLED <-> SERVER-WEBAPP Novell iManager ClassName handling overflow attempt (server-webapp.rules) * 1:18797 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration property_box.php other variable command execution attempt (server-webapp.rules) * 1:18798 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations denial of service attempt (server-other.rules) * 1:18799 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations denial of service attempt (server-other.rules) * 1:18801 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JpxDecode invalid crgn memory corruption attempt (file-pdf.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules) * 1:18803 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Runtime CMM readMabCurveData buffer overflow attempt (server-webapp.rules) * 1:18804 <-> DISABLED <-> SERVER-WEBAPP OpenLDAP Modrdn utf-8 string code execution attempt (server-webapp.rules) * 1:18806 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:18807 <-> DISABLED <-> SERVER-OTHER OpenLDAP Modrdn RDN NULL string denial of service attempt (server-other.rules) * 1:18808 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server List Mailer Reply-To address buffer overflow attempt (server-mail.rules) * 1:18809 <-> DISABLED <-> BROWSER-FIREFOX Mozilla EnsureCachedAttrParamArrays integer overflow attempt (browser-firefox.rules) * 1:1882 <-> DISABLED <-> INDICATOR-COMPROMISE id check returned userid (indicator-compromise.rules) * 1:18901 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC Ticket validation double free memory corruption attempt (server-other.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules) * 1:18903 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Rendering Counter Code Execution (browser-webkit.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:18928 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime streaming debug error logging buffer overflow attempt (file-multimedia.rules) * 1:18929 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration objectname variable command injection attempt (server-oracle.rules) * 1:18930 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:18935 <-> DISABLED <-> SERVER-OTHER ISC DHCP server zero length client ID denial of service attempt (server-other.rules) * 1:18948 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint converter bad indirection remote code execution attempt (file-office.rules) * 1:18951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:18952 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:18953 <-> DISABLED <-> FILE-OTHER rich text format unexpected field type memory corruption attempt (file-other.rules) * 1:18954 <-> DISABLED <-> FILE-OTHER rich text format unexpected field type memory corruption attempt (file-other.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:18959 <-> DISABLED <-> SERVER-WEBAPP VMware SpringSource Spring Framework class.classloader remote code execution attempt (server-webapp.rules) * 1:18960 <-> ENABLED <-> SERVER-WEBAPP Novell GroupWise agents HTTP request remote code execution attempt (server-webapp.rules) * 1:18961 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:18972 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration selector variable command injection attempt (server-oracle.rules) * 1:18973 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:18974 <-> DISABLED <-> BROWSER-PLUGINS SAP Crystal Reports PrintControl.dll ActiveX function call attempt (browser-plugins.rules) * 1:18975 <-> DISABLED <-> BROWSER-PLUGINS SAP Crystal Reports PrintControl.dll ActiveX function call access (browser-plugins.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:18986 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18987 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18988 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18989 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18990 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18991 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18995 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit removeAllRanges use-after-free attempt (browser-webkit.rules) * 1:18996 <-> DISABLED <-> SERVER-ORACLE DBMS_JAVA.SET_OUTPUT_TO_JAVA privilege escalation attempt (server-oracle.rules) * 1:18997 <-> DISABLED <-> OS-LINUX Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt (os-linux.rules) * 1:18998 <-> ENABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:19000 <-> DISABLED <-> SERVER-MYSQL Database CASE NULL argument denial of service attempt (server-mysql.rules) * 1:19001 <-> DISABLED <-> SERVER-MYSQL IN NULL argument denial of service attempt (server-mysql.rules) * 1:19002 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer FLV parsing two integer overflow vulnerabilities (file-flash.rules) * 1:19003 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit run-in use-after-free attempt (browser-webkit.rules) * 1:19004 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit run-in use-after-free attempt (browser-webkit.rules) * 1:19005 <-> DISABLED <-> BROWSER-CHROME Apple Safari/Google Chrome Webkit memory corruption attempt (browser-chrome.rules) * 1:19006 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express DtbClsLogin buffer overflow attempt (server-other.rules) * 1:19007 <-> DISABLED <-> SERVER-SAMBA Samba SID parsing overflow attempt (server-samba.rules) * 1:19008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point conversion memory corruption attempt (browser-webkit.rules) * 1:19009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit menu onchange memory corruption attempt (browser-webkit.rules) * 1:19010 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit menu onchange memory corruption attempt (browser-webkit.rules) * 1:19011 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (file-other.rules) * 1:19012 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (file-other.rules) * 1:19013 <-> ENABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules) * 1:19063 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker string size overflow attempt (file-multimedia.rules) * 1:19064 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font index remote code execution attempt (file-other.rules) * 1:19065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19071 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules) * 1:19073 <-> DISABLED <-> SERVER-OTHER Squid Proxy Expect header null pointer denial of service attempt (server-other.rules) * 1:19074 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded noop sled attempt (indicator-obfuscation.rules) * 1:19078 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox html tag attributes memory corruption (browser-firefox.rules) * 1:19080 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19081 <-> DISABLED <-> INDICATOR-OBFUSCATION known suspicious decryption routine (indicator-obfuscation.rules) * 1:19082 <-> ENABLED <-> FILE-PDF Adobe Flash Player memory corruption attempt (file-pdf.rules) * 1:19083 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19084 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules) * 1:19085 <-> DISABLED <-> BROWSER-PLUGINS LEADTOOLS Raster Twain LtocxTwainu.dll ActiveX clsid access (browser-plugins.rules) * 1:19086 <-> DISABLED <-> BROWSER-PLUGINS LEADTOOLS Raster Twain LtocxTwainu.dll ActiveX function call (browser-plugins.rules) * 1:19091 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl3_get_key_exchange use-after-free attempt (server-other.rules) * 1:19092 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl3_get_key_exchange use-after-free attempt (server-other.rules) * 1:19093 <-> DISABLED <-> SERVER-MYSQL Database unique set column denial of service attempt (server-mysql.rules) * 1:19094 <-> DISABLED <-> SERVER-MYSQL Database unique set column denial of service attempt (server-mysql.rules) * 1:19095 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit CSS Charset Text transformation code execution attempt (browser-webkit.rules) * 1:19096 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit CSS Charset Text transformation code execution attempt (browser-webkit.rules) * 1:19097 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit ContentEditable code execution attempt (browser-webkit.rules) * 1:19098 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit ContentEditable code exeuction attempt (browser-webkit.rules) * 1:19099 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari CSS font format corruption attempt (browser-webkit.rules) * 1:19100 <-> DISABLED <-> FILE-JAVA Oracle Java Soundbank resource name overflow attempt (file-java.rules) * 1:19101 <-> DISABLED <-> SERVER-ORACLE Oracle Java Web Server Admin Server denial of service attempt (server-oracle.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules) * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:19107 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer code execution attempt (server-apache.rules) * 1:19108 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInstaller ActiveX clsid access (browser-plugins.rules) * 1:19109 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInstaller ActiveX function call access (browser-plugins.rules) * 1:19110 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Quality Manager and Test Lab Manager policy bypass attempt (server-webapp.rules) * 1:19111 <-> DISABLED <-> FILE-FLASH Adobe Flash Media Server memory exhaustion (file-flash.rules) * 1:19112 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D stucture heap overflow (file-other.rules) * 1:19113 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 81 overflow attempt (file-other.rules) * 1:19114 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 45 overflow attempt (file-other.rules) * 1:19115 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 89 overflow attempt (file-other.rules) * 1:19116 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack mount service code execution attempt (server-other.rules) * 1:19117 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D integer overflow (file-pdf.rules) * 1:19118 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader script injection vulnerability (file-pdf.rules) * 1:19119 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver remote code execution attempt (os-windows.rules) * 1:19120 <-> DISABLED <-> SERVER-OTHER IBM Informix DBINFO stack buffer overflow (server-other.rules) * 1:19121 <-> DISABLED <-> SERVER-OTHER IBM Informix EXPLAIN stack buffer overflow attempt (server-other.rules) * 1:19124 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt (server-apache.rules) * 1:19126 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR handling heap buffer overflow attempt (file-multimedia.rules) * 1:19127 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR handling heap buffer overflow attempt (file-multimedia.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19130 <-> DISABLED <-> FILE-IMAGE Microsoft Windows MSPaint jpeg with malformed SOFx field exploit attempt (file-image.rules) * 1:19131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:19132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:19133 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel EntExU2 write access violation attempt (file-office.rules) * 1:19134 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (file-office.rules) * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:19141 <-> DISABLED <-> FILE-OFFICE Microsoft Access Wizard control memory corruption ActiveX clsid access (file-office.rules) * 1:19142 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager IMAdminScheduleReport.asp SQL injection attempt (server-webapp.rules) * 1:19143 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (file-multimedia.rules) * 1:19144 <-> DISABLED <-> FILE-OTHER Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-other.rules) * 1:19145 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:21338 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules) * 1:21339 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom auth field attempt (file-multimedia.rules) * 1:21340 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom titl field attempt (file-multimedia.rules) * 1:21341 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom 'dscp' field attempt (file-multimedia.rules) * 1:21342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom cprt field attempt (file-multimedia.rules) * 1:21371 <-> ENABLED <-> FILE-OTHER Adobe Shockwave Director KEY chunk buffer overflow attempt (file-other.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules) * 1:21392 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer writing-mode property memory corruption attempt (browser-ie.rules) * 1:21405 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MergeCells record parsing code execution attempt (file-office.rules) * 1:21422 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules) * 1:21423 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules) * 1:21447 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileSystemObject function call (browser-chrome.rules) * 1:21457 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:21458 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:21478 <-> ENABLED <-> FILE-IDENTIFY CHM file attachment detected (file-identify.rules) * 1:21479 <-> ENABLED <-> FILE-IDENTIFY CHM file attachment detected (file-identify.rules) * 1:21480 <-> DISABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21481 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules) * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules) * 1:21498 <-> DISABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21504 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21505 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21506 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21507 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21508 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21516 <-> DISABLED <-> SERVER-WEBAPP JBoss JMX console access attempt (server-webapp.rules) * 1:21522 <-> DISABLED <-> SERVER-APACHE Apache Struts parameters interceptor remote code execution attempt (server-apache.rules) * 1:21568 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP RST denial of service attempt (os-windows.rules) * 1:21570 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RemoteDesktop new session flood attempt (os-windows.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21620 <-> DISABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21663 <-> DISABLED <-> SERVER-OTHER CA BrightStor Agent for Microsoft SQL overflow attempt (server-other.rules) * 1:21664 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules) * 1:21665 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules) * 1:21666 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules) * 1:21667 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21711 <-> DISABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21712 <-> DISABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:19284 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic time-based context keyed encoder (indicator-shellcode.rules) * 1:19285 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic non-alpha/non-upper encoder (indicator-shellcode.rules) * 1:19286 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode uppercase encoder (indicator-shellcode.rules) * 1:19287 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode mixed encoder (indicator-shellcode.rules) * 1:19288 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode tolower encoder (indicator-shellcode.rules) * 1:19290 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitary dll load attempt (file-other.rules) * 1:19294 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:19295 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules) * 1:19296 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:19303 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:19304 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail ActiveX clsid access (browser-plugins.rules) * 1:19305 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail ActiveX function call access (browser-plugins.rules) * 1:19306 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher pubconv.dll corruption attempt (file-office.rules) * 1:19308 <-> DISABLED <-> FILE-OTHER Microsoft Windows embedded OpenType EOT font integer overflow attempt (file-other.rules) * 1:19313 <-> ENABLED <-> SERVER-OTHER Symantec Antivirus Intel Service DoS Attempt (server-other.rules) * 1:19314 <-> DISABLED <-> OS-WINDOWS Groove GroovePerfmon.dll dll-load exploit attempt (os-windows.rules) * 1:19315 <-> DISABLED <-> OS-WINDOWS Microsoft Groove GroovePerfmon.dll dll-load exploit attempt (os-windows.rules) * 1:19317 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmTDiagLine80 record parsing stack buffer overflow attempt (file-office.rules) * 1:19320 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI Header insufficient data corruption attempt (file-multimedia.rules) * 1:19321 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products nsCSSValue Array Index Integer Overflow (browser-firefox.rules) * 1:19322 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer and SharePoint toStaticHTML information disclosure attempt (browser-ie.rules) * 1:19403 <-> DISABLED <-> FILE-MULTIMEDIA Cinepak Codec VIDC decompression remote code execution attempt (file-multimedia.rules) * 1:19405 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:19406 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:19407 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:19408 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption exploit attempt (file-flash.rules) * 1:1941 <-> DISABLED <-> PROTOCOL-TFTP GET filename overflow attempt (protocol-tftp.rules) * 1:19411 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Cross-Domain information disclosure attempt (browser-ie.rules) * 1:19412 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record parsing memory corruption (file-office.rules) * 1:19413 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:19414 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:19420 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (file-multimedia.rules) * 1:19421 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (file-multimedia.rules) * 1:19422 <-> DISABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> DISABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> DISABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> DISABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19431 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI Timestamp buffer overflow attempt (file-multimedia.rules) * 1:19432 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI Timestamp buffer overflow attempt (file-multimedia.rules) * 1:19436 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleSheetRule array memory corruption attempt (browser-ie.rules) * 1:19438 <-> ENABLED <-> SQL url ending in comment characters - possible sql injection attempt (sql.rules) * 1:19441 <-> DISABLED <-> SERVER-WEBAPP Oracle Virtual Server Agent command injection attempt (server-webapp.rules) * 1:19442 <-> DISABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules) * 1:19444 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media sample duration header RCE attempt (file-multimedia.rules) * 1:19445 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Timecode header RCE attempt (file-multimedia.rules) * 1:19446 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media file name header RCE attempt (file-multimedia.rules) * 1:19447 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media content type header RCE attempt (file-multimedia.rules) * 1:19448 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media pixel aspect ratio header RCE attempt (file-multimedia.rules) * 1:19449 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:19450 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:19451 <-> DISABLED <-> SERVER-OTHER Oracle VM server agent command injection (server-other.rules) * 1:19452 <-> DISABLED <-> SERVER-OTHER Oracle VM server agent command injection (server-other.rules) * 1:19458 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules) * 1:19459 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules) * 1:1952 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount request (protocol-rpc.rules) * 1:19552 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel format record code execution attempt (file-office.rules) * 1:19600 <-> DISABLED <-> SERVER-ORACLE Warehouse builder WE_OLAP_AW_SET_SOLVE_ID SQL Injection attempt (server-oracle.rules) * 1:19645 <-> DISABLED <-> SERVER-WEBAPP cross-site scripting attempt via form data attempt (server-webapp.rules) * 1:19649 <-> ENABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules) * 1:19650 <-> DISABLED <-> BROWSER-PLUGINS Cisco AnyConnect ActiveX clsid access (browser-plugins.rules) * 1:19668 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer telnet.exe file load exploit attempt (browser-ie.rules) * 1:19670 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer telnet.exe file load exploit attempt (browser-ie.rules) * 1:19671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules) * 1:19672 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer stylesheet dynamic access memory corruption attempt (browser-ie.rules) * 1:19675 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLString data length exploit attempt (file-office.rules) * 1:19687 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionStoreRegister instruction length invalidation attempt (file-flash.rules) * 1:19707 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:19708 <-> DISABLED <-> SERVER-MAIL Postfix SMTP Server SASL AUTH Handle Reuse Memory Corruption (server-mail.rules) * 1:19710 <-> DISABLED <-> BROWSER-CHROME Google Chrome float rendering corruption attempt (browser-chrome.rules) * 1:19713 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:1972 <-> DISABLED <-> PROTOCOL-FTP PASS overflow attempt (protocol-ftp.rules) * 1:1973 <-> DISABLED <-> PROTOCOL-FTP MKD overflow attempt (protocol-ftp.rules) * 1:1975 <-> DISABLED <-> PROTOCOL-FTP DELE overflow attempt (protocol-ftp.rules) * 1:1976 <-> DISABLED <-> PROTOCOL-FTP RMD overflow attempt (protocol-ftp.rules) * 1:19803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos.FH variant outbound connection (malware-cnc.rules) * 1:19808 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules) * 1:19809 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules) * 1:19810 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS deleteReportTemplate SQL injection attempt (server-other.rules) * 1:19812 <-> ENABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules) * 1:19813 <-> ENABLED <-> SERVER-WEBAPP Novell File Reporter Agent XMLK parsing stack bugger overflow attempt (server-webapp.rules) * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:19818 <-> DISABLED <-> OS-WINDOWS Microsoft XML core services cross-domain information disclosure attempt (os-windows.rules) * 1:19825 <-> DISABLED <-> SERVER-APACHE Apache Killer denial of service tool exploit attempt (server-apache.rules) * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:19867 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules) * 1:19871 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML buffer overflow attempt (browser-ie.rules) * 1:19872 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC remote code execution attempt (browser-ie.rules) * 1:19873 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules) * 1:19884 <-> DISABLED <-> INDICATOR-OBFUSCATION String.fromCharCode with multiple encoding types detected (indicator-obfuscation.rules) * 1:19885 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer daxctle.ocx spline method buffer overflow attempt (browser-ie.rules) * 1:19887 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:19888 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:19889 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded data object found (indicator-obfuscation.rules) * 1:19890 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP CA Arcserve Backup directory traversal attempt (netbios.rules) * 1:19893 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Tabular Control ActiveX overflow by CLSID / param tag (browser-plugins.rules) * 1:19894 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint unbound memcpy and remote code execution attempt (file-office.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:19909 <-> DISABLED <-> BROWSER-PLUGINS Cisco AnyConnect ActiveX clsid access (browser-plugins.rules) * 1:19910 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:19911 <-> ENABLED <-> FILE-OTHER Microsoft SYmbolic LinK stack overflow attempt (file-other.rules) * 1:19926 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt (file-java.rules) * 1:1993 <-> DISABLED <-> PROTOCOL-IMAP login literal buffer overflow attempt (protocol-imap.rules) * 1:19932 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 pointer dereference attempt (file-office.rules) * 1:19937 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access memory corruption attempt (browser-ie.rules) * 1:19938 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules) * 1:19943 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:19956 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules) * 1:19972 <-> DISABLED <-> OS-WINDOWS SMB client TRANS response paramcount overflow attempt (os-windows.rules) * 1:20029 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FNGROUPNAME record memory corruption attempt (file-office.rules) * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules) * 1:20031 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20034 <-> DISABLED <-> FILE-OTHER ESTsoft ALZip MIM file buffer overflow attempt (file-other.rules) * 1:20061 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP ca-alert function 16,23,40, and 41 overflow attempt (netbios.rules) * 1:20062 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel File Importing Code Execution (file-office.rules) * 1:20072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:20073 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:20124 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record attempt (file-office.rules) * 1:20127 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Conditional Formatting record vulnerability (file-office.rules) * 1:20128 <-> DISABLED <-> FILE-OFFICE Microsoft Office invalid MS-OGRAPH DataFormat buffer overflow attempt (file-office.rules) * 1:20131 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20134 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector buffer overflow attempt (server-webapp.rules) * 1:20137 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible generic javascript heap spray attempt (indicator-obfuscation.rules) * 1:20139 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules) * 1:20140 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules) * 1:20141 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules) * 1:20154 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:20155 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll composite glyf buffer overflow attempt (file-pdf.rules) * 1:20158 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish Server default credentials login attempt (server-webapp.rules) * 1:20175 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX clsid access (browser-plugins.rules) * 1:20188 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_config_method request/response attempt (indicator-shellcode.rules) * 1:20191 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_net_method request/response attempt (indicator-shellcode.rules) * 1:20210 <-> ENABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20214 <-> ENABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules) * 1:20215 <-> ENABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules) * 1:20216 <-> DISABLED <-> PROTOCOL-SCADA Beckhoff TwinCAT DoS (protocol-scada.rules) * 1:20223 <-> DISABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20246 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:20247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:20255 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight inheritance restriction bypass (browser-plugins.rules) * 1:20259 <-> ENABLED <-> FILE-OTHER Microsoft Agent Helper Malicious JAR download attempt (file-other.rules) * 1:20261 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows win32k.sys kernel mode null pointer dereference attempt (file-executable.rules) * 1:20262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules) * 1:20263 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlfile null attribute access attempt (browser-ie.rules) * 1:20264 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules) * 1:20265 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer null attribute DoS attempt (browser-ie.rules) * 1:20266 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 Javascript negative option index attack attempt (browser-ie.rules) * 1:20267 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer circular reference exploit attempt (browser-ie.rules) * 1:20268 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Marquee stylesheet object removal (browser-ie.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:20276 <-> DISABLED <-> INDICATOR-OBFUSCATION standard ASCII encoded with UTF-8 possible evasion detected (indicator-obfuscation.rules) * 1:20282 <-> DISABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20283 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC ModPlug ReadS3M overflow attempt (file-multimedia.rules) * 1:20284 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC ModPlug ReadS3M overflow attempt (file-multimedia.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20288 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer QCP parsing buffer overflow attempt (file-multimedia.rules) * 1:20294 <-> DISABLED <-> FILE-IMAGE Adobe Reader and Acrobat Libtiff TIFFFetchShortPair stack buffer overflow attempt (file-image.rules) * 1:20295 <-> DISABLED <-> FILE-IMAGE Public LibTiff Exploit (file-image.rules) * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules) * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:2045 <-> DISABLED <-> PROTOCOL-RPC snmpXdmi overflow attempt UDP (protocol-rpc.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20460 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20472 <-> DISABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20478 <-> DISABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20481 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20514 <-> DISABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20521 <-> DISABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20522 <-> DISABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20528 <-> DISABLED <-> SERVER-APACHE Apache mod_proxy reverse proxy information disclosure attempt (server-apache.rules) * 1:20530 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector directory traversal attempt (server-webapp.rules) * 1:20531 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector directory traversal attempt (server-webapp.rules) * 1:20532 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (server-webapp.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20554 <-> DISABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20577 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious TIFF remote code execution attempt (file-pdf.rules) * 1:20579 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari Ruby before and after memory corruption (browser-chrome.rules) * 1:20591 <-> DISABLED <-> BROWSER-PLUGINS Flexera InstallShield ISGrid2.dll DoFindReplace heap buffer overlow ActiveX clsid access (browser-plugins.rules) * 1:20592 <-> DISABLED <-> BROWSER-PLUGINS Flexera InstallShield ISGrid2.dll DoFindReplace heap buffer overlow ActiveX function call access (browser-plugins.rules) * 1:20593 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules) * 1:20600 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:20607 <-> ENABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20622 <-> ENABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (file-java.rules) * 1:20628 <-> ENABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:20634 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules) * 1:20635 <-> ENABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:20636 <-> ENABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:20637 <-> ENABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:20659 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20700 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (file-office.rules) * 1:20701 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (file-office.rules) * 1:20702 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (file-office.rules) * 1:20703 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (file-office.rules) * 1:20704 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer defaulttime behavior attack attempt (browser-plugins.rules) * 1:20708 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:20709 <-> ENABLED <-> BROWSER-PLUGINS HP Photo Creative ActiveX clsid access (browser-plugins.rules) * 1:20720 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:20722 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20724 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt (file-office.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20734 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player digital video recording buffer overflow attempt (file-multimedia.rules) * 1:20749 <-> DISABLED <-> SERVER-OTHER EMC Retrospect client crafted packet buffer overflow attempt (server-other.rules) * 1:20764 <-> DISABLED <-> SERVER-WEBAPP SyBase MBusiness xml closing tag overflow attempt (server-webapp.rules) * 1:20766 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20767 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20778 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20779 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20780 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20781 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20782 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20783 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20784 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20785 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20786 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20787 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20788 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20789 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20790 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20804 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20805 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20806 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20807 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20808 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20809 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20811 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20822 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt malicious string (browser-ie.rules) * 1:20824 <-> DISABLED <-> OS-WINDOWS generic web server hashing collision attack (os-windows.rules) * 1:20828 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS aspx login ReturnURL arbitrary redirect attempt (server-iis.rules) * 1:20829 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:20834 <-> DISABLED <-> BROWSER-PLUGINS Novell ZENworks LaunchHelp.dll LaunchProcess Code Execution ActiveX clsid access (browser-plugins.rules) * 1:20835 <-> DISABLED <-> BROWSER-PLUGINS Novell ZENworks LaunchHelp.dll LaunchProcess Code Execution ActiveX function call access (browser-plugins.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20842 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20843 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20874 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules) * 1:20884 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20900 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:20903 <-> ENABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20924 <-> DISABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20928 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20960 <-> DISABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20964 <-> DISABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20968 <-> DISABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20972 <-> DISABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20992 <-> DISABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:20993 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow (server-other.rules) * 1:20994 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow (server-other.rules) * 1:20999 <-> ENABLED <-> BROWSER-WEBKIT Microsoft Windows 7 x64 Apple Safari abnormally long iframe exploit attempt (browser-webkit.rules) * 1:21002 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt (file-office.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21037 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules) * 1:21038 <-> DISABLED <-> INDICATOR-OBFUSCATION String.fromCharCode with multiple encoding types detected (indicator-obfuscation.rules) * 1:21039 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:21050 <-> ENABLED <-> SERVER-OTHER HP Diagnostics Server magentservice.exe stack overflow attempt (server-other.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21060 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Administrator console site injection attempt (server-webapp.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21063 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:21064 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call access (browser-plugins.rules) * 1:21072 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (server-apache.rules) * 1:21073 <-> ENABLED <-> SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (server-apache.rules) * 1:21074 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:21076 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:21077 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call (browser-plugins.rules) * 1:21086 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption (browser-ie.rules) * 1:21101 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21112 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21116 <-> ENABLED <-> FILE-OTHER Cisco Webex selector and size2 subrecords corruption attempt (file-other.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21159 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:21167 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:21170 <-> ENABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:21174 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:2118 <-> DISABLED <-> PROTOCOL-IMAP list overflow attempt (protocol-imap.rules) * 1:21190 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products MozOrientation loading attempt (browser-firefox.rules) * 1:21191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products MozOrientation loading attempt (browser-firefox.rules) * 1:21214 <-> DISABLED <-> SERVER-APACHE Apache server mod_proxy reverse proxy bypass attempt (server-apache.rules) * 1:2123 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner (indicator-compromise.rules) * 1:21243 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:21253 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:21258 <-> DISABLED <-> INDICATOR-SHELLCODE Feng-Shui heap grooming using Oleaut32 (indicator-shellcode.rules) * 1:21260 <-> DISABLED <-> SERVER-APACHE Apache Byte-Range Filter denial of service attempt (server-apache.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21292 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:21299 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight privilege escalation attempt (browser-plugins.rules) * 1:21300 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:21301 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules) * 1:21302 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_OLEChunk code execution attempt (file-office.rules) * 1:21305 <-> ENABLED <-> FILE-EXECUTABLE Microsoft .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (file-executable.rules) * 1:21307 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules) * 1:21308 <-> ENABLED <-> FILE-OTHER Microsoft Windows C Run-Time Library remote code execution attempt (file-other.rules) * 1:21316 <-> ENABLED <-> FILE-OTHER Adobe shockwave director tSAC string termination memory corruption attempt (file-other.rules) * 1:21336 <-> ENABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules) * 1:23967 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules) * 1:23985 <-> ENABLED <-> BROWSER-PLUGINS Apple Quicktime plugin SetLanguage buffer overflow attempt (browser-plugins.rules) * 1:23986 <-> ENABLED <-> BROWSER-PLUGINS Apple Quicktime plugin SetLanguage buffer overflow attempt (browser-plugins.rules) * 1:23989 <-> ENABLED <-> FILE-OFFICE Microsoft Office EMF image EMFPlusPointF record memory corruption attempt (file-office.rules) * 1:23993 <-> DISABLED <-> SERVER-OTHER Dhcpcd packet size buffer overflow attempt (server-other.rules) * 1:23996 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23997 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23999 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24000 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24001 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24002 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24003 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24006 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt (file-office.rules) * 1:24007 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:24026 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24029 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules) * 1:24039 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call access (browser-plugins.rules) * 1:24040 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:24041 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:24042 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:24043 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:24044 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:24063 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24074 <-> DISABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24091 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver SOAP interface command injection attempt (server-webapp.rules) * 1:24138 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24139 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24140 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24142 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:2419 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules) * 1:24190 <-> DISABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:24195 <-> DISABLED <-> SERVER-WEBAPP socket_connect buffer overflow attempt (server-webapp.rules) * 1:24196 <-> ENABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX clsid access attempt (browser-plugins.rules) * 1:24199 <-> ENABLED <-> SERVER-MAIL IBM Lotus Notes URI handler command execution attempt (server-mail.rules) * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules) * 1:24201 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:24202 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24207 <-> ENABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24208 <-> ENABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24210 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand use-after-free attempt (browser-ie.rules) * 1:24212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand use-after-free attempt (browser-ie.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24218 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:2422 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules) * 1:2423 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules) * 1:24239 <-> ENABLED <-> SERVER-WEBAPP Novell GroupWise Internet Agent content-length integer overflow attempt (server-webapp.rules) * 1:24244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24252 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand use embedded within javascript tags (browser-ie.rules) * 1:24263 <-> DISABLED <-> FILE-PDF Overly large CreationDate within a pdf - likely malicious (file-pdf.rules) * 1:24267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:24268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:24269 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:24281 <-> ENABLED <-> BROWSER-PLUGINS Cisco Secure Desktop CSDWebInstaller ActiveX clsid access (browser-plugins.rules) * 1:24284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules) * 1:24291 <-> ENABLED <-> SERVER-WEBAPP HP SiteScope APISiteScopeImpl information disclosure attempt (server-webapp.rules) * 1:24292 <-> ENABLED <-> SERVER-WEBAPP HP SiteScope APISiteScopeImpl information disclosure attempt (server-webapp.rules) * 1:24293 <-> DISABLED <-> SERVER-OTHER EMC NetWorker SunRPC buffer overflow attempt (server-other.rules) * 1:24303 <-> DISABLED <-> PROTOCOL-ICMP IPv6 multicast neighbor add attempt (protocol-icmp.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:24315 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24316 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24317 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24318 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24319 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24320 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24321 <-> DISABLED <-> SERVER-OTHER HP StorageWorks File Migration Agent buffer overflow attempt (server-other.rules) * 1:24329 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:24335 <-> DISABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in buffer overflow attempt (browser-plugins.rules) * 1:24336 <-> DISABLED <-> OS-WINDOWS SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules) * 1:24337 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:24338 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:24339 <-> DISABLED <-> SERVER-WEBAPP XML entity parsing information disclosure attempt (server-webapp.rules) * 1:2435 <-> ENABLED <-> FILE-IDENTIFY Microsoft emf file download request (file-identify.rules) * 1:24351 <-> ENABLED <-> FILE-OFFICE Microsoft Works 9 use-after-free attempt (file-office.rules) * 1:21715 <-> DISABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21718 <-> DISABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21721 <-> DISABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21724 <-> DISABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21727 <-> DISABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21748 <-> DISABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21751 <-> DISABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21752 <-> ENABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules) * 1:21753 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Management Interface HTTP digest authentication stack buffer overflow attempt (protocol-voip.rules) * 1:21776 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange MODPROPS denial of service attempt (server-mail.rules) * 1:21792 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows .NET invalid parsing of graphics data attempt (file-executable.rules) * 1:21793 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules) * 1:21795 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:21796 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:21797 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21798 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21799 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21800 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21801 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21807 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21810 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21811 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21814 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21869 <-> ENABLED <-> FILE-OTHER Java JRE sandbox breach attempt (file-other.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21878 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:21879 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file attachment detected (file-identify.rules) * 1:21880 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file attachment detected (file-identify.rules) * 1:21884 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules) * 1:21885 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21896 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21897 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21898 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21899 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21900 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21901 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21902 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21904 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21905 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21906 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21908 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules) * 1:21909 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules) * 1:21913 <-> DISABLED <-> SERVER-OTHER EMC data protection advisor DOS attempt (server-other.rules) * 1:21914 <-> ENABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:21915 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21918 <-> ENABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express Buffer Overflow ActiveX clsid access attempt (browser-plugins.rules) * 1:21919 <-> ENABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express Buffer Overflow ActiveX function call access attempt (browser-plugins.rules) * 1:21922 <-> DISABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (file-other.rules) * 1:21927 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:21935 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:21937 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21944 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Web Reports xss attempt (server-other.rules) * 1:21948 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22009 <-> ENABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22038 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:22042 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows .NET invalid parsing of graphics data attempt (file-executable.rules) * 1:22052 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style record overflow attempt (file-office.rules) * 1:22066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word ScriptBridge OCX controller attempt (file-office.rules) * 1:22069 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22070 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22075 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio IndexDirectorySize greater than ChildrenSize memory access attempt (file-office.rules) * 1:22076 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:22077 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ObjectLink invalid wLinkVar2 value attempt (file-office.rules) * 1:22078 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:22091 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:22092 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtY memory corruption attempt (file-office.rules) * 1:22093 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxTrend sdtX memory corruption attempt (file-office.rules) * 1:22094 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxErrBar sdtX memory corruption attempt (file-office.rules) * 1:22104 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22105 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22106 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22107 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22108 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22109 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:2278 <-> DISABLED <-> SERVER-WEBAPP client negative Content-Length attempt (server-webapp.rules) * 1:22915 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22916 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22938 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:22942 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:22943 <-> DISABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22946 <-> DISABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22947 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (file-other.rules) * 1:22950 <-> DISABLED <-> SERVER-WEBAPP EXIF header parsing integer overflow attempt big endian (server-webapp.rules) * 1:22952 <-> ENABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:22954 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed SELECTION Record Code Execution attempt (file-office.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22999 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23009 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:23011 <-> DISABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23014 <-> DISABLED <-> FILE-OTHER Adobe Photoshop asset elements stack based buffer overflow attempt (file-other.rules) * 1:23015 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari runin handling use after free attempt (browser-chrome.rules) * 1:23041 <-> DISABLED <-> FILE-PDF EmbeddedFile contained within a PDF (file-pdf.rules) * 1:23046 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Enterprise server cross site scripting attempt (server-webapp.rules) * 1:23047 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Enterprise server cross site scripting attempt (server-webapp.rules) * 1:23056 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceR3Info buffer overflow attempt (server-other.rules) * 1:23059 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules) * 1:23060 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:23097 <-> DISABLED <-> SERVER-OTHER IBM solidDB SELECT statement denial of service attempt (server-other.rules) * 1:23098 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules) * 1:23099 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceHex denial of service attempt (server-other.rules) * 1:23100 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:23101 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:23111 <-> ENABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:23112 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher denial of service attempt (server-other.rules) * 1:23116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:23117 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 DOM element use after free attempt (browser-ie.rules) * 1:23118 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer console object use after free attempt (browser-ie.rules) * 1:23121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer center element dynamic manipulation attempt (browser-ie.rules) * 1:23123 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getBoundingClientRect incorrect rebalancing attempt (browser-ie.rules) * 1:23124 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:23125 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:23136 <-> DISABLED <-> BROWSER-IE Microsoft multiple product toStaticHTML XSS attempt (browser-ie.rules) * 1:23137 <-> DISABLED <-> BROWSER-IE Microsoft multiple product toStaticHTML XSS attempt (browser-ie.rules) * 1:23151 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel zero-width worksheet code execution attempt (file-office.rules) * 1:23152 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23170 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:23175 <-> ENABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:23177 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway timer.php cross site scripting attempt (server-webapp.rules) * 1:23186 <-> DISABLED <-> BROWSER-PLUGINS Dell CrazyTalk.DLL ActiveX clsid access (browser-plugins.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23203 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23204 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23209 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager command shell execution attempt (protocol-voip.rules) * 1:23210 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager command shell execution attempt (protocol-voip.rules) * 1:23212 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:23213 <-> DISABLED <-> SQL Ruby on rails SQL injection attempt (sql.rules) * 1:23227 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:23229 <-> DISABLED <-> BROWSER-PLUGINS Oracle Webcenter ActiveX function call access (browser-plugins.rules) * 1:23237 <-> DISABLED <-> OS-WINDOWS SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules) * 1:23238 <-> DISABLED <-> NETBIOS Wireshark console.lua file load exploit attempt (netbios.rules) * 1:23241 <-> ENABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules) * 1:23243 <-> DISABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (file-java.rules) * 1:23253 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care XMLSimpleAccessor ActiveX function call access attempt (browser-plugins.rules) * 1:23256 <-> DISABLED <-> FILE-EXECUTABLE Armadillo v1.71 packer file magic detected (file-executable.rules) * 1:23258 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:23263 <-> DISABLED <-> FILE-PDF Adobe flash player newfunction memory corruption attempt (file-pdf.rules) * 1:23264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:23265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:23269 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:23271 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23273 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23274 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23275 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23276 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23277 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23278 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer nested list memory corruption attempt (browser-ie.rules) * 1:23280 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer corrupted HROW instance write access violation attempt (browser-ie.rules) * 1:23284 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Forms Recognition ActiveX function call attempt (browser-plugins.rules) * 1:23285 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:23286 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23305 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:23314 <-> DISABLED <-> OS-WINDOWS SMB invalid character argument injection attempt (os-windows.rules) * 1:23346 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules) * 1:23347 <-> DISABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23352 <-> ENABLED <-> BROWSER-PLUGINS Cisco Linksys PlayerPT ActiveX clsid access attempt (browser-plugins.rules) * 1:23354 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules) * 1:23355 <-> ENABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules) * 1:23368 <-> DISABLED <-> PROTOCOL-DNS Tftpd32 DNS server denial of service attempt (protocol-dns.rules) * 1:23370 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules) * 1:2338 <-> DISABLED <-> PROTOCOL-FTP LIST buffer overflow attempt (protocol-ftp.rules) * 1:23384 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger parameter memory corruption attempt (server-webapp.rules) * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger parameter memory corruption attempt (server-webapp.rules) * 1:23392 <-> DISABLED <-> SERVER-OTHER IBM SolidDB redundant where clause DoS attempt (server-other.rules) * 1:23393 <-> DISABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23395 <-> ENABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:23398 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules) * 1:23400 <-> ENABLED <-> FILE-OTHER Apple Quicktime JPEG2000 length integer underflow attempt (file-other.rules) * 1:23401 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish server REST interface cross site request forgery attempt (server-webapp.rules) * 1:23414 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23444 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet License Server buffer overflow attempt (server-other.rules) * 1:23461 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML Transform attribute overflow attempt (file-other.rules) * 1:23462 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23463 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML sampleData attribute overflow attempt (file-other.rules) * 1:23464 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:23465 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23504 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:23577 <-> ENABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (file-other.rules) * 1:23580 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (file-other.rules) * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23609 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer getBoundingClientRect incorrect rebalancing attempt (browser-ie.rules) * 1:23614 <-> ENABLED <-> FILE-JAVA Oracle JavaScript heap exploitation library usage attempt (file-java.rules) * 1:23626 <-> DISABLED <-> SERVER-IIS cmd.exe access (server-iis.rules) * 1:23632 <-> ENABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23648 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23659 <-> DISABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23664 <-> DISABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23666 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23691 <-> DISABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23695 <-> DISABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23696 <-> DISABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23703 <-> DISABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23707 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23709 <-> DISABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23714 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> DISABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23732 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> DISABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> DISABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23757 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CHM file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23760 <-> DISABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> DISABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> DISABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23774 <-> DISABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23783 <-> ENABLED <-> SERVER-WEBAPP Symantec Web Gateway pbcontrol.php filename parameter command injection attempt (server-webapp.rules) * 1:23789 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Multiple Products table frames memory corruption attempt (browser-firefox.rules) * 1:23805 <-> ENABLED <-> BROWSER-WEBKIT WebKit button column memory corruption attempt (browser-webkit.rules) * 1:23806 <-> DISABLED <-> FILE-OTHER Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt (file-other.rules) * 1:23807 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23810 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23834 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer asynchronous code execution attempt (browser-ie.rules) * 1:23835 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer asynchronous code execution attempt (browser-ie.rules) * 1:23836 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules) * 1:23838 <-> ENABLED <-> OS-WINDOWS SMB NetServerEnum response host format string exploit attempt (os-windows.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23842 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23844 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt (file-office.rules) * 1:23853 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23854 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23855 <-> DISABLED <-> FILE-FLASH string heapspray flash file - likely attack (file-flash.rules) * 1:23856 <-> DISABLED <-> FILE-FLASH string heapspray flash file - likely attack (file-flash.rules) * 1:23857 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - ASCII (indicator-shellcode.rules) * 1:23858 <-> DISABLED <-> FILE-OTHER heapspray characters detected - binary (file-other.rules) * 1:23859 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - hexadecimal encoding (indicator-shellcode.rules) * 1:23860 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - ASCII (indicator-shellcode.rules) * 1:23861 <-> DISABLED <-> FILE-OTHER heapspray characters detected - binary (file-other.rules) * 1:23862 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - hexadecimal encoding (indicator-shellcode.rules) * 1:23878 <-> DISABLED <-> BROWSER-PLUGINS Oracle JRE Deployment Toolkit ActiveX clsid access attempt (browser-plugins.rules) * 1:23879 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:23880 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:23889 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:2389 <-> DISABLED <-> PROTOCOL-FTP RNTO overflow attempt (protocol-ftp.rules) * 1:23890 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23897 <-> DISABLED <-> FILE-PDF Sending of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules) * 1:23904 <-> DISABLED <-> BLACKLIST DNS request for known malware domain publicnews.mooo.com - Backdoor.Briba (blacklist.rules) * 1:2392 <-> DISABLED <-> PROTOCOL-FTP RETR overflow attempt (protocol-ftp.rules) * 1:23934 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway blocked.php blind sql injection attempt (server-webapp.rules) * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23957 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23958 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:23959 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:23960 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:23961 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:27189 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27190 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27191 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27211 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27217 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 260 buffer overflow attempt (server-other.rules) * 1:27232 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:27233 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:27245 <-> ENABLED <-> SERVER-APACHE Apache Struts2 remote code execution attempt (server-apache.rules) * 1:27261 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 215 buffer overflow attempt (server-other.rules) * 1:27262 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 263 buffer overflow attempt (server-other.rules) * 1:27264 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt (server-other.rules) * 1:27539 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 234 buffer overflow attempt (server-other.rules) * 1:27568 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules) * 1:27571 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 235 buffer overflow attempt (server-other.rules) * 1:27582 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27583 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27615 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:27616 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:27617 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 264 buffer overflow attempt (server-other.rules) * 1:27621 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27622 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27672 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27673 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27674 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27675 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27676 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27677 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27691 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27692 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27750 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27751 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27769 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 207 buffer overflow attempt (server-other.rules) * 1:27770 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 210 buffer overflow attempt (server-other.rules) * 1:27771 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 236 buffer overflow attempt (server-other.rules) * 1:27772 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 243 buffer overflow attempt (server-other.rules) * 1:27773 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 265 buffer overflow attempt (server-other.rules) * 1:27781 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX clsid access (browser-plugins.rules) * 1:27782 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX function call access (browser-plugins.rules) * 1:27816 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit jar file download attempt (exploit-kit.rules) * 1:27822 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules) * 1:27837 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:27838 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:27843 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos object use-after-free attempt (browser-ie.rules) * 1:27844 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos object use-after-free attempt (browser-ie.rules) * 1:27862 <-> ENABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt (server-webapp.rules) * 1:27869 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27870 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27871 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27872 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27921 <-> DISABLED <-> SERVER-ORACLE Oracle Endeca Server createDataStore remote command injection attempt (server-oracle.rules) * 1:27937 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateCertificatesServlet directory traversal attempt (server-other.rules) * 1:27941 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateDomainControllerServlet directory traversal attempt (server-other.rules) * 1:27943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onlosecapture memory corruption attempt (browser-ie.rules) * 1:27944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onlosecapture memory corruption attempt (browser-ie.rules) * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:28135 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:28136 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:28207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules) * 1:28208 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules) * 1:28227 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 211 buffer overflow attempt (server-other.rules) * 1:28252 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:28256 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28257 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ICC remote memory corruption attempt (file-pdf.rules) * 1:28258 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:28259 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:28260 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ICC remote memory corruption attempt (file-pdf.rules) * 1:28261 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28262 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:28266 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll composite glyf buffer overflow attempt (file-pdf.rules) * 1:28267 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules) * 1:28268 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules) * 1:28269 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules) * 1:28270 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules) * 1:28271 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlfile null attribute access attempt (browser-ie.rules) * 1:28272 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer htmlfile ActiveX object access attempt (browser-plugins.rules) * 1:28276 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:28277 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:28278 <-> ENABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt (server-webapp.rules) * 1:28287 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object cells reference memory corruption vulnerability (browser-ie.rules) * 1:28303 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules) * 1:28306 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS expression defined to empty selection attempt (browser-ie.rules) * 1:28309 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Oracle Java compromise (exploit-kit.rules) * 1:28315 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28331 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28332 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24352 <-> ENABLED <-> FILE-OFFICE Microsoft Works 9 use-after-free attempt (file-office.rules) * 1:24353 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF malformed listid attempt (file-office.rules) * 1:24354 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF malformed listid attempt (file-office.rules) * 1:24357 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rgfc value overflow attempt (file-office.rules) * 1:24358 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rgfc value overflow attempt (file-office.rules) * 1:2436 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules) * 1:2438 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer playlist file URL overflow attempt (file-multimedia.rules) * 1:2439 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer playlist http URL overflow attempt (file-multimedia.rules) * 1:2440 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer playlist rtsp URL overflow attempt (file-multimedia.rules) * 1:24428 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24430 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24431 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24435 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Asset Management default admin credentials function call attempt (server-webapp.rules) * 1:24436 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Asset Management default admin credentials function call attempt (server-webapp.rules) * 1:24446 <-> ENABLED <-> SERVER-OTHER EMC NetWorker SunRPC format string exploit attempt (server-other.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24480 <-> ENABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:24483 <-> DISABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> DISABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24485 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:24486 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:24487 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules) * 1:24507 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:24508 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:24520 <-> ENABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt (server-webapp.rules) * 1:24549 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV Atom length buffer overflow attempt (file-multimedia.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24559 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ShowPropertiesDialog ActiveX clsid access (browser-plugins.rules) * 1:24560 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ShowPropertiesDialog ActiveX function call access (browser-plugins.rules) * 1:24570 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24571 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24572 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24573 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24574 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24587 <-> ENABLED <-> FILE-OFFICE Microsoft Works Word document use after free attempt (file-office.rules) * 1:24588 <-> ENABLED <-> FILE-OFFICE Microsoft Works Word document use after free attempt (file-office.rules) * 1:24599 <-> DISABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:24639 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 122 invalid function call attempt (protocol-rpc.rules) * 1:24640 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie buffer overflow attempt (file-multimedia.rules) * 1:24645 <-> ENABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX clsid access (browser-plugins.rules) * 1:24646 <-> ENABLED <-> BROWSER-PLUGINS Tom Sawyer GET exetension ActiveX clsid access (browser-plugins.rules) * 1:24675 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules) * 1:24676 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules) * 1:24677 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix server open PDU denial of service attempt (server-other.rules) * 1:24678 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24679 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24680 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24686 <-> DISABLED <-> SERVER-OTHER HP StorageWorks file migration agent buffer overflow attempt (server-other.rules) * 1:24687 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:24688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:24693 <-> ENABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:24694 <-> ENABLED <-> FILE-IMAGE Apple QuickTime PICT file opcode corruption attempt (file-image.rules) * 1:24696 <-> ENABLED <-> PROTOCOL-RPC EMC Networker nsrindexd.exe procedure 0x01 buffer overflow attempt (protocol-rpc.rules) * 1:24697 <-> DISABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules) * 1:24698 <-> DISABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules) * 1:24700 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:24701 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules) * 1:24702 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24704 <-> ENABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24705 <-> ENABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24706 <-> DISABLED <-> SERVER-WEBAPP Netop Remote Control dws file buffer overflow attempt (server-webapp.rules) * 1:24708 <-> DISABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24711 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules) * 1:24712 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules) * 1:24713 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules) * 1:24714 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules) * 1:24715 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules) * 1:24716 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules) * 1:24717 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules) * 1:24718 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules) * 1:24719 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24720 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP keypad button message denial of service attempt (protocol-voip.rules) * 1:24723 <-> ENABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX clsid access attempt (browser-plugins.rules) * 1:24738 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:24739 <-> DISABLED <-> SERVER-OTHER Gimp Script-Fu server buffer overflow attempt (server-other.rules) * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24761 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24768 <-> DISABLED <-> SERVER-OTHER RealPlayer Helix rn5auth credential overflow attempt (server-other.rules) * 1:24769 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24773 <-> ENABLED <-> BROWSER-PLUGINS IBM Lotus iNotes buffer overflow ActiveX clsid access (browser-plugins.rules) * 1:24774 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access (browser-plugins.rules) * 1:24776 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access (browser-plugins.rules) * 1:24801 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager Express asset.getmimetype sql injection attempt (server-webapp.rules) * 1:24802 <-> ENABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules) * 1:24803 <-> DISABLED <-> PROTOCOL-SCADA GE Proficy Real-Time Information Portal directory traversal attempt (protocol-scada.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24818 <-> DISABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24819 <-> DISABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24824 <-> DISABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24827 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24828 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24829 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24830 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24831 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24832 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24833 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24834 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24835 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24836 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24869 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:24870 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:24871 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:24872 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:24874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24876 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24877 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24898 <-> ENABLED <-> SERVER-OTHER ABB Multiple Product RobNetScanHost.exe buffer overflow attempt (server-other.rules) * 1:24901 <-> DISABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24911 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In Excel file parsing integer overflow attempt (server-oracle.rules) * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24957 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24958 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24959 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24960 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24961 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24962 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24963 <-> ENABLED <-> BROWSER-PLUGINS Microsoft DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24964 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24965 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24966 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24967 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24968 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24969 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24970 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24974 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf invalid listoverridecount value attempt (file-office.rules) * 1:24975 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf invalid listoverridecount value attempt (file-office.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules) * 1:24994 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules) * 1:24995 <-> DISABLED <-> SERVER-OTHER Free Software Foundation GnuTLS record application integer overflow attempt (server-other.rules) * 1:24998 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:25003 <-> ENABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules) * 1:25005 <-> ENABLED <-> BROWSER-PLUGINS ClearQuest session stack corruption attempt (browser-plugins.rules) * 1:25006 <-> ENABLED <-> FILE-JAVA Oracle JavaScript heap exploitation library usage attempt (file-java.rules) * 1:25019 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25035 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight inheritance restriction bypass (browser-plugins.rules) * 1:25036 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit form elements virtual function DoS attempt (browser-webkit.rules) * 1:25037 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25038 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25061 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Software Installer MSI binary file magic detected (file-executable.rules) * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25063 <-> DISABLED <-> SERVER-WEBAPP PHP htmlspecialchars htmlentities function buffer overflow attempt (server-webapp.rules) * 1:25078 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer sign extension vulnerability exploitation attempt (browser-ie.rules) * 1:2508 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP lsass DsRolerUpgradeDownlevelServer overflow attempt (os-windows.rules) * 1:25111 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX clsid access attempt (browser-plugins.rules) * 1:25112 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25113 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25114 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25115 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX clsid access attempt (browser-plugins.rules) * 1:25116 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25117 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25118 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25122 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:25123 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:25225 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Marquee stylesheet object removal (browser-ie.rules) * 1:25226 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Marquee stylesheet object removal (browser-ie.rules) * 1:25250 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:25252 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (file-executable.rules) * 1:25253 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (file-executable.rules) * 1:25287 <-> DISABLED <-> SERVER-OTHER Rails XML parameter parsing vulnerability exploitation attempt (server-other.rules) * 1:25288 <-> DISABLED <-> SERVER-OTHER Rails XML parameter parsing vulnerability exploitation attempt (server-other.rules) * 1:25293 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25297 <-> ENABLED <-> FILE-MULTIMEDIA Mozilla products Ogg Vorbis decoding memory corruption attempt (file-multimedia.rules) * 1:25299 <-> ENABLED <-> BROWSER-PLUGINS IBM VsVIEW ActiveX control directory traversal attempt (browser-plugins.rules) * 1:25300 <-> ENABLED <-> BROWSER-PLUGINS IBM VsVIEW ActiveX control directory traversal attempt (browser-plugins.rules) * 1:25303 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF memory corruption attempt (file-other.rules) * 1:25304 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF memory corruption attempt (file-other.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25309 <-> ENABLED <-> FILE-OTHER Adobe Audition Session file stack buffer overflow attempt (file-other.rules) * 1:25310 <-> ENABLED <-> FILE-OTHER Adobe Audition Session file stack buffer overflow attempt (file-other.rules) * 1:25312 <-> ENABLED <-> SERVER-OTHER Microsoft Forefront Threat Management Gateway remote code execution attempt (server-other.rules) * 1:25314 <-> DISABLED <-> OS-LINUX Linux kernel IGMP queries denial of service attempt (os-linux.rules) * 1:25315 <-> DISABLED <-> SERVER-ORACLE Oracle TNS listener service registration (server-oracle.rules) * 1:25316 <-> ENABLED <-> BROWSER-PLUGINS InduSoft ISSymbol InternationalSeparator heap overflow attempt (browser-plugins.rules) * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules) * 1:25318 <-> ENABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25319 <-> ENABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25320 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (browser-ie.rules) * 1:25321 <-> DISABLED <-> SERVER-ORACLE Oracle Database tablefunc_asown buffer overflow attempt (server-oracle.rules) * 1:25329 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules) * 1:25330 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel conditional code execution attempt (file-office.rules) * 1:25331 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel conditional code execution attempt (file-office.rules) * 1:25332 <-> ENABLED <-> FILE-OTHER Adobe Audition Session file tkrm stack buffer overflow attempt (file-other.rules) * 1:25333 <-> DISABLED <-> PROTOCOL-DNS Exim DKIM decoding buffer overflow attempt (protocol-dns.rules) * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25341 <-> ENABLED <-> FILE-OTHER Cisco WebEx player remote code execution attempt (file-other.rules) * 1:25342 <-> DISABLED <-> SERVER-OTHER ISC dhcpd bootp request missing options field DOS attempt (server-other.rules) * 1:25343 <-> ENABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (browser-plugins.rules) * 1:25344 <-> ENABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (browser-plugins.rules) * 1:25345 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Web interface arbitrary command execution attempt (server-webapp.rules) * 1:25346 <-> ENABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25347 <-> ENABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25348 <-> ENABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25352 <-> DISABLED <-> SERVER-OTHER HP HP Intelligent Management Center syslog remote code execution attempt (server-other.rules) * 1:25353 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules) * 1:25354 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules) * 1:25355 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules) * 1:25356 <-> DISABLED <-> SERVER-OTHER Squid Gopher response processing buffer overflow attempt (server-other.rules) * 1:25357 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:25366 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:25367 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:25380 <-> DISABLED <-> SERVER-OTHER EMC AutoStart domain name logging stack buffer overflow attempt (server-other.rules) * 1:25472 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules) * 1:25513 <-> ENABLED <-> FILE-IDENTIFY Portable Executable download detected (file-identify.rules) * 1:25514 <-> ENABLED <-> FILE-IDENTIFY Portable Executable download detected (file-identify.rules) * 1:25515 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:25516 <-> DISABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25517 <-> DISABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:25535 <-> ENABLED <-> PROTOCOL-SERVICES Cisco Prime Lan Management rsh command execution attempt (protocol-services.rules) * 1:25542 <-> ENABLED <-> PROTOCOL-RPC EMC NetWorker nsrindexd service buffer overflow attempt (protocol-rpc.rules) * 1:25549 <-> ENABLED <-> SERVER-OTHER Novell eDirectory NCP stack buffer overflow attempt (server-other.rules) * 1:25550 <-> ENABLED <-> SERVER-OTHER Novell eDirectory NCP stack buffer overflow attempt (server-other.rules) * 1:25562 <-> DISABLED <-> FILE-JAVA Oracle Java obfuscated jar file download attempt (file-java.rules) * 1:25582 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25586 <-> DISABLED <-> SERVER-WEBAPP Nagios Core get_history buffer overflow attempt (server-webapp.rules) * 1:25634 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoder shellcode (indicator-shellcode.rules) * 1:25636 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25639 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25640 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25644 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25645 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25646 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25647 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25648 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25659 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - spam_bot (blacklist.rules) * 1:25676 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25677 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25678 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25679 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25681 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:2570 <-> DISABLED <-> SERVER-WEBAPP Invalid HTTP Version String (server-webapp.rules) * 1:25803 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit jar file dropped (exploit-kit.rules) * 1:25810 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25811 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25817 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bolsilloner.es (blacklist.rules) * 1:25818 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:25819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:25830 <-> ENABLED <-> FILE-JAVA Oracle Java malicious class download attempt (file-java.rules) * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:25850 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:25851 <-> ENABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:25852 <-> ENABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:25984 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:25985 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:25986 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:26021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XML Java used in app.setTimeOut (file-pdf.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:26076 <-> DISABLED <-> FILE-PDF download of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules) * 1:26077 <-> DISABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript - JavaScript object detected (file-pdf.rules) * 1:26078 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules) * 1:26103 <-> ENABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra ping request buffer overflow attempt (server-other.rules) * 1:26105 <-> ENABLED <-> SERVER-OTHER BigAnt IM Server buffer overflow attempt (server-other.rules) * 1:2611 <-> DISABLED <-> SERVER-ORACLE LINK metadata buffer overflow attempt (server-oracle.rules) * 1:26110 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:26111 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:26112 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:26113 <-> ENABLED <-> FILE-PDF Adobe Flash Player memory corruption attempt (file-pdf.rules) * 1:26193 <-> DISABLED <-> BROWSER-PLUGINS Honeywell HscRemoteDeploy ActiveX control arbitrary HTA execution attempt (browser-plugins.rules) * 1:26231 <-> DISABLED <-> FILE-PDF PDF version 1.1 with FlateDecode embedded - seen in exploit kits (file-pdf.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:26263 <-> DISABLED <-> SERVER-WEBAPP Wordpress wp-banners-lite plugin cross site scripting attempt (server-webapp.rules) * 1:26264 <-> ENABLED <-> MALWARE-CNC Dapato banking Trojan variant outbound connection (malware-cnc.rules) * 1:26265 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mercury.yori.pl - Kazy Trojan (blacklist.rules) * 1:26280 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26281 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26282 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26283 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26355 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26356 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26357 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26358 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26359 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26360 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26361 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26362 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26363 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26364 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26365 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26374 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:26392 <-> ENABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:26414 <-> ENABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server executable file upload attempt (protocol-scada.rules) * 1:26415 <-> ENABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server directory traversal attempt (protocol-scada.rules) * 1:26416 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (server-webapp.rules) * 1:26417 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (server-webapp.rules) * 1:26418 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (server-webapp.rules) * 1:26456 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26457 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26479 <-> DISABLED <-> SERVER-OTHER ActFax LPD Server data field buffer overflow attempt (server-other.rules) * 1:26488 <-> ENABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server directory traversal attempt (protocol-scada.rules) * 1:26491 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26495 <-> ENABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26496 <-> ENABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26501 <-> DISABLED <-> SERVER-OTHER BigAnt Document Service DDNF request stack buffer overflow attempt (server-other.rules) * 1:26502 <-> ENABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26503 <-> ENABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26504 <-> ENABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26513 <-> DISABLED <-> FILE-PDF PDF with large embedded JavaScript - JS string attempt (file-pdf.rules) * 1:26547 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin preg_replace remote code execution attempt (server-webapp.rules) * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:26573 <-> DISABLED <-> BROWSER-PLUGINS Honeywell HscRemoteDeploy ActiveX control arbitrary HTA execution attempt (browser-plugins.rules) * 1:26584 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules) * 1:26587 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JMX findclass sandbox breach attempt (file-java.rules) * 1:26588 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JMX findclass sandbox breach attempt (file-java.rules) * 1:26595 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript hex character extraction routine detected (indicator-obfuscation.rules) * 1:26596 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript fromCharCode xor decryption routine detected (indicator-obfuscation.rules) * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules) * 1:26651 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26664 <-> ENABLED <-> FILE-IMAGE BMP extremely large xpos opcodes (file-image.rules) * 1:26704 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:26761 <-> DISABLED <-> OS-MOBILE Android Fakeinst device information leakage (os-mobile.rules) * 1:26786 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26787 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26790 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26791 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules) * 1:26824 <-> ENABLED <-> SERVER-OTHER Apache Struts allowStaticMethodAccess invocation attempt (server-other.rules) * 1:26825 <-> ENABLED <-> SERVER-OTHER Apache Struts allowStaticMethodAccess invocation attempt (server-other.rules) * 1:26848 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 emulation via meta tag (browser-ie.rules) * 1:26854 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected cHRM overflow attempt (file-image.rules) * 1:26855 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iCCP overflow attempt (file-image.rules) * 1:26860 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tRNS overflow attempt (file-image.rules) * 1:26879 <-> DISABLED <-> BROWSER-OTHER local loopback address in html (browser-other.rules) * 1:26927 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26928 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26973 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules) * 1:26976 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:26977 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:26979 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:26980 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix snmp master agent denial of service attempt (server-other.rules) * 1:27018 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:27019 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:27020 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules) * 1:27028 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27029 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27030 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27036 <-> DISABLED <-> SERVER-OTHER Novell NetIQ User Manager modifyAccounts policy bypass attempt (server-other.rules) * 1:27075 <-> DISABLED <-> SERVER-OTHER Novell NetIQ User Manager ldapagnt_eval remote code execution attempt (server-other.rules) * 1:27076 <-> ENABLED <-> FILE-JAVA Oracle Java Applet disable security manager attempt (file-java.rules) * 1:27077 <-> ENABLED <-> FILE-JAVA Oracle Java Applet disable security manager attempt (file-java.rules) * 1:27104 <-> ENABLED <-> SERVER-WEBAPP HP System Management arbitrary command injection attempt (server-webapp.rules) * 1:27105 <-> ENABLED <-> SERVER-WEBAPP HP System Management arbitrary command injection attempt (server-webapp.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:27122 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 buffer overflow attempt (server-other.rules) * 1:27123 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (server-other.rules) * 1:27124 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1092 buffer overflow attempt (server-other.rules) * 1:27125 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 211 buffer overflow attempt (server-other.rules) * 1:27150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27151 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27152 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27153 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27170 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 buffer overflow attempt (server-other.rules) * 1:27171 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27172 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27185 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27187 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27188 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:31312 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31320 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31321 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31322 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31323 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31324 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31325 <-> ENABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31366 <-> ENABLED <-> FILE-JAVA Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:31367 <-> ENABLED <-> FILE-JAVA Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:3143 <-> DISABLED <-> OS-WINDOWS SMB Trans2 FIND_FIRST2 command response overflow attempt (os-windows.rules) * 1:3144 <-> DISABLED <-> OS-WINDOWS SMB Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules) * 1:3145 <-> DISABLED <-> OS-WINDOWS SMB-DS Trans2 FIND_FIRST2 response overflow attempt (os-windows.rules) * 1:3146 <-> DISABLED <-> OS-WINDOWS SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules) * 1:31540 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31541 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31694 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:31877 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31878 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31879 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31880 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31881 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31882 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31889 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (server-mail.rules) * 1:31890 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (server-mail.rules) * 1:31901 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Oracle Java encoded shellcode detected (exploit-kit.rules) * 1:32102 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules) * 1:32103 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules) * 1:32104 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules) * 1:32105 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules) * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (server-webapp.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (server-webapp.rules) * 1:32232 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32233 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32234 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32235 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:32359 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:32364 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:32762 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt (browser-ie.rules) * 1:32763 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt (browser-ie.rules) * 1:32971 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (server-webapp.rules) * 1:32991 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver SXPG_COMMAND_EXECUTE remote command execution attempt (server-other.rules) * 1:32992 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver SXPG_COMMAND_EXECUTE remote command execution attempt (server-other.rules) * 1:32993 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XMLSerializer serializeToStream use-after-free attempt (browser-firefox.rules) * 1:32994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XMLSerializer serializeToStream use-after-free attempt (browser-firefox.rules) * 1:32997 <-> DISABLED <-> SERVER-OTHER Sophos Web Appliance arbitrary command execution attempt (server-other.rules) * 1:32998 <-> DISABLED <-> SERVER-OTHER Sophos Web Appliance arbitrary command execution attempt (server-other.rules) * 1:32999 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules) * 1:33000 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules) * 1:33001 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules) * 1:33002 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules) * 1:33003 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules) * 1:33004 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules) * 1:33005 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33006 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33007 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33008 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33009 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33010 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33011 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33012 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33013 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:33014 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:33015 <-> DISABLED <-> PROTOCOL-SCADA ABB MicroSCADA wserver.exe EXECUTE remote code execution attempt (protocol-scada.rules) * 1:33018 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX buffer overflow attempt (browser-ie.rules) * 1:33019 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX buffer overflow attempt (browser-ie.rules) * 1:33020 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX buffer overflow attempt (browser-ie.rules) * 1:33021 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX buffer overflow attempt (browser-ie.rules) * 1:33022 <-> DISABLED <-> FILE-OTHER Apple Quicktime invalid atom length buffer overflow attempt (file-other.rules) * 1:33023 <-> DISABLED <-> FILE-OTHER Apple Quicktime invalid atom length buffer overflow attempt (file-other.rules) * 1:33024 <-> DISABLED <-> SERVER-WEBAPP Cisco Security Agent Management Center code execution attempt (server-webapp.rules) * 1:33025 <-> DISABLED <-> SERVER-WEBAPP Cisco Security Agent Management Center code execution attempt (server-webapp.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:28333 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28334 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28335 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28336 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28337 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28338 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28339 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28340 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28341 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28342 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28343 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28349 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:28350 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:28351 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:28352 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:28353 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:28354 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28355 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28356 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28357 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28358 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28359 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28360 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28361 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:28363 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:28364 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:28374 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28375 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28376 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28377 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28378 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28379 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28380 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28381 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Temvice outbound communication attempt (malware-other.rules) * 1:28388 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28389 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28394 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28395 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28396 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28397 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28398 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28407 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center BIMS UploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:28426 <-> ENABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28427 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28435 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access attempt (browser-plugins.rules) * 1:28436 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access attempt (browser-plugins.rules) * 1:28437 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access (browser-plugins.rules) * 1:28438 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access (browser-plugins.rules) * 1:28447 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:28451 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28454 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28461 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28462 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28464 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28465 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28466 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28467 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28468 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28469 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28470 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28471 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28472 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28473 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28474 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit outbound plugin detection response - generic detection (exploit-kit.rules) * 1:28489 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules) * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:28506 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules) * 1:28525 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28526 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28579 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28580 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28581 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28582 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28583 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28584 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28585 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader OTF font head table size overflow attempt (file-pdf.rules) * 1:28586 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader OTF font head table size overflow attempt (file-pdf.rules) * 1:28619 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28620 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28621 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:28622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:28625 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (file-pdf.rules) * 1:28626 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta Buffer Overflow (file-pdf.rules) * 1:28627 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28628 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28629 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated script encoding detected (indicator-obfuscation.rules) * 1:28630 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated script encoding detected (indicator-obfuscation.rules) * 1:28631 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:28632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:28633 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28634 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll composite glyf buffer overflow attempt (file-pdf.rules) * 1:28635 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:28636 <-> DISABLED <-> FILE-FLASH Adobe Flash Player multimedia file DefineSceneAndFrameLabelData code execution attempt (file-flash.rules) * 1:28637 <-> DISABLED <-> FILE-FLASH Adobe Flash Player multimedia file DefineSceneAndFrameLabelData code execution attempt (file-flash.rules) * 1:28638 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:28639 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:28640 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-flash.rules) * 1:28641 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-flash.rules) * 1:28642 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28643 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28646 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28647 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28648 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28649 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28650 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28651 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28652 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28653 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28654 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28655 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28656 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28657 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28658 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XML Java used in app.setTimeOut (file-pdf.rules) * 1:28659 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:28660 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:28661 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:28662 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing attempt (browser-ie.rules) * 1:28663 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing attempt (browser-ie.rules) * 1:28664 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:28665 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:28666 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:28667 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:28668 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:28669 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:28670 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:28671 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:28672 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:28673 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:28674 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:28675 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:28676 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:28679 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28680 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28684 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28685 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28687 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28689 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28690 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28691 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28692 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28693 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28694 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28695 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:28696 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:28697 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:28698 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:28699 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28700 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28701 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28702 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28703 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:28704 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:28705 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:28706 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:28707 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:28708 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:28709 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28710 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28711 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28712 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28713 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28714 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28715 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28716 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compact font format memory corruption attempt (file-pdf.rules) * 1:28717 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compact font format memory corruption attempt (file-pdf.rules) * 1:28718 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules) * 1:28719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules) * 1:28720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules) * 1:28721 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules) * 1:28722 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules) * 1:28723 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules) * 1:28725 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28726 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28727 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28728 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28729 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28730 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28731 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28732 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28733 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28734 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28735 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28736 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28737 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28738 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28739 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28740 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28741 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28742 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28743 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:28745 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:28746 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver SXPG_CALL_SYSTEM remote code execution attempt (server-webapp.rules) * 1:28747 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D format memory corruption attempt (file-pdf.rules) * 1:28748 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D format memory corruption attempt (file-pdf.rules) * 1:28749 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28750 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28751 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28752 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28753 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28754 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28755 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28756 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28757 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28758 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28759 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28760 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28761 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28762 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28763 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28764 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28765 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28766 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28767 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28768 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28769 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28770 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28771 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28772 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28773 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28774 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28775 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28776 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28777 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28778 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28779 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28780 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28781 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28782 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28783 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28784 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28785 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28786 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28787 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28788 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28789 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28790 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28843 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28844 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28851 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager EJBInvokerServlet remote code execution attempt (server-other.rules) * 1:28875 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:28876 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:28877 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:28878 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:28915 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt (file-java.rules) * 1:28916 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt (file-java.rules) * 1:28937 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope issuesiebelcmd soap request code execution attempt (server-webapp.rules) * 1:28961 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules) * 1:28962 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules) * 1:29017 <-> ENABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt (server-webapp.rules) * 1:29018 <-> DISABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin getReport SQL injection attempt (server-webapp.rules) * 1:29019 <-> ENABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt (server-webapp.rules) * 1:29027 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29034 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:29035 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:29040 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29041 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules) * 1:29042 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules) * 1:29059 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX clsid access (browser-plugins.rules) * 1:29060 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX function call access (browser-plugins.rules) * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules) * 1:29141 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:29142 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:29192 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29193 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29270 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29271 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29272 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29273 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:29277 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29278 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29279 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29280 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29390 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29391 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29392 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29394 <-> DISABLED <-> BROWSER-WEBKIT Apple WebKit QuickTime plugin content-type http header buffer overflow attempt (browser-webkit.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:29443 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit outbound connection attempt (exploit-kit.rules) * 1:29465 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29466 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29467 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29468 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29485 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29486 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29487 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29488 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29509 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple character encodings detected (indicator-obfuscation.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:29518 <-> ENABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:29519 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join (indicator-obfuscation.rules) * 1:29549 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure test_li_connection.php command injection (server-webapp.rules) * 1:29570 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29571 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29572 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29573 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29574 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29575 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29576 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29577 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:29615 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger outbound communication (malware-cnc.rules) * 1:29616 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger inbound communication (malware-cnc.rules) * 1:29631 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:29632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:29633 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:29634 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:29647 <-> DISABLED <-> SERVER-APACHE Apache Roller OGNL injection remote code execution attempt (server-apache.rules) * 1:29648 <-> DISABLED <-> SERVER-APACHE Apache Roller OGNL injection remote code execution attempt (server-apache.rules) * 1:29649 <-> DISABLED <-> SERVER-APACHE Apache Roller allowStaticMethodAccess invocation attempt (server-apache.rules) * 1:29650 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:29651 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:29656 <-> ENABLED <-> BLACKLIST DNS request for known malware domain javaupdate.flashserv.net - Adobe 0day C&C (blacklist.rules) * 1:29657 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sales.eu5.org - Adobe 0day C&C (blacklist.rules) * 1:29658 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thirdbase.bugs3.com - Adobe 0day C&C (blacklist.rules) * 1:29659 <-> ENABLED <-> BLACKLIST DNS request for known malware domain www.mobilitysvc.com - Adobe 0day C&C (blacklist.rules) * 1:29733 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:29734 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:29735 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free (browser-ie.rules) * 1:29736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free (browser-ie.rules) * 1:29743 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules) * 1:29744 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules) * 1:29747 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirect (server-apache.rules) * 1:29748 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirect (server-apache.rules) * 1:29756 <-> ENABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt (server-webapp.rules) * 1:29801 <-> ENABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:29819 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:29820 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:29821 <-> ENABLED <-> INDICATOR-COMPROMISE Windows Internet Explorer EMET check and garbage collection (indicator-compromise.rules) * 1:29822 <-> ENABLED <-> INDICATOR-COMPROMISE Windows Internet Explorer EMET check and garbage collection (indicator-compromise.rules) * 1:29859 <-> ENABLED <-> SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (server-apache.rules) * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules) * 1:29909 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager JMXInvokerServlet remote code execution attempt (server-other.rules) * 1:29928 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:29929 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:29930 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:29931 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:29946 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29947 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29948 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29979 <-> ENABLED <-> SERVER-WEBAPP Symantec Endpoint Protection Manager Unauthenticated XML External Entity Injection attempt (server-webapp.rules) * 1:30014 <-> DISABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30017 <-> DISABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30018 <-> DISABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:30019 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30020 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30021 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30022 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30023 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30024 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30025 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30026 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30027 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30028 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30029 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30030 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules) * 1:30106 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:30107 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:30263 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30264 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30265 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30266 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30267 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30268 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30503 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:30504 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:30505 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:30506 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:30528 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:30529 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:30533 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules) * 1:30534 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules) * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP status overflow attempt (protocol-imap.rules) * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules) * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules) * 1:3079 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ANI file parsing buffer overflow attempt (browser-ie.rules) * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules) * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules) * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules) * 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (server-other.rules) * 1:31308 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:31309 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:31310 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31311 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:33029 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33030 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33031 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33032 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33033 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33034 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33035 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33036 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33037 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33040 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33085 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:33086 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:33087 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:33088 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules) * 1:33089 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules) * 1:33090 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules) * 1:33093 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules) * 1:33094 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules) * 1:33095 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules) * 1:33096 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules) * 1:33097 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules) * 1:33098 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules) * 1:33099 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules) * 1:335 <-> DISABLED <-> PROTOCOL-FTP .rhosts (protocol-ftp.rules) * 1:3441 <-> DISABLED <-> PROTOCOL-FTP PORT bounce attempt (protocol-ftp.rules) * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules) * 1:3461 <-> DISABLED <-> SERVER-MAIL Content-Type overflow attempt (server-mail.rules) * 1:3473 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer SMIL file overflow attempt (file-multimedia.rules) * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules) * 1:3520 <-> DISABLED <-> SERVER-OTHER Computer Associates license GCR NETWORK overflow attempt (server-other.rules) * 1:3522 <-> DISABLED <-> SERVER-OTHER Computer Associates license GETCONFIG server overflow attempt (server-other.rules) * 1:3528 <-> DISABLED <-> SERVER-MYSQL create function access attempt (server-mysql.rules) * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules) * 1:3534 <-> DISABLED <-> FILE-IMAGE Mozilla GIF single packet heap overflow - NETSCAPE2.0 (file-image.rules) * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules) * 1:3550 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML http/https scheme hostname overflow attempt (browser-ie.rules) * 1:3551 <-> DISABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:3552 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLE32 MSHTA masquerade attempt (os-windows.rules) * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules) * 1:3627 <-> DISABLED <-> SERVER-MAIL X-LINK2STATE CHUNK command attempt (server-mail.rules) * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules) * 1:3658 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 1000 little endian buffer overflow attempt (server-other.rules) * 1:3679 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution (indicator-obfuscation.rules) * 1:3686 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Content Advisor memory corruption attempt (browser-ie.rules) * 1:3693 <-> DISABLED <-> SERVER-WEBAPP IBM WebSphere j_security_check overflow attempt (server-webapp.rules) * 1:3694 <-> DISABLED <-> SERVER-WEBAPP Squid content length cache poisoning attempt (server-webapp.rules) * 1:3695 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent password overflow attempt (server-other.rules) * 1:3696 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent DoS attempt (server-other.rules) * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules) * 1:3814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javaprxy.dll COM access (browser-ie.rules) * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules) * 1:3819 <-> DISABLED <-> FILE-IDENTIFY CHM file download request (file-identify.rules) * 1:3820 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CHM file magic detected (file-identify.rules) * 1:3823 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer realtext file bad version buffer overflow attempt (file-multimedia.rules) * 1:3824 <-> DISABLED <-> SERVER-MAIL AUTH user overflow attempt (server-mail.rules) * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules) * 1:402 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Port Unreachable (protocol-icmp.rules) * 1:404 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Protocol Unreachable (protocol-icmp.rules) * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules) * 1:4127 <-> DISABLED <-> SERVER-OTHER Novell eDirectory Server iMonitor overflow attempt (server-other.rules) * 1:4130 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks Remote Management Agent buffer overflow Attempt (server-other.rules) * 1:4131 <-> DISABLED <-> SERVER-OTHER SHOUTcast URI format string attempt (server-other.rules) * 1:4135 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG rendering buffer overflow attempt (browser-ie.rules) * 1:4142 <-> DISABLED <-> SERVER-ORACLE reports servlet command execution attempt (server-oracle.rules) * 1:4143 <-> DISABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules) * 1:4144 <-> ENABLED <-> OS-SOLARIS Oracle Solaris lpd control file upload attempt (os-solaris.rules) * 1:4148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:4155 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer htmlfile ActiveX object access attempt (browser-plugins.rules) * 1:4170 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office 2000 and 2002 Web Components Data Source Control ActiveX clsid access (browser-plugins.rules) * 1:4177 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX clsid access attempt (browser-plugins.rules) * 1:4196 <-> DISABLED <-> FILE-IDENTIFY CBO CBL CBM file transfer attempt (file-identify.rules) * 1:4334 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules) * 1:4358 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules) * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules) * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules) * 1:4643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file buffer overflow attempt (os-windows.rules) * 1:4644 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file with comment buffer overflow attempt (os-windows.rules) * 1:4647 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript onload overflow attempt (browser-ie.rules) * 1:4677 <-> DISABLED <-> SERVER-ORACLE Enterprise Manager Application Server Control GET parameter overflow attempt (server-oracle.rules) * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:489 <-> DISABLED <-> PROTOCOL-FTP no password (protocol-ftp.rules) * 1:4899 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ISupportErrorInfo Interface ActiveX object access (browser-plugins.rules) * 1:4916 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript onload document.write obfuscation overflow attempt (browser-ie.rules) * 1:4917 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript onload prompt obfuscation overflow attempt (browser-ie.rules) * 1:4918 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList dos attempt (os-windows.rules) * 1:4985 <-> DISABLED <-> SERVER-WEBAPP Twiki rdiff rev command injection attempt (server-webapp.rules) * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules) * 1:5318 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows wmf file arbitrary code execution attempt (file-multimedia.rules) * 1:569 <-> DISABLED <-> PROTOCOL-RPC snmpXdmi overflow attempt TCP (protocol-rpc.rules) * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules) * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules) * 1:5710 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player Plugin for Non-IE browsers buffer overflow attempt (os-windows.rules) * 1:5712 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player invalid data offset bitmap heap overflow attempt (file-image.rules) * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules) * 1:593 <-> DISABLED <-> PROTOCOL-RPC portmap snmpXdmi request TCP (protocol-rpc.rules) * 1:598 <-> DISABLED <-> PROTOCOL-RPC portmap listing TCP 111 (protocol-rpc.rules) * 1:6009 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDS.Dataspace ActiveX object access (browser-plugins.rules) * 1:6011 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup vnetd buffer overflow attempt (server-other.rules) * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules) * 1:6404 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:6405 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager overflow attempt (server-other.rules) * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:6419 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid uuid size attempt (os-windows.rules) * 1:6420 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid uuid size attempt (os-windows.rules) * 1:6431 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid second uuid size attempt (os-windows.rules) * 1:6432 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid second uuid size attempt (os-windows.rules) * 1:6469 <-> DISABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:6470 <-> DISABLED <-> SERVER-OTHER RealVNC authentication types without None type sent attempt (server-other.rules) * 1:6471 <-> DISABLED <-> SERVER-OTHER RealVNC password authentication bypass attempt (server-other.rules) * 1:648 <-> DISABLED <-> INDICATOR-SHELLCODE x86 NOOP (indicator-shellcode.rules) * 1:6504 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus CAB file overflow attempt (file-other.rules) * 1:6505 <-> DISABLED <-> FILE-IMAGE Apple QuickTime fpx file SectNumMiniFAT overflow attempt (file-image.rules) * 1:6506 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime udta atom overflow attempt (file-multimedia.rules) * 1:6509 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mhtml uri href buffer overflow attempt (browser-ie.rules) * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules) * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules) * 1:6584 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rras RasRpcSubmitRequest overflow attempt (os-windows.rules) * 1:6689 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected cHRM overflow attempt (file-image.rules) * 1:6692 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sRGB overflow attempt (file-image.rules) * 1:6695 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tRNS overflow attempt (file-image.rules) * 1:7002 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel url unicode overflow attempt (file-office.rules) * 1:7004 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Internet.HHCtrl.1 ActiveX function call access (browser-plugins.rules) * 1:7009 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows DirectAnimation.StructuredGraphicsControl ActiveX function call access (browser-plugins.rules) * 1:7020 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isComponentInstalled function buffer overflow (browser-ie.rules) * 1:7021 <-> DISABLED <-> OS-LINUX kernel SCTP chunkless packet denial of service attempt (os-linux.rules) * 1:7022 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer invalid url file overflow attempt (os-windows.rules) * 1:7025 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel url unicode overflow attempt (file-office.rules) * 1:7026 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDS.Dataspace ActiveX function call access (browser-plugins.rules) * 1:7027 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:7048 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel object record overflow attempt (file-office.rules) * 1:7197 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MSO.DLL malformed string parsing single byte buffer over attempt (file-office.rules) * 1:7202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules) * 1:7203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word information string overflow attempt (file-office.rules) * 1:7204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel object ftCmo overflow attempt (file-office.rules) * 1:7205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt (file-office.rules) * 1:7209 <-> ENABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt (os-windows.rules) * 1:7435 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Dynamic Casts ActiveX clsid access (browser-plugins.rules) * 1:7864 <-> DISABLED <-> BROWSER-PLUGINS McSubMgr ActiveX CLSID access (browser-plugins.rules) * 1:7872 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX clsid access (browser-plugins.rules) * 1:7876 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Data Source Control 10.0 ActiveX clsid access (browser-plugins.rules) * 1:7904 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CDL Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7985 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Explorer WebViewFolderIcon.WebViewFolderIcon.1 ActiveX clsid access (browser-plugins.rules) * 1:8053 <-> DISABLED <-> BROWSER-PLUGINS DirectAnimation.PathControl ActiveX clsid access (browser-plugins.rules) * 1:8055 <-> DISABLED <-> BROWSER-PLUGINS DirectAnimation.PathControl ActiveX function call access (browser-plugins.rules) * 1:8056 <-> DISABLED <-> SERVER-OTHER ISC DHCP server 2 client_id length denial of service attempt (server-other.rules) * 1:8057 <-> DISABLED <-> SERVER-MYSQL Date_Format denial of service attempt (server-mysql.rules) * 1:8058 <-> DISABLED <-> BROWSER-FIREFOX Mozilla javascript navigator object access (browser-firefox.rules) * 1:8059 <-> DISABLED <-> SERVER-ORACLE SYS.KUPW-WORKER sql injection attempt (server-oracle.rules) * 1:8063 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ADODB.Stream ActiveX function call access (browser-plugins.rules) * 1:8068 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX function call access (browser-plugins.rules) * 1:8085 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (server-webapp.rules) * 1:8086 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (server-webapp.rules) * 1:8087 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (server-webapp.rules) * 1:8088 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (server-webapp.rules) * 1:8089 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (server-webapp.rules) * 1:8090 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (server-webapp.rules) * 1:8091 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer error message format string vulnerability attempt (file-multimedia.rules) * 1:835 <-> DISABLED <-> SERVER-WEBAPP test-cgi access (server-webapp.rules) * 1:8369 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access (browser-plugins.rules) * 1:8414 <-> DISABLED <-> FILE-OFFICE Microsoft Office GIF image descriptor memory corruption attempt (file-office.rules) * 1:8416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vector Markup Language fill method overflow attempt (os-windows.rules) * 1:8419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Explorer WebViewFolderIcon.WebViewFolderIcon.1 ActiveX function call (browser-plugins.rules) * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules) * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules) * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (server-webapp.rules) * 1:8443 <-> DISABLED <-> BROWSER-FIREFOX Mozilla regular expression heap corruption attempt (browser-firefox.rules) * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules) * 1:8448 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel colinfo XF record overflow attempt (file-office.rules) * 1:8449 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type andx attempt (os-windows.rules) * 1:8450 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type attempt (os-windows.rules) * 1:8451 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type unicode andx attempt (os-windows.rules) * 1:8452 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type unicode attempt (os-windows.rules) * 1:8453 <-> DISABLED <-> OS-WINDOWS SMB-DS Rename invalid buffer type andx attempt (os-windows.rules) * 1:8454 <-> DISABLED <-> OS-WINDOWS SMB-DS Rename invalid buffer type attempt (os-windows.rules) * 1:8455 <-> DISABLED <-> OS-WINDOWS SMB-DS Rename invalid buffer type unicode andx attempt (os-windows.rules) * 1:8456 <-> DISABLED <-> OS-WINDOWS SMB-DS Rename invalid buffer type unicode attempt (os-windows.rules) * 1:8457 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type andx attempt (os-windows.rules) * 1:8458 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type attempt (os-windows.rules) * 1:8459 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type unicode andx attempt (os-windows.rules) * 1:8460 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type unicode attempt (os-windows.rules) * 1:8478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file magic detected (file-identify.rules) * 1:8480 <-> DISABLED <-> PROTOCOL-FTP PORT overflow attempt (protocol-ftp.rules) * 1:8541 <-> DISABLED <-> SERVER-ORACLE sdo_cs.transform_layer buffer overflow attempt (server-oracle.rules) * 1:857 <-> DISABLED <-> SERVER-WEBAPP faxsurvey access (server-webapp.rules) * 1:8711 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory HTTP redirection buffer overflow attempt (server-webapp.rules) * 1:8723 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Data Source Control 11.0 ActiveX clsid access (browser-plugins.rules) * 1:8727 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer XMLHTTP 4.0 ActiveX clsid access (browser-plugins.rules) * 1:8738 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service ActiveX clsid access (browser-plugins.rules) * 1:8741 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAFontStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8743 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAFontStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8744 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEvent.1 ActiveX clsid access (browser-plugins.rules) * 1:8746 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEvent.1 ActiveX function call access (browser-plugins.rules) * 1:8747 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEndStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8749 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEndStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8750 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.LMBehaviorFactory.1 ActiveX clsid access (browser-plugins.rules) * 1:8752 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.LMBehaviorFactory.1 ActiveX function call access (browser-plugins.rules) * 1:8753 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.AutoEffectBvr.1 ActiveX clsid access (browser-plugins.rules) * 1:8755 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.AutoEffectBvr.1 ActiveX function call access (browser-plugins.rules) * 1:8756 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SpriteControl ActiveX clsid access (browser-plugins.rules) * 1:8758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SpriteControl ActiveX function call access (browser-plugins.rules) * 1:8759 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SequencerControl ActiveX clsid access (browser-plugins.rules) * 1:8761 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SequencerControl ActiveX function call access (browser-plugins.rules) * 1:8762 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.Sequence ActiveX clsid access (browser-plugins.rules) * 1:8764 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.Sequence ActiveX function call access (browser-plugins.rules) * 1:8765 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAView.1 ActiveX clsid access (browser-plugins.rules) * 1:8767 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAView.1 ActiveX function call access (browser-plugins.rules) * 1:8768 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector3.1 ActiveX clsid access (browser-plugins.rules) * 1:8770 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector3.1 ActiveX function call access (browser-plugins.rules) * 1:8771 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector2.1 ActiveX clsid access (browser-plugins.rules) * 1:8773 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector2.1 ActiveX function call access (browser-plugins.rules) * 1:8774 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAUserData.1 ActiveX clsid access (browser-plugins.rules) * 1:8776 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAUserData.1 ActiveX function call access (browser-plugins.rules) * 1:8777 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform3.1 ActiveX clsid access (browser-plugins.rules) * 1:8779 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform3.1 ActiveX function call access (browser-plugins.rules) * 1:8780 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform2.1 ActiveX clsid access (browser-plugins.rules) * 1:8782 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform2.1 ActiveX function call access (browser-plugins.rules) * 1:8783 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAString.1 ActiveX clsid access (browser-plugins.rules) * 1:8785 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAString.1 ActiveX function call access (browser-plugins.rules) * 1:8786 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DASound.1 ActiveX clsid access (browser-plugins.rules) * 1:8788 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DASound.1 ActiveX function call access (browser-plugins.rules) * 1:8789 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint3.1 ActiveX clsid access (browser-plugins.rules) * 1:8791 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint3.1 ActiveX function call access (browser-plugins.rules) * 1:8792 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint2.1 ActiveX clsid access (browser-plugins.rules) * 1:8794 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint2.1 ActiveX function call access (browser-plugins.rules) * 1:8795 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPath2.1 ActiveX clsid access (browser-plugins.rules) * 1:8797 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPath2.1 ActiveX function call access (browser-plugins.rules) * 1:8798 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPair.1 ActiveX clsid access (browser-plugins.rules) * 1:8800 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPair.1 ActiveX function call access (browser-plugins.rules) * 1:8801 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DANumber.1 ActiveX clsid access (browser-plugins.rules) * 1:8803 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DANumber.1 ActiveX function call access (browser-plugins.rules) * 1:8804 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMontage.1 ActiveX clsid access (browser-plugins.rules) * 1:8806 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMontage.1 ActiveX function call access (browser-plugins.rules) * 1:8807 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMicrophone.1 ActiveX clsid access (browser-plugins.rules) * 1:8809 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMicrophone.1 ActiveX function call access (browser-plugins.rules) * 1:8810 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMatte.1 ActiveX clsid access (browser-plugins.rules) * 1:8812 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMatte.1 ActiveX function call access (browser-plugins.rules) * 1:8813 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DALineStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8815 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DALineStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8816 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAJoinStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8818 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAJoinStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8819 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAImage.1 ActiveX clsid access (browser-plugins.rules) * 1:8821 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAImage.1 ActiveX function call access (browser-plugins.rules) * 1:8822 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAGeometry.1 ActiveX clsid access (browser-plugins.rules) * 1:8824 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAGeometry.1 ActiveX function call access (browser-plugins.rules) * 1:8825 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DADashStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8827 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DADashStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8828 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAColor.1 ActiveX clsid access (browser-plugins.rules) * 1:8830 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAColor.1 ActiveX function call access (browser-plugins.rules) * 1:8831 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DACamera.1 ActiveX clsid access (browser-plugins.rules) * 1:8833 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DACamera.1 ActiveX function call access (browser-plugins.rules) * 1:8834 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABoolean.1 ActiveX clsid access (browser-plugins.rules) * 1:8836 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABoolean.1 ActiveX function call access (browser-plugins.rules) * 1:8837 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox3.1 ActiveX clsid access (browser-plugins.rules) * 1:8839 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox3.1 ActiveX function call access (browser-plugins.rules) * 1:8840 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox2.1 ActiveX clsid access (browser-plugins.rules) * 1:8842 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox2.1 ActiveX function call access (browser-plugins.rules) * 1:8843 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAArray.1 ActiveX clsid access (browser-plugins.rules) * 1:8845 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAArray.1 ActiveX function call access (browser-plugins.rules) * 1:886 <-> DISABLED <-> SERVER-WEBAPP phf access (server-webapp.rules) * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules) * 1:9129 <-> DISABLED <-> BROWSER-PLUGINS WinZip FileView 6.1 ActiveX clsid access (browser-plugins.rules) * 1:9325 <-> DISABLED <-> SERVER-OTHER Citrix IMA DOS event data length denial of service attempt (server-other.rules) * 1:9430 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie link file URI security bypass attempt (file-multimedia.rules) * 1:9431 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Express NNTP response overflow attempt (file-office.rules) * 1:9434 <-> DISABLED <-> FILE-OTHER Ultravox-Max-Msg header integer overflow attempt (file-other.rules) * 1:9626 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access (browser-plugins.rules) * 1:9629 <-> DISABLED <-> BROWSER-PLUGINS Citrix.ICAClient ActiveX clsid access (browser-plugins.rules) * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules) * 1:9633 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9B remote buffer overflow attempt TCP (server-other.rules) * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manger dm.ini stack overflow attempt (file-other.rules) * 1:9638 <-> DISABLED <-> PROTOCOL-TFTP PUT Microsoft RIS filename overwrite attempt (protocol-tftp.rules) * 1:9640 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows ADODB.Connection ActiveX function call access (browser-plugins.rules) * 1:971 <-> DISABLED <-> SERVER-IIS ISAPI .printer access (server-iis.rules) * 1:974 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS directory traversal attempt (server-iis.rules) * 1:9813 <-> DISABLED <-> SERVER-OTHER Symantec NetBackup connect_options buffer overflow attempt (server-other.rules) * 1:9814 <-> DISABLED <-> BROWSER-PLUGINS ICQPhone.SipxPhoneManager ActiveX clsid access (browser-plugins.rules) * 1:9816 <-> DISABLED <-> BROWSER-PLUGINS ICQPhone.SipxPhoneManager ActiveX function call access (browser-plugins.rules) * 1:9823 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime RTSP URI overflow attempt (file-multimedia.rules) * 1:9840 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime HREF Track Detected (file-multimedia.rules) * 1:9841 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook VEVENT overflow attempt (server-mail.rules) * 1:9843 <-> DISABLED <-> FILE-PDF Adobe Acrobat Plugin JavaScript parameter double free attempt (file-pdf.rules) * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:9849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vector Markup Language recolorinfo tag numcolors parameter buffer overflow attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34348 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit payload download (exploit-kit.rules) * 1:34347 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection attempt (malware-cnc.rules) * 1:34346 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection attempt (malware-cnc.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34344 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34343 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34339 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules) * 1:34338 <-> ENABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34337 <-> ENABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34336 <-> ENABLED <-> MALWARE-OTHER Html.Phishing.Crea outbound connection attempt (malware-other.rules)
* 1:16341 <-> DISABLED <-> SERVER-OTHER IBM DB2 Database Server invalid data stream denial of service attempt (server-other.rules) * 1:16342 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile truncated media file processing memory corruption attempt (file-multimedia.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules) * 1:16351 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules) * 1:16352 <-> DISABLED <-> OS-LINUX Linux Kernel NFSD Subsystem overflow attempt (os-linux.rules) * 1:16353 <-> DISABLED <-> FILE-MULTIMEDIA FFmpeg OGV file format memory corruption attempt (file-multimedia.rules) * 1:16359 <-> DISABLED <-> FILE-OTHER Adobe Illustrator DSC comment overflow attempt (file-other.rules) * 1:16360 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Image Description Atom sign extension memory corruption attempt (file-multimedia.rules) * 1:16367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access memory corruption attempt (browser-ie.rules) * 1:16369 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt - public exploit (browser-ie.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules) * 1:16376 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:16377 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:16378 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object cells reference memory corruption vulnerability (browser-ie.rules) * 1:16382 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML+TIME animatemotion property memory corruption attempt (browser-ie.rules) * 1:16383 <-> DISABLED <-> SERVER-ORACLE MDSYS drop table trigger injection attempt (server-oracle.rules) * 1:16384 <-> DISABLED <-> SERVER-OTHER VMware Server ISAPI Extension remote denial of service attempt (server-other.rules) * 1:16392 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0u7 authorization digest heap overflow (server-webapp.rules) * 1:16393 <-> DISABLED <-> SERVER-OTHER PostgreSQL bit substring buffer overflow attempt (server-other.rules) * 1:16397 <-> DISABLED <-> OS-WINDOWS SMB andx invalid server name share access (os-windows.rules) * 1:16398 <-> DISABLED <-> OS-WINDOWS SMB invalid server name share access (os-windows.rules) * 1:16399 <-> DISABLED <-> OS-WINDOWS SMB unicode andx invalid server name share access (os-windows.rules) * 1:16400 <-> DISABLED <-> OS-WINDOWS SMB unicode invalid server name share access (os-windows.rules) * 1:16401 <-> DISABLED <-> OS-WINDOWS SMB andx invalid server name share access (os-windows.rules) * 1:16402 <-> DISABLED <-> OS-WINDOWS SMB invalid server name share access (os-windows.rules) * 1:16403 <-> DISABLED <-> OS-WINDOWS SMB unicode andx invalid server name share access (os-windows.rules) * 1:16404 <-> DISABLED <-> OS-WINDOWS SMB unicode invalid server name share access (os-windows.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16409 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:16411 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:16412 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt (file-office.rules) * 1:16414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules) * 1:16416 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed MSODrawing Record attempt (file-office.rules) * 1:16417 <-> DISABLED <-> OS-WINDOWS SMB Negotiate Protocol Response overflow attempt (os-windows.rules) * 1:16419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules) * 1:16421 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:16422 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Paint JPEG with malformed SOFx field (file-image.rules) * 1:16423 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect attempt (browser-ie.rules) * 1:16424 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Script Host Shell Object ActiveX clsid access (browser-plugins.rules) * 1:16425 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file download request (file-identify.rules) * 1:16428 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Express and Windows Mail NNTP handling buffer overflow attempt (file-office.rules) * 1:16435 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected (file-identify.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules) * 1:1644 <-> DISABLED <-> SERVER-WEBAPP test-cgi attempt (server-webapp.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules) * 1:16445 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 ack response denial of service attempt (protocol-voip.rules) * 1:16447 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin request attempt (protocol-rpc.rules) * 1:16452 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer .hlp samba share download attempt (browser-ie.rules) * 1:16461 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel EntExU2 write access violation attempt (file-office.rules) * 1:16462 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 formulas from records parsing code execution attempt (file-office.rules) * 1:16463 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF5 formulas from records parsing code execution attempt (file-office.rules) * 1:16464 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ContinueFRT12 heap overflow attempt (file-office.rules) * 1:16465 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ContinueFRT12 and MDXSet heap overflow attempt (file-office.rules) * 1:16466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel uninitialized stack variable code execution attempt (file-office.rules) * 1:16467 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 1 (file-office.rules) * 1:16468 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 2 (file-office.rules) * 1:16469 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (file-office.rules) * 1:16470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:16471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:16473 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16474 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules) * 1:16482 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:16490 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules) * 1:16492 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari inline text box use after free attempt (browser-webkit.rules) * 1:16501 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt - TrueType (browser-firefox.rules) * 1:16502 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt - CFF-based (browser-firefox.rules) * 1:16503 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handling remote code execution attempt (browser-ie.rules) * 1:16506 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:16507 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange memory corruption attempt (browser-ie.rules) * 1:16508 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 non-IE8 compatibility mode htmltime remote code execution attempt (browser-ie.rules) * 1:16510 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by CLSID (browser-plugins.rules) * 1:16511 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by ProgID (browser-plugins.rules) * 1:16512 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed span/div html document heap corruption attempt (browser-ie.rules) * 1:16514 <-> DISABLED <-> PUA-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (pua-other.rules) * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules) * 1:16516 <-> DISABLED <-> SERVER-ORACLE Database sys.olapimpl_t package odcitablestart overflow attempt (server-oracle.rules) * 1:16517 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing comment overflow attempt (file-other.rules) * 1:16518 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing announce overflow attempt (file-other.rules) * 1:16519 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing name overflow attempt (file-other.rules) * 1:16520 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing path overflow attempt (file-other.rules) * 1:16522 <-> DISABLED <-> SERVER-OTHER Novell QuickFinder server cross-site-scripting attempt (server-other.rules) * 1:16524 <-> DISABLED <-> PROTOCOL-FTP ProFTPD username sql injection attempt (protocol-ftp.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:10011 <-> DISABLED <-> SERVER-MAIL Novell NetMail APPEND command buffer overflow attempt (server-mail.rules) * 1:10015 <-> DISABLED <-> BROWSER-PLUGINS Oracle ORADC ActiveX clsid access (browser-plugins.rules) * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules) * 1:10024 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ClientDBMiniAgentClose attempt (netbios.rules) * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules) * 1:10036 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor ASRemotePFC overflow attempt (netbios.rules) * 1:10050 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 ASDBLoginToComputer overflow attempt (netbios.rules) * 1:10116 <-> DISABLED <-> POLICY-SOCIAL AIM GoChat URL access attempt (policy-social.rules) * 1:10117 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGCBHandleFromGroupName overflow attempt (netbios.rules) * 1:10126 <-> DISABLED <-> FILE-IMAGE Apple QuickTime JPEG Huffman Table integer underflow attempt (file-image.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:10132 <-> DISABLED <-> PROTOCOL-RPC portmap BrightStor ARCserve denial of service attempt (protocol-rpc.rules) * 1:10133 <-> DISABLED <-> PROTOCOL-RPC portmap BrightStor ARCserve denial of service attempt (protocol-rpc.rules) * 1:10135 <-> DISABLED <-> SERVER-OTHER Squid proxy FTP denial of service attempt (server-other.rules) * 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules) * 1:10192 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Ierpplug.dll ActiveX clsid access (browser-plugins.rules) * 1:10193 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Ierpplug.dll ActiveX function call access (browser-plugins.rules) * 1:10194 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Ierpplug.dll ActiveX function call access (browser-plugins.rules) * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules) * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) * 1:1028 <-> DISABLED <-> SERVER-IIS query.asp access (server-iis.rules) * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules) * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules) * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules) * 1:10482 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp request (protocol-rpc.rules) * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 15,16,17 attempt (netbios.rules) * 1:10504 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:10505 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules) * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules) * 1:11000 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:11176 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office PowerPoint Viewer ActiveX clsid access (browser-plugins.rules) * 1:11180 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie ftyp buffer underflow (file-multimedia.rules) * 1:11181 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Excel Viewer ActiveX clsid access (browser-plugins.rules) * 1:11185 <-> DISABLED <-> SERVER-OTHER CA eTrust key handling dos via username attempt (server-other.rules) * 1:11187 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Word Viewer ActiveX clsid access (browser-plugins.rules) * 1:11192 <-> DISABLED <-> FILE-EXECUTABLE download of executable content (file-executable.rules) * 1:11199 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Viewer ActiveX clsid access (browser-plugins.rules) * 1:11204 <-> DISABLED <-> SERVER-ORACLE Oracle Database DBMS_AQADM_SYS package GRANT_TYPE_ACCESS procedure SQL injection attempt (server-oracle.rules) * 1:11228 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 3 ActiveX clsid access (browser-plugins.rules) * 1:11258 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Named Graph Information unicode overflow attempt (file-office.rules) * 1:11267 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop PNG file handling stack buffer overflow attempt (file-image.rules) * 1:11288 <-> DISABLED <-> PROTOCOL-RPC portmap mountd tcp request (protocol-rpc.rules) * 1:11289 <-> DISABLED <-> PROTOCOL-RPC portmap mountd tcp zero-length payload denial of service attempt (protocol-rpc.rules) * 1:11290 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed named graph information ascii overflow attempt (file-office.rules) * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:1147 <-> DISABLED <-> SERVER-WEBAPP cat_ access (server-webapp.rules) * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules) * 1:11679 <-> DISABLED <-> SERVER-APACHE Apache mod_rewrite buffer overflow attempt (server-apache.rules) * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (server-webapp.rules) * 1:11687 <-> DISABLED <-> SERVER-APACHE Apache SSI error page cross-site scripting attempt (server-apache.rules) * 1:11822 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid access (browser-plugins.rules) * 1:11826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Voice Control Recognition ActiveX clsid access (browser-plugins.rules) * 1:11830 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Direct Speech Recognition ActiveX clsid access (browser-plugins.rules) * 1:11834 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer navcancl.htm url spoofing attempt (browser-ie.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:11836 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio version number anomaly (file-office.rules) * 1:11838 <-> DISABLED <-> OS-WINDOWS Microsoft Windows API res buffer overflow attempt (os-windows.rules) * 1:11947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows schannel security package (os-windows.rules) * 1:11966 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS tag memory corruption attempt (browser-ie.rules) * 1:11970 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:12027 <-> ENABLED <-> SQL Ingres Database uuid_from_char buffer overflow attempt (sql.rules) * 1:12046 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind RPC Library unix authentication buffer overflow attempt (protocol-rpc.rules) * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules) * 1:12070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed version field (file-office.rules) * 1:12075 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (protocol-rpc.rules) * 1:12076 <-> DISABLED <-> SERVER-OTHER Ipswitch WS_FTP log server long unicode string (server-other.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer Heap buffer overflow (server-other.rules) * 1:12081 <-> DISABLED <-> SERVER-OTHER BakBone NetVault server heap overflow attempt (server-other.rules) * 1:12099 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWindow1 record handling arbitrary code execution attempt (file-office.rules) * 1:12100 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP ca-alert function 16,23 overflow attempt (netbios.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12183 <-> DISABLED <-> FILE-FLASH Adobe FLV long string script data buffer overflow attempt (file-flash.rules) * 1:12184 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel workbook workspace designation handling arbitrary code execution attempt (file-office.rules) * 1:12187 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 tcp rename_principal attempt (protocol-rpc.rules) * 1:12193 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Widgets Engine ActiveX clsid access (browser-plugins.rules) * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules) * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules) * 1:12199 <-> DISABLED <-> SERVER-OTHER RIM BlackBerry SRP negative string size (server-other.rules) * 1:12202 <-> DISABLED <-> SERVER-OTHER Ingres long message heap buffer overflow attempt (server-other.rules) * 1:12203 <-> DISABLED <-> BROWSER-PLUGINS VMWare Vielib.dll ActiveX clsid access (browser-plugins.rules) * 1:12213 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search date command buffer overflow attempt (server-mail.rules) * 1:12216 <-> DISABLED <-> SERVER-OTHER Borland interbase Create Request opcode string length buffer overflow attempt (server-other.rules) * 1:12218 <-> DISABLED <-> SERVER-OTHER Borland interbase string length buffer overflow attempt (server-other.rules) * 1:12219 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer SMIL wallclock parsing buffer overflow (file-multimedia.rules) * 1:12222 <-> DISABLED <-> SERVER-OTHER Squid proxy long WCCP packet (server-other.rules) * 1:12223 <-> DISABLED <-> SERVER-OTHER Novell WebAdmin long user name (server-other.rules) * 1:12250 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX clsid access (browser-plugins.rules) * 1:12256 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:1226 <-> DISABLED <-> X11 xopen (x11.rules) * 1:12269 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TLIApplication ActiveX clsid access (browser-plugins.rules) * 1:12278 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player compressed skin download request (file-identify.rules) * 1:12279 <-> DISABLED <-> OS-WINDOWS Microsoft XML substringData integer overflow attempt (os-windows.rules) * 1:12280 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML source file memory corruption attempt (browser-ie.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWnDesk record memory corruption exploit attempt (file-office.rules) * 1:12286 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (file-other.rules) * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules) * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules) * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules) * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules) * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules) * 1:12358 <-> DISABLED <-> SERVER-OTHER Helix DNA Server RTSP require tag heap overflow attempt (server-other.rules) * 1:12392 <-> DISABLED <-> SERVER-MAIL GNU Mailutils request tag format string vulnerability attempt (server-mail.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules) * 1:12448 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent Control ActiveX clsid access (browser-plugins.rules) * 1:12454 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12455 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12456 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file magic detected (file-identify.rules) * 1:12459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules) * 1:12489 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrWkstaGetInfo attempt (netbios.rules) * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (server-apache.rules) * 1:12592 <-> DISABLED <-> SERVER-MAIL Recipient arbitrary command injection attempt (server-mail.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules) * 1:12618 <-> DISABLED <-> FILE-OTHER Microsoft Visual Basic VBP file reference overflow attempt (file-other.rules) * 1:12629 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint cross site scripting attempt (server-webapp.rules) * 1:12630 <-> DISABLED <-> INDICATOR-SHELLCODE unescape unicode encoded shellcode (indicator-shellcode.rules) * 1:12635 <-> DISABLED <-> OS-WINDOWS RPC NTLMSSP malformed credentials attempt (os-windows.rules) * 1:12641 <-> DISABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detected (file-identify.rules) * 1:12665 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGSever username buffer overflow attempt (server-other.rules) * 1:12666 <-> DISABLED <-> SERVER-OTHER HP OpenView OVTrace buffer overflow attempt (server-other.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manger Express CAD Host buffer overflow (server-other.rules) * 1:12688 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:12706 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement data overflow (server-mail.rules) * 1:12707 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer lyrics heap overflow attempt (file-multimedia.rules) * 1:12713 <-> DISABLED <-> SERVER-ORACLE pitrig_dropmetadata buffer overflow attempt (server-oracle.rules) * 1:12728 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks SMIL wallclock stack overflow attempt (file-multimedia.rules) * 1:12729 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX clsid access (browser-plugins.rules) * 1:12741 <-> DISABLED <-> SERVER-OTHER Apple Quicktime TCP RTSP sdp type buffer overflow attempt (server-other.rules) * 1:12743 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC picture description metadata buffer overflow attempt (file-multimedia.rules) * 1:12744 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC VORBIS string buffer overflow attempt (file-multimedia.rules) * 1:12745 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC picture metadata buffer overflow attempt (file-multimedia.rules) * 1:12746 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD atom overflow attempt (file-multimedia.rules) * 1:12757 <-> DISABLED <-> FILE-IMAGE Apple QuickTime uncompressed PICT stack overflow attempt (file-image.rules) * 1:12766 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX clsid access (browser-plugins.rules) * 1:12767 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX function call access (browser-plugins.rules) * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules) * 1:12770 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows obfuscated RDS.Dataspace ActiveX exploit attempt (browser-plugins.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:1279 <-> DISABLED <-> PROTOCOL-RPC portmap snmpXdmi request UDP (protocol-rpc.rules) * 1:12798 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12799 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12800 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12802 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12807 <-> DISABLED <-> FILE-IDENTIFY Lotus 123 file attachment (file-identify.rules) * 1:12904 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup vmd shared library buffer overflow attempt (server-other.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules) * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules) * 1:12971 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:12972 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:12977 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt (os-windows.rules) * 1:12978 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal overflow attempt (os-windows.rules) * 1:12983 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX SAMI file CRawParser buffer overflow attempt (file-multimedia.rules) * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules) * 1:13210 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat overflow attempt (os-windows.rules) * 1:13211 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat overflow attempt (os-windows.rules) * 1:13219 <-> DISABLED <-> BROWSER-PLUGINS HP Software Update RulesEngine.dll ActiveX clsid access (browser-plugins.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:13224 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Toolbar YShortcut ActiveX clsid access (browser-plugins.rules) * 1:13249 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 10/8 address detected (protocol-dns.rules) * 1:1325 <-> DISABLED <-> INDICATOR-SHELLCODE ssh CRC32 overflow filler (indicator-shellcode.rules) * 1:13252 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp procedure 4 attempt (protocol-rpc.rules) * 1:13258 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 6 ActiveX clsid access (browser-plugins.rules) * 1:13260 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 6 ActiveX function call access (browser-plugins.rules) * 1:13262 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX clsid access (browser-plugins.rules) * 1:13264 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX function call access (browser-plugins.rules) * 1:13288 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote kernel tcp/ip icmp vulnerability exploit attempt (os-windows.rules) * 1:13291 <-> DISABLED <-> SERVER-SAMBA Samba send_mailslot buffer overflow attempt (server-samba.rules) * 1:13292 <-> DISABLED <-> PUA-OTHER Skype skype4com URI handler memory corruption attempt (pua-other.rules) * 1:13293 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules) * 1:13294 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX clsid access (browser-plugins.rules) * 1:13296 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX clsid access (browser-plugins.rules) * 1:13300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:13302 <-> DISABLED <-> SERVER-APACHE Apache mod_imagemap cross site scripting attempt (server-apache.rules) * 1:13303 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro 2 ActiveX clsid access (browser-plugins.rules) * 1:13317 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing nam buffer overflow attempt (file-multimedia.rules) * 1:13321 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Package and Deployment Wizard ActiveX clsid access (browser-plugins.rules) * 1:13356 <-> ENABLED <-> SQL SAP MaxDB shell command injection attempt (sql.rules) * 1:13361 <-> DISABLED <-> FILE-OTHER ClamAV MEW PE file integer overflow attempt (file-other.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules) * 1:13364 <-> DISABLED <-> SERVER-MAIL Novell GroupWise client IMG SRC buffer overflow (server-mail.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules) * 1:13366 <-> DISABLED <-> SERVER-ORACLE Oracle database SYS.LT.FINDRICSET SQL injection attempt (server-oracle.rules) * 1:13419 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX clsid access (browser-plugins.rules) * 1:13449 <-> DISABLED <-> OS-WINDOWS Microsoft Windows vbscript/jscript scripting engine end buffer overflow attempt (os-windows.rules) * 1:13455 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX function call access (browser-ie.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules) * 1:13465 <-> DISABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13466 <-> DISABLED <-> FILE-OFFICE Microsoft Works file converter file section length headers memory corruption attempt (file-office.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:13472 <-> DISABLED <-> FILE-OFFICE Microsoft Works invalid chunk size (file-office.rules) * 1:13473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file download request (file-identify.rules) * 1:13513 <-> DISABLED <-> SQL generic sql insert injection attempt - GET parameter (sql.rules) * 1:13515 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13516 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime HTTP error response buffer overflow (file-multimedia.rules) * 1:13517 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime malformed idsc atom (file-multimedia.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules) * 1:13523 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:13525 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:13539 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX clsid access (browser-plugins.rules) * 1:13551 <-> DISABLED <-> SERVER-ORACLE Oracle XDB.XDB_PITRIG_PKG sql injection attempt (server-oracle.rules) * 1:13552 <-> DISABLED <-> SERVER-OTHER Symantec VERITAS Storage Foundation Suite buffer overflow attempt (server-other.rules) * 1:13553 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink username string buffer overflow (server-other.rules) * 1:13569 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:13570 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel cf record arbitrary code excecution attempt (file-office.rules) * 1:13571 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel dval record arbitrary code excecution attempt (file-office.rules) * 1:13572 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:13573 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook arbitrary command line attempt (file-office.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13603 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Download Handler ActiveX function call access (browser-plugins.rules) * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules) * 1:13621 <-> DISABLED <-> BROWSER-PLUGINS CA BrightStor ListCtrl ActiveX clsid access (browser-plugins.rules) * 1:13626 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access file magic detected (file-identify.rules) * 1:13631 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services log handling format string attempt (server-other.rules) * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (server-webapp.rules) * 1:13663 <-> DISABLED <-> SERVER-MAIL Alt-N MDaemon IMAP Server FETCH command buffer overflow attempt (server-mail.rules) * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:13665 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file invalid memory allocation exploit attempt (file-office.rules) * 1:13672 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control 2 ActiveX clsid access (browser-plugins.rules) * 1:13677 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer data stream memory corruption attempt (browser-ie.rules) * 1:13693 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules) * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules) * 1:13714 <-> DISABLED <-> SERVER-MYSQL yaSSL SSLv3 Client Hello Message Cipher Specs Buffer Overflow attempt (server-mysql.rules) * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:13734 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 10 ActiveX clsid access (browser-plugins.rules) * 1:13800 <-> DISABLED <-> SERVER-OTHER ARCServe LGServer service data overflow attempt (server-other.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13807 <-> DISABLED <-> FILE-IMAGE Microsoft Windows metafile SetPaletteEntries heap overflow attempt (file-image.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:13820 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PGM denial of service attempt (os-windows.rules) * 1:13834 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer request header overwrite (browser-ie.rules) * 1:13838 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IFRAME style change handling code execution (browser-firefox.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules) * 1:1384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP malformed advertisement (os-windows.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:13846 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent password overflow attempt (server-other.rules) * 1:13865 <-> DISABLED <-> FILE-IMAGE BMP image handler buffer overflow attempt (file-image.rules) * 1:13893 <-> DISABLED <-> FILE-OTHER Microsoft malformed saved search heap corruption attempt (file-other.rules) * 1:13894 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook Web Access From field cross-site scripting attempt (server-mail.rules) * 1:13895 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook Web Access invalid CSS escape sequence script execution attempt (server-mail.rules) * 1:13896 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL server MTF file download (server-mssql.rules) * 1:1390 <-> DISABLED <-> INDICATOR-SHELLCODE x86 inc ebx NOOP (indicator-shellcode.rules) * 1:13901 <-> DISABLED <-> NETBIOS SMB server response heap overflow attempt (netbios.rules) * 1:13902 <-> DISABLED <-> SERVER-OTHER IBM Lotus Sametime multiplexer stack buffer overflow attempt (server-other.rules) * 1:13905 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access (browser-plugins.rules) * 1:13911 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file download request (file-identify.rules) * 1:13913 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX function call access (browser-plugins.rules) * 1:13916 <-> DISABLED <-> SERVER-WEBAPP Alt-N SecurityGateway username buffer overflow attempt (server-webapp.rules) * 1:13917 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:13919 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:13920 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Obji Atom parsing stack buffer overflow attempt (file-multimedia.rules) * 1:13925 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager PASV stack overflow attempt (protocol-ftp.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules) * 1:13928 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp r0 SQL injection attempt (server-webapp.rules) * 1:13929 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp rx SQL injection attempt (server-webapp.rules) * 1:13949 <-> DISABLED <-> PROTOCOL-DNS excessive outbound NXDOMAIN replies - possible spoof of domain run by local DNS servers (protocol-dns.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules) * 1:13951 <-> DISABLED <-> SERVER-WEBAPP Oracle Database Server buffer overflow attempt (server-webapp.rules) * 1:13971 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (file-office.rules) * 1:13972 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel country record arbitrary code execution attempt (file-office.rules) * 1:13980 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer http status response memory corruption vulnerability (browser-ie.rules) * 1:13981 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed chart arbitrary code execution attempt (file-office.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:14013 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX clsid access (browser-plugins.rules) * 1:14015 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX function call access (browser-plugins.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14018 <-> DISABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:14021 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX clsid access (browser-plugins.rules) * 1:14025 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX clsid access (browser-plugins.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules) * 1:14037 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:14038 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:14039 <-> DISABLED <-> FILE-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt (file-other.rules) * 1:14255 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX clsid access (browser-plugins.rules) * 1:14261 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI VML gradient size heap overflow attempt (os-windows.rules) * 1:14262 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote iframe caller exploit attempt (file-office.rules) * 1:14264 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:14642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded ActiveX control (file-office.rules) * 1:14643 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer location and location.href cross domain security bypass vulnerability (browser-ie.rules) * 1:14644 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain unfocusable HTML element (browser-ie.rules) * 1:14645 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain setExpression exploit attempt (browser-ie.rules) * 1:14649 <-> DISABLED <-> OS-WINDOWS SMB Search Search filename size integer underflow attempt (os-windows.rules) * 1:14657 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain componentFromPoint memory corruption attempt (browser-ie.rules) * 1:14710 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss EnumJobs attempt (os-windows.rules) * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules) * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules) * 1:14743 <-> DISABLED <-> PROTOCOL-FTP RNTO directory traversal attempt (protocol-ftp.rules) * 1:14748 <-> DISABLED <-> BROWSER-PLUGINS Autodesk LiveUpdate ActiveX clsid access (browser-plugins.rules) * 1:14756 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX clsid access (browser-plugins.rules) * 1:14760 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX clsid access (browser-plugins.rules) * 1:14764 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service Agent ActiveX clsid access attempt (browser-plugins.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules) * 1:14769 <-> ENABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules) * 1:14770 <-> DISABLED <-> PROTOCOL-FTP Ipswitch WS_FTP client format string attempt (protocol-ftp.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:14782 <-> ENABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (os-windows.rules) * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules) * 1:14986 <-> DISABLED <-> INDICATOR-SHELLCODE x86 fldz get eip shellcode (indicator-shellcode.rules) * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules) * 1:14991 <-> ENABLED <-> SQL IBM DB2 Universal Database xmlquery buffer overflow attempt (sql.rules) * 1:14992 <-> DISABLED <-> SERVER-WEBAPP Openwsman HTTP basic authentication buffer overflow attempt (server-webapp.rules) * 1:1500 <-> DISABLED <-> SERVER-WEBAPP ExAir access (server-webapp.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15014 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:15015 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (os-windows.rules) * 1:15078 <-> DISABLED <-> SERVER-OTHER HP Openview Network Node Manager OValarmsrv buffer overflow attempt (server-other.rules) * 1:15079 <-> DISABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15080 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player WAV processing integer overflow attempt (file-multimedia.rules) * 1:15081 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start xml encoding buffer overflow attempt (file-java.rules) * 1:15082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rtf malformed dpcallout buffer overflow attempt (file-office.rules) * 1:15098 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic FlexGrid ActiveX function call access (browser-plugins.rules) * 1:15100 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX clsid access (browser-plugins.rules) * 1:15104 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (file-multimedia.rules) * 1:15105 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules) * 1:15106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file integer overflow attempt (file-office.rules) * 1:15107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file stylesheet buffer overflow attempt (file-office.rules) * 1:15108 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Server elevation of privilege exploit attempt (server-webapp.rules) * 1:15114 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer embed src buffer overflow attempt (browser-ie.rules) * 1:15116 <-> DISABLED <-> OS-WINDOWS Microsoft Windows search protocol remote command injection attempt (os-windows.rules) * 1:15122 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 2 ActiveX clsid access (browser-plugins.rules) * 1:15126 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt (browser-ie.rules) * 1:15143 <-> DISABLED <-> SERVER-MSSQL sp_replwritetovarbin unicode vulnerable function attempt (server-mssql.rules) * 1:15145 <-> DISABLED <-> SERVER-OTHER Apple CUPS TrueColor PNG filter overly large image height integer overflow attempt (server-other.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:15153 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server setup Authentication bypass attempt (pua-other.rules) * 1:15157 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF memory corruption attempt (file-multimedia.rules) * 1:15158 <-> DISABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15163 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio Object Header Buffer Overflow attempt (file-office.rules) * 1:15164 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG Layout Engine Index Parameter memory corruption attempt (browser-firefox.rules) * 1:15166 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player RealText buffer overflow attempt (file-multimedia.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15190 <-> DISABLED <-> SERVER-WEBAPP Youngzsoft CCProxy CONNECT Request buffer overflow attempt (server-webapp.rules) * 1:15192 <-> DISABLED <-> BROWSER-PLUGINS SizerOne ActiveX clsid access (browser-plugins.rules) * 1:15196 <-> DISABLED <-> OS-WINDOWS SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules) * 1:15220 <-> DISABLED <-> OS-WINDOWS SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules) * 1:15230 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Viewer 2 ActiveX clsid access (browser-plugins.rules) * 1:15236 <-> DISABLED <-> FILE-IMAGE ACD Systems ACDSee XPM file format overflow attempt (file-image.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15238 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime for Java toQTPointer function memory corruption attempt (file-multimedia.rules) * 1:15239 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15240 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15241 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC real.c ReadRealIndex real demuxer integer overflow attempt (file-multimedia.rules) * 1:15243 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX clsid access (browser-plugins.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules) * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules) * 1:15264 <-> DISABLED <-> SERVER-WEBAPP Oracle TimesTen In-Memory Database evtdump CGI module format string exploit attempt (server-webapp.rules) * 1:15266 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Barcode ActiveX clsid access (browser-plugins.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15302 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange System Attendant denial of service attempt (server-mail.rules) * 1:15304 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt (browser-ie.rules) * 1:15305 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:15306 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable binary file magic detected (file-executable.rules) * 1:15311 <-> DISABLED <-> BROWSER-PLUGINS Research In Motion AxLoader ActiveX clsid access (browser-plugins.rules) * 1:15357 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 remote code execution attempt (file-pdf.rules) * 1:15364 <-> DISABLED <-> SERVER-OTHER Ganglia Meta Daemon process_path stack buffer overflow attempt (server-other.rules) * 1:15367 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook web access script injection attempt (file-office.rules) * 1:15382 <-> DISABLED <-> SERVER-OTHER X.Org X Font Server QueryXBitmaps and QueryXExtents Handlers integer overflow attempt (server-other.rules) * 1:15383 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBL Event Handler Tags Removal memory corruption attempt (browser-firefox.rules) * 1:15384 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:15385 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wpad dynamic update request (os-windows.rules) * 1:15387 <-> DISABLED <-> OS-WINDOWS udp WINS WPAD registration attempt (os-windows.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules) * 1:15431 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules) * 1:15443 <-> DISABLED <-> SERVER-MYSQL XML Functions UpdateXML Scalar XPath denial of service attempt (server-mysql.rules) * 1:15445 <-> DISABLED <-> SERVER-ORACLE Application Server BPEL module cross site scripting attempt (server-oracle.rules) * 1:15446 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory management console Accept-Language buffer overflow attempt (server-webapp.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15466 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad WordPerfect 6.x converter buffer overflow attempt (file-office.rules) * 1:15467 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office Text Converters PlcPcd aCP buffer overflow attempt (file-office.rules) * 1:15468 <-> DISABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15472 <-> DISABLED <-> FILE-MULTIMEDIA Multiple MP3 player PLS buffer overflow attempt (file-multimedia.rules) * 1:15473 <-> DISABLED <-> FILE-MULTIMEDIA Multiple media players M3U playlist file handling buffer overflow attempt (file-multimedia.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules) * 1:15478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15485 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules) * 1:15488 <-> DISABLED <-> SERVER-ORACLE Oracle Database Application Express Component APEX password hash disclosure attempt (server-oracle.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules) * 1:15492 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader spell.customDictionaryOpen exploit attempt (file-pdf.rules) * 1:15493 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:15499 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 Component buffer overflow attempt (file-office.rules) * 1:15500 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint LinkedSlide memory corruption (file-office.rules) * 1:15504 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Download of version 4.0 file (file-office.rules) * 1:15505 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (file-office.rules) * 1:15506 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (file-office.rules) * 1:15509 <-> DISABLED <-> SERVER-OTHER IBM DB2 database server CONNECT denial of service attempt (server-other.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:15514 <-> DISABLED <-> SERVER-OTHER Multiple Vendors NTP Daemon Autokey stack buffer overflow attempt (server-other.rules) * 1:15515 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server RollbackWorkspace SQL injection attempt (server-oracle.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15517 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI DirectShow QuickTime parsing overflow attempt (file-multimedia.rules) * 1:15518 <-> DISABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:15539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Formula record remote code execution attempt (file-office.rules) * 1:15540 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM memory corruption attempt (browser-ie.rules) * 1:15541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record remote code execution attempt (file-office.rules) * 1:15542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Qsir and Qsif record remote code execution attempt (file-office.rules) * 1:15555 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System Intel Alert Originator Service buffer overflow attempt (server-other.rules) * 1:15559 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules) * 1:15575 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:15580 <-> DISABLED <-> SERVER-OTHER Squid oversized reply header handling exploit attempt (server-other.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules) * 1:15670 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 6 ActiveX clsid access (browser-plugins.rules) * 1:15672 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 7 ActiveX clsid access (browser-plugins.rules) * 1:15681 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 file format arbitrary code execution attempt (file-office.rules) * 1:15682 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow QuickTime file stsc atom parsing heap corruption attempt (file-multimedia.rules) * 1:15685 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 10 Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:15693 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table overflow attempt (file-other.rules) * 1:15694 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (file-other.rules) * 1:15697 <-> DISABLED <-> INDICATOR-OBFUSCATION rename of javascript unescape function detected (indicator-obfuscation.rules) * 1:15698 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules) * 1:15702 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules) * 1:15707 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITPC protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules) * 1:15709 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader FlateDecode integer overflow attempt (file-pdf.rules) * 1:15710 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x3B null strings attempt (netbios.rules) * 1:15711 <-> DISABLED <-> PUA-OTHER mIRC PRIVMSG message processing overflow attempt (pua-other.rules) * 1:15722 <-> DISABLED <-> SERVER-ORACLE Oracle database server Workspace Manager multiple SQL injection attempt (server-oracle.rules) * 1:15723 <-> DISABLED <-> SERVER-ORACLE Oracle database server CompressWorkspaceTree SQL injection attempt (server-oracle.rules) * 1:15724 <-> DISABLED <-> SERVER-ORACLE Oracle database server MergeWorkspace SQL injection attempt (server-oracle.rules) * 1:15725 <-> DISABLED <-> SERVER-ORACLE Oracle database server RemoveWorkspace SQL injection attempt (server-oracle.rules) * 1:15727 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules) * 1:15731 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript deleted reference arbitrary code execution attempt (browser-ie.rules) * 1:15732 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS handling memory corruption attempt (browser-ie.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:15850 <-> DISABLED <-> OS-WINDOWS Remote Desktop orderType remote code execution attempt (os-windows.rules) * 1:15854 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile media file processing memory corruption attempt (file-multimedia.rules) * 1:15858 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:15860 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrGetJoinInformation attempt (os-windows.rules) * 1:15861 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX clsid access (browser-plugins.rules) * 1:15863 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX function call access (browser-plugins.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules) * 1:15867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF font processing memory corruption attempt (file-pdf.rules) * 1:15868 <-> DISABLED <-> SQL Borland InterBase username buffer overflow (sql.rules) * 1:15869 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:15870 <-> DISABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15871 <-> DISABLED <-> FILE-MULTIMEDIA FFmpeg 4xm processing memory corruption attempt (file-multimedia.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:15896 <-> DISABLED <-> SERVER-OTHER Firebird SQL op_connect_request denial of service attempt (server-other.rules) * 1:15900 <-> DISABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules) * 1:15902 <-> DISABLED <-> INDICATOR-SHELLCODE x86 win2k-2k3 decoder base shellcode (indicator-shellcode.rules) * 1:15906 <-> DISABLED <-> OS-LINUX Linux Kernel DCCP Protocol Handler dccp_setsockopt_change integer overflow attempt (os-linux.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules) * 1:15909 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime VR Track Header Atom heap corruption attempt (file-multimedia.rules) * 1:15910 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getElementById object corruption attempt (browser-ie.rules) * 1:15921 <-> DISABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:15922 <-> DISABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules) * 1:15934 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 172.16/12 address detected (protocol-dns.rules) * 1:15940 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer Multiple Products RA file processing overflow attempt (file-multimedia.rules) * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15944 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory crafted LDAP request denial of service attempt (os-windows.rules) * 1:15945 <-> DISABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15946 <-> DISABLED <-> FILE-OTHER Microsoft Windows Vista Feed Headlines Gagdet code execution attempt (file-other.rules) * 1:15947 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Web Access Cross-Site Scripting attempt (file-office.rules) * 1:15948 <-> DISABLED <-> SERVER-OTHER CA License Software invalid command overflow attempt (server-other.rules) * 1:15950 <-> DISABLED <-> SERVER-OTHER McAfee LHA Type-2 file handling overflow attempt (server-other.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules) * 1:15954 <-> DISABLED <-> SERVER-MAIL SpamAssassin malformed email header DoS attempt (server-mail.rules) * 1:15955 <-> DISABLED <-> SERVER-ORACLE Application Server 9i Webcache file corruption attempt (server-oracle.rules) * 1:15956 <-> DISABLED <-> SERVER-ORACLE http Server mod_access restriction bypass attempt (server-oracle.rules) * 1:15957 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus zip file handling DoS attempt (file-other.rules) * 1:15958 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules) * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (server-other.rules) * 1:15961 <-> DISABLED <-> SERVER-OTHER 3Com Network Supervisor directory traversal attempt (server-other.rules) * 1:15962 <-> DISABLED <-> SERVER-WEBAPP Sybase EAServer WebConsole overflow attempt (server-webapp.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:15990 <-> DISABLED <-> SERVER-WEBAPP Multiple Vendor server file disclosure attempt (server-webapp.rules) * 1:15993 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript intrf_count integer overflow attempt (file-flash.rules) * 1:15994 <-> DISABLED <-> SERVER-OTHER Squid strListGetItem denial of service attempt (server-other.rules) * 1:15995 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed avi file mjpeg compression arbitrary code execution attempt (file-multimedia.rules) * 1:15997 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JIT escape function memory corruption attempt (browser-firefox.rules) * 1:15998 <-> DISABLED <-> SERVER-OTHER HP OpenView Client Configuration Manager Radia Notify Daemon code execution attempt (server-other.rules) * 1:15999 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products frame comment objects manipulation memory corruption attempt (browser-firefox.rules) * 1:16000 <-> DISABLED <-> FILE-IMAGE Sun Microsystems Java gif handling memory corruption attempt (file-image.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:16004 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16005 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules) * 1:16006 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime color table id memory corruption attempt (file-multimedia.rules) * 1:16007 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt (browser-ie.rules) * 1:16008 <-> DISABLED <-> OS-WINDOWS Multiple Products excessive HTTP 304 Not Modified responses exploit attempt (os-windows.rules) * 1:16009 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products overflow event handling memory corruption attempt (browser-firefox.rules) * 1:16010 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Javascript Page update race condition attempt (browser-ie.rules) * 1:16011 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS property method handling memory corruption attempt (browser-ie.rules) * 1:16013 <-> DISABLED <-> SERVER-OTHER IBM solidDB logging function format string exploit attempt (server-other.rules) * 1:16014 <-> DISABLED <-> SERVER-OTHER Novell eDirectory HTTP headers denial of service attempt (server-other.rules) * 1:16016 <-> DISABLED <-> OS-WINDOWS Microsoft client for netware overflow attempt (os-windows.rules) * 1:16017 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino LDAP server invalid DN message buffer overflow attempt (server-other.rules) * 1:16018 <-> DISABLED <-> SERVER-OTHER HP OpenView network node manager buffer overflow (server-other.rules) * 1:16019 <-> DISABLED <-> SERVER-OTHER Novell Distributed Print Services integer overflow attempt (server-other.rules) * 1:16020 <-> DISABLED <-> SERVER-MYSQL login handshake information disclosure attempt (server-mysql.rules) * 1:16021 <-> DISABLED <-> SERVER-APACHE Apache http Server mod_tcl format string attempt (server-apache.rules) * 1:16022 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Vista Windows mail file execution attempt (file-executable.rules) * 1:16027 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp midi file header overflow attempt (file-multimedia.rules) * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules) * 1:16031 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested object tag memory corruption attempt (browser-ie.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules) * 1:16033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer compressed content attempt (browser-ie.rules) * 1:16035 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:16036 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products QueryInterface method memory corruption attempt (browser-firefox.rules) * 1:16037 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products graphics and XML features integer overflows attempt (browser-firefox.rules) * 1:16039 <-> DISABLED <-> SERVER-OTHER EMC Dantz Retrospect Backup Agent denial of service attempt (server-other.rules) * 1:16041 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime FLIC animation file buffer overflow attempt (file-multimedia.rules) * 1:16042 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers CSS moz-binding cross domain scripting attempt (browser-firefox.rules) * 1:16045 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:16046 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia file format processing heap corruption attempt (file-multimedia.rules) * 1:16047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox layout frame constructor memory corruption attempt (browser-firefox.rules) * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules) * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules) * 1:16052 <-> DISABLED <-> SERVER-OTHER Novell iManager Tree parameter denial of service attempt (server-other.rules) * 1:16054 <-> DISABLED <-> FILE-IMAGE Apple QuickTime bitmap multiple header overflow (file-image.rules) * 1:16055 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes AAC file handling integer overflow attempt (file-multimedia.rules) * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:16059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed file format parsing code execution attempt (file-office.rules) * 1:16060 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino LDAP server memory exception attempt (server-other.rules) * 1:16061 <-> DISABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16063 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isindex buffer overflow attempt (browser-ie.rules) * 1:16064 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onBeforeUnload address bar spoofing attempt (browser-ie.rules) * 1:16065 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer location.replace memory corruption attempt (browser-ie.rules) * 1:16066 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server driver crafted SMB data denial of service (os-windows.rules) * 1:16067 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:16069 <-> DISABLED <-> SERVER-OTHER IBM Informix server argument processing overflow attempt (server-other.rules) * 1:16070 <-> DISABLED <-> FILE-OTHER X.org PCF parsing buffer overflow attempt (file-other.rules) * 1:16071 <-> DISABLED <-> SERVER-OTHER CA ARCServe Backup Discovery Service denial of service attempt (server-other.rules) * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules) * 1:16075 <-> DISABLED <-> SQL Suspicious SQL ansi_padding option (sql.rules) * 1:16079 <-> DISABLED <-> SERVER-WEBAPP uselang code injection (server-webapp.rules) * 1:16083 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp request (protocol-rpc.rules) * 1:16087 <-> DISABLED <-> FILE-OTHER Multiple vendor AV gateway virus detection bypass attempt (file-other.rules) * 1:16089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded web font handling buffer overflow attempt (os-windows.rules) * 1:16090 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Core XML core services XMLHTTP control open method code execution attempt (browser-plugins.rules) * 1:16091 <-> DISABLED <-> SERVER-OTHER Macromedia Flash Media Server administration service denial of service attempt (server-other.rules) * 1:16142 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PKCS11 module installation code execution attempt (browser-firefox.rules) * 1:16143 <-> DISABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16145 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:16147 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS malformed URL .dll denial of service attempt (server-iis.rules) * 1:16148 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime and iTunes heap memory corruption attempt (file-multimedia.rules) * 1:16169 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:16187 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectShow MJPEG arbitrary code execution attempt (os-windows.rules) * 1:16188 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (file-office.rules) * 1:16189 <-> DISABLED <-> SERVER-ORACLE Database REPCAT_RPC.VALIDATE_REMOTE_RC SQL injection attempt (server-oracle.rules) * 1:16190 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server property_box.php command injection attempt (server-oracle.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:16197 <-> DISABLED <-> SERVER-OTHER OpenLDAP ber_get_next BER decoding denial of service attempt (server-other.rules) * 1:16199 <-> DISABLED <-> SERVER-MAIL SpamAssassin long message header denial of service attempt (server-mail.rules) * 1:16200 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox command line URL shell command injection attempt (browser-firefox.rules) * 1:16201 <-> DISABLED <-> SERVER-MAIL Ipswitch Collaboration Suite SMTP format string exploit attempt (server-mail.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS server spoofing attempt (os-windows.rules) * 1:16207 <-> DISABLED <-> SERVER-WEBAPP MIT Kerberos V% KAdminD klog_vsyslog server overflow attempt (server-webapp.rules) * 1:16208 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Distributed Management Objects overflow attempt (server-mssql.rules) * 1:16209 <-> DISABLED <-> SERVER-OTHER FreeRADIUS RADIUS server rad_decode remote denial of service attempt (server-other.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules) * 1:16214 <-> DISABLED <-> SERVER-OTHER Squid Proxy invalid HTTP response code denial of service attempt (server-other.rules) * 1:16215 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server Portal cross site scripting attempt (server-oracle.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16231 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:16283 <-> DISABLED <-> SERVER-WEBAPP Borland StarTeam Multicast Service buffer overflow attempt (server-webapp.rules) * 1:16284 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ClearTextRun exploit attempt (browser-firefox.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16288 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt (file-java.rules) * 1:16291 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Network Security Services regexp heap overflow attempt (browser-firefox.rules) * 1:16292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla CSS value counter overflow attempt (browser-firefox.rules) * 1:16294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP stack zero window size exploit attempt (os-windows.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules) * 1:16300 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules) * 1:16301 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules) * 1:16310 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6/7 outerHTML invalid reference arbitrary code execution attempt (browser-ie.rules) * 1:16311 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6/7 single line outerHTML invalid reference arbitrary code execution attempt (browser-ie.rules) * 1:16318 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid ho tag attempt (file-office.rules) * 1:16319 <-> DISABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat attempt (browser-ie.rules) * 1:16331 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:16333 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:16334 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules) * 1:16339 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt - obfuscated (browser-ie.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules) * 1:16537 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player ActiveX unknow compression algorithm use arbitrary code execution attempt (browser-plugins.rules) * 1:16540 <-> DISABLED <-> OS-WINDOWS SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules) * 1:16541 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Service stack overflow attempt (os-windows.rules) * 1:16542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:16543 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player codec code execution attempt (file-multimedia.rules) * 1:16545 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed Richmedia annotation exploit attempt (file-pdf.rules) * 1:16549 <-> DISABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - npruntime-scriptable-plugin (file-other.rules) * 1:16554 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript getIcon method buffer overflow attempt (file-pdf.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules) * 1:16560 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint XSS attempt (server-webapp.rules) * 1:16574 <-> DISABLED <-> BROWSER-PLUGINS obfuscated ActiveX object instantiation via fromCharCode (browser-plugins.rules) * 1:16576 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix AgentX receive_agentx stack buffer overflow attempt (server-other.rules) * 1:16589 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX function call access (browser-plugins.rules) * 1:16593 <-> DISABLED <-> FILE-OFFICE Microsoft VBE6.dll stack corruption attempt (file-office.rules) * 1:16595 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail remote code execution attempt (server-mail.rules) * 1:16596 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari information disclosure and remote code execution attempt (browser-webkit.rules) * 1:16597 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent Email address processing buffer overflow attempt (server-mail.rules) * 1:16603 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Linux malformed U3D mesh deceleration block exploit attempt (file-pdf.rules) * 1:16605 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested SPAN tag memory corruption attempt (browser-ie.rules) * 1:16606 <-> DISABLED <-> SERVER-ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt (server-oracle.rules) * 1:16631 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari image use after remove attempt (browser-webkit.rules) * 1:16632 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari image use after reparent attempt (browser-webkit.rules) * 1:16633 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader File containing Flash use-after-free attack attempt (file-pdf.rules) * 1:16634 <-> DISABLED <-> FILE-FLASH Adobe Flash use-after-free attack attempt (file-flash.rules) * 1:16635 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:16637 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer security zone restriction bypass attempt (browser-ie.rules) * 1:16638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules) * 1:16639 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro (file-office.rules) * 1:16640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with linkFmla (file-office.rules) * 1:16641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro and linkFmla (file-office.rules) * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules) * 1:16643 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:16644 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:16645 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:16646 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record stack buffer overflow attempt (file-office.rules) * 1:16647 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt - 2 (file-office.rules) * 1:16648 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt - 1 (file-office.rules) * 1:16650 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 1 (file-office.rules) * 1:16651 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 2 (file-office.rules) * 1:16652 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 3 (file-office.rules) * 1:16653 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 4 (file-office.rules) * 1:16654 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Publisher record heap buffer overflow attempt (file-office.rules) * 1:16656 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF5 ExternSheet record stack overflow attempt (file-office.rules) * 1:16657 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DBQueryExt record memory corruption attempt (file-office.rules) * 1:16659 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style sheet array memory corruption attempt (browser-ie.rules) * 1:16660 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Server 2007 help.aspx denial of service attempt (server-webapp.rules) * 1:16661 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (file-multimedia.rules) * 1:16664 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader authplay.dll vulnerability exploit attempt (file-pdf.rules) * 1:16665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Help Centre escape sequence XSS attempt (os-windows.rules) * 1:16666 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari window.parent.close unspecified remote code execution vulnerability (browser-webkit.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16671 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access ActiveX exploit attempt (browser-plugins.rules) * 1:16672 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX control buffer overflow attempt (browser-plugins.rules) * 1:16673 <-> DISABLED <-> FILE-OTHER Adobe Shockwave DIR file PAMI chunk code execution attempt (file-other.rules) * 1:16674 <-> ENABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:16675 <-> DISABLED <-> BROWSER-PLUGINS CA BrightStor ListCtrl ActiveX control access (browser-plugins.rules) * 1:16676 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode colors declaration (file-pdf.rules) * 1:16677 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode colors declaration (file-pdf.rules) * 1:16683 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp CAF file processing integer overflow attempt (file-multimedia.rules) * 1:16684 <-> DISABLED <-> SERVER-SAMBA Samba smbd Session Setup AndX security blob length dos attempt (server-samba.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules) * 1:16688 <-> DISABLED <-> SERVER-OTHER iscsi target format string code execution attempt (server-other.rules) * 1:16694 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP request denial of service attempt (server-other.rules) * 1:16699 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v2 udp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16700 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v2 tcp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16701 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v3 udp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16702 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v3 tcp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16703 <-> DISABLED <-> SERVER-MYSQL Database COM_FIELD_LIST Buffer Overflow attempt (server-mysql.rules) * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules) * 1:16709 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETERS empty DataConvertBuffer header denial of service attempt (server-other.rules) * 1:16710 <-> DISABLED <-> SERVER-OTHER Oracle BEA Weblogic server console-help.portal cross-site scripting attempt (server-other.rules) * 1:16716 <-> DISABLED <-> FILE-IMAGE Oracle Java Web Start Splashscreen PNG processing buffer overflow attempt (file-image.rules) * 1:16717 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Enterprise Search search_p_groups cross-site scripting attempt (server-oracle.rules) * 1:16719 <-> DISABLED <-> FILE-OTHER CA multiple product AV engine CAB header parsing stack overflow attempt (file-other.rules) * 1:1672 <-> DISABLED <-> PROTOCOL-FTP CWD ~ attempt (protocol-ftp.rules) * 1:16720 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player TY processing buffer overflow attempt (file-multimedia.rules) * 1:16721 <-> DISABLED <-> FILE-OTHER Orbital Viewer .orb stack buffer overflow attempt (file-other.rules) * 1:16722 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE procedure SQL injection attempt (server-oracle.rules) * 1:16723 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server DBMS_CDC_PUBLISH.ALTER_CHANGE_SOURCE procedure SQL injection attempt (server-oracle.rules) * 1:16724 <-> DISABLED <-> OS-LINUX Linux kernel sctp_process_unk_param SCTPChunkInit buffer overflow attempt (os-linux.rules) * 1:16746 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX clsid access (browser-plugins.rules) * 1:16752 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16753 <-> DISABLED <-> SERVER-WEBAPP VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (server-webapp.rules) * 1:16754 <-> DISABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16755 <-> DISABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16756 <-> DISABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16757 <-> DISABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:16763 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX attempt (netbios.rules) * 1:16765 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX unicode attempt (netbios.rules) * 1:16772 <-> ENABLED <-> BROWSER-PLUGINS EMC Captiva QuickScan Pro ActiveX clsid access (browser-plugins.rules) * 1:16788 <-> DISABLED <-> SERVER-OTHER RealVNC VNC Server ClientCutText message memory corruption attempt (server-other.rules) * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules) * 1:16800 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FRTWrapper record buffer overflow attempt (file-office.rules) * 1:17034 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules) * 1:17035 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules) * 1:17036 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules) * 1:17037 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Access multiple control instantiation memory corruption attempt (browser-plugins.rules) * 1:17038 <-> DISABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 1 (file-office.rules) * 1:17039 <-> DISABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 2 (file-office.rules) * 1:17042 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitrary dll load attempt (file-other.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:17051 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access (browser-plugins.rules) * 1:17055 <-> DISABLED <-> SERVER-ORACLE Oracle Database DBMS TNS Listener denial of service attempt (server-oracle.rules) * 1:17056 <-> DISABLED <-> NETBIOS Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (netbios.rules) * 1:17057 <-> DISABLED <-> NETBIOS Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (netbios.rules) * 1:17092 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX clsid access (browser-plugins.rules) * 1:17094 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX function call access (browser-plugins.rules) * 1:17103 <-> DISABLED <-> SERVER-IIS IIS 5.1 alternate data stream authentication bypass attempt (server-iis.rules) * 1:17107 <-> DISABLED <-> SERVER-APACHE Apache Tomcat JK Web Server Connector long URL stack overflow attempt - 1 (server-apache.rules) * 1:17111 <-> DISABLED <-> INDICATOR-OBFUSCATION known JavaScript obfuscation routine (indicator-obfuscation.rules) * 1:17113 <-> ENABLED <-> OS-WINDOWS Microsoft SilverLight ImageSource redefine flowbit (os-windows.rules) * 1:17114 <-> DISABLED <-> OS-WINDOWS Microsoft SilverLight ImageSource remote code execution attempt (os-windows.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17117 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-multimedia.rules) * 1:17119 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority SPRM overflow attempt (file-office.rules) * 1:17120 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (file-office.rules) * 1:17121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (file-office.rules) * 1:17122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 3 (file-office.rules) * 1:17123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format invalid field size memory corruption attempt (file-office.rules) * 1:17124 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word malformed table record memory corruption attempt (file-office.rules) * 1:17128 <-> DISABLED <-> FILE-MULTIMEDIA Cinepak Codec VIDC decompression remote code execution attempt (file-multimedia.rules) * 1:17129 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules) * 1:17130 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer boundElements arbitrary code execution (browser-ie.rules) * 1:17133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:17134 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:17135 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker string size overflow attempt (file-multimedia.rules) * 1:17137 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center information disclosure attempt (server-webapp.rules) * 1:17138 <-> DISABLED <-> SERVER-OTHER iSCSI target multiple implementations iSNS stack buffer overflow attempt (server-other.rules) * 1:17139 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System HNDLRSVC arbitrary command execution attempt (server-other.rules) * 1:17140 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:17143 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 1 (file-image.rules) * 1:17144 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 2 (file-image.rules) * 1:17145 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ASL file processing buffer overflow attempt (file-image.rules) * 1:17146 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 GRD file processing buffer overflow attempt (file-image.rules) * 1:17147 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt (file-image.rules) * 1:17148 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 1 (file-multimedia.rules) * 1:17149 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 2 (file-multimedia.rules) * 1:17150 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 3 (file-multimedia.rules) * 1:17151 <-> DISABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17152 <-> DISABLED <-> SERVER-SAMBA Samba smbd flags2 header parsing denial of service attempt (server-samba.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules) * 1:17155 <-> DISABLED <-> SERVER-OTHER Multiple vendors OPIE off-by-one stack buffer overflow attempt (server-other.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules) * 1:17157 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 1 (server-webapp.rules) * 1:17158 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 2 (server-webapp.rules) * 1:17159 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 3 (server-webapp.rules) * 1:17160 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio LtXmlComHelp8.dll ActiveX OpenFile buffer overflow attempt (browser-plugins.rules) * 1:17161 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio ActiveX clsid access (browser-plugins.rules) * 1:17163 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio ActiveX function call access (browser-plugins.rules) * 1:17165 <-> DISABLED <-> BROWSER-OTHER Opera browser document writing uninitialized memory access attempt (browser-other.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:17179 <-> DISABLED <-> FILE-OTHER Adobe Director file pamm record exploit attempt (file-other.rules) * 1:17191 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17194 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC tag exploit attempt (file-other.rules) * 1:17202 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules) * 1:17207 <-> DISABLED <-> SERVER-OTHER IBM Cognos Server backdoor account remote code execution attempt (server-other.rules) * 1:17208 <-> DISABLED <-> SERVER-OTHER Squid Proxy HTCP packet processing denial of service attempt (server-other.rules) * 1:17209 <-> ENABLED <-> SQL IBM DB2 DATABASE SERVER SQL REPEAT Buffer Overflow (sql.rules) * 1:17210 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows executable file load from SMB share attempt (file-executable.rules) * 1:17211 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime marshaled punk remote code execution (file-multimedia.rules) * 1:17212 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript eval arbitrary code execution attempt (browser-firefox.rules) * 1:17214 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules) * 1:17215 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules) * 1:17219 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17223 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToURL cross-site scripting attempt (file-flash.rules) * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules) * 1:17225 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon WorldClient invalid user (server-other.rules) * 1:17227 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet name memory corruption attempt (file-office.rules) * 1:17229 <-> DISABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17231 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging small offset malformed tiff - little-endian (file-image.rules) * 1:17232 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules) * 1:17233 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules) * 1:17238 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XBM file handling buffer overflow attempt (file-other.rules) * 1:17239 <-> ENABLED <-> SERVER-MAIL Multiple IMAP server CREATE command buffer overflow attempt (server-mail.rules) * 1:17241 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17243 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 krb5_recvauth double free attempt (server-other.rules) * 1:17244 <-> DISABLED <-> FILE-OTHER Antivirus ACE file handling buffer overflow attempt (file-other.rules) * 1:17245 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox image dragging exploit attempt (browser-firefox.rules) * 1:17250 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules) * 1:17252 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler arbitrary file write attempt (os-windows.rules) * 1:17254 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:17256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows uniscribe fonts parsing memory corruption attempt (os-windows.rules) * 1:17258 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree element code execution attempt (browser-firefox.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17260 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (browser-firefox.rules) * 1:17261 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17264 <-> DISABLED <-> SERVER-ORACLE Permission declaration exploit attempt (server-oracle.rules) * 1:17265 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin access control bypass attempt (browser-firefox.rules) * 1:17266 <-> DISABLED <-> FILE-OTHER Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (file-other.rules) * 1:17268 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sidebar panel arbitrary code execution attempt (browser-firefox.rules) * 1:17270 <-> DISABLED <-> SERVER-ORACLE DBMS_METADATA Package SQL Injection attempt (server-oracle.rules) * 1:17271 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Web View script injection attempt (file-office.rules) * 1:17273 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (server-other.rules) * 1:17274 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (server-other.rules) * 1:17275 <-> DISABLED <-> SERVER-MAIL Symantec Brightmail AntiSpam nested Zip handling denial of service attempt (server-mail.rules) * 1:17276 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17279 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt (server-webapp.rules) * 1:17281 <-> DISABLED <-> FILE-OTHER Panda Antivirus ZOO archive decompression buffer overflow attempt (file-other.rules) * 1:17282 <-> DISABLED <-> SERVER-OTHER Panda Antivirus ZOO archive decompression buffer overflow attempt (server-other.rules) * 1:17283 <-> DISABLED <-> SERVER-MAIL Mercury Mail Transport System buffer overflow attempt (server-mail.rules) * 1:17284 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed routing slip code execution attempt (file-office.rules) * 1:17285 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PPT file parsing memory corruption attempt (file-office.rules) * 1:17286 <-> DISABLED <-> FILE-OTHER Microsoft Visual Basic for Applications document properties overflow attempt (file-other.rules) * 1:17287 <-> DISABLED <-> SERVER-WEBAPP Cisco IOS HTTP service HTML injection attempt (server-webapp.rules) * 1:17289 <-> DISABLED <-> FILE-OTHER GNU gzip LZH decompression make_table overflow attempt (file-other.rules) * 1:17291 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded uri data object found (indicator-obfuscation.rules) * 1:17292 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed data record code execution attempt (file-office.rules) * 1:17293 <-> DISABLED <-> SERVER-ORACLE sdo_lrs.convert_to_lrs_layer buffer overflow attempt (server-oracle.rules) * 1:17294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NAT Helper DNS query denial of service attempt (os-windows.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules) * 1:17297 <-> DISABLED <-> SERVER-OTHER McAfee VirusScan on-access scanner long unicode filename handling buffer overflow attempt (server-other.rules) * 1:17298 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Monitoring Express Universal Agent Buffer Overflow (server-other.rules) * 1:17299 <-> DISABLED <-> SERVER-OTHER ISC BIND RRSIG query denial of service attempt (server-other.rules) * 1:17301 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:17302 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules) * 1:17303 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer clone object memory corruption attempt (browser-ie.rules) * 1:17304 <-> DISABLED <-> FILE-OFFICE Microsoft Works file converter file section header index table stack overflow attempt (file-office.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules) * 1:17306 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine file processing denial of service attempt (os-windows.rules) * 1:17307 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server INSERT Statement Buffer Overflow attempt (server-mssql.rules) * 1:17308 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:17309 <-> DISABLED <-> FILE-OTHER CoolPlayer Playlist File Handling Buffer Overflow (file-other.rules) * 1:17310 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:17312 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS import cross-domain restriction bypass attempt (browser-ie.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17315 <-> DISABLED <-> FILE-OFFICE OpenOffice OLE file stream buffer overflow attempt (file-office.rules) * 1:17317 <-> DISABLED <-> SERVER-OTHER OpenSSH sshd identical blocks DoS attempt (server-other.rules) * 1:17318 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17321 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters name overflow attempt (netbios.rules) * 1:17322 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip dword xor decoder (indicator-shellcode.rules) * 1:17324 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Linux reverse connect shellcode (indicator-shellcode.rules) * 1:17325 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha numeric upper case decoder variant (indicator-shellcode.rules) * 1:17326 <-> DISABLED <-> SERVER-OTHER Citrix Program Neighborhood Client buffer overflow attempt (server-other.rules) * 1:17327 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules) * 1:17329 <-> DISABLED <-> PROTOCOL-FTP EPRT overflow attempt (protocol-ftp.rules) * 1:17330 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GRE WMF Handling Memory Read Exception attempt (file-image.rules) * 1:17331 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes HTML Speed Reader Long URL buffer overflow attempt (server-mail.rules) * 1:17332 <-> DISABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17333 <-> DISABLED <-> SERVER-MAIL Lotus Notes Attachment Viewer UUE file buffer overflow attempt (server-mail.rules) * 1:17334 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:17335 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip byte xor decoder (indicator-shellcode.rules) * 1:17336 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic call geteip byte xor decoder (indicator-shellcode.rules) * 1:17337 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Microsoft Win32 export table enumeration variant (indicator-shellcode.rules) * 1:17338 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Microsoft Windows 32-bit SEH get EIP technique (indicator-shellcode.rules) * 1:17339 <-> DISABLED <-> INDICATOR-SHELLCODE x86 generic OS alpha numeric mixed case decoder (indicator-shellcode.rules) * 1:1734 <-> DISABLED <-> PROTOCOL-FTP USER overflow attempt (protocol-ftp.rules) * 1:17340 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha numeric upper case decoder (indicator-shellcode.rules) * 1:17341 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha UTF8 tolower avoidance decoder (indicator-shellcode.rules) * 1:17342 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode mixed case decoder (indicator-shellcode.rules) * 1:17343 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode upper case decoder (indicator-shellcode.rules) * 1:17344 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic xor dword decoder (indicator-shellcode.rules) * 1:17345 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic dword additive feedback decoder (indicator-shellcode.rules) * 1:17346 <-> DISABLED <-> SERVER-OTHER IBM Lotus Notes Cross Site Scripting attempt (server-other.rules) * 1:17347 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:17350 <-> DISABLED <-> SERVER-ORACLE Application Server Forms Arbitrary System Command Execution Attempt (server-oracle.rules) * 1:17351 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp ID3v2 Tag Handling Buffer Overflow attempt (file-other.rules) * 1:17352 <-> DISABLED <-> FILE-OTHER ClamAV CHM File Handling Integer Overflow attempt (file-other.rules) * 1:17353 <-> DISABLED <-> OS-SOLARIS Oracle Solaris printd Daemon Arbitrary File Deletion attempt (os-solaris.rules) * 1:17354 <-> DISABLED <-> SERVER-APACHE Apache Byte-Range Filter denial of service attempt (server-apache.rules) * 1:17356 <-> DISABLED <-> FILE-OTHER NOD32 Anti-Virus ARJ Archive Handling Buffer Overflow attempt (file-other.rules) * 1:17357 <-> DISABLED <-> PUA-OTHER AOL GAIM AIM-ICQ Protocol Handling buffer overflow attempt (pua-other.rules) * 1:17358 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Buffer Overflow attempt (file-executable.rules) * 1:17359 <-> DISABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17360 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBM image processing buffer overflow attempt (browser-firefox.rules) * 1:17361 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF Catalog Handling denial of service attempt (file-pdf.rules) * 1:17362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel IMDATA buffer overflow attempt (file-office.rules) * 1:17363 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:17364 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules) * 1:17366 <-> DISABLED <-> FILE-OTHER Microsoft Help Workshop HPJ OPTIONS section buffer overflow attempt (file-other.rules) * 1:17368 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document stream handling code execution attempt (file-office.rules) * 1:17369 <-> DISABLED <-> SERVER-MAIL MailEnable service APPEND command handling buffer overflow attempt (server-mail.rules) * 1:17370 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17371 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17372 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime udta atom parsing heap overflow vulnerability (file-multimedia.rules) * 1:17373 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules) * 1:17376 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Expeditor cai URI handler command execution attempt (server-webapp.rules) * 1:17377 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Filter Records Handling Code Execution attempt (file-office.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17380 <-> DISABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17381 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime PDAT Atom parsing buffer overflow attempt (file-multimedia.rules) * 1:17382 <-> DISABLED <-> FILE-OTHER Microsoft Project Invalid Memory Pointer Code Execution attempt (file-other.rules) * 1:17383 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Object Handler Validation Code Execution attempted (file-office.rules) * 1:17387 <-> DISABLED <-> SERVER-APACHE Apache Tomcat allowLinking URIencoding directory traversal attempt (server-apache.rules) * 1:17389 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMNodeRemoved attack attempt (browser-firefox.rules) * 1:17390 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:17391 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform backslash directory traversal (server-apache.rules) * 1:17392 <-> DISABLED <-> INDICATOR-SHELLCODE JavaScript var shellcode (indicator-shellcode.rules) * 1:17393 <-> DISABLED <-> INDICATOR-SHELLCODE JavaScript var heapspray (indicator-shellcode.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17395 <-> DISABLED <-> FILE-IMAGE Oracle Java Web Start Splashscreen GIF decoding buffer overflow attempt (file-image.rules) * 1:17396 <-> DISABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17400 <-> DISABLED <-> INDICATOR-OBFUSCATION rename of javascript unescape function detected (indicator-obfuscation.rules) * 1:17401 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt - unescaped (browser-ie.rules) * 1:17402 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt (browser-ie.rules) * 1:17403 <-> DISABLED <-> FILE-OFFICE OpenOffice RTF File parsing heap buffer overflow attempt (file-office.rules) * 1:17404 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows help file download request (file-identify.rules) * 1:17408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX Targa image file heap overflow attempt (os-windows.rules) * 1:17409 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products IDN Spoofing Vulnerability Attempt (browser-firefox.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:17411 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDF cross-domain scripting attempt (browser-ie.rules) * 1:17412 <-> DISABLED <-> SERVER-MYSQL create function mysql.func arbitrary library injection attempt (server-mysql.rules) * 1:17414 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Engine Information Disclosure attempt (browser-firefox.rules) * 1:17416 <-> DISABLED <-> SERVER-ORACLE Database Intermedia Denial of Service Attempt (server-oracle.rules) * 1:17418 <-> DISABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17419 <-> DISABLED <-> SERVER-ORACLE Oracle database SQL compiler read-only join auth bypass attempt (server-oracle.rules) * 1:17420 <-> DISABLED <-> SERVER-WEBAPP Citrix Program Neighborhood Agent Arbitrary Shortcut Creation attempt (server-webapp.rules) * 1:17421 <-> DISABLED <-> FILE-OFFICE Microsoft OLE automation string manipulation overflow attempt (file-office.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:17423 <-> DISABLED <-> SERVER-WEBAPP Citrix Program Neighborhood Agent Buffer Overflow attempt (server-webapp.rules) * 1:17424 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IconURL Arbitrary Javascript Execution attempt (browser-firefox.rules) * 1:17425 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer ActiveX Import playlist name buffer overflow attempt (browser-plugins.rules) * 1:17426 <-> DISABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17427 <-> DISABLED <-> SERVER-ORACLE Oracle database DBMS_Scheduler privilege escalation attempt (server-oracle.rules) * 1:17428 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:17429 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:17430 <-> DISABLED <-> FILE-PDF BitDefender Antivirus PDF processing memory corruption attempt (file-pdf.rules) * 1:17431 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS SChannel improper certificate verification (server-iis.rules) * 1:17432 <-> DISABLED <-> SERVER-WEBAPP Squid Gopher protocol handling buffer overflow attempt (server-webapp.rules) * 1:17433 <-> DISABLED <-> OS-SOLARIS Oracle Solaris DHCP Client Arbitrary Code Execution attempt (os-solaris.rules) * 1:17434 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Unicode sequence handling stack corruption attempt (browser-firefox.rules) * 1:17435 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules) * 1:17436 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules) * 1:17437 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules) * 1:17438 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules) * 1:17439 <-> DISABLED <-> OS-WINDOWS Microsoft Distributed Transaction Controller TIP DoS attempt (os-windows.rules) * 1:17441 <-> DISABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17442 <-> DISABLED <-> FILE-OTHER Microsoft Windows download of .lnk file that executes cmd.exe detected (file-other.rules) * 1:17443 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft DirectShow AVI decoder buffer overflow attempt (file-multimedia.rules) * 1:17444 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules) * 1:17446 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:17448 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTTPS proxy information disclosure vulnerability (browser-ie.rules) * 1:17449 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks patch management SQL injection attempt (server-webapp.rules) * 1:17450 <-> DISABLED <-> SERVER-WEBAPP CommuniGate Systems CommuniGate Pro LDAP Server buffer overflow attempt (server-webapp.rules) * 1:17457 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:17458 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules) * 1:17462 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer marquee object handling memory corruption attempt (browser-ie.rules) * 1:17463 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer File Download Dialog Box Manipulation (browser-ie.rules) * 1:17466 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX exploit attempt (browser-plugins.rules) * 1:17469 <-> DISABLED <-> FILE-MULTIMEDIA Mplayer Real Demuxer stream_read heap overflow attempt (file-multimedia.rules) * 1:17470 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:17473 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.EXTEND_WINDOW arbitrary command execution attempt (server-oracle.rules) * 1:17481 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange and Outlook TNEF Decoding Integer Overflow attempt (server-mail.rules) * 1:17482 <-> DISABLED <-> BROWSER-FIREFOX Mozilla NNTP URL Handling Buffer Overflow attempt (browser-firefox.rules) * 1:17483 <-> DISABLED <-> PROTOCOL-DNS squid proxy dns A record response denial of service attempt (protocol-dns.rules) * 1:17484 <-> DISABLED <-> PROTOCOL-DNS squid proxy dns PTR record response denial of service attempt (protocol-dns.rules) * 1:17485 <-> DISABLED <-> PROTOCOL-DNS Symantec Gateway products DNS cache poisoning attempt (protocol-dns.rules) * 1:17486 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Chunked overflow attempt (server-webapp.rules) * 1:17487 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules) * 1:17488 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:17490 <-> DISABLED <-> FILE-OTHER Microsoft Windows itss.dll CHM File Handling Heap Corruption attempt (file-other.rules) * 1:17491 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word mso.dll LsCreateLine memory corruption attempt (file-office.rules) * 1:17492 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed SELECTION Record Code Execution attempt (file-office.rules) * 1:17493 <-> DISABLED <-> FILE-OTHER ClamAV UPX FileHandling Heap overflow attempt (file-other.rules) * 1:17496 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed NamedShows record code execution attempt (file-office.rules) * 1:17497 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed NamedShows record code execution attempt (file-office.rules) * 1:17504 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Asset Management buffer overflow attempt (server-other.rules) * 1:17506 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17510 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows .NET Deploy file download request (file-identify.rules) * 1:17511 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Graphic Code Execution (file-office.rules) * 1:17515 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Record Code Execution attempt (file-office.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules) * 1:17520 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup DB Engine Denial of Service (server-other.rules) * 1:17521 <-> DISABLED <-> SERVER-OTHER GoodTech SSH Server SFTP processing buffer overflow attempt (server-other.rules) * 1:17522 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Pack200 Decompression Integer Overflow (file-java.rules) * 1:17523 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime H.264 Movie File Buffer Overflow (file-multimedia.rules) * 1:17524 <-> DISABLED <-> SERVER-OTHER Fujitsu SystemcastWizard Lite PXEService UDP Handling Buffer Overflow (server-other.rules) * 1:17525 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 5.0 WebDav Request Directory Security Bypass (server-iis.rules) * 1:17526 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules) * 1:17527 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player MP4_BoxDumpStructure Buffer Overflow (file-multimedia.rules) * 1:17528 <-> DISABLED <-> SERVER-WEBAPP nginx URI parsing buffer overflow attempt (server-webapp.rules) * 1:17529 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp Server Arbitrary File Upload and Execute (server-webapp.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules) * 1:17531 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file JVTCompEncodeFrame heap overflow attempt (file-multimedia.rules) * 1:17532 <-> DISABLED <-> FILE-OFFICE Micrsoft Office Excel TXO and OBJ Records Parsing Stack Memory Corruption (file-office.rules) * 1:17533 <-> DISABLED <-> SERVER-APACHE Apache Struts Information Disclosure Attempt (server-apache.rules) * 1:17534 <-> DISABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17535 <-> DISABLED <-> SERVER-OTHER Apple CUPS Text to PostScript Filter Integer Overflow attempt (server-other.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules) * 1:17538 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17541 <-> DISABLED <-> FILE-OTHER Avast Antivirus Engine Remote LHA buffer overflow attempt (file-other.rules) * 1:17542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalete Record Memory Corruption attempt (file-office.rules) * 1:17543 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Column record handling memory corruption attempt (file-office.rules) * 1:17544 <-> DISABLED <-> SERVER-OTHER Wireshark LWRES Dissector getaddrsbyname buffer overflow attempt (server-other.rules) * 1:17545 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:17547 <-> DISABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17548 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime SMIL File Handling Integer Overflow attempt (file-multimedia.rules) * 1:17550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Font Parsing Buffer Overflow attempt (file-office.rules) * 1:17551 <-> DISABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:17552 <-> DISABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17553 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Font Name Buffer Overflow attempt (file-other.rules) * 1:17555 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service ActiveX exploit attempt (browser-plugins.rules) * 1:17556 <-> DISABLED <-> SERVER-OTHER Firebird database invalid state integer overflow attempt (server-other.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules) * 1:17558 <-> DISABLED <-> FILE-IMAGE CUPS Gif Decoding Routine Buffer Overflow attempt (file-image.rules) * 1:17559 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes Applix Graphics Parsing Buffer Overflow (file-other.rules) * 1:17560 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (file-office.rules) * 1:17561 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR Overly Long Filename Code Execution attempt (file-multimedia.rules) * 1:17562 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Pack200 Decompression Integer Overflow attempt (file-java.rules) * 1:17563 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR File Processing Stack Buffer Overflow (file-java.rules) * 1:17564 <-> DISABLED <-> SERVER-IIS WebDAV Request Directory Security Bypass attempt (server-iis.rules) * 1:17565 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 File Handling Memory Corruption attempt (file-office.rules) * 1:17566 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handler memory corruption attempt (browser-ie.rules) * 1:17567 <-> DISABLED <-> SERVER-OTHER LANDesk Management Suite Alerting Service buffer overflow attempt (server-other.rules) * 1:17569 <-> DISABLED <-> SERVER-OTHER BEA Weblogic Admin Console Cross Site Scripting Vulnerability attempt (server-other.rules) * 1:17571 <-> DISABLED <-> BROWSER-PLUGINS obfuscated instantiation of ActiveX object - likely malicious (browser-plugins.rules) * 1:19146 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (file-multimedia.rules) * 1:19147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:19148 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player SWF file MP4 data parsing memory corruption attempt (file-multimedia.rules) * 1:19149 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table tag memory corruption attempt (browser-ie.rules) * 1:19150 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table tag memory corruption attempt (browser-ie.rules) * 1:19151 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX clsid access (browser-plugins.rules) * 1:19152 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX function call access (browser-plugins.rules) * 1:19153 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word malformed index code execution attempt (file-office.rules) * 1:19154 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray parsing attempt (file-office.rules) * 1:19155 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector Media Operations SignInName Parameter overflow attempt (server-webapp.rules) * 1:19156 <-> ENABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules) * 1:19159 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager RDS attempt (server-other.rules) * 1:19160 <-> DISABLED <-> SERVER-OTHER NetSupport Manager client buffer overflow attempt (server-other.rules) * 1:19161 <-> DISABLED <-> SERVER-OTHER NetSupport Manager client buffer overflow attempt (server-other.rules) * 1:19162 <-> DISABLED <-> SERVER-ORACLE get_domain_index_metadata privilege escalation attempt (server-oracle.rules) * 1:19163 <-> DISABLED <-> SERVER-ORACLE get_v2_domain_index_tables privilege escalation attempt (server-oracle.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19167 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk UDPTL processing overflow attempt (protocol-voip.rules) * 1:19168 <-> DISABLED <-> SERVER-WEBAPP Oracle GoldenGate Veridata Server soap request overflow attempt (server-webapp.rules) * 1:19169 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer vidplin.dll avi header parsing execution attempt (file-multimedia.rules) * 1:1917 <-> DISABLED <-> INDICATOR-SCAN UPnP service discover attempt (indicator-scan.rules) * 1:19170 <-> ENABLED <-> FILE-OTHER Microsoft Windows .NET Framework XAML browser applications stack corruption (file-other.rules) * 1:19171 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (browser-ie.rules) * 1:19172 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (browser-ie.rules) * 1:19173 <-> ENABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules) * 1:19174 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista feed headlines cross-site scripting attack attempt (os-windows.rules) * 1:19180 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:19181 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules) * 1:19182 <-> DISABLED <-> SERVER-OTHER strongSwan Certificate and Identification payload overflow attempt (server-other.rules) * 1:19183 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:19184 <-> ENABLED <-> OS-WINDOWS Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (os-windows.rules) * 1:19186 <-> DISABLED <-> OS-WINDOWS Microsoft Certification service XSS attempt (os-windows.rules) * 1:19192 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:19193 <-> ENABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX clsid access (browser-plugins.rules) * 1:19194 <-> ENABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX function call access (browser-plugins.rules) * 1:19195 <-> ENABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX function call access (browser-plugins.rules) * 1:19196 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ATMFD Adobe font driver remote code execution attempt (os-windows.rules) * 1:19197 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX clsid access (browser-plugins.rules) * 1:19198 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:19201 <-> DISABLED <-> SQL waitfor delay function - possible SQL injection attempt (sql.rules) * 1:19202 <-> DISABLED <-> SQL declare varchar - possible SQL injection attempt (sql.rules) * 1:19203 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MsgBox arbitrary code execution attempt (browser-ie.rules) * 1:19204 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MsgBox arbitrary code execution attempt (browser-ie.rules) * 1:19205 <-> DISABLED <-> SERVER-OTHER Novell iManager Tree parameter denial of service attempt (server-other.rules) * 1:19206 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:19207 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System AMSSendAlertAck stack buffer overflow attempt (server-other.rules) * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules) * 1:19209 <-> ENABLED <-> SERVER-WEBAPP Symantec Alert Management System modem string buffer overflow attempt (server-webapp.rules) * 1:19210 <-> ENABLED <-> SERVER-OTHER IBM Informix Dynamic Server set environment buffer overflow attempt (server-other.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19213 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server Mailing List Message Subject buffer overflow (server-mail.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19216 <-> ENABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19217 <-> ENABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19218 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19219 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (file-other.rules) * 1:19220 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (file-other.rules) * 1:19221 <-> ENABLED <-> OS-WINDOWS SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules) * 1:19222 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:19223 <-> DISABLED <-> SERVER-OTHER SAP Crystal Reports 2008 directory traversal attempt (server-other.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19225 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SerAuxTrend biff record corruption attempt (file-office.rules) * 1:19226 <-> ENABLED <-> FILE-OTHER Cisco Webex Player .wrf stack buffer overflow (file-other.rules) * 1:19227 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Scenario heap memory overflow (file-office.rules) * 1:19228 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration preauth variable command injection attempt (server-webapp.rules) * 1:19237 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:19241 <-> DISABLED <-> BROWSER-IE Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (browser-ie.rules) * 1:19242 <-> DISABLED <-> BROWSER-IE Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (browser-ie.rules) * 1:19243 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:19245 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules) * 1:19246 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS expression defined to empty selection attempt (browser-ie.rules) * 1:19258 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:19259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:19260 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed MsoDrawingObject record attempt (file-office.rules) * 1:19262 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:19265 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:19266 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:19268 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules) * 1:19269 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules) * 1:19281 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic single-byte xor countodwn encoder (indicator-shellcode.rules) * 1:19282 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic cpuid-based context keyed encoder (indicator-shellcode.rules) * 1:19283 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic stat-based context keyed encoder (indicator-shellcode.rules) * 1:17572 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services cross-site information disclosure attempt (os-windows.rules) * 1:17573 <-> DISABLED <-> FILE-MULTIMEDIA ffdshow codec URL parsing buffer overflow attempt (file-multimedia.rules) * 1:17574 <-> DISABLED <-> FILE-OFFICE Sophos Anti-Virus Visio File Parsing Buffer Overflow attempt (file-office.rules) * 1:17575 <-> DISABLED <-> BROWSER-PLUGINS SizerOne 2 ActiveX clsid access (browser-plugins.rules) * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules) * 1:17578 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Section Table Array Buffer Overflow attempt (file-office.rules) * 1:17579 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing Record msofbtOPT Code Execution attempt (file-office.rules) * 1:17580 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:17581 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox tag order memory corruption attempt (browser-firefox.rules) * 1:17582 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton AntiVirus CcErrDisp ActiveX function call access (browser-plugins.rules) * 1:17584 <-> DISABLED <-> SERVER-ORACLE UTL_FILE directory traversal attempt (server-oracle.rules) * 1:17585 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer possible javascript onunload event memory corruption (browser-ie.rules) * 1:17586 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start malicious parameter value (file-java.rules) * 1:17587 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules) * 1:17590 <-> DISABLED <-> SERVER-ORACLE DBMS_ASSERT.simple_sql_name double quote SQL injection attempt (server-oracle.rules) * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word crafted sprm structure memory corruption attempt (file-office.rules) * 1:17596 <-> DISABLED <-> BROWSER-PLUGINS Microsoft ciodm.dll ActiveX clsid access (browser-plugins.rules) * 1:17597 <-> DISABLED <-> SERVER-WEBAPP TikiWiki jhot.php script file upload attempt (server-webapp.rules) * 1:17598 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17599 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database rdbname denial of service attempt (server-other.rules) * 1:17600 <-> DISABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17601 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox file type memory corruption attempt (browser-firefox.rules) * 1:17602 <-> DISABLED <-> FILE-OTHER ClamAV antivirus CHM file handling DOS (file-other.rules) * 1:17603 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox file type memory corruption attempt (browser-firefox.rules) * 1:17604 <-> DISABLED <-> SERVER-OTHER Oracle Java AWT ConvolveOp memory corruption attempt (server-other.rules) * 1:17605 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan CGI password decryption buffer overflow attempt (server-webapp.rules) * 1:17606 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:17607 <-> DISABLED <-> SERVER-OTHER Xi Software Net Transport eDonkey Protocol Buffer Overflow attempt (server-other.rules) * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:17610 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules) * 1:17611 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules) * 1:17612 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules) * 1:17613 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:17614 <-> DISABLED <-> BROWSER-PLUGINS SAP GUI SAPBExCommonResources ActiveX clsid access (browser-plugins.rules) * 1:17616 <-> DISABLED <-> BROWSER-PLUGINS SAP GUI SAPBExCommonResources ActiveX function call access (browser-plugins.rules) * 1:17618 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hraphics engine EMF rendering vulnerability (os-windows.rules) * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules) * 1:17620 <-> ENABLED <-> SERVER-OTHER Products Discovery Service Buffer Overflow (server-other.rules) * 1:17622 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object reference memory corruption attempt (browser-ie.rules) * 1:17623 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-java.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules) * 1:17629 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (browser-firefox.rules) * 1:17630 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products CSSValue array memory corruption attempt (browser-firefox.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:17633 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-other.rules) * 1:17635 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 little endian overflow attempt (netbios.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules) * 1:17639 <-> DISABLED <-> SERVER-SAMBA Samba Root File System access bypass attempt (server-samba.rules) * 1:17640 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opnum 43 overflow attempt (netbios.rules) * 1:17641 <-> DISABLED <-> FILE-PDF CUPS and Xpdf JBIG2 symbol dictionary buffer overflow attempt (file-pdf.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules) * 1:17645 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS strings parsing memory corruption attempt (browser-ie.rules) * 1:17649 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word array data handling buffer overflow attempt (file-office.rules) * 1:17650 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Key Strings Stack Buffer Overflow attempt (file-other.rules) * 1:17651 <-> DISABLED <-> FILE-OTHER Multiple AV vendor invalid archive checksum bypass attempt (file-other.rules) * 1:17653 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS source code disclosure attempt (server-iis.rules) * 1:17655 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed formula parsing code execution attempt (file-office.rules) * 1:17656 <-> DISABLED <-> SERVER-APACHE Apache HTTP server mod_rewrite module LDAP scheme handling buffer overflow attempt (server-apache.rules) * 1:17657 <-> DISABLED <-> SERVER-OTHER Symantec NetBackup BPCD Daemon exploit attempt (server-other.rules) * 1:17658 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:17659 <-> DISABLED <-> SERVER-ORACLE xdb.dbms_xmlschema buffer overflow attempt (server-oracle.rules) * 1:17660 <-> DISABLED <-> SERVER-OTHER Oracle Java Web Start arbitrary command execution attempt (server-other.rules) * 1:17661 <-> DISABLED <-> SERVER-SAMBA Samba send_mailslot buffer overflow attempt (server-samba.rules) * 1:17662 <-> DISABLED <-> SERVER-OTHER VMware Workstation DHCP service integer overflow attempt (server-other.rules) * 1:17666 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer invalid chunk size heap overflow attempt (file-multimedia.rules) * 1:17668 <-> DISABLED <-> FILE-PDF download of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules) * 1:17669 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules) * 1:17679 <-> DISABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17680 <-> DISABLED <-> SERVER-OTHER ISC BIND DNSSEC Validation Multiple RRsets DoS (server-other.rules) * 1:17685 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules) * 1:17686 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules) * 1:17687 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules) * 1:17688 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:17689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:17690 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:17692 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ExecWB security zone bypass attempt (browser-ie.rules) * 1:17698 <-> DISABLED <-> SERVER-MAIL RealNetworks RealPlayer wav chunk string overflow attempt in email (server-mail.rules) * 1:17701 <-> DISABLED <-> BROWSER-PLUGINS Office Viewer ActiveX arbitrary command execution attempt (browser-plugins.rules) * 1:17702 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrDfsCreateExitPoint dos attempt (os-windows.rules) * 1:17703 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup title bar spoofing attempt (browser-ie.rules) * 1:17704 <-> DISABLED <-> FILE-OTHER McAfee LHA file parsing buffer overflow attempt (file-other.rules) * 1:17705 <-> DISABLED <-> SERVER-IIS web agent chunked encoding overflow attempt (server-iis.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules) * 1:17708 <-> DISABLED <-> SERVER-OTHER VNC password request URL buffer overflow attempt (server-other.rules) * 1:17709 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMBED element memory corruption attempt (browser-ie.rules) * 1:17710 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup vmd shared library buffer overflow attempt (server-other.rules) * 1:17711 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASF parsing memory corruption attempt (os-windows.rules) * 1:17712 <-> DISABLED <-> OS-WINDOWS TFTP PUT Microsoft RIS filename overwrite attempt (os-windows.rules) * 1:17713 <-> DISABLED <-> SERVER-OTHER Novell NetMail NMAP STOR buffer overflow attempt (server-other.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17716 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules) * 1:17717 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes HTML input tag buffer overflow attempt (server-mail.rules) * 1:17718 <-> DISABLED <-> SERVER-ORACLE Oracle MDSYS drop table trigger injection attempt (server-oracle.rules) * 1:17719 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ClearTextRun exploit attempt (browser-firefox.rules) * 1:17720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer static text range overflow attempt (browser-ie.rules) * 1:17721 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS replication inform2 request memory corruption attempt (os-windows.rules) * 1:17722 <-> DISABLED <-> SERVER-ORACLE XDB.XDB_PITRIG_PKG buffer overflow attempt (server-oracle.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 1:17724 <-> DISABLED <-> OS-WINDOWS malicious ASP file upload attempt (os-windows.rules) * 1:17725 <-> DISABLED <-> BROWSER-OTHER Opera file URI handling buffer overflow (browser-other.rules) * 1:17726 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing attempt (browser-ie.rules) * 1:17727 <-> DISABLED <-> FILE-OTHER Oracle JDK image parsing library ICC buffer overflow attempt (file-other.rules) * 1:17729 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMBED element memory corruption attempt (browser-ie.rules) * 1:17730 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:17731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wpad dynamic update request (os-windows.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17734 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel REPT integer underflow attempt (file-office.rules) * 1:17738 <-> DISABLED <-> SERVER-OTHER Linux Kernel SNMP Netfilter Memory Corruption attempt (server-other.rules) * 1:17739 <-> DISABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17740 <-> DISABLED <-> FILE-IMAGE Apple Quicktime FlashPix processing overflow attempt (file-image.rules) * 1:17742 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:17743 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF parsing memory corruption (file-office.rules) * 1:17746 <-> DISABLED <-> OS-WINDOWS SMB client TRANS response Find_First2 filename overflow attempt (os-windows.rules) * 1:17747 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer compressed HDMX font processing integer overflow attempt (browser-ie.rules) * 1:17749 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v4 CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:17750 <-> DISABLED <-> SERVER-IIS Microsoft IIS 7.5 client verify null pointer attempt (server-iis.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17753 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player network sharing service RTSP code execution attempt (file-multimedia.rules) * 1:17756 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XP PLFLSInTableStream heap overflow attempt (file-office.rules) * 1:17757 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel CrErr record integer overflow attempt (file-office.rules) * 1:17758 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (file-office.rules) * 1:17759 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid SerAr object exploit attempt (file-office.rules) * 1:17760 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:17764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:17766 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 XSS in toStaticHTML API attempt (browser-ie.rules) * 1:17767 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 tostaticHTML CSS import vulnerability (browser-ie.rules) * 1:17768 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 object event handler use after free exploit attempt (browser-ie.rules) * 1:17769 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 CSS invalid mapping exploit attempt (browser-ie.rules) * 1:17770 <-> DISABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules) * 1:17771 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain information disclosure attempt (browser-ie.rules) * 1:17772 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Scriptlet Component ActiveX clsid access (browser-plugins.rules) * 1:17777 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow (server-mail.rules) * 1:17778 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17803 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:17804 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox html tag attributes memory corruption (browser-firefox.rules) * 1:17806 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:17807 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:18065 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint converter bad indirection remote code execution attempt (file-office.rules) * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:18067 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules) * 1:18068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed MsoDrawingObject record attempt (file-office.rules) * 1:18069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Art drawing invalid shape identifier attempt (file-office.rules) * 1:18076 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG URL XSS alternate attempt (os-windows.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:18102 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules) * 1:18103 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 5yvod.net (blacklist.rules) * 1:18104 <-> DISABLED <-> BLACKLIST DNS request for known malware domain b.9s3.info (blacklist.rules) * 1:18106 <-> DISABLED <-> BLACKLIST DNS request for known malware domain e.msssm.com (blacklist.rules) * 1:18108 <-> DISABLED <-> BLACKLIST DNS request for known malware domain phoroshop.es (blacklist.rules) * 1:18114 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.5fqq.com (blacklist.rules) * 1:18115 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ajs2002.com (blacklist.rules) * 1:18116 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.bnbsoft.co.kr (blacklist.rules) * 1:18117 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cineseoul.com (blacklist.rules) * 1:18118 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.hao1345.com (blacklist.rules) * 1:18119 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ilbondrama.net (blacklist.rules) * 1:18120 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.iwebdy.net (blacklist.rules) * 1:18121 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.linzhiling123.com (blacklist.rules) * 1:18122 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.opusgame.com (blacklist.rules) * 1:18123 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.phoroshop.es (blacklist.rules) * 1:18124 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.sijianfeng.com (blacklist.rules) * 1:18125 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.tpydb.com (blacklist.rules) * 1:18127 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.univus.co.kr (blacklist.rules) * 1:18128 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.uwonderfull.com (blacklist.rules) * 1:18129 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.w22rt.com (blacklist.rules) * 1:18130 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.wwmei.com (blacklist.rules) * 1:18133 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.001zs.com (blacklist.rules) * 1:18134 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.551sf.com (blacklist.rules) * 1:18135 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.555hd.com (blacklist.rules) * 1:18136 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.66xihu.com (blacklist.rules) * 1:18137 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.9292cs.cn (blacklist.rules) * 1:18138 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.chateaulegend.com (blacklist.rules) * 1:18139 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.china-aoben.com (blacklist.rules) * 1:18140 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cqtjg.com (blacklist.rules) * 1:18141 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.dspenter.com (blacklist.rules) * 1:18142 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.eastadmin.com (blacklist.rules) * 1:18143 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.fp0755.cn (blacklist.rules) * 1:18144 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.fp0769.com (blacklist.rules) * 1:18145 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.fp360.net (blacklist.rules) * 1:18146 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.gdfp365.cn (blacklist.rules) * 1:18147 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.gev.cn (blacklist.rules) * 1:18148 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.haoleyou.com (blacklist.rules) * 1:18149 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.haosf08.com (blacklist.rules) * 1:18150 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.jxbaike.com (blacklist.rules) * 1:18151 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.kingsoftduba2009.com (blacklist.rules) * 1:18152 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.mainhu.com (blacklist.rules) * 1:18154 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.nc57.com (blacklist.rules) * 1:18155 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.pplog.cn (blacklist.rules) * 1:18156 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.pxflm.com (blacklist.rules) * 1:18157 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.quyou365.com (blacklist.rules) * 1:18158 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.shzhaotian.cn (blacklist.rules) * 1:18159 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.soanala.com (blacklist.rules) * 1:18160 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.stony-skunk.com (blacklist.rules) * 1:18161 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.street08.com (blacklist.rules) * 1:18162 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.weilingcy.com (blacklist.rules) * 1:18163 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.yisaa.com (blacklist.rules) * 1:18164 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.yx240.com (blacklist.rules) * 1:18165 <-> DISABLED <-> BLACKLIST DNS request for known malware domain e.mssm.com (blacklist.rules) * 1:18167 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules) * 1:18168 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules) * 1:18184 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnf.gametime.co.kr (blacklist.rules) * 1:18185 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.dd0415.net (blacklist.rules) * 1:18196 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS importer use-after-free attempt (browser-ie.rules) * 1:18197 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:18198 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:18199 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:18200 <-> ENABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:18204 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Address Book wab32res.dll dll-load exploit attempt (os-windows.rules) * 1:18205 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt (os-windows.rules) * 1:18206 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Address Book wab32res.dll dll-load exploit attempt (os-windows.rules) * 1:18207 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt (os-windows.rules) * 1:18212 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher tyo.oty field heap overflow attempt (file-office.rules) * 1:18216 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6 #default#anim attempt (browser-ie.rules) * 1:18217 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer select element memory corruption attempt (browser-ie.rules) * 1:18218 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer time element memory corruption attempt (browser-ie.rules) * 1:18219 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver remote code execution attempt (file-other.rules) * 1:18221 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table remote code execution attempt (browser-ie.rules) * 1:18233 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Adobe Font Driver code execution attempt (file-office.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18235 <-> DISABLED <-> FILE-OFFICE Microsoft Office PICT graphics converter memory corruption attempt (file-office.rules) * 1:18237 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Flashpix graphics filter fpx32.flt remote code execution attempt (file-image.rules) * 1:18238 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint document conversion remote code excution attempt (server-webapp.rules) * 1:18239 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious JavaScript decryption routine (indicator-obfuscation.rules) * 1:18240 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS importer use-after-free attempt (browser-ie.rules) * 1:18241 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:18242 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI Administrator Tools Object Viewer ActiveX function call access (browser-plugins.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules) * 1:18265 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:18269 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnf.6bom.com (blacklist.rules) * 1:18270 <-> DISABLED <-> BLACKLIST DNS request for known malware domain koonol.com (blacklist.rules) * 1:18272 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.886.com (blacklist.rules) * 1:18277 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt (os-windows.rules) * 1:18278 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt (os-windows.rules) * 1:18280 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer oversize recordset object cache size exploit attempt (browser-ie.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules) * 1:18297 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules) * 1:18308 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:18309 <-> DISABLED <-> OS-WINDOWS Microsoft Vector Markup Language fill method overflow attempt (os-windows.rules) * 1:18310 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18329 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI Administrator Tools Object Viewer ActiveX function call access (browser-plugins.rules) * 1:18331 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF variable name overflow attempt (file-office.rules) * 1:18335 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MHTML XSS attempt (os-windows.rules) * 1:18398 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:18399 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BRAI record remote code execution attempt (file-office.rules) * 1:18401 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Base64 encoded script overflow attempt (browser-ie.rules) * 1:18402 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD Adobe font driver remote code execution attempt (file-other.rules) * 1:18403 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Data Source Object memory corruption attempt (browser-ie.rules) * 1:18404 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer document.insertBefore memory corruption attempt (browser-ie.rules) * 1:18416 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio ORMinfo classes length overflow attempt (file-office.rules) * 1:18417 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio ORMinfo classes length overflow attempt (file-office.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules) * 1:18448 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:18450 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed BMP RGBQUAD attempt (file-pdf.rules) * 1:18451 <-> ENABLED <-> FILE-PDF Adobe Acrobat ICC color integer overflow attempt (file-pdf.rules) * 1:18453 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:18454 <-> ENABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:18457 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (file-pdf.rules) * 1:18460 <-> ENABLED <-> SERVER-WEBAPP Symantec Alert Management System pin number buffer overflow attempt (server-webapp.rules) * 1:18461 <-> DISABLED <-> SERVER-MAIL IBM Lotus Domino nrouter.exe iCalendar MAILTO stack buffer overflow attempt (server-mail.rules) * 1:18463 <-> DISABLED <-> FILE-OTHER Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-other.rules) * 1:18464 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion locale directory traversal attempt (server-webapp.rules) * 1:18465 <-> DISABLED <-> SERVER-WEBAPP FreePBX recording interface file upload code execution attempt (server-webapp.rules) * 1:18469 <-> DISABLED <-> CONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt (content-replace.rules) * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules) * 1:18482 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer History.go method double free corruption attempt (browser-ie.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules) * 1:18494 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules) * 1:18495 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules) * 1:18496 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (os-windows.rules) * 1:18497 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (os-windows.rules) * 1:18498 <-> ENABLED <-> FILE-OTHER Microsoft Media Player dvr-ms file parsing remote code execution attempt (file-other.rules) * 1:18499 <-> DISABLED <-> OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt (os-windows.rules) * 1:18500 <-> DISABLED <-> OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt (os-windows.rules) * 1:18506 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules) * 1:18507 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules) * 1:18510 <-> DISABLED <-> FILE-IMAGE Apple QuickTime FlashPix Movie file integer overflow attempt (file-image.rules) * 1:18511 <-> DISABLED <-> SERVER-OTHER Sourcefire Snort packet fragmentation reassembly denial of service attempt (server-other.rules) * 1:18513 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message Buffer Overflow attempt (server-mysql.rules) * 1:18514 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:18515 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio VSD file icon memory corruption attempt (file-office.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18519 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:18524 <-> DISABLED <-> SERVER-OTHER Multiple vendor anti-virus extended ASCII filename scan bypass attempt (server-other.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules) * 1:18528 <-> DISABLED <-> SERVER-ORACLE Oracle TimesTen In-Memory Database HTTP request denial of service attempt (server-oracle.rules) * 1:18533 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC authentication denial of service attempt (server-other.rules) * 1:18534 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC authentication denial of service attempt (server-other.rules) * 1:18535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt (file-office.rules) * 1:18536 <-> DISABLED <-> FILE-OFFICE OpenOffice.org Microsoft Office Word file processing integer underflow attempt (file-office.rules) * 1:18537 <-> DISABLED <-> FILE-OTHER OpenOffice.org XPM file processing integer overflow attempt (file-other.rules) * 1:18538 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:18539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handling remote code execution attempt (browser-ie.rules) * 1:18541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 3 (file-office.rules) * 1:18542 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player ActiveX unknow compression algorithm use arbitrary code execution attempt (browser-plugins.rules) * 1:18543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:18544 <-> ENABLED <-> FILE-FLASH embedded Shockwave dropper in email attachment (file-flash.rules) * 1:18545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file transfer (file-office.rules) * 1:18546 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file transfer (file-office.rules) * 1:18547 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file transfer (file-office.rules) * 1:18548 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment (file-office.rules) * 1:18549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file attachment (file-office.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:18556 <-> DISABLED <-> SERVER-WEBAPP Symantec IM manager IMAdminReportTrendFormRun.asp sql injection attempt (server-webapp.rules) * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18559 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules) * 1:18560 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules) * 1:18561 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file overread buffer overflow attempt (file-image.rules) * 1:18575 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager LIST stack overflow attempt (protocol-ftp.rules) * 1:18578 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL cdda URI overflow attempt (browser-plugins.rules) * 1:18583 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules) * 1:18585 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18588 <-> DISABLED <-> PROTOCOL-FTP Ipswitch Ws_ftp XCRC overflow attempt (protocol-ftp.rules) * 1:18589 <-> DISABLED <-> NETBIOS Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (netbios.rules) * 1:18590 <-> DISABLED <-> OS-WINDOWS Outlook Express WAB file parsing buffer overflow attempt (os-windows.rules) * 1:18592 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music Jukebox ActiveX exploit (browser-plugins.rules) * 1:18593 <-> DISABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18594 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules) * 1:18595 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules) * 1:18596 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:18597 <-> DISABLED <-> BROWSER-OTHER Opera file URI handling buffer overflow (browser-other.rules) * 1:18599 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PictureViewer buffer overflow attempt (file-image.rules) * 1:18601 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Common Controls Animation Object ActiveX clsid access (browser-plugins.rules) * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:18615 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:18632 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed Label record exploit attempt (file-office.rules) * 1:18638 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:18643 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules) * 1:18654 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe format string attempt (protocol-scada.rules) * 1:18655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LLMNR invalid reverse name lookup stack corruption attempt (os-windows.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules) * 1:1866 <-> DISABLED <-> PROTOCOL-POP USER overflow attempt (protocol-pop.rules) * 1:18668 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows Messenger ActiveX clsid access (browser-plugins.rules) * 1:18670 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:18671 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:18675 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:18679 <-> ENABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules) * 1:18680 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18681 <-> DISABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript - JavaScript object detected (file-pdf.rules) * 1:18682 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules) * 1:18710 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services buffer overflow attempt (server-other.rules) * 1:18713 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS connection record handling denial of service attempt (server-other.rules) * 1:18714 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS connection record handling denial of service attempt (server-other.rules) * 1:18740 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:18753 <-> DISABLED <-> SERVER-OTHER Zend Server Java Bridge remote code execution attempt (server-other.rules) * 1:18754 <-> ENABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:18755 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio Data Type Memory Corruption (file-office.rules) * 1:18756 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner Windows 7/Server 2008R2 (indicator-compromise.rules) * 1:18757 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner Windows Vista (indicator-compromise.rules) * 1:18759 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules) * 1:18760 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules) * 1:18764 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18766 <-> DISABLED <-> SERVER-OTHER OpenSSL CMS structure OriginatorInfo memory corruption attempt (server-other.rules) * 1:18767 <-> DISABLED <-> PROTOCOL-TFTP Multiple TFTP product buffer overflow attempt (protocol-tftp.rules) * 1:18768 <-> ENABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules) * 1:18770 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit range object remote code execution attempt (browser-webkit.rules) * 1:18776 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director pamm chunk memory corruption attempt (file-other.rules) * 1:18777 <-> DISABLED <-> SERVER-OTHER HP data protector OmniInet service NULL dereference denial of service attempt (server-other.rules) * 1:18790 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe overflow attempt (server-other.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:18794 <-> DISABLED <-> SERVER-WEBAPP RedHat JBoss Enterprise Application Platform JMX authentication bypass attempt (server-webapp.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules) * 1:18796 <-> DISABLED <-> SERVER-WEBAPP Novell iManager ClassName handling overflow attempt (server-webapp.rules) * 1:18797 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration property_box.php other variable command execution attempt (server-webapp.rules) * 1:18798 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations denial of service attempt (server-other.rules) * 1:18799 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations denial of service attempt (server-other.rules) * 1:18801 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JpxDecode invalid crgn memory corruption attempt (file-pdf.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules) * 1:18803 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Runtime CMM readMabCurveData buffer overflow attempt (server-webapp.rules) * 1:18804 <-> DISABLED <-> SERVER-WEBAPP OpenLDAP Modrdn utf-8 string code execution attempt (server-webapp.rules) * 1:18806 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:18807 <-> DISABLED <-> SERVER-OTHER OpenLDAP Modrdn RDN NULL string denial of service attempt (server-other.rules) * 1:18808 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server List Mailer Reply-To address buffer overflow attempt (server-mail.rules) * 1:18809 <-> DISABLED <-> BROWSER-FIREFOX Mozilla EnsureCachedAttrParamArrays integer overflow attempt (browser-firefox.rules) * 1:1882 <-> DISABLED <-> INDICATOR-COMPROMISE id check returned userid (indicator-compromise.rules) * 1:18901 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC Ticket validation double free memory corruption attempt (server-other.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules) * 1:18903 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Rendering Counter Code Execution (browser-webkit.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:18928 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime streaming debug error logging buffer overflow attempt (file-multimedia.rules) * 1:18929 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration objectname variable command injection attempt (server-oracle.rules) * 1:18930 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:18935 <-> DISABLED <-> SERVER-OTHER ISC DHCP server zero length client ID denial of service attempt (server-other.rules) * 1:18948 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint converter bad indirection remote code execution attempt (file-office.rules) * 1:18951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:18952 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:18953 <-> DISABLED <-> FILE-OTHER rich text format unexpected field type memory corruption attempt (file-other.rules) * 1:18954 <-> DISABLED <-> FILE-OTHER rich text format unexpected field type memory corruption attempt (file-other.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:18959 <-> DISABLED <-> SERVER-WEBAPP VMware SpringSource Spring Framework class.classloader remote code execution attempt (server-webapp.rules) * 1:18960 <-> ENABLED <-> SERVER-WEBAPP Novell GroupWise agents HTTP request remote code execution attempt (server-webapp.rules) * 1:18961 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:18972 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration selector variable command injection attempt (server-oracle.rules) * 1:18973 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:18974 <-> DISABLED <-> BROWSER-PLUGINS SAP Crystal Reports PrintControl.dll ActiveX function call attempt (browser-plugins.rules) * 1:18975 <-> DISABLED <-> BROWSER-PLUGINS SAP Crystal Reports PrintControl.dll ActiveX function call access (browser-plugins.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:18986 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18987 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18988 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18989 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18990 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18991 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18995 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit removeAllRanges use-after-free attempt (browser-webkit.rules) * 1:18996 <-> DISABLED <-> SERVER-ORACLE DBMS_JAVA.SET_OUTPUT_TO_JAVA privilege escalation attempt (server-oracle.rules) * 1:18997 <-> DISABLED <-> OS-LINUX Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt (os-linux.rules) * 1:18998 <-> ENABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:19000 <-> DISABLED <-> SERVER-MYSQL Database CASE NULL argument denial of service attempt (server-mysql.rules) * 1:19001 <-> DISABLED <-> SERVER-MYSQL IN NULL argument denial of service attempt (server-mysql.rules) * 1:19002 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer FLV parsing two integer overflow vulnerabilities (file-flash.rules) * 1:19003 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit run-in use-after-free attempt (browser-webkit.rules) * 1:19004 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit run-in use-after-free attempt (browser-webkit.rules) * 1:19005 <-> DISABLED <-> BROWSER-CHROME Apple Safari/Google Chrome Webkit memory corruption attempt (browser-chrome.rules) * 1:19006 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express DtbClsLogin buffer overflow attempt (server-other.rules) * 1:19007 <-> DISABLED <-> SERVER-SAMBA Samba SID parsing overflow attempt (server-samba.rules) * 1:19008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point conversion memory corruption attempt (browser-webkit.rules) * 1:19009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit menu onchange memory corruption attempt (browser-webkit.rules) * 1:19010 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit menu onchange memory corruption attempt (browser-webkit.rules) * 1:19011 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (file-other.rules) * 1:19012 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (file-other.rules) * 1:19013 <-> ENABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules) * 1:19063 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker string size overflow attempt (file-multimedia.rules) * 1:19064 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font index remote code execution attempt (file-other.rules) * 1:19065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19071 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules) * 1:19073 <-> DISABLED <-> SERVER-OTHER Squid Proxy Expect header null pointer denial of service attempt (server-other.rules) * 1:19074 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded noop sled attempt (indicator-obfuscation.rules) * 1:19078 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox html tag attributes memory corruption (browser-firefox.rules) * 1:19080 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19081 <-> DISABLED <-> INDICATOR-OBFUSCATION known suspicious decryption routine (indicator-obfuscation.rules) * 1:19082 <-> ENABLED <-> FILE-PDF Adobe Flash Player memory corruption attempt (file-pdf.rules) * 1:19083 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19084 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules) * 1:19085 <-> DISABLED <-> BROWSER-PLUGINS LEADTOOLS Raster Twain LtocxTwainu.dll ActiveX clsid access (browser-plugins.rules) * 1:19086 <-> DISABLED <-> BROWSER-PLUGINS LEADTOOLS Raster Twain LtocxTwainu.dll ActiveX function call (browser-plugins.rules) * 1:19091 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl3_get_key_exchange use-after-free attempt (server-other.rules) * 1:19092 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl3_get_key_exchange use-after-free attempt (server-other.rules) * 1:19093 <-> DISABLED <-> SERVER-MYSQL Database unique set column denial of service attempt (server-mysql.rules) * 1:19094 <-> DISABLED <-> SERVER-MYSQL Database unique set column denial of service attempt (server-mysql.rules) * 1:19095 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit CSS Charset Text transformation code execution attempt (browser-webkit.rules) * 1:19096 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit CSS Charset Text transformation code execution attempt (browser-webkit.rules) * 1:19097 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit ContentEditable code execution attempt (browser-webkit.rules) * 1:19098 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit ContentEditable code exeuction attempt (browser-webkit.rules) * 1:19099 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari CSS font format corruption attempt (browser-webkit.rules) * 1:19100 <-> DISABLED <-> FILE-JAVA Oracle Java Soundbank resource name overflow attempt (file-java.rules) * 1:19101 <-> DISABLED <-> SERVER-ORACLE Oracle Java Web Server Admin Server denial of service attempt (server-oracle.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules) * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:19107 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer code execution attempt (server-apache.rules) * 1:19108 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInstaller ActiveX clsid access (browser-plugins.rules) * 1:19109 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInstaller ActiveX function call access (browser-plugins.rules) * 1:19110 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Quality Manager and Test Lab Manager policy bypass attempt (server-webapp.rules) * 1:19111 <-> DISABLED <-> FILE-FLASH Adobe Flash Media Server memory exhaustion (file-flash.rules) * 1:19112 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D stucture heap overflow (file-other.rules) * 1:19113 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 81 overflow attempt (file-other.rules) * 1:19114 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 45 overflow attempt (file-other.rules) * 1:19115 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 89 overflow attempt (file-other.rules) * 1:19116 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack mount service code execution attempt (server-other.rules) * 1:19117 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D integer overflow (file-pdf.rules) * 1:19118 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader script injection vulnerability (file-pdf.rules) * 1:19119 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver remote code execution attempt (os-windows.rules) * 1:19120 <-> DISABLED <-> SERVER-OTHER IBM Informix DBINFO stack buffer overflow (server-other.rules) * 1:19121 <-> DISABLED <-> SERVER-OTHER IBM Informix EXPLAIN stack buffer overflow attempt (server-other.rules) * 1:19124 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt (server-apache.rules) * 1:19126 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR handling heap buffer overflow attempt (file-multimedia.rules) * 1:19127 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR handling heap buffer overflow attempt (file-multimedia.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19130 <-> DISABLED <-> FILE-IMAGE Microsoft Windows MSPaint jpeg with malformed SOFx field exploit attempt (file-image.rules) * 1:19131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:19132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:19133 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel EntExU2 write access violation attempt (file-office.rules) * 1:19134 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (file-office.rules) * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:19141 <-> DISABLED <-> FILE-OFFICE Microsoft Access Wizard control memory corruption ActiveX clsid access (file-office.rules) * 1:19142 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager IMAdminScheduleReport.asp SQL injection attempt (server-webapp.rules) * 1:19143 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (file-multimedia.rules) * 1:19144 <-> DISABLED <-> FILE-OTHER Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-other.rules) * 1:19145 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:21338 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules) * 1:21339 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom auth field attempt (file-multimedia.rules) * 1:21340 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom titl field attempt (file-multimedia.rules) * 1:21341 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom 'dscp' field attempt (file-multimedia.rules) * 1:21342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom cprt field attempt (file-multimedia.rules) * 1:21371 <-> ENABLED <-> FILE-OTHER Adobe Shockwave Director KEY chunk buffer overflow attempt (file-other.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules) * 1:21392 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer writing-mode property memory corruption attempt (browser-ie.rules) * 1:21405 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MergeCells record parsing code execution attempt (file-office.rules) * 1:21422 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules) * 1:21423 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules) * 1:21447 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileSystemObject function call (browser-chrome.rules) * 1:21457 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:21458 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:21478 <-> ENABLED <-> FILE-IDENTIFY CHM file attachment detected (file-identify.rules) * 1:21479 <-> ENABLED <-> FILE-IDENTIFY CHM file attachment detected (file-identify.rules) * 1:21480 <-> DISABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21481 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules) * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules) * 1:21498 <-> DISABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21504 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21505 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21506 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21507 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21508 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21516 <-> DISABLED <-> SERVER-WEBAPP JBoss JMX console access attempt (server-webapp.rules) * 1:21522 <-> DISABLED <-> SERVER-APACHE Apache Struts parameters interceptor remote code execution attempt (server-apache.rules) * 1:21568 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP RST denial of service attempt (os-windows.rules) * 1:21570 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RemoteDesktop new session flood attempt (os-windows.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21620 <-> DISABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21663 <-> DISABLED <-> SERVER-OTHER CA BrightStor Agent for Microsoft SQL overflow attempt (server-other.rules) * 1:21664 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules) * 1:21665 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules) * 1:21666 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules) * 1:21667 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21711 <-> DISABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21712 <-> DISABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:19284 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic time-based context keyed encoder (indicator-shellcode.rules) * 1:19285 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic non-alpha/non-upper encoder (indicator-shellcode.rules) * 1:19286 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode uppercase encoder (indicator-shellcode.rules) * 1:19287 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode mixed encoder (indicator-shellcode.rules) * 1:19288 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode tolower encoder (indicator-shellcode.rules) * 1:19290 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitary dll load attempt (file-other.rules) * 1:19294 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:19295 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules) * 1:19296 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:19303 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:19304 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail ActiveX clsid access (browser-plugins.rules) * 1:19305 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail ActiveX function call access (browser-plugins.rules) * 1:19306 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher pubconv.dll corruption attempt (file-office.rules) * 1:19308 <-> DISABLED <-> FILE-OTHER Microsoft Windows embedded OpenType EOT font integer overflow attempt (file-other.rules) * 1:19313 <-> ENABLED <-> SERVER-OTHER Symantec Antivirus Intel Service DoS Attempt (server-other.rules) * 1:19314 <-> DISABLED <-> OS-WINDOWS Groove GroovePerfmon.dll dll-load exploit attempt (os-windows.rules) * 1:19315 <-> DISABLED <-> OS-WINDOWS Microsoft Groove GroovePerfmon.dll dll-load exploit attempt (os-windows.rules) * 1:19317 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmTDiagLine80 record parsing stack buffer overflow attempt (file-office.rules) * 1:19320 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI Header insufficient data corruption attempt (file-multimedia.rules) * 1:19321 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products nsCSSValue Array Index Integer Overflow (browser-firefox.rules) * 1:19322 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer and SharePoint toStaticHTML information disclosure attempt (browser-ie.rules) * 1:19403 <-> DISABLED <-> FILE-MULTIMEDIA Cinepak Codec VIDC decompression remote code execution attempt (file-multimedia.rules) * 1:19405 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:19406 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:19407 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:19408 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption exploit attempt (file-flash.rules) * 1:1941 <-> DISABLED <-> PROTOCOL-TFTP GET filename overflow attempt (protocol-tftp.rules) * 1:19411 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Cross-Domain information disclosure attempt (browser-ie.rules) * 1:19412 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record parsing memory corruption (file-office.rules) * 1:19413 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:19414 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:19420 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (file-multimedia.rules) * 1:19421 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (file-multimedia.rules) * 1:19422 <-> DISABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> DISABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> DISABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> DISABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19431 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI Timestamp buffer overflow attempt (file-multimedia.rules) * 1:19432 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI Timestamp buffer overflow attempt (file-multimedia.rules) * 1:19436 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleSheetRule array memory corruption attempt (browser-ie.rules) * 1:19438 <-> ENABLED <-> SQL url ending in comment characters - possible sql injection attempt (sql.rules) * 1:19441 <-> DISABLED <-> SERVER-WEBAPP Oracle Virtual Server Agent command injection attempt (server-webapp.rules) * 1:19442 <-> DISABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules) * 1:19444 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media sample duration header RCE attempt (file-multimedia.rules) * 1:19445 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Timecode header RCE attempt (file-multimedia.rules) * 1:19446 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media file name header RCE attempt (file-multimedia.rules) * 1:19447 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media content type header RCE attempt (file-multimedia.rules) * 1:19448 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media pixel aspect ratio header RCE attempt (file-multimedia.rules) * 1:19449 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:19450 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:19451 <-> DISABLED <-> SERVER-OTHER Oracle VM server agent command injection (server-other.rules) * 1:19452 <-> DISABLED <-> SERVER-OTHER Oracle VM server agent command injection (server-other.rules) * 1:19458 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules) * 1:19459 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules) * 1:1952 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount request (protocol-rpc.rules) * 1:19552 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel format record code execution attempt (file-office.rules) * 1:19600 <-> DISABLED <-> SERVER-ORACLE Warehouse builder WE_OLAP_AW_SET_SOLVE_ID SQL Injection attempt (server-oracle.rules) * 1:19645 <-> DISABLED <-> SERVER-WEBAPP cross-site scripting attempt via form data attempt (server-webapp.rules) * 1:19649 <-> ENABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules) * 1:19650 <-> DISABLED <-> BROWSER-PLUGINS Cisco AnyConnect ActiveX clsid access (browser-plugins.rules) * 1:19668 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer telnet.exe file load exploit attempt (browser-ie.rules) * 1:19670 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer telnet.exe file load exploit attempt (browser-ie.rules) * 1:19671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules) * 1:19672 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer stylesheet dynamic access memory corruption attempt (browser-ie.rules) * 1:19675 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLString data length exploit attempt (file-office.rules) * 1:19687 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionStoreRegister instruction length invalidation attempt (file-flash.rules) * 1:19707 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:19708 <-> DISABLED <-> SERVER-MAIL Postfix SMTP Server SASL AUTH Handle Reuse Memory Corruption (server-mail.rules) * 1:19710 <-> DISABLED <-> BROWSER-CHROME Google Chrome float rendering corruption attempt (browser-chrome.rules) * 1:19713 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:1972 <-> DISABLED <-> PROTOCOL-FTP PASS overflow attempt (protocol-ftp.rules) * 1:1973 <-> DISABLED <-> PROTOCOL-FTP MKD overflow attempt (protocol-ftp.rules) * 1:1975 <-> DISABLED <-> PROTOCOL-FTP DELE overflow attempt (protocol-ftp.rules) * 1:1976 <-> DISABLED <-> PROTOCOL-FTP RMD overflow attempt (protocol-ftp.rules) * 1:19803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos.FH variant outbound connection (malware-cnc.rules) * 1:19808 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules) * 1:19809 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules) * 1:19810 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS deleteReportTemplate SQL injection attempt (server-other.rules) * 1:19812 <-> ENABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules) * 1:19813 <-> ENABLED <-> SERVER-WEBAPP Novell File Reporter Agent XMLK parsing stack bugger overflow attempt (server-webapp.rules) * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:19818 <-> DISABLED <-> OS-WINDOWS Microsoft XML core services cross-domain information disclosure attempt (os-windows.rules) * 1:19825 <-> DISABLED <-> SERVER-APACHE Apache Killer denial of service tool exploit attempt (server-apache.rules) * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:19867 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules) * 1:19871 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML buffer overflow attempt (browser-ie.rules) * 1:19872 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC remote code execution attempt (browser-ie.rules) * 1:19873 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules) * 1:19884 <-> DISABLED <-> INDICATOR-OBFUSCATION String.fromCharCode with multiple encoding types detected (indicator-obfuscation.rules) * 1:19885 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer daxctle.ocx spline method buffer overflow attempt (browser-ie.rules) * 1:19887 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:19888 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:19889 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded data object found (indicator-obfuscation.rules) * 1:19890 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP CA Arcserve Backup directory traversal attempt (netbios.rules) * 1:19893 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Tabular Control ActiveX overflow by CLSID / param tag (browser-plugins.rules) * 1:19894 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint unbound memcpy and remote code execution attempt (file-office.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:19909 <-> DISABLED <-> BROWSER-PLUGINS Cisco AnyConnect ActiveX clsid access (browser-plugins.rules) * 1:19910 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:19911 <-> ENABLED <-> FILE-OTHER Microsoft SYmbolic LinK stack overflow attempt (file-other.rules) * 1:19926 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt (file-java.rules) * 1:1993 <-> DISABLED <-> PROTOCOL-IMAP login literal buffer overflow attempt (protocol-imap.rules) * 1:19932 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 pointer dereference attempt (file-office.rules) * 1:19937 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access memory corruption attempt (browser-ie.rules) * 1:19938 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules) * 1:19943 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:19956 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules) * 1:19972 <-> DISABLED <-> OS-WINDOWS SMB client TRANS response paramcount overflow attempt (os-windows.rules) * 1:20029 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FNGROUPNAME record memory corruption attempt (file-office.rules) * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules) * 1:20031 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20034 <-> DISABLED <-> FILE-OTHER ESTsoft ALZip MIM file buffer overflow attempt (file-other.rules) * 1:20061 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP ca-alert function 16,23,40, and 41 overflow attempt (netbios.rules) * 1:20062 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel File Importing Code Execution (file-office.rules) * 1:20072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:20073 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:20124 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record attempt (file-office.rules) * 1:20127 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Conditional Formatting record vulnerability (file-office.rules) * 1:20128 <-> DISABLED <-> FILE-OFFICE Microsoft Office invalid MS-OGRAPH DataFormat buffer overflow attempt (file-office.rules) * 1:20131 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20134 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector buffer overflow attempt (server-webapp.rules) * 1:20137 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible generic javascript heap spray attempt (indicator-obfuscation.rules) * 1:20139 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules) * 1:20140 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules) * 1:20141 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules) * 1:20154 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:20155 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll composite glyf buffer overflow attempt (file-pdf.rules) * 1:20158 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish Server default credentials login attempt (server-webapp.rules) * 1:20175 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX clsid access (browser-plugins.rules) * 1:20188 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_config_method request/response attempt (indicator-shellcode.rules) * 1:20191 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_net_method request/response attempt (indicator-shellcode.rules) * 1:20210 <-> ENABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20214 <-> ENABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules) * 1:20215 <-> ENABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules) * 1:20216 <-> DISABLED <-> PROTOCOL-SCADA Beckhoff TwinCAT DoS (protocol-scada.rules) * 1:20223 <-> DISABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20246 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:20247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:20255 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight inheritance restriction bypass (browser-plugins.rules) * 1:20259 <-> ENABLED <-> FILE-OTHER Microsoft Agent Helper Malicious JAR download attempt (file-other.rules) * 1:20261 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows win32k.sys kernel mode null pointer dereference attempt (file-executable.rules) * 1:20262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules) * 1:20263 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlfile null attribute access attempt (browser-ie.rules) * 1:20264 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules) * 1:20265 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer null attribute DoS attempt (browser-ie.rules) * 1:20266 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 Javascript negative option index attack attempt (browser-ie.rules) * 1:20267 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer circular reference exploit attempt (browser-ie.rules) * 1:20268 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Marquee stylesheet object removal (browser-ie.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:20276 <-> DISABLED <-> INDICATOR-OBFUSCATION standard ASCII encoded with UTF-8 possible evasion detected (indicator-obfuscation.rules) * 1:20282 <-> DISABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20283 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC ModPlug ReadS3M overflow attempt (file-multimedia.rules) * 1:20284 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC ModPlug ReadS3M overflow attempt (file-multimedia.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20288 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer QCP parsing buffer overflow attempt (file-multimedia.rules) * 1:20294 <-> DISABLED <-> FILE-IMAGE Adobe Reader and Acrobat Libtiff TIFFFetchShortPair stack buffer overflow attempt (file-image.rules) * 1:20295 <-> DISABLED <-> FILE-IMAGE Public LibTiff Exploit (file-image.rules) * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules) * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:2045 <-> DISABLED <-> PROTOCOL-RPC snmpXdmi overflow attempt UDP (protocol-rpc.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20460 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20472 <-> DISABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20478 <-> DISABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20481 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20514 <-> DISABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20521 <-> DISABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20522 <-> DISABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20528 <-> DISABLED <-> SERVER-APACHE Apache mod_proxy reverse proxy information disclosure attempt (server-apache.rules) * 1:20530 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector directory traversal attempt (server-webapp.rules) * 1:20531 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector directory traversal attempt (server-webapp.rules) * 1:20532 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (server-webapp.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20554 <-> DISABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20577 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious TIFF remote code execution attempt (file-pdf.rules) * 1:20579 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari Ruby before and after memory corruption (browser-chrome.rules) * 1:20591 <-> DISABLED <-> BROWSER-PLUGINS Flexera InstallShield ISGrid2.dll DoFindReplace heap buffer overlow ActiveX clsid access (browser-plugins.rules) * 1:20592 <-> DISABLED <-> BROWSER-PLUGINS Flexera InstallShield ISGrid2.dll DoFindReplace heap buffer overlow ActiveX function call access (browser-plugins.rules) * 1:20593 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules) * 1:20600 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:20607 <-> ENABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20622 <-> ENABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (file-java.rules) * 1:20628 <-> ENABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:20634 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules) * 1:20635 <-> ENABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:20636 <-> ENABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:20637 <-> ENABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:20659 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20700 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (file-office.rules) * 1:20701 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (file-office.rules) * 1:20702 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (file-office.rules) * 1:20703 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (file-office.rules) * 1:20704 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer defaulttime behavior attack attempt (browser-plugins.rules) * 1:20708 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:20709 <-> ENABLED <-> BROWSER-PLUGINS HP Photo Creative ActiveX clsid access (browser-plugins.rules) * 1:20720 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:20722 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20724 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt (file-office.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20734 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player digital video recording buffer overflow attempt (file-multimedia.rules) * 1:20749 <-> DISABLED <-> SERVER-OTHER EMC Retrospect client crafted packet buffer overflow attempt (server-other.rules) * 1:20764 <-> DISABLED <-> SERVER-WEBAPP SyBase MBusiness xml closing tag overflow attempt (server-webapp.rules) * 1:20766 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20767 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20778 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20779 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20780 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20781 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20782 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20783 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20784 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20785 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20786 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20787 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20788 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20789 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20790 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20804 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20805 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20806 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20807 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20808 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20809 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20811 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20822 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt malicious string (browser-ie.rules) * 1:20824 <-> DISABLED <-> OS-WINDOWS generic web server hashing collision attack (os-windows.rules) * 1:20828 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS aspx login ReturnURL arbitrary redirect attempt (server-iis.rules) * 1:20829 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:20834 <-> DISABLED <-> BROWSER-PLUGINS Novell ZENworks LaunchHelp.dll LaunchProcess Code Execution ActiveX clsid access (browser-plugins.rules) * 1:20835 <-> DISABLED <-> BROWSER-PLUGINS Novell ZENworks LaunchHelp.dll LaunchProcess Code Execution ActiveX function call access (browser-plugins.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20842 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20843 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20874 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules) * 1:20884 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20900 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:20903 <-> ENABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20924 <-> DISABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20928 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20960 <-> DISABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20964 <-> DISABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20968 <-> DISABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20972 <-> DISABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20992 <-> DISABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:20993 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow (server-other.rules) * 1:20994 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow (server-other.rules) * 1:20999 <-> ENABLED <-> BROWSER-WEBKIT Microsoft Windows 7 x64 Apple Safari abnormally long iframe exploit attempt (browser-webkit.rules) * 1:21002 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt (file-office.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21037 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules) * 1:21038 <-> DISABLED <-> INDICATOR-OBFUSCATION String.fromCharCode with multiple encoding types detected (indicator-obfuscation.rules) * 1:21039 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:21050 <-> ENABLED <-> SERVER-OTHER HP Diagnostics Server magentservice.exe stack overflow attempt (server-other.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21060 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Administrator console site injection attempt (server-webapp.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21063 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:21064 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call access (browser-plugins.rules) * 1:21072 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (server-apache.rules) * 1:21073 <-> ENABLED <-> SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (server-apache.rules) * 1:21074 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:21076 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:21077 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call (browser-plugins.rules) * 1:21086 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption (browser-ie.rules) * 1:21101 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21112 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21116 <-> ENABLED <-> FILE-OTHER Cisco Webex selector and size2 subrecords corruption attempt (file-other.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21159 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:21167 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:21170 <-> ENABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:21174 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:2118 <-> DISABLED <-> PROTOCOL-IMAP list overflow attempt (protocol-imap.rules) * 1:21190 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products MozOrientation loading attempt (browser-firefox.rules) * 1:21191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products MozOrientation loading attempt (browser-firefox.rules) * 1:21214 <-> DISABLED <-> SERVER-APACHE Apache server mod_proxy reverse proxy bypass attempt (server-apache.rules) * 1:2123 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner (indicator-compromise.rules) * 1:21243 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:21253 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:21258 <-> DISABLED <-> INDICATOR-SHELLCODE Feng-Shui heap grooming using Oleaut32 (indicator-shellcode.rules) * 1:21260 <-> DISABLED <-> SERVER-APACHE Apache Byte-Range Filter denial of service attempt (server-apache.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21292 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:21299 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight privilege escalation attempt (browser-plugins.rules) * 1:21300 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:21301 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules) * 1:21302 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_OLEChunk code execution attempt (file-office.rules) * 1:21305 <-> ENABLED <-> FILE-EXECUTABLE Microsoft .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (file-executable.rules) * 1:21307 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules) * 1:21308 <-> ENABLED <-> FILE-OTHER Microsoft Windows C Run-Time Library remote code execution attempt (file-other.rules) * 1:21316 <-> ENABLED <-> FILE-OTHER Adobe shockwave director tSAC string termination memory corruption attempt (file-other.rules) * 1:21336 <-> ENABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules) * 1:23967 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules) * 1:23985 <-> ENABLED <-> BROWSER-PLUGINS Apple Quicktime plugin SetLanguage buffer overflow attempt (browser-plugins.rules) * 1:23986 <-> ENABLED <-> BROWSER-PLUGINS Apple Quicktime plugin SetLanguage buffer overflow attempt (browser-plugins.rules) * 1:23989 <-> ENABLED <-> FILE-OFFICE Microsoft Office EMF image EMFPlusPointF record memory corruption attempt (file-office.rules) * 1:23993 <-> DISABLED <-> SERVER-OTHER Dhcpcd packet size buffer overflow attempt (server-other.rules) * 1:23996 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23997 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23999 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24000 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24001 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24002 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24003 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24006 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt (file-office.rules) * 1:24007 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:24026 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24029 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules) * 1:24039 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call access (browser-plugins.rules) * 1:24040 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:24041 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:24042 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:24043 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:24044 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:24063 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24074 <-> DISABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24091 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver SOAP interface command injection attempt (server-webapp.rules) * 1:24138 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24139 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24140 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24142 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:2419 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules) * 1:24190 <-> DISABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:24195 <-> DISABLED <-> SERVER-WEBAPP socket_connect buffer overflow attempt (server-webapp.rules) * 1:24196 <-> ENABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX clsid access attempt (browser-plugins.rules) * 1:24199 <-> ENABLED <-> SERVER-MAIL IBM Lotus Notes URI handler command execution attempt (server-mail.rules) * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules) * 1:24201 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:24202 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24207 <-> ENABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24208 <-> ENABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24210 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand use-after-free attempt (browser-ie.rules) * 1:24212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand use-after-free attempt (browser-ie.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24218 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:2422 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules) * 1:2423 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules) * 1:24239 <-> ENABLED <-> SERVER-WEBAPP Novell GroupWise Internet Agent content-length integer overflow attempt (server-webapp.rules) * 1:24244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24252 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand use embedded within javascript tags (browser-ie.rules) * 1:24263 <-> DISABLED <-> FILE-PDF Overly large CreationDate within a pdf - likely malicious (file-pdf.rules) * 1:24267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:24268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:24269 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:24281 <-> ENABLED <-> BROWSER-PLUGINS Cisco Secure Desktop CSDWebInstaller ActiveX clsid access (browser-plugins.rules) * 1:24284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules) * 1:24291 <-> ENABLED <-> SERVER-WEBAPP HP SiteScope APISiteScopeImpl information disclosure attempt (server-webapp.rules) * 1:24292 <-> ENABLED <-> SERVER-WEBAPP HP SiteScope APISiteScopeImpl information disclosure attempt (server-webapp.rules) * 1:24293 <-> DISABLED <-> SERVER-OTHER EMC NetWorker SunRPC buffer overflow attempt (server-other.rules) * 1:24303 <-> DISABLED <-> PROTOCOL-ICMP IPv6 multicast neighbor add attempt (protocol-icmp.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:24315 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24316 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24317 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24318 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24319 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24320 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24321 <-> DISABLED <-> SERVER-OTHER HP StorageWorks File Migration Agent buffer overflow attempt (server-other.rules) * 1:24329 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:24335 <-> DISABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in buffer overflow attempt (browser-plugins.rules) * 1:24336 <-> DISABLED <-> OS-WINDOWS SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules) * 1:24337 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:24338 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:24339 <-> DISABLED <-> SERVER-WEBAPP XML entity parsing information disclosure attempt (server-webapp.rules) * 1:2435 <-> ENABLED <-> FILE-IDENTIFY Microsoft emf file download request (file-identify.rules) * 1:24351 <-> ENABLED <-> FILE-OFFICE Microsoft Works 9 use-after-free attempt (file-office.rules) * 1:21715 <-> DISABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21718 <-> DISABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21721 <-> DISABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21724 <-> DISABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21727 <-> DISABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21748 <-> DISABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21751 <-> DISABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21752 <-> ENABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules) * 1:21753 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Management Interface HTTP digest authentication stack buffer overflow attempt (protocol-voip.rules) * 1:21776 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange MODPROPS denial of service attempt (server-mail.rules) * 1:21792 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows .NET invalid parsing of graphics data attempt (file-executable.rules) * 1:21793 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules) * 1:21795 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:21796 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:21797 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21798 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21799 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21800 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21801 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21807 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21810 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21811 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21814 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21869 <-> ENABLED <-> FILE-OTHER Java JRE sandbox breach attempt (file-other.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21878 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:21879 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file attachment detected (file-identify.rules) * 1:21880 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file attachment detected (file-identify.rules) * 1:21884 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules) * 1:21885 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21896 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21897 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21898 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21899 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21900 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21901 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21902 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21904 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21905 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21906 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21908 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules) * 1:21909 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules) * 1:21913 <-> DISABLED <-> SERVER-OTHER EMC data protection advisor DOS attempt (server-other.rules) * 1:21914 <-> ENABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:21915 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21918 <-> ENABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express Buffer Overflow ActiveX clsid access attempt (browser-plugins.rules) * 1:21919 <-> ENABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express Buffer Overflow ActiveX function call access attempt (browser-plugins.rules) * 1:21922 <-> DISABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (file-other.rules) * 1:21927 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:21935 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:21937 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21944 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Web Reports xss attempt (server-other.rules) * 1:21948 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22009 <-> ENABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22038 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:22042 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows .NET invalid parsing of graphics data attempt (file-executable.rules) * 1:22052 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style record overflow attempt (file-office.rules) * 1:22066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word ScriptBridge OCX controller attempt (file-office.rules) * 1:22069 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22070 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22075 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio IndexDirectorySize greater than ChildrenSize memory access attempt (file-office.rules) * 1:22076 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:22077 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ObjectLink invalid wLinkVar2 value attempt (file-office.rules) * 1:22078 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:22091 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:22092 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtY memory corruption attempt (file-office.rules) * 1:22093 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxTrend sdtX memory corruption attempt (file-office.rules) * 1:22094 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxErrBar sdtX memory corruption attempt (file-office.rules) * 1:22104 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22105 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22106 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22107 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22108 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22109 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:2278 <-> DISABLED <-> SERVER-WEBAPP client negative Content-Length attempt (server-webapp.rules) * 1:22915 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22916 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22938 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:22942 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:22943 <-> DISABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22946 <-> DISABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22947 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (file-other.rules) * 1:22950 <-> DISABLED <-> SERVER-WEBAPP EXIF header parsing integer overflow attempt big endian (server-webapp.rules) * 1:22952 <-> ENABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:22954 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed SELECTION Record Code Execution attempt (file-office.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22999 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23009 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:23011 <-> DISABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23014 <-> DISABLED <-> FILE-OTHER Adobe Photoshop asset elements stack based buffer overflow attempt (file-other.rules) * 1:23015 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari runin handling use after free attempt (browser-chrome.rules) * 1:23041 <-> DISABLED <-> FILE-PDF EmbeddedFile contained within a PDF (file-pdf.rules) * 1:23046 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Enterprise server cross site scripting attempt (server-webapp.rules) * 1:23047 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Enterprise server cross site scripting attempt (server-webapp.rules) * 1:23056 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceR3Info buffer overflow attempt (server-other.rules) * 1:23059 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules) * 1:23060 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:23097 <-> DISABLED <-> SERVER-OTHER IBM solidDB SELECT statement denial of service attempt (server-other.rules) * 1:23098 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules) * 1:23099 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceHex denial of service attempt (server-other.rules) * 1:23100 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:23101 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:23111 <-> ENABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:23112 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher denial of service attempt (server-other.rules) * 1:23116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:23117 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 DOM element use after free attempt (browser-ie.rules) * 1:23118 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer console object use after free attempt (browser-ie.rules) * 1:23121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer center element dynamic manipulation attempt (browser-ie.rules) * 1:23123 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getBoundingClientRect incorrect rebalancing attempt (browser-ie.rules) * 1:23124 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:23125 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:23136 <-> DISABLED <-> BROWSER-IE Microsoft multiple product toStaticHTML XSS attempt (browser-ie.rules) * 1:23137 <-> DISABLED <-> BROWSER-IE Microsoft multiple product toStaticHTML XSS attempt (browser-ie.rules) * 1:23151 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel zero-width worksheet code execution attempt (file-office.rules) * 1:23152 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23170 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:23175 <-> ENABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:23177 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway timer.php cross site scripting attempt (server-webapp.rules) * 1:23186 <-> DISABLED <-> BROWSER-PLUGINS Dell CrazyTalk.DLL ActiveX clsid access (browser-plugins.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23203 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23204 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23209 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager command shell execution attempt (protocol-voip.rules) * 1:23210 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager command shell execution attempt (protocol-voip.rules) * 1:23212 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:23213 <-> DISABLED <-> SQL Ruby on rails SQL injection attempt (sql.rules) * 1:23227 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:23229 <-> DISABLED <-> BROWSER-PLUGINS Oracle Webcenter ActiveX function call access (browser-plugins.rules) * 1:23237 <-> DISABLED <-> OS-WINDOWS SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules) * 1:23238 <-> DISABLED <-> NETBIOS Wireshark console.lua file load exploit attempt (netbios.rules) * 1:23241 <-> ENABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules) * 1:23243 <-> DISABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (file-java.rules) * 1:23253 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care XMLSimpleAccessor ActiveX function call access attempt (browser-plugins.rules) * 1:23256 <-> DISABLED <-> FILE-EXECUTABLE Armadillo v1.71 packer file magic detected (file-executable.rules) * 1:23258 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:23263 <-> DISABLED <-> FILE-PDF Adobe flash player newfunction memory corruption attempt (file-pdf.rules) * 1:23264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:23265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:23269 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:23271 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23273 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23274 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23275 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23276 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23277 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23278 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer nested list memory corruption attempt (browser-ie.rules) * 1:23280 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer corrupted HROW instance write access violation attempt (browser-ie.rules) * 1:23284 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Forms Recognition ActiveX function call attempt (browser-plugins.rules) * 1:23285 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:23286 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23305 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:23314 <-> DISABLED <-> OS-WINDOWS SMB invalid character argument injection attempt (os-windows.rules) * 1:23346 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules) * 1:23347 <-> DISABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23352 <-> ENABLED <-> BROWSER-PLUGINS Cisco Linksys PlayerPT ActiveX clsid access attempt (browser-plugins.rules) * 1:23354 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules) * 1:23355 <-> ENABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules) * 1:23368 <-> DISABLED <-> PROTOCOL-DNS Tftpd32 DNS server denial of service attempt (protocol-dns.rules) * 1:23370 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules) * 1:2338 <-> DISABLED <-> PROTOCOL-FTP LIST buffer overflow attempt (protocol-ftp.rules) * 1:23384 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger parameter memory corruption attempt (server-webapp.rules) * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger parameter memory corruption attempt (server-webapp.rules) * 1:23392 <-> DISABLED <-> SERVER-OTHER IBM SolidDB redundant where clause DoS attempt (server-other.rules) * 1:23393 <-> DISABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23395 <-> ENABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:23398 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules) * 1:23400 <-> ENABLED <-> FILE-OTHER Apple Quicktime JPEG2000 length integer underflow attempt (file-other.rules) * 1:23401 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish server REST interface cross site request forgery attempt (server-webapp.rules) * 1:23414 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23444 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet License Server buffer overflow attempt (server-other.rules) * 1:23461 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML Transform attribute overflow attempt (file-other.rules) * 1:23462 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23463 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML sampleData attribute overflow attempt (file-other.rules) * 1:23464 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:23465 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23504 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:23577 <-> ENABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (file-other.rules) * 1:23580 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (file-other.rules) * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23609 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer getBoundingClientRect incorrect rebalancing attempt (browser-ie.rules) * 1:23614 <-> ENABLED <-> FILE-JAVA Oracle JavaScript heap exploitation library usage attempt (file-java.rules) * 1:23626 <-> DISABLED <-> SERVER-IIS cmd.exe access (server-iis.rules) * 1:23632 <-> ENABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23648 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23659 <-> DISABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23664 <-> DISABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23666 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23691 <-> DISABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23695 <-> DISABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23696 <-> DISABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23703 <-> DISABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23707 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23709 <-> DISABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23714 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> DISABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23732 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> DISABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> DISABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23757 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CHM file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23760 <-> DISABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> DISABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> DISABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23774 <-> DISABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23783 <-> ENABLED <-> SERVER-WEBAPP Symantec Web Gateway pbcontrol.php filename parameter command injection attempt (server-webapp.rules) * 1:23789 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Multiple Products table frames memory corruption attempt (browser-firefox.rules) * 1:23805 <-> ENABLED <-> BROWSER-WEBKIT WebKit button column memory corruption attempt (browser-webkit.rules) * 1:23806 <-> DISABLED <-> FILE-OTHER Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt (file-other.rules) * 1:23807 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23810 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23834 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer asynchronous code execution attempt (browser-ie.rules) * 1:23835 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer asynchronous code execution attempt (browser-ie.rules) * 1:23836 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules) * 1:23838 <-> ENABLED <-> OS-WINDOWS SMB NetServerEnum response host format string exploit attempt (os-windows.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23842 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23844 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt (file-office.rules) * 1:23853 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23854 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23855 <-> DISABLED <-> FILE-FLASH string heapspray flash file - likely attack (file-flash.rules) * 1:23856 <-> DISABLED <-> FILE-FLASH string heapspray flash file - likely attack (file-flash.rules) * 1:23857 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - ASCII (indicator-shellcode.rules) * 1:23858 <-> DISABLED <-> FILE-OTHER heapspray characters detected - binary (file-other.rules) * 1:23859 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - hexadecimal encoding (indicator-shellcode.rules) * 1:23860 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - ASCII (indicator-shellcode.rules) * 1:23861 <-> DISABLED <-> FILE-OTHER heapspray characters detected - binary (file-other.rules) * 1:23862 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - hexadecimal encoding (indicator-shellcode.rules) * 1:23878 <-> DISABLED <-> BROWSER-PLUGINS Oracle JRE Deployment Toolkit ActiveX clsid access attempt (browser-plugins.rules) * 1:23879 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:23880 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:23889 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:2389 <-> DISABLED <-> PROTOCOL-FTP RNTO overflow attempt (protocol-ftp.rules) * 1:23890 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23897 <-> DISABLED <-> FILE-PDF Sending of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules) * 1:23904 <-> DISABLED <-> BLACKLIST DNS request for known malware domain publicnews.mooo.com - Backdoor.Briba (blacklist.rules) * 1:2392 <-> DISABLED <-> PROTOCOL-FTP RETR overflow attempt (protocol-ftp.rules) * 1:23934 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway blocked.php blind sql injection attempt (server-webapp.rules) * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23957 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23958 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:23959 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:23960 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:23961 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:27189 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27190 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27191 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27211 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27217 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 260 buffer overflow attempt (server-other.rules) * 1:27232 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:27233 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:27245 <-> ENABLED <-> SERVER-APACHE Apache Struts2 remote code execution attempt (server-apache.rules) * 1:27261 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 215 buffer overflow attempt (server-other.rules) * 1:27262 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 263 buffer overflow attempt (server-other.rules) * 1:27264 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt (server-other.rules) * 1:27539 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 234 buffer overflow attempt (server-other.rules) * 1:27568 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules) * 1:27571 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 235 buffer overflow attempt (server-other.rules) * 1:27582 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27583 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27615 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:27616 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:27617 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 264 buffer overflow attempt (server-other.rules) * 1:27621 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27622 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27672 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27673 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27674 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27675 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27676 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27677 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27691 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27692 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27750 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27751 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27769 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 207 buffer overflow attempt (server-other.rules) * 1:27770 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 210 buffer overflow attempt (server-other.rules) * 1:27771 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 236 buffer overflow attempt (server-other.rules) * 1:27772 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 243 buffer overflow attempt (server-other.rules) * 1:27773 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 265 buffer overflow attempt (server-other.rules) * 1:27781 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX clsid access (browser-plugins.rules) * 1:27782 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX function call access (browser-plugins.rules) * 1:27816 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit jar file download attempt (exploit-kit.rules) * 1:27822 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules) * 1:27837 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:27838 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:27843 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos object use-after-free attempt (browser-ie.rules) * 1:27844 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos object use-after-free attempt (browser-ie.rules) * 1:27862 <-> ENABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt (server-webapp.rules) * 1:27869 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27870 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27871 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27872 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27921 <-> DISABLED <-> SERVER-ORACLE Oracle Endeca Server createDataStore remote command injection attempt (server-oracle.rules) * 1:27937 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateCertificatesServlet directory traversal attempt (server-other.rules) * 1:27941 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateDomainControllerServlet directory traversal attempt (server-other.rules) * 1:27943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onlosecapture memory corruption attempt (browser-ie.rules) * 1:27944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onlosecapture memory corruption attempt (browser-ie.rules) * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:28135 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:28136 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:28207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules) * 1:28208 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules) * 1:28227 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 211 buffer overflow attempt (server-other.rules) * 1:28252 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:28256 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28257 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ICC remote memory corruption attempt (file-pdf.rules) * 1:28258 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:28259 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:28260 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ICC remote memory corruption attempt (file-pdf.rules) * 1:28261 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28262 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:28266 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll composite glyf buffer overflow attempt (file-pdf.rules) * 1:28267 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules) * 1:28268 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules) * 1:28269 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules) * 1:28270 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules) * 1:28271 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlfile null attribute access attempt (browser-ie.rules) * 1:28272 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer htmlfile ActiveX object access attempt (browser-plugins.rules) * 1:28276 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:28277 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:28278 <-> ENABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt (server-webapp.rules) * 1:28287 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object cells reference memory corruption vulnerability (browser-ie.rules) * 1:28303 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules) * 1:28306 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS expression defined to empty selection attempt (browser-ie.rules) * 1:28309 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Oracle Java compromise (exploit-kit.rules) * 1:28315 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28331 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28332 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24352 <-> ENABLED <-> FILE-OFFICE Microsoft Works 9 use-after-free attempt (file-office.rules) * 1:24353 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF malformed listid attempt (file-office.rules) * 1:24354 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF malformed listid attempt (file-office.rules) * 1:24357 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rgfc value overflow attempt (file-office.rules) * 1:24358 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rgfc value overflow attempt (file-office.rules) * 1:2436 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules) * 1:2438 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer playlist file URL overflow attempt (file-multimedia.rules) * 1:2439 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer playlist http URL overflow attempt (file-multimedia.rules) * 1:2440 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer playlist rtsp URL overflow attempt (file-multimedia.rules) * 1:24428 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24430 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24431 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24435 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Asset Management default admin credentials function call attempt (server-webapp.rules) * 1:24436 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Asset Management default admin credentials function call attempt (server-webapp.rules) * 1:24446 <-> ENABLED <-> SERVER-OTHER EMC NetWorker SunRPC format string exploit attempt (server-other.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24480 <-> ENABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:24483 <-> DISABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> DISABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24485 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:24486 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:24487 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules) * 1:24507 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:24508 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:24520 <-> ENABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt (server-webapp.rules) * 1:24549 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV Atom length buffer overflow attempt (file-multimedia.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24559 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ShowPropertiesDialog ActiveX clsid access (browser-plugins.rules) * 1:24560 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ShowPropertiesDialog ActiveX function call access (browser-plugins.rules) * 1:24570 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24571 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24572 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24573 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24574 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24587 <-> ENABLED <-> FILE-OFFICE Microsoft Works Word document use after free attempt (file-office.rules) * 1:24588 <-> ENABLED <-> FILE-OFFICE Microsoft Works Word document use after free attempt (file-office.rules) * 1:24599 <-> DISABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:24639 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 122 invalid function call attempt (protocol-rpc.rules) * 1:24640 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie buffer overflow attempt (file-multimedia.rules) * 1:24645 <-> ENABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX clsid access (browser-plugins.rules) * 1:24646 <-> ENABLED <-> BROWSER-PLUGINS Tom Sawyer GET exetension ActiveX clsid access (browser-plugins.rules) * 1:24675 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules) * 1:24676 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules) * 1:24677 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix server open PDU denial of service attempt (server-other.rules) * 1:24678 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24679 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24680 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24686 <-> DISABLED <-> SERVER-OTHER HP StorageWorks file migration agent buffer overflow attempt (server-other.rules) * 1:24687 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:24688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:24693 <-> ENABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:24694 <-> ENABLED <-> FILE-IMAGE Apple QuickTime PICT file opcode corruption attempt (file-image.rules) * 1:24696 <-> ENABLED <-> PROTOCOL-RPC EMC Networker nsrindexd.exe procedure 0x01 buffer overflow attempt (protocol-rpc.rules) * 1:24697 <-> DISABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules) * 1:24698 <-> DISABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules) * 1:24700 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:24701 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules) * 1:24702 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24704 <-> ENABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24705 <-> ENABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24706 <-> DISABLED <-> SERVER-WEBAPP Netop Remote Control dws file buffer overflow attempt (server-webapp.rules) * 1:24708 <-> DISABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24711 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules) * 1:24712 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules) * 1:24713 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules) * 1:24714 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules) * 1:24715 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules) * 1:24716 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules) * 1:24717 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules) * 1:24718 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules) * 1:24719 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24720 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP keypad button message denial of service attempt (protocol-voip.rules) * 1:24723 <-> ENABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX clsid access attempt (browser-plugins.rules) * 1:24738 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:24739 <-> DISABLED <-> SERVER-OTHER Gimp Script-Fu server buffer overflow attempt (server-other.rules) * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24761 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24768 <-> DISABLED <-> SERVER-OTHER RealPlayer Helix rn5auth credential overflow attempt (server-other.rules) * 1:24769 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24773 <-> ENABLED <-> BROWSER-PLUGINS IBM Lotus iNotes buffer overflow ActiveX clsid access (browser-plugins.rules) * 1:24774 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access (browser-plugins.rules) * 1:24776 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access (browser-plugins.rules) * 1:24801 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager Express asset.getmimetype sql injection attempt (server-webapp.rules) * 1:24802 <-> ENABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules) * 1:24803 <-> DISABLED <-> PROTOCOL-SCADA GE Proficy Real-Time Information Portal directory traversal attempt (protocol-scada.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24818 <-> DISABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24819 <-> DISABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24824 <-> DISABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24827 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24828 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24829 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24830 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24831 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24832 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24833 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24834 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24835 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24836 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24869 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:24870 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:24871 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:24872 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:24874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24876 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24877 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24898 <-> ENABLED <-> SERVER-OTHER ABB Multiple Product RobNetScanHost.exe buffer overflow attempt (server-other.rules) * 1:24901 <-> DISABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24911 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In Excel file parsing integer overflow attempt (server-oracle.rules) * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24957 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24958 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24959 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24960 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24961 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24962 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24963 <-> ENABLED <-> BROWSER-PLUGINS Microsoft DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24964 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24965 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24966 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24967 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24968 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24969 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24970 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24974 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf invalid listoverridecount value attempt (file-office.rules) * 1:24975 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf invalid listoverridecount value attempt (file-office.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules) * 1:24994 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules) * 1:24995 <-> DISABLED <-> SERVER-OTHER Free Software Foundation GnuTLS record application integer overflow attempt (server-other.rules) * 1:24998 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:25003 <-> ENABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules) * 1:25005 <-> ENABLED <-> BROWSER-PLUGINS ClearQuest session stack corruption attempt (browser-plugins.rules) * 1:25006 <-> ENABLED <-> FILE-JAVA Oracle JavaScript heap exploitation library usage attempt (file-java.rules) * 1:25019 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25035 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight inheritance restriction bypass (browser-plugins.rules) * 1:25036 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit form elements virtual function DoS attempt (browser-webkit.rules) * 1:25037 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25038 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25061 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Software Installer MSI binary file magic detected (file-executable.rules) * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25063 <-> DISABLED <-> SERVER-WEBAPP PHP htmlspecialchars htmlentities function buffer overflow attempt (server-webapp.rules) * 1:25078 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer sign extension vulnerability exploitation attempt (browser-ie.rules) * 1:2508 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP lsass DsRolerUpgradeDownlevelServer overflow attempt (os-windows.rules) * 1:25111 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX clsid access attempt (browser-plugins.rules) * 1:25112 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25113 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25114 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25115 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX clsid access attempt (browser-plugins.rules) * 1:25116 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25117 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25118 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25122 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:25123 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:25225 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Marquee stylesheet object removal (browser-ie.rules) * 1:25226 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Marquee stylesheet object removal (browser-ie.rules) * 1:25250 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:25252 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (file-executable.rules) * 1:25253 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (file-executable.rules) * 1:25287 <-> DISABLED <-> SERVER-OTHER Rails XML parameter parsing vulnerability exploitation attempt (server-other.rules) * 1:25288 <-> DISABLED <-> SERVER-OTHER Rails XML parameter parsing vulnerability exploitation attempt (server-other.rules) * 1:25293 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25297 <-> ENABLED <-> FILE-MULTIMEDIA Mozilla products Ogg Vorbis decoding memory corruption attempt (file-multimedia.rules) * 1:25299 <-> ENABLED <-> BROWSER-PLUGINS IBM VsVIEW ActiveX control directory traversal attempt (browser-plugins.rules) * 1:25300 <-> ENABLED <-> BROWSER-PLUGINS IBM VsVIEW ActiveX control directory traversal attempt (browser-plugins.rules) * 1:25303 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF memory corruption attempt (file-other.rules) * 1:25304 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF memory corruption attempt (file-other.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25309 <-> ENABLED <-> FILE-OTHER Adobe Audition Session file stack buffer overflow attempt (file-other.rules) * 1:25310 <-> ENABLED <-> FILE-OTHER Adobe Audition Session file stack buffer overflow attempt (file-other.rules) * 1:25312 <-> ENABLED <-> SERVER-OTHER Microsoft Forefront Threat Management Gateway remote code execution attempt (server-other.rules) * 1:25314 <-> DISABLED <-> OS-LINUX Linux kernel IGMP queries denial of service attempt (os-linux.rules) * 1:25315 <-> DISABLED <-> SERVER-ORACLE Oracle TNS listener service registration (server-oracle.rules) * 1:25316 <-> ENABLED <-> BROWSER-PLUGINS InduSoft ISSymbol InternationalSeparator heap overflow attempt (browser-plugins.rules) * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules) * 1:25318 <-> ENABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25319 <-> ENABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25320 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (browser-ie.rules) * 1:25321 <-> DISABLED <-> SERVER-ORACLE Oracle Database tablefunc_asown buffer overflow attempt (server-oracle.rules) * 1:25329 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules) * 1:25330 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel conditional code execution attempt (file-office.rules) * 1:25331 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel conditional code execution attempt (file-office.rules) * 1:25332 <-> ENABLED <-> FILE-OTHER Adobe Audition Session file tkrm stack buffer overflow attempt (file-other.rules) * 1:25333 <-> DISABLED <-> PROTOCOL-DNS Exim DKIM decoding buffer overflow attempt (protocol-dns.rules) * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25341 <-> ENABLED <-> FILE-OTHER Cisco WebEx player remote code execution attempt (file-other.rules) * 1:25342 <-> DISABLED <-> SERVER-OTHER ISC dhcpd bootp request missing options field DOS attempt (server-other.rules) * 1:25343 <-> ENABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (browser-plugins.rules) * 1:25344 <-> ENABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (browser-plugins.rules) * 1:25345 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Web interface arbitrary command execution attempt (server-webapp.rules) * 1:25346 <-> ENABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25347 <-> ENABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25348 <-> ENABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25352 <-> DISABLED <-> SERVER-OTHER HP HP Intelligent Management Center syslog remote code execution attempt (server-other.rules) * 1:25353 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules) * 1:25354 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules) * 1:25355 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules) * 1:25356 <-> DISABLED <-> SERVER-OTHER Squid Gopher response processing buffer overflow attempt (server-other.rules) * 1:25357 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:25366 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:25367 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:25380 <-> DISABLED <-> SERVER-OTHER EMC AutoStart domain name logging stack buffer overflow attempt (server-other.rules) * 1:25472 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules) * 1:25513 <-> ENABLED <-> FILE-IDENTIFY Portable Executable download detected (file-identify.rules) * 1:25514 <-> ENABLED <-> FILE-IDENTIFY Portable Executable download detected (file-identify.rules) * 1:25515 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:25516 <-> DISABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25517 <-> DISABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:25535 <-> ENABLED <-> PROTOCOL-SERVICES Cisco Prime Lan Management rsh command execution attempt (protocol-services.rules) * 1:25542 <-> ENABLED <-> PROTOCOL-RPC EMC NetWorker nsrindexd service buffer overflow attempt (protocol-rpc.rules) * 1:25549 <-> ENABLED <-> SERVER-OTHER Novell eDirectory NCP stack buffer overflow attempt (server-other.rules) * 1:25550 <-> ENABLED <-> SERVER-OTHER Novell eDirectory NCP stack buffer overflow attempt (server-other.rules) * 1:25562 <-> DISABLED <-> FILE-JAVA Oracle Java obfuscated jar file download attempt (file-java.rules) * 1:25582 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25586 <-> DISABLED <-> SERVER-WEBAPP Nagios Core get_history buffer overflow attempt (server-webapp.rules) * 1:25634 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoder shellcode (indicator-shellcode.rules) * 1:25636 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25639 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25640 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25644 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25645 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25646 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25647 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25648 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25659 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - spam_bot (blacklist.rules) * 1:25676 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25677 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25678 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25679 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25681 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:2570 <-> DISABLED <-> SERVER-WEBAPP Invalid HTTP Version String (server-webapp.rules) * 1:25803 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit jar file dropped (exploit-kit.rules) * 1:25810 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25811 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25817 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bolsilloner.es (blacklist.rules) * 1:25818 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:25819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:25830 <-> ENABLED <-> FILE-JAVA Oracle Java malicious class download attempt (file-java.rules) * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:25850 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:25851 <-> ENABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:25852 <-> ENABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:25984 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:25985 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:25986 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:26021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XML Java used in app.setTimeOut (file-pdf.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:26076 <-> DISABLED <-> FILE-PDF download of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules) * 1:26077 <-> DISABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript - JavaScript object detected (file-pdf.rules) * 1:26078 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules) * 1:26103 <-> ENABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra ping request buffer overflow attempt (server-other.rules) * 1:26105 <-> ENABLED <-> SERVER-OTHER BigAnt IM Server buffer overflow attempt (server-other.rules) * 1:2611 <-> DISABLED <-> SERVER-ORACLE LINK metadata buffer overflow attempt (server-oracle.rules) * 1:26110 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:26111 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:26112 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:26113 <-> ENABLED <-> FILE-PDF Adobe Flash Player memory corruption attempt (file-pdf.rules) * 1:26193 <-> DISABLED <-> BROWSER-PLUGINS Honeywell HscRemoteDeploy ActiveX control arbitrary HTA execution attempt (browser-plugins.rules) * 1:26231 <-> DISABLED <-> FILE-PDF PDF version 1.1 with FlateDecode embedded - seen in exploit kits (file-pdf.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:26263 <-> DISABLED <-> SERVER-WEBAPP Wordpress wp-banners-lite plugin cross site scripting attempt (server-webapp.rules) * 1:26264 <-> ENABLED <-> MALWARE-CNC Dapato banking Trojan variant outbound connection (malware-cnc.rules) * 1:26265 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mercury.yori.pl - Kazy Trojan (blacklist.rules) * 1:26280 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26281 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26282 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26283 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26355 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26356 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26357 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26358 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26359 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26360 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26361 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26362 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26363 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26364 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26365 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26374 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:26392 <-> ENABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:26414 <-> ENABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server executable file upload attempt (protocol-scada.rules) * 1:26415 <-> ENABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server directory traversal attempt (protocol-scada.rules) * 1:26416 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (server-webapp.rules) * 1:26417 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (server-webapp.rules) * 1:26418 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (server-webapp.rules) * 1:26456 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26457 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26479 <-> DISABLED <-> SERVER-OTHER ActFax LPD Server data field buffer overflow attempt (server-other.rules) * 1:26488 <-> ENABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server directory traversal attempt (protocol-scada.rules) * 1:26491 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26495 <-> ENABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26496 <-> ENABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26501 <-> DISABLED <-> SERVER-OTHER BigAnt Document Service DDNF request stack buffer overflow attempt (server-other.rules) * 1:26502 <-> ENABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26503 <-> ENABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26504 <-> ENABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26513 <-> DISABLED <-> FILE-PDF PDF with large embedded JavaScript - JS string attempt (file-pdf.rules) * 1:26547 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin preg_replace remote code execution attempt (server-webapp.rules) * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:26573 <-> DISABLED <-> BROWSER-PLUGINS Honeywell HscRemoteDeploy ActiveX control arbitrary HTA execution attempt (browser-plugins.rules) * 1:26584 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules) * 1:26587 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JMX findclass sandbox breach attempt (file-java.rules) * 1:26588 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JMX findclass sandbox breach attempt (file-java.rules) * 1:26595 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript hex character extraction routine detected (indicator-obfuscation.rules) * 1:26596 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript fromCharCode xor decryption routine detected (indicator-obfuscation.rules) * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules) * 1:26651 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26664 <-> ENABLED <-> FILE-IMAGE BMP extremely large xpos opcodes (file-image.rules) * 1:26704 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:26761 <-> DISABLED <-> OS-MOBILE Android Fakeinst device information leakage (os-mobile.rules) * 1:26786 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26787 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26790 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26791 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules) * 1:26824 <-> ENABLED <-> SERVER-OTHER Apache Struts allowStaticMethodAccess invocation attempt (server-other.rules) * 1:26825 <-> ENABLED <-> SERVER-OTHER Apache Struts allowStaticMethodAccess invocation attempt (server-other.rules) * 1:26848 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 emulation via meta tag (browser-ie.rules) * 1:26854 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected cHRM overflow attempt (file-image.rules) * 1:26855 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iCCP overflow attempt (file-image.rules) * 1:26860 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tRNS overflow attempt (file-image.rules) * 1:26879 <-> DISABLED <-> BROWSER-OTHER local loopback address in html (browser-other.rules) * 1:26927 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26928 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26973 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules) * 1:26976 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:26977 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:26979 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:26980 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix snmp master agent denial of service attempt (server-other.rules) * 1:27018 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:27019 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:27020 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules) * 1:27028 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27029 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27030 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27036 <-> DISABLED <-> SERVER-OTHER Novell NetIQ User Manager modifyAccounts policy bypass attempt (server-other.rules) * 1:27075 <-> DISABLED <-> SERVER-OTHER Novell NetIQ User Manager ldapagnt_eval remote code execution attempt (server-other.rules) * 1:27076 <-> ENABLED <-> FILE-JAVA Oracle Java Applet disable security manager attempt (file-java.rules) * 1:27077 <-> ENABLED <-> FILE-JAVA Oracle Java Applet disable security manager attempt (file-java.rules) * 1:27104 <-> ENABLED <-> SERVER-WEBAPP HP System Management arbitrary command injection attempt (server-webapp.rules) * 1:27105 <-> ENABLED <-> SERVER-WEBAPP HP System Management arbitrary command injection attempt (server-webapp.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:27122 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 buffer overflow attempt (server-other.rules) * 1:27123 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (server-other.rules) * 1:27124 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1092 buffer overflow attempt (server-other.rules) * 1:27125 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 211 buffer overflow attempt (server-other.rules) * 1:27150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27151 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27152 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27153 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27170 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 buffer overflow attempt (server-other.rules) * 1:27171 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27172 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27185 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27187 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27188 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:31312 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31320 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31321 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31322 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31323 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31324 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31325 <-> ENABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31366 <-> ENABLED <-> FILE-JAVA Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:31367 <-> ENABLED <-> FILE-JAVA Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:3143 <-> DISABLED <-> OS-WINDOWS SMB Trans2 FIND_FIRST2 command response overflow attempt (os-windows.rules) * 1:3144 <-> DISABLED <-> OS-WINDOWS SMB Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules) * 1:3145 <-> DISABLED <-> OS-WINDOWS SMB-DS Trans2 FIND_FIRST2 response overflow attempt (os-windows.rules) * 1:3146 <-> DISABLED <-> OS-WINDOWS SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules) * 1:31540 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31541 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31694 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:31877 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31878 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31879 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31880 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31881 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31882 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31889 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (server-mail.rules) * 1:31890 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (server-mail.rules) * 1:31901 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Oracle Java encoded shellcode detected (exploit-kit.rules) * 1:32102 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules) * 1:32103 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules) * 1:32104 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules) * 1:32105 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules) * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (server-webapp.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (server-webapp.rules) * 1:32232 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32233 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32234 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32235 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:32359 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:32364 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:32762 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt (browser-ie.rules) * 1:32763 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt (browser-ie.rules) * 1:32971 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (server-webapp.rules) * 1:32991 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver SXPG_COMMAND_EXECUTE remote command execution attempt (server-other.rules) * 1:32992 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver SXPG_COMMAND_EXECUTE remote command execution attempt (server-other.rules) * 1:32993 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XMLSerializer serializeToStream use-after-free attempt (browser-firefox.rules) * 1:32994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XMLSerializer serializeToStream use-after-free attempt (browser-firefox.rules) * 1:32997 <-> DISABLED <-> SERVER-OTHER Sophos Web Appliance arbitrary command execution attempt (server-other.rules) * 1:32998 <-> DISABLED <-> SERVER-OTHER Sophos Web Appliance arbitrary command execution attempt (server-other.rules) * 1:32999 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules) * 1:33000 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules) * 1:33001 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules) * 1:33002 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules) * 1:33003 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules) * 1:33004 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules) * 1:33005 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33006 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33007 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33008 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33009 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33010 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33011 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33012 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33013 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:33014 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:33015 <-> DISABLED <-> PROTOCOL-SCADA ABB MicroSCADA wserver.exe EXECUTE remote code execution attempt (protocol-scada.rules) * 1:33018 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX buffer overflow attempt (browser-ie.rules) * 1:33019 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX buffer overflow attempt (browser-ie.rules) * 1:33020 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX buffer overflow attempt (browser-ie.rules) * 1:33021 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX buffer overflow attempt (browser-ie.rules) * 1:33022 <-> DISABLED <-> FILE-OTHER Apple Quicktime invalid atom length buffer overflow attempt (file-other.rules) * 1:33023 <-> DISABLED <-> FILE-OTHER Apple Quicktime invalid atom length buffer overflow attempt (file-other.rules) * 1:33024 <-> DISABLED <-> SERVER-WEBAPP Cisco Security Agent Management Center code execution attempt (server-webapp.rules) * 1:33025 <-> DISABLED <-> SERVER-WEBAPP Cisco Security Agent Management Center code execution attempt (server-webapp.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:28333 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28334 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28335 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28336 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28337 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28338 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28339 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28340 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28341 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28342 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28343 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28349 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:28350 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:28351 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:28352 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:28353 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:28354 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28355 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28356 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28357 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28358 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28359 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28360 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28361 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:28363 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:28364 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:28374 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28375 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28376 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28377 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28378 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28379 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28380 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28381 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Temvice outbound communication attempt (malware-other.rules) * 1:28388 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28389 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28394 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28395 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28396 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28397 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28398 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28407 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center BIMS UploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:28426 <-> ENABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28427 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28435 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access attempt (browser-plugins.rules) * 1:28436 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access attempt (browser-plugins.rules) * 1:28437 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access (browser-plugins.rules) * 1:28438 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access (browser-plugins.rules) * 1:28447 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:28451 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28454 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28461 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28462 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28464 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28465 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28466 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28467 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28468 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28469 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28470 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28471 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28472 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28473 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28474 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit outbound plugin detection response - generic detection (exploit-kit.rules) * 1:28489 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules) * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:28506 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules) * 1:28525 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28526 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28579 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28580 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28581 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28582 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28583 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28584 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28585 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader OTF font head table size overflow attempt (file-pdf.rules) * 1:28586 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader OTF font head table size overflow attempt (file-pdf.rules) * 1:28619 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28620 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28621 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:28622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:28625 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (file-pdf.rules) * 1:28626 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta Buffer Overflow (file-pdf.rules) * 1:28627 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28628 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28629 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated script encoding detected (indicator-obfuscation.rules) * 1:28630 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated script encoding detected (indicator-obfuscation.rules) * 1:28631 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:28632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:28633 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28634 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll composite glyf buffer overflow attempt (file-pdf.rules) * 1:28635 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:28636 <-> DISABLED <-> FILE-FLASH Adobe Flash Player multimedia file DefineSceneAndFrameLabelData code execution attempt (file-flash.rules) * 1:28637 <-> DISABLED <-> FILE-FLASH Adobe Flash Player multimedia file DefineSceneAndFrameLabelData code execution attempt (file-flash.rules) * 1:28638 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:28639 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:28640 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-flash.rules) * 1:28641 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-flash.rules) * 1:28642 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28643 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28646 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28647 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28648 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28649 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28650 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28651 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28652 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28653 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28654 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28655 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28656 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28657 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28658 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XML Java used in app.setTimeOut (file-pdf.rules) * 1:28659 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:28660 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:28661 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:28662 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing attempt (browser-ie.rules) * 1:28663 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing attempt (browser-ie.rules) * 1:28664 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:28665 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:28666 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:28667 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:28668 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:28669 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:28670 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:28671 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:28672 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:28673 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:28674 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:28675 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:28676 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:28679 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28680 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28684 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28685 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28687 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28689 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28690 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28691 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28692 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28693 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28694 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28695 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:28696 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:28697 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:28698 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:28699 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28700 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28701 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28702 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28703 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:28704 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:28705 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:28706 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:28707 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:28708 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:28709 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28710 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28711 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28712 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28713 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28714 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28715 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28716 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compact font format memory corruption attempt (file-pdf.rules) * 1:28717 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compact font format memory corruption attempt (file-pdf.rules) * 1:28718 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules) * 1:28719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules) * 1:28720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules) * 1:28721 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules) * 1:28722 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules) * 1:28723 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules) * 1:28725 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28726 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28727 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28728 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28729 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28730 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28731 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28732 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28733 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28734 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28735 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28736 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28737 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28738 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28739 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28740 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28741 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28742 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28743 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:28745 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:28746 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver SXPG_CALL_SYSTEM remote code execution attempt (server-webapp.rules) * 1:28747 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D format memory corruption attempt (file-pdf.rules) * 1:28748 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D format memory corruption attempt (file-pdf.rules) * 1:28749 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28750 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28751 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28752 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28753 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28754 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28755 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28756 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28757 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28758 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28759 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28760 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28761 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28762 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28763 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28764 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28765 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28766 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28767 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28768 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28769 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28770 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28771 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28772 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28773 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28774 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28775 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28776 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28777 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28778 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28779 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28780 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28781 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28782 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28783 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28784 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28785 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28786 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28787 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28788 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28789 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28790 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28843 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28844 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28851 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager EJBInvokerServlet remote code execution attempt (server-other.rules) * 1:28875 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:28876 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:28877 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:28878 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:28915 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt (file-java.rules) * 1:28916 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt (file-java.rules) * 1:28937 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope issuesiebelcmd soap request code execution attempt (server-webapp.rules) * 1:28961 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules) * 1:28962 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules) * 1:29017 <-> ENABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt (server-webapp.rules) * 1:29018 <-> DISABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin getReport SQL injection attempt (server-webapp.rules) * 1:29019 <-> ENABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt (server-webapp.rules) * 1:29027 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29034 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:29035 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:29040 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29041 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules) * 1:29042 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules) * 1:29059 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX clsid access (browser-plugins.rules) * 1:29060 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX function call access (browser-plugins.rules) * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules) * 1:29141 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:29142 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:29192 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29193 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29270 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29271 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29272 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29273 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:29277 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29278 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29279 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29280 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29390 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29391 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29392 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29394 <-> DISABLED <-> BROWSER-WEBKIT Apple WebKit QuickTime plugin content-type http header buffer overflow attempt (browser-webkit.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:29443 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit outbound connection attempt (exploit-kit.rules) * 1:29465 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29466 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29467 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29468 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29485 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29486 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29487 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29488 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29509 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple character encodings detected (indicator-obfuscation.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:29518 <-> ENABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:29519 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join (indicator-obfuscation.rules) * 1:29549 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure test_li_connection.php command injection (server-webapp.rules) * 1:29570 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29571 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29572 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29573 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29574 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29575 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29576 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29577 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:29615 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger outbound communication (malware-cnc.rules) * 1:29616 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger inbound communication (malware-cnc.rules) * 1:29631 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:29632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:29633 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:29634 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:29647 <-> DISABLED <-> SERVER-APACHE Apache Roller OGNL injection remote code execution attempt (server-apache.rules) * 1:29648 <-> DISABLED <-> SERVER-APACHE Apache Roller OGNL injection remote code execution attempt (server-apache.rules) * 1:29649 <-> DISABLED <-> SERVER-APACHE Apache Roller allowStaticMethodAccess invocation attempt (server-apache.rules) * 1:29650 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:29651 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:29656 <-> ENABLED <-> BLACKLIST DNS request for known malware domain javaupdate.flashserv.net - Adobe 0day C&C (blacklist.rules) * 1:29657 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sales.eu5.org - Adobe 0day C&C (blacklist.rules) * 1:29658 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thirdbase.bugs3.com - Adobe 0day C&C (blacklist.rules) * 1:29659 <-> ENABLED <-> BLACKLIST DNS request for known malware domain www.mobilitysvc.com - Adobe 0day C&C (blacklist.rules) * 1:29733 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:29734 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:29735 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free (browser-ie.rules) * 1:29736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free (browser-ie.rules) * 1:29743 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules) * 1:29744 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules) * 1:29747 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirect (server-apache.rules) * 1:29748 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirect (server-apache.rules) * 1:29756 <-> ENABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt (server-webapp.rules) * 1:29801 <-> ENABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:29819 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:29820 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:29821 <-> ENABLED <-> INDICATOR-COMPROMISE Windows Internet Explorer EMET check and garbage collection (indicator-compromise.rules) * 1:29822 <-> ENABLED <-> INDICATOR-COMPROMISE Windows Internet Explorer EMET check and garbage collection (indicator-compromise.rules) * 1:29859 <-> ENABLED <-> SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (server-apache.rules) * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules) * 1:29909 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager JMXInvokerServlet remote code execution attempt (server-other.rules) * 1:29928 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:29929 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:29930 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:29931 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:29946 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29947 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29948 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29979 <-> ENABLED <-> SERVER-WEBAPP Symantec Endpoint Protection Manager Unauthenticated XML External Entity Injection attempt (server-webapp.rules) * 1:30014 <-> DISABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30017 <-> DISABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30018 <-> DISABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:30019 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30020 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30021 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30022 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30023 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30024 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30025 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30026 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30027 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30028 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30029 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30030 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules) * 1:30106 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:30107 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:30263 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30264 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30265 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30266 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30267 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30268 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30503 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:30504 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:30505 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:30506 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:30528 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:30529 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:30533 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules) * 1:30534 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules) * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP status overflow attempt (protocol-imap.rules) * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules) * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules) * 1:3079 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ANI file parsing buffer overflow attempt (browser-ie.rules) * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules) * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules) * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules) * 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (server-other.rules) * 1:31308 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:31309 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:31310 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31311 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:33029 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33030 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33031 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33032 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33033 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33034 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33035 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33036 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33037 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33040 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33085 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:33086 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:33087 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:33088 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules) * 1:33089 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules) * 1:33090 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules) * 1:33093 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules) * 1:33094 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules) * 1:33095 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules) * 1:33096 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules) * 1:33097 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules) * 1:33098 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules) * 1:33099 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules) * 1:335 <-> DISABLED <-> PROTOCOL-FTP .rhosts (protocol-ftp.rules) * 1:3441 <-> DISABLED <-> PROTOCOL-FTP PORT bounce attempt (protocol-ftp.rules) * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules) * 1:3461 <-> DISABLED <-> SERVER-MAIL Content-Type overflow attempt (server-mail.rules) * 1:3473 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer SMIL file overflow attempt (file-multimedia.rules) * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules) * 1:3520 <-> DISABLED <-> SERVER-OTHER Computer Associates license GCR NETWORK overflow attempt (server-other.rules) * 1:3522 <-> DISABLED <-> SERVER-OTHER Computer Associates license GETCONFIG server overflow attempt (server-other.rules) * 1:3528 <-> DISABLED <-> SERVER-MYSQL create function access attempt (server-mysql.rules) * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules) * 1:3534 <-> DISABLED <-> FILE-IMAGE Mozilla GIF single packet heap overflow - NETSCAPE2.0 (file-image.rules) * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules) * 1:3550 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML http/https scheme hostname overflow attempt (browser-ie.rules) * 1:3551 <-> DISABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:3552 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLE32 MSHTA masquerade attempt (os-windows.rules) * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules) * 1:3627 <-> DISABLED <-> SERVER-MAIL X-LINK2STATE CHUNK command attempt (server-mail.rules) * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules) * 1:3658 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 1000 little endian buffer overflow attempt (server-other.rules) * 1:3679 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution (indicator-obfuscation.rules) * 1:3686 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Content Advisor memory corruption attempt (browser-ie.rules) * 1:3693 <-> DISABLED <-> SERVER-WEBAPP IBM WebSphere j_security_check overflow attempt (server-webapp.rules) * 1:3694 <-> DISABLED <-> SERVER-WEBAPP Squid content length cache poisoning attempt (server-webapp.rules) * 1:3695 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent password overflow attempt (server-other.rules) * 1:3696 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent DoS attempt (server-other.rules) * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules) * 1:3814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javaprxy.dll COM access (browser-ie.rules) * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules) * 1:3819 <-> DISABLED <-> FILE-IDENTIFY CHM file download request (file-identify.rules) * 1:3820 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CHM file magic detected (file-identify.rules) * 1:3823 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer realtext file bad version buffer overflow attempt (file-multimedia.rules) * 1:3824 <-> DISABLED <-> SERVER-MAIL AUTH user overflow attempt (server-mail.rules) * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules) * 1:402 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Port Unreachable (protocol-icmp.rules) * 1:404 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Protocol Unreachable (protocol-icmp.rules) * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules) * 1:4127 <-> DISABLED <-> SERVER-OTHER Novell eDirectory Server iMonitor overflow attempt (server-other.rules) * 1:4130 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks Remote Management Agent buffer overflow Attempt (server-other.rules) * 1:4131 <-> DISABLED <-> SERVER-OTHER SHOUTcast URI format string attempt (server-other.rules) * 1:4135 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG rendering buffer overflow attempt (browser-ie.rules) * 1:4142 <-> DISABLED <-> SERVER-ORACLE reports servlet command execution attempt (server-oracle.rules) * 1:4143 <-> DISABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules) * 1:4144 <-> ENABLED <-> OS-SOLARIS Oracle Solaris lpd control file upload attempt (os-solaris.rules) * 1:4148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:4155 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer htmlfile ActiveX object access attempt (browser-plugins.rules) * 1:4170 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office 2000 and 2002 Web Components Data Source Control ActiveX clsid access (browser-plugins.rules) * 1:4177 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX clsid access attempt (browser-plugins.rules) * 1:4196 <-> DISABLED <-> FILE-IDENTIFY CBO CBL CBM file transfer attempt (file-identify.rules) * 1:4334 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules) * 1:4358 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules) * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules) * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules) * 1:4643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file buffer overflow attempt (os-windows.rules) * 1:4644 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file with comment buffer overflow attempt (os-windows.rules) * 1:4647 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript onload overflow attempt (browser-ie.rules) * 1:4677 <-> DISABLED <-> SERVER-ORACLE Enterprise Manager Application Server Control GET parameter overflow attempt (server-oracle.rules) * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:489 <-> DISABLED <-> PROTOCOL-FTP no password (protocol-ftp.rules) * 1:4899 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ISupportErrorInfo Interface ActiveX object access (browser-plugins.rules) * 1:4916 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript onload document.write obfuscation overflow attempt (browser-ie.rules) * 1:4917 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript onload prompt obfuscation overflow attempt (browser-ie.rules) * 1:4918 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList dos attempt (os-windows.rules) * 1:4985 <-> DISABLED <-> SERVER-WEBAPP Twiki rdiff rev command injection attempt (server-webapp.rules) * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules) * 1:5318 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows wmf file arbitrary code execution attempt (file-multimedia.rules) * 1:569 <-> DISABLED <-> PROTOCOL-RPC snmpXdmi overflow attempt TCP (protocol-rpc.rules) * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules) * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules) * 1:5710 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player Plugin for Non-IE browsers buffer overflow attempt (os-windows.rules) * 1:5712 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player invalid data offset bitmap heap overflow attempt (file-image.rules) * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules) * 1:593 <-> DISABLED <-> PROTOCOL-RPC portmap snmpXdmi request TCP (protocol-rpc.rules) * 1:598 <-> DISABLED <-> PROTOCOL-RPC portmap listing TCP 111 (protocol-rpc.rules) * 1:6009 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDS.Dataspace ActiveX object access (browser-plugins.rules) * 1:6011 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup vnetd buffer overflow attempt (server-other.rules) * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules) * 1:6404 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:6405 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager overflow attempt (server-other.rules) * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:6419 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid uuid size attempt (os-windows.rules) * 1:6420 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid uuid size attempt (os-windows.rules) * 1:6431 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid second uuid size attempt (os-windows.rules) * 1:6432 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid second uuid size attempt (os-windows.rules) * 1:6469 <-> DISABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:6470 <-> DISABLED <-> SERVER-OTHER RealVNC authentication types without None type sent attempt (server-other.rules) * 1:6471 <-> DISABLED <-> SERVER-OTHER RealVNC password authentication bypass attempt (server-other.rules) * 1:648 <-> DISABLED <-> INDICATOR-SHELLCODE x86 NOOP (indicator-shellcode.rules) * 1:6504 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus CAB file overflow attempt (file-other.rules) * 1:6505 <-> DISABLED <-> FILE-IMAGE Apple QuickTime fpx file SectNumMiniFAT overflow attempt (file-image.rules) * 1:6506 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime udta atom overflow attempt (file-multimedia.rules) * 1:6509 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mhtml uri href buffer overflow attempt (browser-ie.rules) * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules) * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules) * 1:6584 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rras RasRpcSubmitRequest overflow attempt (os-windows.rules) * 1:6689 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected cHRM overflow attempt (file-image.rules) * 1:6692 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sRGB overflow attempt (file-image.rules) * 1:6695 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tRNS overflow attempt (file-image.rules) * 1:7002 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel url unicode overflow attempt (file-office.rules) * 1:7004 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Internet.HHCtrl.1 ActiveX function call access (browser-plugins.rules) * 1:7009 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows DirectAnimation.StructuredGraphicsControl ActiveX function call access (browser-plugins.rules) * 1:7020 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isComponentInstalled function buffer overflow (browser-ie.rules) * 1:7021 <-> DISABLED <-> OS-LINUX kernel SCTP chunkless packet denial of service attempt (os-linux.rules) * 1:7022 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer invalid url file overflow attempt (os-windows.rules) * 1:7025 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel url unicode overflow attempt (file-office.rules) * 1:7026 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDS.Dataspace ActiveX function call access (browser-plugins.rules) * 1:7027 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:7048 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel object record overflow attempt (file-office.rules) * 1:7197 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MSO.DLL malformed string parsing single byte buffer over attempt (file-office.rules) * 1:7202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules) * 1:7203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word information string overflow attempt (file-office.rules) * 1:7204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel object ftCmo overflow attempt (file-office.rules) * 1:7205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt (file-office.rules) * 1:7209 <-> ENABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt (os-windows.rules) * 1:7435 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Dynamic Casts ActiveX clsid access (browser-plugins.rules) * 1:7864 <-> DISABLED <-> BROWSER-PLUGINS McSubMgr ActiveX CLSID access (browser-plugins.rules) * 1:7872 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX clsid access (browser-plugins.rules) * 1:7876 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Data Source Control 10.0 ActiveX clsid access (browser-plugins.rules) * 1:7904 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CDL Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7985 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Explorer WebViewFolderIcon.WebViewFolderIcon.1 ActiveX clsid access (browser-plugins.rules) * 1:8053 <-> DISABLED <-> BROWSER-PLUGINS DirectAnimation.PathControl ActiveX clsid access (browser-plugins.rules) * 1:8055 <-> DISABLED <-> BROWSER-PLUGINS DirectAnimation.PathControl ActiveX function call access (browser-plugins.rules) * 1:8056 <-> DISABLED <-> SERVER-OTHER ISC DHCP server 2 client_id length denial of service attempt (server-other.rules) * 1:8057 <-> DISABLED <-> SERVER-MYSQL Date_Format denial of service attempt (server-mysql.rules) * 1:8058 <-> DISABLED <-> BROWSER-FIREFOX Mozilla javascript navigator object access (browser-firefox.rules) * 1:8059 <-> DISABLED <-> SERVER-ORACLE SYS.KUPW-WORKER sql injection attempt (server-oracle.rules) * 1:8063 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ADODB.Stream ActiveX function call access (browser-plugins.rules) * 1:8068 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX function call access (browser-plugins.rules) * 1:8085 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (server-webapp.rules) * 1:8086 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (server-webapp.rules) * 1:8087 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (server-webapp.rules) * 1:8088 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (server-webapp.rules) * 1:8089 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (server-webapp.rules) * 1:8090 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (server-webapp.rules) * 1:8091 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer error message format string vulnerability attempt (file-multimedia.rules) * 1:835 <-> DISABLED <-> SERVER-WEBAPP test-cgi access (server-webapp.rules) * 1:8369 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access (browser-plugins.rules) * 1:8414 <-> DISABLED <-> FILE-OFFICE Microsoft Office GIF image descriptor memory corruption attempt (file-office.rules) * 1:8416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vector Markup Language fill method overflow attempt (os-windows.rules) * 1:8419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Explorer WebViewFolderIcon.WebViewFolderIcon.1 ActiveX function call (browser-plugins.rules) * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules) * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules) * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (server-webapp.rules) * 1:8443 <-> DISABLED <-> BROWSER-FIREFOX Mozilla regular expression heap corruption attempt (browser-firefox.rules) * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules) * 1:8448 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel colinfo XF record overflow attempt (file-office.rules) * 1:8449 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type andx attempt (os-windows.rules) * 1:8450 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type attempt (os-windows.rules) * 1:8451 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type unicode andx attempt (os-windows.rules) * 1:8452 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type unicode attempt (os-windows.rules) * 1:8453 <-> DISABLED <-> OS-WINDOWS SMB-DS Rename invalid buffer type andx attempt (os-windows.rules) * 1:8454 <-> DISABLED <-> OS-WINDOWS SMB-DS Rename invalid buffer type attempt (os-windows.rules) * 1:8455 <-> DISABLED <-> OS-WINDOWS SMB-DS Rename invalid buffer type unicode andx attempt (os-windows.rules) * 1:8456 <-> DISABLED <-> OS-WINDOWS SMB-DS Rename invalid buffer type unicode attempt (os-windows.rules) * 1:8457 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type andx attempt (os-windows.rules) * 1:8458 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type attempt (os-windows.rules) * 1:8459 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type unicode andx attempt (os-windows.rules) * 1:8460 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type unicode attempt (os-windows.rules) * 1:8478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file magic detected (file-identify.rules) * 1:8480 <-> DISABLED <-> PROTOCOL-FTP PORT overflow attempt (protocol-ftp.rules) * 1:8541 <-> DISABLED <-> SERVER-ORACLE sdo_cs.transform_layer buffer overflow attempt (server-oracle.rules) * 1:857 <-> DISABLED <-> SERVER-WEBAPP faxsurvey access (server-webapp.rules) * 1:8711 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory HTTP redirection buffer overflow attempt (server-webapp.rules) * 1:8723 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Data Source Control 11.0 ActiveX clsid access (browser-plugins.rules) * 1:8727 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer XMLHTTP 4.0 ActiveX clsid access (browser-plugins.rules) * 1:8738 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service ActiveX clsid access (browser-plugins.rules) * 1:8741 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAFontStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8743 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAFontStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8744 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEvent.1 ActiveX clsid access (browser-plugins.rules) * 1:8746 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEvent.1 ActiveX function call access (browser-plugins.rules) * 1:8747 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEndStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8749 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEndStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8750 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.LMBehaviorFactory.1 ActiveX clsid access (browser-plugins.rules) * 1:8752 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.LMBehaviorFactory.1 ActiveX function call access (browser-plugins.rules) * 1:8753 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.AutoEffectBvr.1 ActiveX clsid access (browser-plugins.rules) * 1:8755 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.AutoEffectBvr.1 ActiveX function call access (browser-plugins.rules) * 1:8756 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SpriteControl ActiveX clsid access (browser-plugins.rules) * 1:8758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SpriteControl ActiveX function call access (browser-plugins.rules) * 1:8759 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SequencerControl ActiveX clsid access (browser-plugins.rules) * 1:8761 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SequencerControl ActiveX function call access (browser-plugins.rules) * 1:8762 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.Sequence ActiveX clsid access (browser-plugins.rules) * 1:8764 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.Sequence ActiveX function call access (browser-plugins.rules) * 1:8765 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAView.1 ActiveX clsid access (browser-plugins.rules) * 1:8767 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAView.1 ActiveX function call access (browser-plugins.rules) * 1:8768 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector3.1 ActiveX clsid access (browser-plugins.rules) * 1:8770 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector3.1 ActiveX function call access (browser-plugins.rules) * 1:8771 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector2.1 ActiveX clsid access (browser-plugins.rules) * 1:8773 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector2.1 ActiveX function call access (browser-plugins.rules) * 1:8774 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAUserData.1 ActiveX clsid access (browser-plugins.rules) * 1:8776 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAUserData.1 ActiveX function call access (browser-plugins.rules) * 1:8777 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform3.1 ActiveX clsid access (browser-plugins.rules) * 1:8779 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform3.1 ActiveX function call access (browser-plugins.rules) * 1:8780 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform2.1 ActiveX clsid access (browser-plugins.rules) * 1:8782 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform2.1 ActiveX function call access (browser-plugins.rules) * 1:8783 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAString.1 ActiveX clsid access (browser-plugins.rules) * 1:8785 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAString.1 ActiveX function call access (browser-plugins.rules) * 1:8786 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DASound.1 ActiveX clsid access (browser-plugins.rules) * 1:8788 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DASound.1 ActiveX function call access (browser-plugins.rules) * 1:8789 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint3.1 ActiveX clsid access (browser-plugins.rules) * 1:8791 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint3.1 ActiveX function call access (browser-plugins.rules) * 1:8792 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint2.1 ActiveX clsid access (browser-plugins.rules) * 1:8794 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint2.1 ActiveX function call access (browser-plugins.rules) * 1:8795 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPath2.1 ActiveX clsid access (browser-plugins.rules) * 1:8797 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPath2.1 ActiveX function call access (browser-plugins.rules) * 1:8798 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPair.1 ActiveX clsid access (browser-plugins.rules) * 1:8800 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPair.1 ActiveX function call access (browser-plugins.rules) * 1:8801 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DANumber.1 ActiveX clsid access (browser-plugins.rules) * 1:8803 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DANumber.1 ActiveX function call access (browser-plugins.rules) * 1:8804 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMontage.1 ActiveX clsid access (browser-plugins.rules) * 1:8806 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMontage.1 ActiveX function call access (browser-plugins.rules) * 1:8807 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMicrophone.1 ActiveX clsid access (browser-plugins.rules) * 1:8809 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMicrophone.1 ActiveX function call access (browser-plugins.rules) * 1:8810 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMatte.1 ActiveX clsid access (browser-plugins.rules) * 1:8812 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMatte.1 ActiveX function call access (browser-plugins.rules) * 1:8813 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DALineStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8815 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DALineStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8816 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAJoinStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8818 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAJoinStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8819 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAImage.1 ActiveX clsid access (browser-plugins.rules) * 1:8821 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAImage.1 ActiveX function call access (browser-plugins.rules) * 1:8822 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAGeometry.1 ActiveX clsid access (browser-plugins.rules) * 1:8824 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAGeometry.1 ActiveX function call access (browser-plugins.rules) * 1:8825 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DADashStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8827 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DADashStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8828 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAColor.1 ActiveX clsid access (browser-plugins.rules) * 1:8830 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAColor.1 ActiveX function call access (browser-plugins.rules) * 1:8831 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DACamera.1 ActiveX clsid access (browser-plugins.rules) * 1:8833 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DACamera.1 ActiveX function call access (browser-plugins.rules) * 1:8834 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABoolean.1 ActiveX clsid access (browser-plugins.rules) * 1:8836 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABoolean.1 ActiveX function call access (browser-plugins.rules) * 1:8837 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox3.1 ActiveX clsid access (browser-plugins.rules) * 1:8839 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox3.1 ActiveX function call access (browser-plugins.rules) * 1:8840 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox2.1 ActiveX clsid access (browser-plugins.rules) * 1:8842 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox2.1 ActiveX function call access (browser-plugins.rules) * 1:8843 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAArray.1 ActiveX clsid access (browser-plugins.rules) * 1:8845 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAArray.1 ActiveX function call access (browser-plugins.rules) * 1:886 <-> DISABLED <-> SERVER-WEBAPP phf access (server-webapp.rules) * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules) * 1:9129 <-> DISABLED <-> BROWSER-PLUGINS WinZip FileView 6.1 ActiveX clsid access (browser-plugins.rules) * 1:9325 <-> DISABLED <-> SERVER-OTHER Citrix IMA DOS event data length denial of service attempt (server-other.rules) * 1:9430 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie link file URI security bypass attempt (file-multimedia.rules) * 1:9431 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Express NNTP response overflow attempt (file-office.rules) * 1:9434 <-> DISABLED <-> FILE-OTHER Ultravox-Max-Msg header integer overflow attempt (file-other.rules) * 1:9626 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access (browser-plugins.rules) * 1:9629 <-> DISABLED <-> BROWSER-PLUGINS Citrix.ICAClient ActiveX clsid access (browser-plugins.rules) * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules) * 1:9633 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9B remote buffer overflow attempt TCP (server-other.rules) * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manger dm.ini stack overflow attempt (file-other.rules) * 1:9638 <-> DISABLED <-> PROTOCOL-TFTP PUT Microsoft RIS filename overwrite attempt (protocol-tftp.rules) * 1:9640 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows ADODB.Connection ActiveX function call access (browser-plugins.rules) * 1:971 <-> DISABLED <-> SERVER-IIS ISAPI .printer access (server-iis.rules) * 1:974 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS directory traversal attempt (server-iis.rules) * 1:9813 <-> DISABLED <-> SERVER-OTHER Symantec NetBackup connect_options buffer overflow attempt (server-other.rules) * 1:9814 <-> DISABLED <-> BROWSER-PLUGINS ICQPhone.SipxPhoneManager ActiveX clsid access (browser-plugins.rules) * 1:9816 <-> DISABLED <-> BROWSER-PLUGINS ICQPhone.SipxPhoneManager ActiveX function call access (browser-plugins.rules) * 1:9823 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime RTSP URI overflow attempt (file-multimedia.rules) * 1:9840 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime HREF Track Detected (file-multimedia.rules) * 1:9841 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook VEVENT overflow attempt (server-mail.rules) * 1:9843 <-> DISABLED <-> FILE-PDF Adobe Acrobat Plugin JavaScript parameter double free attempt (file-pdf.rules) * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:9849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vector Markup Language recolorinfo tag numcolors parameter buffer overflow attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:34336 <-> ENABLED <-> MALWARE-OTHER Html.Phishing.Crea outbound connection attempt (malware-other.rules) * 1:34337 <-> ENABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34347 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection attempt (malware-cnc.rules) * 1:34340 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34341 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network ServerInvokerServlet access attempt (policy-other.rules) * 1:34348 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit payload download (exploit-kit.rules) * 1:34339 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules) * 1:34343 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34346 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection attempt (malware-cnc.rules) * 1:34342 <-> DISABLED <-> POLICY-OTHER Red Hat JBoss Operations Network web console access attempt (policy-other.rules) * 1:34344 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF integer overflow attempt (file-multimedia.rules) * 1:34345 <-> DISABLED <-> POLICY-OTHER Red Hat OpenStack default password login attempt (policy-other.rules) * 1:34338 <-> ENABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
* 1:8450 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type attempt (os-windows.rules) * 1:8449 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type andx attempt (os-windows.rules) * 1:8448 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel colinfo XF record overflow attempt (file-office.rules) * 1:8446 <-> DISABLED <-> POLICY-OTHER IPv6 packets encapsulated in IPv4 (policy-other.rules) * 1:8443 <-> DISABLED <-> BROWSER-FIREFOX Mozilla regular expression heap corruption attempt (browser-firefox.rules) * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (server-webapp.rules) * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules) * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules) * 1:8419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Explorer WebViewFolderIcon.WebViewFolderIcon.1 ActiveX function call (browser-plugins.rules) * 1:8416 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vector Markup Language fill method overflow attempt (os-windows.rules) * 1:8414 <-> DISABLED <-> FILE-OFFICE Microsoft Office GIF image descriptor memory corruption attempt (file-office.rules) * 1:8369 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid access (browser-plugins.rules) * 1:835 <-> DISABLED <-> SERVER-WEBAPP test-cgi access (server-webapp.rules) * 1:8091 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer error message format string vulnerability attempt (file-multimedia.rules) * 1:8090 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (server-webapp.rules) * 1:8089 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (server-webapp.rules) * 1:8088 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (server-webapp.rules) * 1:8087 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager freeIPaddrs.ovpl command injection attempt (server-webapp.rules) * 1:8086 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager cdpView.ovpl command injection attempt (server-webapp.rules) * 1:8085 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager connectedNodes.ovpl command injection attempt (server-webapp.rules) * 1:8068 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX function call access (browser-plugins.rules) * 1:8063 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ADODB.Stream ActiveX function call access (browser-plugins.rules) * 1:8059 <-> DISABLED <-> SERVER-ORACLE SYS.KUPW-WORKER sql injection attempt (server-oracle.rules) * 1:8058 <-> DISABLED <-> BROWSER-FIREFOX Mozilla javascript navigator object access (browser-firefox.rules) * 1:8057 <-> DISABLED <-> SERVER-MYSQL Date_Format denial of service attempt (server-mysql.rules) * 1:8056 <-> DISABLED <-> SERVER-OTHER ISC DHCP server 2 client_id length denial of service attempt (server-other.rules) * 1:8055 <-> DISABLED <-> BROWSER-PLUGINS DirectAnimation.PathControl ActiveX function call access (browser-plugins.rules) * 1:8053 <-> DISABLED <-> BROWSER-PLUGINS DirectAnimation.PathControl ActiveX clsid access (browser-plugins.rules) * 1:7985 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Explorer WebViewFolderIcon.WebViewFolderIcon.1 ActiveX clsid access (browser-plugins.rules) * 1:7904 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer CDL Asychronous Pluggable Protocol Handler ActiveX clsid access (browser-plugins.rules) * 1:7876 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Data Source Control 10.0 ActiveX clsid access (browser-plugins.rules) * 1:7872 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Spreadsheet 10.0 ActiveX clsid access (browser-plugins.rules) * 1:7864 <-> DISABLED <-> BROWSER-PLUGINS McSubMgr ActiveX CLSID access (browser-plugins.rules) * 1:7435 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Dynamic Casts ActiveX clsid access (browser-plugins.rules) * 1:7209 <-> ENABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrPathCanonicalize overflow attempt (os-windows.rules) * 1:7205 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FngGroupCount record overflow attempt (file-office.rules) * 1:7204 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel object ftCmo overflow attempt (file-office.rules) * 1:7203 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word information string overflow attempt (file-office.rules) * 1:7202 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules) * 1:32364 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:32359 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:32345 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:32235 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32234 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32233 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32232 <-> ENABLED <-> FILE-JAVA Oracle Java ServiceLoader exception handling exploit attempt (file-java.rules) * 1:32203 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure ldapsyncnow.php command injection attempt (server-webapp.rules) * 1:32165 <-> ENABLED <-> FILE-IDENTIFY SVG file magic detected (file-identify.rules) * 1:32135 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:7197 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MSO.DLL malformed string parsing single byte buffer over attempt (file-office.rules) * 1:7048 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel object record overflow attempt (file-office.rules) * 1:7027 <-> DISABLED <-> SERVER-IIS Microsoft Office FrontPage server extensions 2002 cross site scripting attempt (server-iis.rules) * 1:7026 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDS.Dataspace ActiveX function call access (browser-plugins.rules) * 1:7025 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel url unicode overflow attempt (file-office.rules) * 1:7022 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Explorer invalid url file overflow attempt (os-windows.rules) * 1:7021 <-> DISABLED <-> OS-LINUX kernel SCTP chunkless packet denial of service attempt (os-linux.rules) * 1:7020 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isComponentInstalled function buffer overflow (browser-ie.rules) * 1:7009 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows DirectAnimation.StructuredGraphicsControl ActiveX function call access (browser-plugins.rules) * 1:7004 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Internet.HHCtrl.1 ActiveX function call access (browser-plugins.rules) * 1:7002 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel url unicode overflow attempt (file-office.rules) * 1:6695 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tRNS overflow attempt (file-image.rules) * 1:6692 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected sRGB overflow attempt (file-image.rules) * 1:6689 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected cHRM overflow attempt (file-image.rules) * 1:6584 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rras RasRpcSubmitRequest overflow attempt (os-windows.rules) * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules) * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules) * 1:6509 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mhtml uri href buffer overflow attempt (browser-ie.rules) * 1:6506 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime udta atom overflow attempt (file-multimedia.rules) * 1:6505 <-> DISABLED <-> FILE-IMAGE Apple QuickTime fpx file SectNumMiniFAT overflow attempt (file-image.rules) * 1:6504 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus CAB file overflow attempt (file-other.rules) * 1:648 <-> DISABLED <-> INDICATOR-SHELLCODE x86 NOOP (indicator-shellcode.rules) * 1:6471 <-> DISABLED <-> SERVER-OTHER RealVNC password authentication bypass attempt (server-other.rules) * 1:6470 <-> DISABLED <-> SERVER-OTHER RealVNC authentication types without None type sent attempt (server-other.rules) * 1:6469 <-> DISABLED <-> SERVER-OTHER RealVNC connection attempt (server-other.rules) * 1:6432 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid second uuid size attempt (os-windows.rules) * 1:6431 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid second uuid size attempt (os-windows.rules) * 1:6420 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msdtc BuildContextW invalid uuid size attempt (os-windows.rules) * 1:6419 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW invalid uuid size attempt (os-windows.rules) * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:6405 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager overflow attempt (server-other.rules) * 1:6404 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup Volume Manager connection attempt (server-other.rules) * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules) * 1:6011 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup vnetd buffer overflow attempt (server-other.rules) * 1:6009 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows RDS.Dataspace ActiveX object access (browser-plugins.rules) * 1:598 <-> DISABLED <-> PROTOCOL-RPC portmap listing TCP 111 (protocol-rpc.rules) * 1:593 <-> DISABLED <-> PROTOCOL-RPC portmap snmpXdmi request TCP (protocol-rpc.rules) * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules) * 1:5712 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player invalid data offset bitmap heap overflow attempt (file-image.rules) * 1:5710 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Player Plugin for Non-IE browsers buffer overflow attempt (os-windows.rules) * 1:5708 <-> DISABLED <-> POLICY-OTHER web server file upload attempt (policy-other.rules) * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules) * 1:569 <-> DISABLED <-> PROTOCOL-RPC snmpXdmi overflow attempt TCP (protocol-rpc.rules) * 1:5318 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows wmf file arbitrary code execution attempt (file-multimedia.rules) * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules) * 1:4985 <-> DISABLED <-> SERVER-WEBAPP Twiki rdiff rev command injection attempt (server-webapp.rules) * 1:4918 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList dos attempt (os-windows.rules) * 1:4917 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript onload prompt obfuscation overflow attempt (browser-ie.rules) * 1:4916 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript onload document.write obfuscation overflow attempt (browser-ie.rules) * 1:4899 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer ISupportErrorInfo Interface ActiveX object access (browser-plugins.rules) * 1:489 <-> DISABLED <-> PROTOCOL-FTP no password (protocol-ftp.rules) * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:4677 <-> DISABLED <-> SERVER-ORACLE Enterprise Manager Application Server Control GET parameter overflow attempt (server-oracle.rules) * 1:4647 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript onload overflow attempt (browser-ie.rules) * 1:4644 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file with comment buffer overflow attempt (os-windows.rules) * 1:4643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows malformed shortcut file buffer overflow attempt (os-windows.rules) * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules) * 1:4637 <-> DISABLED <-> SERVER-OTHER MailEnable HTTPMail buffer overflow attempt (server-other.rules) * 1:4358 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules) * 1:4334 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules) * 1:4196 <-> DISABLED <-> FILE-IDENTIFY CBO CBL CBM file transfer attempt (file-identify.rules) * 1:4177 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX clsid access attempt (browser-plugins.rules) * 1:4170 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office 2000 and 2002 Web Components Data Source Control ActiveX clsid access (browser-plugins.rules) * 1:4155 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer htmlfile ActiveX object access attempt (browser-plugins.rules) * 1:4148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DHTML Editing ActiveX clsid access (browser-plugins.rules) * 1:4144 <-> ENABLED <-> OS-SOLARIS Oracle Solaris lpd control file upload attempt (os-solaris.rules) * 1:4143 <-> DISABLED <-> SERVER-OTHER lpd receive printer job cascade adaptor protocol request (server-other.rules) * 1:4142 <-> DISABLED <-> SERVER-ORACLE reports servlet command execution attempt (server-oracle.rules) * 1:4135 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JPEG rendering buffer overflow attempt (browser-ie.rules) * 1:4131 <-> DISABLED <-> SERVER-OTHER SHOUTcast URI format string attempt (server-other.rules) * 1:4130 <-> DISABLED <-> SERVER-OTHER Novell ZenWorks Remote Management Agent buffer overflow Attempt (server-other.rules) * 1:4127 <-> DISABLED <-> SERVER-OTHER Novell eDirectory Server iMonitor overflow attempt (server-other.rules) * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules) * 1:404 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Protocol Unreachable (protocol-icmp.rules) * 1:402 <-> DISABLED <-> PROTOCOL-ICMP Destination Unreachable Port Unreachable (protocol-icmp.rules) * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules) * 1:3824 <-> DISABLED <-> SERVER-MAIL AUTH user overflow attempt (server-mail.rules) * 1:3823 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer realtext file bad version buffer overflow attempt (file-multimedia.rules) * 1:3820 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CHM file magic detected (file-identify.rules) * 1:3819 <-> DISABLED <-> FILE-IDENTIFY CHM file download request (file-identify.rules) * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules) * 1:3814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javaprxy.dll COM access (browser-ie.rules) * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules) * 1:3696 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent DoS attempt (server-other.rules) * 1:3695 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent password overflow attempt (server-other.rules) * 1:3694 <-> DISABLED <-> SERVER-WEBAPP Squid content length cache poisoning attempt (server-webapp.rules) * 1:3693 <-> DISABLED <-> SERVER-WEBAPP IBM WebSphere j_security_check overflow attempt (server-webapp.rules) * 1:3686 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Content Advisor memory corruption attempt (browser-ie.rules) * 1:3679 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution (indicator-obfuscation.rules) * 1:3658 <-> DISABLED <-> SERVER-OTHER ARCserve universal backup agent option 1000 little endian buffer overflow attempt (server-other.rules) * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules) * 1:3627 <-> DISABLED <-> SERVER-MAIL X-LINK2STATE CHUNK command attempt (server-mail.rules) * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules) * 1:3552 <-> DISABLED <-> OS-WINDOWS Microsoft Windows OLE32 MSHTA masquerade attempt (os-windows.rules) * 1:3551 <-> DISABLED <-> FILE-IDENTIFY HTA file download request (file-identify.rules) * 1:3550 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML http/https scheme hostname overflow attempt (browser-ie.rules) * 1:3537 <-> DISABLED <-> PROTOCOL-TELNET client ENV OPT escape overflow attempt (protocol-telnet.rules) * 1:3534 <-> DISABLED <-> FILE-IMAGE Mozilla GIF single packet heap overflow - NETSCAPE2.0 (file-image.rules) * 1:3533 <-> DISABLED <-> PROTOCOL-TELNET client LINEMODE SLC overflow attempt (protocol-telnet.rules) * 1:3528 <-> DISABLED <-> SERVER-MYSQL create function access attempt (server-mysql.rules) * 1:3522 <-> DISABLED <-> SERVER-OTHER Computer Associates license GETCONFIG server overflow attempt (server-other.rules) * 1:3520 <-> DISABLED <-> SERVER-OTHER Computer Associates license GCR NETWORK overflow attempt (server-other.rules) * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules) * 1:3473 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer SMIL file overflow attempt (file-multimedia.rules) * 1:3461 <-> DISABLED <-> SERVER-MAIL Content-Type overflow attempt (server-mail.rules) * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules) * 1:3441 <-> DISABLED <-> PROTOCOL-FTP PORT bounce attempt (protocol-ftp.rules) * 1:335 <-> DISABLED <-> PROTOCOL-FTP .rhosts (protocol-ftp.rules) * 1:33099 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules) * 1:33098 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules) * 1:33097 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules) * 1:33096 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules) * 1:33095 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos Use After Free attempt (browser-ie.rules) * 1:33094 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules) * 1:33093 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules) * 1:33090 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules) * 1:33089 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules) * 1:33088 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules) * 1:33087 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:33086 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:33085 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:33040 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33037 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33036 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33035 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33034 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33033 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33032 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33031 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33030 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33029 <-> DISABLED <-> FILE-OTHER Poster Software Publish-It buffer overflow attempt (file-other.rules) * 1:33028 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file download request (file-identify.rules) * 1:33027 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33026 <-> ENABLED <-> FILE-IDENTIFY Publish-iT PUI file attachment detected (file-identify.rules) * 1:33025 <-> DISABLED <-> SERVER-WEBAPP Cisco Security Agent Management Center code execution attempt (server-webapp.rules) * 1:33024 <-> DISABLED <-> SERVER-WEBAPP Cisco Security Agent Management Center code execution attempt (server-webapp.rules) * 1:33023 <-> DISABLED <-> FILE-OTHER Apple Quicktime invalid atom length buffer overflow attempt (file-other.rules) * 1:33022 <-> DISABLED <-> FILE-OTHER Apple Quicktime invalid atom length buffer overflow attempt (file-other.rules) * 1:33021 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX buffer overflow attempt (browser-ie.rules) * 1:33020 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX buffer overflow attempt (browser-ie.rules) * 1:33019 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX buffer overflow attempt (browser-ie.rules) * 1:33018 <-> DISABLED <-> BROWSER-IE Oracle WebCenter BlackIceDevMode ActiveX buffer overflow attempt (browser-ie.rules) * 1:33015 <-> DISABLED <-> PROTOCOL-SCADA ABB MicroSCADA wserver.exe EXECUTE remote code execution attempt (protocol-scada.rules) * 1:33014 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:33013 <-> DISABLED <-> BROWSER-PLUGINS HP LoadRunner ActiveX clsid access attempt (browser-plugins.rules) * 1:33012 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33011 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33010 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33009 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx UserName buffer overflow attempt (server-webapp.rules) * 1:33008 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33007 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33006 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33005 <-> DISABLED <-> SERVER-WEBAPP Advantec WebAccess SCADA webvact.ocx NodeName buffer overflow attempt (server-webapp.rules) * 1:33004 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules) * 1:33003 <-> DISABLED <-> BROWSER-PLUGINS SolarWinds Orion Pepco32c ActiveX clsid access attempt (browser-plugins.rules) * 1:33002 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules) * 1:33001 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules) * 1:33000 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules) * 1:32999 <-> DISABLED <-> PROTOCOL-SCADA Advantech WebAccess SCADA command execution attempt (protocol-scada.rules) * 1:32998 <-> DISABLED <-> SERVER-OTHER Sophos Web Appliance arbitrary command execution attempt (server-other.rules) * 1:32997 <-> DISABLED <-> SERVER-OTHER Sophos Web Appliance arbitrary command execution attempt (server-other.rules) * 1:32994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XMLSerializer serializeToStream use-after-free attempt (browser-firefox.rules) * 1:32993 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XMLSerializer serializeToStream use-after-free attempt (browser-firefox.rules) * 1:32992 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver SXPG_COMMAND_EXECUTE remote command execution attempt (server-other.rules) * 1:32991 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver SXPG_COMMAND_EXECUTE remote command execution attempt (server-other.rules) * 1:32971 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (server-webapp.rules) * 1:32763 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt (browser-ie.rules) * 1:32762 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer TextRange after free attempt (browser-ie.rules) * 1:32380 <-> ENABLED <-> FILE-IDENTIFY dib file attachment detected (file-identify.rules) * 1:32378 <-> ENABLED <-> FILE-IDENTIFY bmp file attachment detected (file-identify.rules) * 1:27782 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX function call access (browser-plugins.rules) * 1:27781 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX clsid access (browser-plugins.rules) * 1:27773 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 265 buffer overflow attempt (server-other.rules) * 1:27772 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 243 buffer overflow attempt (server-other.rules) * 1:27771 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 236 buffer overflow attempt (server-other.rules) * 1:27770 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 210 buffer overflow attempt (server-other.rules) * 1:27769 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 207 buffer overflow attempt (server-other.rules) * 1:27751 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27750 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27692 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27691 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:27677 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27676 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27675 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27674 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27673 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27672 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27622 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27621 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:27617 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 264 buffer overflow attempt (server-other.rules) * 1:27616 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:27615 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:32134 <-> ENABLED <-> FILE-IDENTIFY XBM file attachment detected (file-identify.rules) * 1:32128 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure confpremenu.php command injection attempt (server-webapp.rules) * 1:32105 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules) * 1:32104 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX function call access (browser-plugins.rules) * 1:32103 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules) * 1:32102 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Content CheckOutAndOpen.dll ActiveX control code execution ActiveX clsid access (browser-plugins.rules) * 1:31901 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit Oracle Java encoded shellcode detected (exploit-kit.rules) * 1:31890 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (server-mail.rules) * 1:31889 <-> DISABLED <-> SERVER-MAIL Exim Dovecot LDA sender_address command injection attempt (server-mail.rules) * 1:31882 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31881 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31880 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31879 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31878 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31877 <-> DISABLED <-> SERVER-OTHER HP Application Life Cycle Management ActiveX arbitrary code execution attempt (server-other.rules) * 1:31871 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:31776 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31775 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31774 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31773 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:31703 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31702 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file magic detected (file-identify.rules) * 1:31694 <-> ENABLED <-> EXPLOIT-KIT Angler exploit kit encrypted binary download (exploit-kit.rules) * 1:31541 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31540 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:3146 <-> DISABLED <-> OS-WINDOWS SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules) * 1:3145 <-> DISABLED <-> OS-WINDOWS SMB-DS Trans2 FIND_FIRST2 response overflow attempt (os-windows.rules) * 1:3144 <-> DISABLED <-> OS-WINDOWS SMB Trans2 FIND_FIRST2 response andx overflow attempt (os-windows.rules) * 1:3143 <-> DISABLED <-> OS-WINDOWS SMB Trans2 FIND_FIRST2 command response overflow attempt (os-windows.rules) * 1:31367 <-> ENABLED <-> FILE-JAVA Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:31366 <-> ENABLED <-> FILE-JAVA Oracle Java sun.tracing.ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:31325 <-> ENABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31324 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31323 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:31322 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31321 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31320 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:31312 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31311 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31310 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:31309 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:31308 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (server-other.rules) * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules) * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules) * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules) * 1:3079 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ANI file parsing buffer overflow attempt (browser-ie.rules) * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules) * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules) * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP status overflow attempt (protocol-imap.rules) * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:30534 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules) * 1:30533 <-> ENABLED <-> FILE-OTHER Kingsoft Writer long font name buffer overflow attempt (file-other.rules) * 1:30529 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:30528 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:30506 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:30505 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:30504 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:30503 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:30268 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30267 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30266 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30265 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30264 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30263 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector opcode 42 directory traversal attempt (server-other.rules) * 1:30107 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:30106 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules) * 1:30030 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30029 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30028 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30027 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30026 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30025 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30024 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30023 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30022 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30021 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30020 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30019 <-> DISABLED <-> FILE-OTHER Oracle Outside In OS/2 Metafile parser stack overflow attempt (file-other.rules) * 1:30018 <-> DISABLED <-> FILE-IDENTIFY OS/2 Metafile file download request (file-identify.rules) * 1:30017 <-> DISABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:30016 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30015 <-> ENABLED <-> FILE-IDENTIFY OS/2 Metafile file attachment detected (file-identify.rules) * 1:30014 <-> DISABLED <-> FILE-IDENTIFY OS/2 Metafile file magic detected (file-identify.rules) * 1:29979 <-> ENABLED <-> SERVER-WEBAPP Symantec Endpoint Protection Manager Unauthenticated XML External Entity Injection attempt (server-webapp.rules) * 1:29948 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29947 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29946 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:29931 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:29930 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:29929 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:29928 <-> ENABLED <-> FILE-FLASH Adobe Flash Player worker shared object use-after-free attempt (file-flash.rules) * 1:29909 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager JMXInvokerServlet remote code execution attempt (server-other.rules) * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules) * 1:29859 <-> ENABLED <-> SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (server-apache.rules) * 1:29822 <-> ENABLED <-> INDICATOR-COMPROMISE Windows Internet Explorer EMET check and garbage collection (indicator-compromise.rules) * 1:29821 <-> ENABLED <-> INDICATOR-COMPROMISE Windows Internet Explorer EMET check and garbage collection (indicator-compromise.rules) * 1:29820 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:29819 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 10 use after free attempt (browser-ie.rules) * 1:29801 <-> ENABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:29756 <-> ENABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt (server-webapp.rules) * 1:29748 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirect (server-apache.rules) * 1:29747 <-> ENABLED <-> SERVER-APACHE Apache Struts2 blacklisted method redirect (server-apache.rules) * 1:29744 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules) * 1:29743 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CInput element user after free attempt (browser-ie.rules) * 1:29736 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free (browser-ie.rules) * 1:29735 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer selectall use after free (browser-ie.rules) * 1:29734 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:29733 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer overlapping object boundaries memory corruption attempt (browser-ie.rules) * 1:29659 <-> ENABLED <-> BLACKLIST DNS request for known malware domain www.mobilitysvc.com - Adobe 0day C&C (blacklist.rules) * 1:29658 <-> ENABLED <-> BLACKLIST DNS request for known malware domain thirdbase.bugs3.com - Adobe 0day C&C (blacklist.rules) * 1:29657 <-> ENABLED <-> BLACKLIST DNS request for known malware domain sales.eu5.org - Adobe 0day C&C (blacklist.rules) * 1:29656 <-> ENABLED <-> BLACKLIST DNS request for known malware domain javaupdate.flashserv.net - Adobe 0day C&C (blacklist.rules) * 1:29651 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:29650 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer MoveToMarkupPointer call with CControlTracker OnExitTree use-after-free attempt (browser-ie.rules) * 1:29649 <-> DISABLED <-> SERVER-APACHE Apache Roller allowStaticMethodAccess invocation attempt (server-apache.rules) * 1:29648 <-> DISABLED <-> SERVER-APACHE Apache Roller OGNL injection remote code execution attempt (server-apache.rules) * 1:29647 <-> DISABLED <-> SERVER-APACHE Apache Roller OGNL injection remote code execution attempt (server-apache.rules) * 1:29634 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:29633 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:29632 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:29631 <-> ENABLED <-> FILE-FLASH Adobe Flash Player integer underflow attempt (file-flash.rules) * 1:29616 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger inbound communication (malware-cnc.rules) * 1:29615 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger outbound communication (malware-cnc.rules) * 1:29614 <-> ENABLED <-> FILE-IDENTIFY XPS file download request (file-identify.rules) * 1:29613 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29612 <-> ENABLED <-> FILE-IDENTIFY XPS file attachment detected (file-identify.rules) * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules) * 1:29577 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29576 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29575 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29574 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29573 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29572 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29571 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29570 <-> ENABLED <-> FILE-OTHER Oracle Outside In OS2 metafile parser stack buffer overflow attempt (file-other.rules) * 1:29549 <-> DISABLED <-> SERVER-WEBAPP PineApp Mail-SeCure test_li_connection.php command injection (server-webapp.rules) * 1:29519 <-> DISABLED <-> INDICATOR-OBFUSCATION Javascript obfuscation using split reverse join (indicator-obfuscation.rules) * 1:29518 <-> ENABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:29514 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:29509 <-> DISABLED <-> INDICATOR-OBFUSCATION Multiple character encodings detected (indicator-obfuscation.rules) * 1:29488 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29487 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29486 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29485 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager ManualBootImageUpload directory traversal attempt (server-webapp.rules) * 1:29468 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29467 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29466 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29465 <-> DISABLED <-> FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt (file-other.rules) * 1:29443 <-> ENABLED <-> EXPLOIT-KIT Fiesta exploit kit outbound connection attempt (exploit-kit.rules) * 1:29439 <-> ENABLED <-> FILE-IDENTIFY MSI file download request (file-identify.rules) * 1:29407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file download request (file-identify.rules) * 1:29406 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29405 <-> ENABLED <-> FILE-IDENTIFY Microsoft Internet Shortcut file attachment detected (file-identify.rules) * 1:29394 <-> DISABLED <-> BROWSER-WEBKIT Apple WebKit QuickTime plugin content-type http header buffer overflow attempt (browser-webkit.rules) * 1:29392 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29391 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29390 <-> ENABLED <-> SERVER-WEBAPP EMC Connectrix Manager FileUploadController directory traversal attempt (server-webapp.rules) * 1:29386 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29385 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file attachment detected (file-identify.rules) * 1:29384 <-> ENABLED <-> FILE-IDENTIFY Adobe AIR file download request (file-identify.rules) * 1:29280 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29279 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29278 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29277 <-> DISABLED <-> FILE-OTHER IBM Forms Viewer XFDL form processing stack buffer overflow attempt (file-other.rules) * 1:29276 <-> ENABLED <-> FILE-IDENTIFY XFDL file download request (file-identify.rules) * 1:29275 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29274 <-> ENABLED <-> FILE-IDENTIFY XFDL file attachment detected (file-identify.rules) * 1:29273 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29272 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29271 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29270 <-> ENABLED <-> FILE-JAVA Oracle Java sun.awt.image.ImagingLib.lookupByteBI memory corruption attempt (file-java.rules) * 1:29193 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29192 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29142 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:29141 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules) * 1:29060 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX function call access (browser-plugins.rules) * 1:29059 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ChartFX.ClientServer ActiveX clsid access (browser-plugins.rules) * 1:29042 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules) * 1:29041 <-> ENABLED <-> SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt (server-webapp.rules) * 1:29040 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29035 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:29034 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:29027 <-> ENABLED <-> SERVER-WEBAPP Zimbra remote code execution attempt (server-webapp.rules) * 1:29019 <-> ENABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt (server-webapp.rules) * 1:29018 <-> DISABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin getReport SQL injection attempt (server-webapp.rules) * 1:29017 <-> ENABLED <-> SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin directory traversal attempt (server-webapp.rules) * 1:28962 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules) * 1:28961 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia URL length buffer overflow attempt (file-multimedia.rules) * 1:28937 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope issuesiebelcmd soap request code execution attempt (server-webapp.rules) * 1:28916 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt (file-java.rules) * 1:28915 <-> ENABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster.verify method integer overflow attempt (file-java.rules) * 1:28901 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file download request (file-identify.rules) * 1:28900 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28899 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28898 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28897 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file attachment detected (file-identify.rules) * 1:28896 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file attachment detected (file-identify.rules) * 1:28895 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file attachment detected (file-identify.rules) * 1:28894 <-> ENABLED <-> FILE-IDENTIFY eSignal .ets file attachment detected (file-identify.rules) * 1:28878 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:28877 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:28876 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:28875 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer GetClassObject use after free attempt (browser-ie.rules) * 1:28851 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager EJBInvokerServlet remote code execution attempt (server-other.rules) * 1:28846 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28845 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28844 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28843 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript toolbar button use after free attempt (file-pdf.rules) * 1:28790 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28789 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28788 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28787 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28786 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28785 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28784 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28783 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28782 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28781 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28780 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28779 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28778 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28777 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28776 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28775 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28774 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28773 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28772 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28771 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28770 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX function call access attempt (browser-plugins.rules) * 1:28769 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28768 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28767 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28766 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28765 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28764 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28763 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28762 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28761 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28760 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28759 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28758 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28757 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28756 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28755 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28754 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28753 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28752 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28751 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28750 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28749 <-> DISABLED <-> BROWSER-PLUGINS Novell GroupWise ActiveX clsid access attempt (browser-plugins.rules) * 1:28748 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D format memory corruption attempt (file-pdf.rules) * 1:28747 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader universal 3D format memory corruption attempt (file-pdf.rules) * 1:28746 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver SXPG_CALL_SYSTEM remote code execution attempt (server-webapp.rules) * 1:28745 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:28744 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:28743 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28742 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28741 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28740 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28739 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28738 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28737 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28736 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28735 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28734 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28733 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28732 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28731 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28730 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28729 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28728 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28727 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28726 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28725 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28723 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules) * 1:28722 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules) * 1:28721 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules) * 1:28720 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules) * 1:28719 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules) * 1:28718 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader memory corruption attempt (file-pdf.rules) * 1:28717 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compact font format memory corruption attempt (file-pdf.rules) * 1:28716 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compact font format memory corruption attempt (file-pdf.rules) * 1:28715 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28714 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28713 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28712 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28711 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28710 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:28709 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28708 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:28707 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:28706 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:28705 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:28704 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:28703 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:28702 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28701 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28700 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28699 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28698 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:28697 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:28696 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:28695 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:28694 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28693 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28692 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28691 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28690 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28689 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28687 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:28685 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28684 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28683 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28682 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28681 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28680 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28679 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:28676 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:28675 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:28674 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:28673 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:28672 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:28671 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:28670 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:28669 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:28668 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:28667 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:28666 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:28665 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:28664 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:28663 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing attempt (browser-ie.rules) * 1:28662 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing attempt (browser-ie.rules) * 1:28661 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:28660 <-> DISABLED <-> FILE-FLASH Adobe Flash Player remote code execution attempt (file-flash.rules) * 1:28659 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:28658 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XML Java used in app.setTimeOut (file-pdf.rules) * 1:28657 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28656 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28655 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28654 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28653 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28652 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28651 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28650 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28649 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28648 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28647 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28646 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28645 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28644 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28643 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28642 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28641 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-flash.rules) * 1:28640 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-flash.rules) * 1:28639 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:28638 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:28637 <-> DISABLED <-> FILE-FLASH Adobe Flash Player multimedia file DefineSceneAndFrameLabelData code execution attempt (file-flash.rules) * 1:28636 <-> DISABLED <-> FILE-FLASH Adobe Flash Player multimedia file DefineSceneAndFrameLabelData code execution attempt (file-flash.rules) * 1:28635 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:28634 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll composite glyf buffer overflow attempt (file-pdf.rules) * 1:28633 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:28632 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:28631 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:28630 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated script encoding detected (indicator-obfuscation.rules) * 1:28629 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated script encoding detected (indicator-obfuscation.rules) * 1:28628 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28627 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28626 <-> ENABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta Buffer Overflow (file-pdf.rules) * 1:28625 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (file-pdf.rules) * 1:28622 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:28621 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:28620 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28619 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:28586 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader OTF font head table size overflow attempt (file-pdf.rules) * 1:28585 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader OTF font head table size overflow attempt (file-pdf.rules) * 1:28584 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28583 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28582 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28581 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28580 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28579 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight ScriptObject untrusted pointer dereference attempt (browser-plugins.rules) * 1:28526 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28525 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28506 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX function call access (browser-plugins.rules) * 1:28505 <-> DISABLED <-> BROWSER-PLUGINS InformationCardSigninHelper ActiveX clsid access (browser-plugins.rules) * 1:28489 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules) * 1:28474 <-> ENABLED <-> EXPLOIT-KIT Neutrino exploit kit outbound plugin detection response - generic detection (exploit-kit.rules) * 1:28473 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28472 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28471 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28470 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28469 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28468 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28467 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28466 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28465 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28464 <-> ENABLED <-> FILE-OFFICE Microsoft Office GDI library TIFF handling integer overflow attempt (file-office.rules) * 1:28462 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28461 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:28454 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules) * 1:28453 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28452 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28451 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:28447 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:28438 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access (browser-plugins.rules) * 1:28437 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access (browser-plugins.rules) * 1:28436 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access attempt (browser-plugins.rules) * 1:28435 <-> DISABLED <-> BROWSER-PLUGINS IBM SPSS SamplePower ActiveX function call access attempt (browser-plugins.rules) * 1:28427 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28426 <-> ENABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:28425 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows Remote Administration Protocol usage attempt (os-windows.rules) * 1:28407 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center BIMS UploadServlet arbitrary file upload attempt (server-webapp.rules) * 1:28398 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28397 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28396 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28395 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28394 <-> DISABLED <-> SERVER-OTHER EMC AlphaStore format string vulnerability exploit attempt (server-other.rules) * 1:28389 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28388 <-> DISABLED <-> FILE-PDF Adobe Acrobat TrueType font handling remote code execution attempt (file-pdf.rules) * 1:28381 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Temvice outbound communication attempt (malware-other.rules) * 1:28380 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28379 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28378 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28377 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28376 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28375 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28374 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:28364 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:28363 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:28361 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:28360 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28359 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28358 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28357 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28356 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28355 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28354 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:28353 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:28352 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:28351 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:28350 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:28349 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:28343 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28342 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28341 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28340 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28339 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28338 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28337 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28336 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28335 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28334 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28333 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28332 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28331 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:28315 <-> DISABLED <-> FILE-OTHER Microsoft Office Image filter BMP overflow attempt (file-other.rules) * 1:28309 <-> ENABLED <-> EXPLOIT-KIT Himan exploit kit payload - Oracle Java compromise (exploit-kit.rules) * 1:28306 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS expression defined to empty selection attempt (browser-ie.rules) * 1:28303 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules) * 1:28287 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object cells reference memory corruption vulnerability (browser-ie.rules) * 1:28278 <-> ENABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt (server-webapp.rules) * 1:28277 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:28276 <-> ENABLED <-> FILE-JAVA Oracle Java 2D ImagingLib AffineTransformOp storeImageArray memory corruption attempt (file-java.rules) * 1:28272 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer htmlfile ActiveX object access attempt (browser-plugins.rules) * 1:28271 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlfile null attribute access attempt (browser-ie.rules) * 1:28270 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules) * 1:28269 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules) * 1:28268 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules) * 1:28267 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer option element use after free attempt (browser-ie.rules) * 1:28266 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll composite glyf buffer overflow attempt (file-pdf.rules) * 1:28262 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:28261 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28260 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ICC remote memory corruption attempt (file-pdf.rules) * 1:28259 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:28258 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:28257 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader ICC remote memory corruption attempt (file-pdf.rules) * 1:28256 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:28252 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:28227 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 211 buffer overflow attempt (server-other.rules) * 1:28208 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules) * 1:28207 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer swapNode memory corruption attempt (browser-ie.rules) * 1:28136 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:28135 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FtCbls remote code execution attempt (file-office.rules) * 1:28112 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:27944 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onlosecapture memory corruption attempt (browser-ie.rules) * 1:27943 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onlosecapture memory corruption attempt (browser-ie.rules) * 1:27941 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateDomainControllerServlet directory traversal attempt (server-other.rules) * 1:27937 <-> ENABLED <-> SERVER-OTHER HP ProCurve Manager SNAC UpdateCertificatesServlet directory traversal attempt (server-other.rules) * 1:27921 <-> DISABLED <-> SERVER-ORACLE Oracle Endeca Server createDataStore remote command injection attempt (server-oracle.rules) * 1:27872 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27871 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27870 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27869 <-> ENABLED <-> BROWSER-PLUGINS HP LoadRunner WriteFileString ActiveX function call attempt (browser-plugins.rules) * 1:27862 <-> ENABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt (server-webapp.rules) * 1:27844 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos object use-after-free attempt (browser-ie.rules) * 1:27843 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos object use-after-free attempt (browser-ie.rules) * 1:27838 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:27837 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CDisplayPointer use after free attempt (browser-ie.rules) * 1:27822 <-> ENABLED <-> FILE-OTHER Microsoft Windows XP .theme file remote code execution attempt (file-other.rules) * 1:27816 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit jar file download attempt (exploit-kit.rules) * 1:27583 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27582 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:27571 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 235 buffer overflow attempt (server-other.rules) * 1:27568 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox 17 onreadystatechange memory corruption attempt (browser-firefox.rules) * 1:27539 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 234 buffer overflow attempt (server-other.rules) * 1:27264 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 227 buffer overflow attempt (server-other.rules) * 1:27262 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 263 buffer overflow attempt (server-other.rules) * 1:27261 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 215 buffer overflow attempt (server-other.rules) * 1:27245 <-> ENABLED <-> SERVER-APACHE Apache Struts2 remote code execution attempt (server-apache.rules) * 1:27233 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:27232 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:27217 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 260 buffer overflow attempt (server-other.rules) * 1:27211 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:27191 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27190 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27189 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27188 <-> ENABLED <-> FILE-JAVA Oracle Java Applet ProviderSkeleton sandbox bypass attempt (file-java.rules) * 1:27187 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27186 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27185 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27184 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27183 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27182 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malicious swf file download attempt (file-flash.rules) * 1:27172 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27171 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27170 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1091 buffer overflow attempt (server-other.rules) * 1:27153 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27152 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27151 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:27125 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 211 buffer overflow attempt (server-other.rules) * 1:27124 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 1092 buffer overflow attempt (server-other.rules) * 1:27123 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (server-other.rules) * 1:27122 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 305 buffer overflow attempt (server-other.rules) * 1:27121 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector - initiate connection (server-other.rules) * 1:27105 <-> ENABLED <-> SERVER-WEBAPP HP System Management arbitrary command injection attempt (server-webapp.rules) * 1:27104 <-> ENABLED <-> SERVER-WEBAPP HP System Management arbitrary command injection attempt (server-webapp.rules) * 1:27077 <-> ENABLED <-> FILE-JAVA Oracle Java Applet disable security manager attempt (file-java.rules) * 1:27076 <-> ENABLED <-> FILE-JAVA Oracle Java Applet disable security manager attempt (file-java.rules) * 1:27075 <-> DISABLED <-> SERVER-OTHER Novell NetIQ User Manager ldapagnt_eval remote code execution attempt (server-other.rules) * 1:27036 <-> DISABLED <-> SERVER-OTHER Novell NetIQ User Manager modifyAccounts policy bypass attempt (server-other.rules) * 1:27030 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27029 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27028 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management mdm.php directory traversal attempt (server-webapp.rules) * 1:27027 <-> DISABLED <-> POLICY-OTHER PHP tag injection in http header attempt (policy-other.rules) * 1:27020 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:27019 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:27018 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Mobile Management dusap.php directory traversal attempt (server-webapp.rules) * 1:26980 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix snmp master agent denial of service attempt (server-other.rules) * 1:26979 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:26977 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:26976 <-> DISABLED <-> FILE-IMAGE Oracle Outside In FlashPix image processing overflow attempt (file-image.rules) * 1:26973 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules) * 1:26928 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26927 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26879 <-> DISABLED <-> BROWSER-OTHER local loopback address in html (browser-other.rules) * 1:26860 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected tRNS overflow attempt (file-image.rules) * 1:26855 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected iCCP overflow attempt (file-image.rules) * 1:26854 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player Malformed PNG detected cHRM overflow attempt (file-image.rules) * 1:26848 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7 emulation via meta tag (browser-ie.rules) * 1:26825 <-> ENABLED <-> SERVER-OTHER Apache Struts allowStaticMethodAccess invocation attempt (server-other.rules) * 1:26824 <-> ENABLED <-> SERVER-OTHER Apache Struts allowStaticMethodAccess invocation attempt (server-other.rules) * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules) * 1:26791 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26790 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26787 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26786 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:26761 <-> DISABLED <-> OS-MOBILE Android Fakeinst device information leakage (os-mobile.rules) * 1:26704 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:26664 <-> ENABLED <-> FILE-IMAGE BMP extremely large xpos opcodes (file-image.rules) * 1:26652 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26651 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader X XML forms specially crafted RLE8 format BMP integer overflow attempt (file-pdf.rules) * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules) * 1:26596 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript fromCharCode xor decryption routine detected (indicator-obfuscation.rules) * 1:26595 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript hex character extraction routine detected (indicator-obfuscation.rules) * 1:26588 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JMX findclass sandbox breach attempt (file-java.rules) * 1:26587 <-> DISABLED <-> FILE-JAVA Oracle Java runtime JMX findclass sandbox breach attempt (file-java.rules) * 1:26584 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules) * 1:26573 <-> DISABLED <-> BROWSER-PLUGINS Honeywell HscRemoteDeploy ActiveX control arbitrary HTA execution attempt (browser-plugins.rules) * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:26547 <-> DISABLED <-> SERVER-WEBAPP phpMyAdmin preg_replace remote code execution attempt (server-webapp.rules) * 1:26513 <-> DISABLED <-> FILE-PDF PDF with large embedded JavaScript - JS string attempt (file-pdf.rules) * 1:26504 <-> ENABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26503 <-> ENABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26502 <-> ENABLED <-> PROTOCOL-SCADA 3S CoDeSys Gateway Server stack buffer overflow attempt (protocol-scada.rules) * 1:26501 <-> DISABLED <-> SERVER-OTHER BigAnt Document Service DDNF request stack buffer overflow attempt (server-other.rules) * 1:26496 <-> ENABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26495 <-> ENABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26494 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26493 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file attachment detected (file-identify.rules) * 1:26492 <-> ENABLED <-> FILE-IDENTIFY KingView KingMessage log file download request (file-identify.rules) * 1:26491 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:26488 <-> ENABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server directory traversal attempt (protocol-scada.rules) * 1:26479 <-> DISABLED <-> SERVER-OTHER ActFax LPD Server data field buffer overflow attempt (server-other.rules) * 1:26466 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26465 <-> ENABLED <-> FILE-IDENTIFY XUL file attachment detected (file-identify.rules) * 1:26458 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file download request (file-identify.rules) * 1:26457 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26456 <-> ENABLED <-> FILE-IDENTIFY Stream redirector file attachment detected (file-identify.rules) * 1:26418 <-> DISABLED <-> SERVER-WEBAPP HP System Management iprange parameter buffer overflow attempt (server-webapp.rules) * 1:26417 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (server-webapp.rules) * 1:26416 <-> ENABLED <-> SERVER-WEBAPP HP Intelligent Management Center mibFileUpload servlet arbitrary file upload attempt (server-webapp.rules) * 1:26415 <-> ENABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server directory traversal attempt (protocol-scada.rules) * 1:26414 <-> ENABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server executable file upload attempt (protocol-scada.rules) * 1:26392 <-> ENABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:26374 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:26365 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26364 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26363 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26362 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26361 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26360 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26359 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26358 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26357 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26356 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26355 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows RDP ActiveX component mstscax use after free attempt (browser-plugins.rules) * 1:26283 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26282 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26281 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26280 <-> DISABLED <-> FILE-PDF Foxit Reader remote query string buffer overflow attempt (file-pdf.rules) * 1:26265 <-> ENABLED <-> BLACKLIST DNS request for known malware domain mercury.yori.pl - Kazy Trojan (blacklist.rules) * 1:26264 <-> ENABLED <-> MALWARE-CNC Dapato banking Trojan variant outbound connection (malware-cnc.rules) * 1:26263 <-> DISABLED <-> SERVER-WEBAPP Wordpress wp-banners-lite plugin cross site scripting attempt (server-webapp.rules) * 1:26251 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:26231 <-> DISABLED <-> FILE-PDF PDF version 1.1 with FlateDecode embedded - seen in exploit kits (file-pdf.rules) * 1:26193 <-> DISABLED <-> BROWSER-PLUGINS Honeywell HscRemoteDeploy ActiveX control arbitrary HTA execution attempt (browser-plugins.rules) * 1:26110 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:26113 <-> ENABLED <-> FILE-PDF Adobe Flash Player memory corruption attempt (file-pdf.rules) * 1:26112 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:26111 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:25830 <-> ENABLED <-> FILE-JAVA Oracle Java malicious class download attempt (file-java.rules) * 1:25819 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:25850 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:25852 <-> ENABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:2611 <-> DISABLED <-> SERVER-ORACLE LINK metadata buffer overflow attempt (server-oracle.rules) * 1:25984 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:25851 <-> ENABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:25985 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:25986 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:26021 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XML Java used in app.setTimeOut (file-pdf.rules) * 1:26057 <-> ENABLED <-> FILE-IDENTIFY ZIP file download detected (file-identify.rules) * 1:26058 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:26105 <-> ENABLED <-> SERVER-OTHER BigAnt IM Server buffer overflow attempt (server-other.rules) * 1:26078 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules) * 1:26103 <-> ENABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra ping request buffer overflow attempt (server-other.rules) * 1:25818 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader known malicious variable exploit attempt (file-pdf.rules) * 1:26077 <-> DISABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript - JavaScript object detected (file-pdf.rules) * 1:26076 <-> DISABLED <-> FILE-PDF download of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules) * 1:8768 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector3.1 ActiveX clsid access (browser-plugins.rules) * 1:8770 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector3.1 ActiveX function call access (browser-plugins.rules) * 1:8771 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector2.1 ActiveX clsid access (browser-plugins.rules) * 1:8773 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAVector2.1 ActiveX function call access (browser-plugins.rules) * 1:8774 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAUserData.1 ActiveX clsid access (browser-plugins.rules) * 1:8776 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAUserData.1 ActiveX function call access (browser-plugins.rules) * 1:8777 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform3.1 ActiveX clsid access (browser-plugins.rules) * 1:8779 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform3.1 ActiveX function call access (browser-plugins.rules) * 1:8780 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform2.1 ActiveX clsid access (browser-plugins.rules) * 1:8782 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DATransform2.1 ActiveX function call access (browser-plugins.rules) * 1:8783 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAString.1 ActiveX clsid access (browser-plugins.rules) * 1:8785 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAString.1 ActiveX function call access (browser-plugins.rules) * 1:8786 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DASound.1 ActiveX clsid access (browser-plugins.rules) * 1:8788 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DASound.1 ActiveX function call access (browser-plugins.rules) * 1:8789 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint3.1 ActiveX clsid access (browser-plugins.rules) * 1:8791 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint3.1 ActiveX function call access (browser-plugins.rules) * 1:8792 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint2.1 ActiveX clsid access (browser-plugins.rules) * 1:8794 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPoint2.1 ActiveX function call access (browser-plugins.rules) * 1:8795 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPath2.1 ActiveX clsid access (browser-plugins.rules) * 1:8797 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPath2.1 ActiveX function call access (browser-plugins.rules) * 1:8451 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type unicode andx attempt (os-windows.rules) * 1:8452 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type unicode attempt (os-windows.rules) * 1:8453 <-> DISABLED <-> OS-WINDOWS SMB-DS Rename invalid buffer type andx attempt (os-windows.rules) * 1:8454 <-> DISABLED <-> OS-WINDOWS SMB-DS Rename invalid buffer type attempt (os-windows.rules) * 1:8455 <-> DISABLED <-> OS-WINDOWS SMB-DS Rename invalid buffer type unicode andx attempt (os-windows.rules) * 1:8456 <-> DISABLED <-> OS-WINDOWS SMB-DS Rename invalid buffer type unicode attempt (os-windows.rules) * 1:8457 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type andx attempt (os-windows.rules) * 1:8458 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type attempt (os-windows.rules) * 1:8459 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type unicode andx attempt (os-windows.rules) * 1:8460 <-> DISABLED <-> OS-WINDOWS SMB Rename invalid buffer type unicode attempt (os-windows.rules) * 1:8478 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file magic detected (file-identify.rules) * 1:8480 <-> DISABLED <-> PROTOCOL-FTP PORT overflow attempt (protocol-ftp.rules) * 1:8541 <-> DISABLED <-> SERVER-ORACLE sdo_cs.transform_layer buffer overflow attempt (server-oracle.rules) * 1:857 <-> DISABLED <-> SERVER-WEBAPP faxsurvey access (server-webapp.rules) * 1:8711 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory HTTP redirection buffer overflow attempt (server-webapp.rules) * 1:8723 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Data Source Control 11.0 ActiveX clsid access (browser-plugins.rules) * 1:8727 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer XMLHTTP 4.0 ActiveX clsid access (browser-plugins.rules) * 1:8738 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service ActiveX clsid access (browser-plugins.rules) * 1:8741 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAFontStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8743 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAFontStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8744 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEvent.1 ActiveX clsid access (browser-plugins.rules) * 1:8746 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEvent.1 ActiveX function call access (browser-plugins.rules) * 1:8747 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEndStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8749 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAEndStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8750 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.LMBehaviorFactory.1 ActiveX clsid access (browser-plugins.rules) * 1:8752 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.LMBehaviorFactory.1 ActiveX function call access (browser-plugins.rules) * 1:8753 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.AutoEffectBvr.1 ActiveX clsid access (browser-plugins.rules) * 1:8755 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LM.AutoEffectBvr.1 ActiveX function call access (browser-plugins.rules) * 1:8756 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SpriteControl ActiveX clsid access (browser-plugins.rules) * 1:8758 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SpriteControl ActiveX function call access (browser-plugins.rules) * 1:8759 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SequencerControl ActiveX clsid access (browser-plugins.rules) * 1:8761 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.SequencerControl ActiveX function call access (browser-plugins.rules) * 1:8762 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.Sequence ActiveX clsid access (browser-plugins.rules) * 1:8764 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.Sequence ActiveX function call access (browser-plugins.rules) * 1:8765 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAView.1 ActiveX clsid access (browser-plugins.rules) * 1:8767 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAView.1 ActiveX function call access (browser-plugins.rules) * 1:8798 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPair.1 ActiveX clsid access (browser-plugins.rules) * 1:8800 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAPair.1 ActiveX function call access (browser-plugins.rules) * 1:8801 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DANumber.1 ActiveX clsid access (browser-plugins.rules) * 1:8803 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DANumber.1 ActiveX function call access (browser-plugins.rules) * 1:8804 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMontage.1 ActiveX clsid access (browser-plugins.rules) * 1:8806 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMontage.1 ActiveX function call access (browser-plugins.rules) * 1:8807 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMicrophone.1 ActiveX clsid access (browser-plugins.rules) * 1:8809 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMicrophone.1 ActiveX function call access (browser-plugins.rules) * 1:8810 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMatte.1 ActiveX clsid access (browser-plugins.rules) * 1:8812 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAMatte.1 ActiveX function call access (browser-plugins.rules) * 1:8813 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DALineStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8815 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DALineStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8816 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAJoinStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8818 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAJoinStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8819 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAImage.1 ActiveX clsid access (browser-plugins.rules) * 1:8821 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAImage.1 ActiveX function call access (browser-plugins.rules) * 1:8822 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAGeometry.1 ActiveX clsid access (browser-plugins.rules) * 1:8824 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAGeometry.1 ActiveX function call access (browser-plugins.rules) * 1:8825 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DADashStyle.1 ActiveX clsid access (browser-plugins.rules) * 1:8827 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DADashStyle.1 ActiveX function call access (browser-plugins.rules) * 1:8828 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAColor.1 ActiveX clsid access (browser-plugins.rules) * 1:8830 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAColor.1 ActiveX function call access (browser-plugins.rules) * 1:8831 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DACamera.1 ActiveX clsid access (browser-plugins.rules) * 1:8833 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DACamera.1 ActiveX function call access (browser-plugins.rules) * 1:8834 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABoolean.1 ActiveX clsid access (browser-plugins.rules) * 1:8836 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABoolean.1 ActiveX function call access (browser-plugins.rules) * 1:8837 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox3.1 ActiveX clsid access (browser-plugins.rules) * 1:8839 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox3.1 ActiveX function call access (browser-plugins.rules) * 1:8840 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox2.1 ActiveX clsid access (browser-plugins.rules) * 1:8842 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DABbox2.1 ActiveX function call access (browser-plugins.rules) * 1:8843 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAArray.1 ActiveX clsid access (browser-plugins.rules) * 1:8845 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer DirectAnimation.DAArray.1 ActiveX function call access (browser-plugins.rules) * 1:886 <-> DISABLED <-> SERVER-WEBAPP phf access (server-webapp.rules) * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules) * 1:9129 <-> DISABLED <-> BROWSER-PLUGINS WinZip FileView 6.1 ActiveX clsid access (browser-plugins.rules) * 1:9325 <-> DISABLED <-> SERVER-OTHER Citrix IMA DOS event data length denial of service attempt (server-other.rules) * 1:9430 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Movie link file URI security bypass attempt (file-multimedia.rules) * 1:9431 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Express NNTP response overflow attempt (file-office.rules) * 1:9434 <-> DISABLED <-> FILE-OTHER Ultravox-Max-Msg header integer overflow attempt (file-other.rules) * 1:9626 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX clsid access (browser-plugins.rules) * 1:9629 <-> DISABLED <-> BROWSER-PLUGINS Citrix.ICAClient ActiveX clsid access (browser-plugins.rules) * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules) * 1:9633 <-> DISABLED <-> SERVER-OTHER Computer Associates Product Discovery Service type 9B remote buffer overflow attempt TCP (server-other.rules) * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manger dm.ini stack overflow attempt (file-other.rules) * 1:9638 <-> DISABLED <-> PROTOCOL-TFTP PUT Microsoft RIS filename overwrite attempt (protocol-tftp.rules) * 1:9640 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows ADODB.Connection ActiveX function call access (browser-plugins.rules) * 1:971 <-> DISABLED <-> SERVER-IIS ISAPI .printer access (server-iis.rules) * 1:974 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS directory traversal attempt (server-iis.rules) * 1:9813 <-> DISABLED <-> SERVER-OTHER Symantec NetBackup connect_options buffer overflow attempt (server-other.rules) * 1:9814 <-> DISABLED <-> BROWSER-PLUGINS ICQPhone.SipxPhoneManager ActiveX clsid access (browser-plugins.rules) * 1:9816 <-> DISABLED <-> BROWSER-PLUGINS ICQPhone.SipxPhoneManager ActiveX function call access (browser-plugins.rules) * 1:9823 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime RTSP URI overflow attempt (file-multimedia.rules) * 1:9840 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime HREF Track Detected (file-multimedia.rules) * 1:9841 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook VEVENT overflow attempt (server-mail.rules) * 1:9843 <-> DISABLED <-> FILE-PDF Adobe Acrobat Plugin JavaScript parameter double free attempt (file-pdf.rules) * 1:9845 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:9849 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vector Markup Language recolorinfo tag numcolors parameter buffer overflow attempt (os-windows.rules) * 1:10011 <-> DISABLED <-> SERVER-MAIL Novell NetMail APPEND command buffer overflow attempt (server-mail.rules) * 1:10015 <-> DISABLED <-> BROWSER-PLUGINS Oracle ORADC ActiveX clsid access (browser-plugins.rules) * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules) * 1:10024 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ClientDBMiniAgentClose attempt (netbios.rules) * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules) * 1:10036 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor ASRemotePFC overflow attempt (netbios.rules) * 1:10050 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 ASDBLoginToComputer overflow attempt (netbios.rules) * 1:10116 <-> DISABLED <-> POLICY-SOCIAL AIM GoChat URL access attempt (policy-social.rules) * 1:10117 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGCBHandleFromGroupName overflow attempt (netbios.rules) * 1:10126 <-> DISABLED <-> FILE-IMAGE Apple QuickTime JPEG Huffman Table integer underflow attempt (file-image.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:10132 <-> DISABLED <-> PROTOCOL-RPC portmap BrightStor ARCserve denial of service attempt (protocol-rpc.rules) * 1:10133 <-> DISABLED <-> PROTOCOL-RPC portmap BrightStor ARCserve denial of service attempt (protocol-rpc.rules) * 1:10135 <-> DISABLED <-> SERVER-OTHER Squid proxy FTP denial of service attempt (server-other.rules) * 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules) * 1:10192 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Ierpplug.dll ActiveX clsid access (browser-plugins.rules) * 1:10193 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Ierpplug.dll ActiveX function call access (browser-plugins.rules) * 1:10194 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Ierpplug.dll ActiveX function call access (browser-plugins.rules) * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules) * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) * 1:1028 <-> DISABLED <-> SERVER-IIS query.asp access (server-iis.rules) * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules) * 1:1042 <-> DISABLED <-> SERVER-IIS view source via translate header (server-iis.rules) * 1:10475 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP notification type overflow attempt (os-windows.rules) * 1:10482 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp request (protocol-rpc.rules) * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 15,16,17 attempt (netbios.rules) * 1:10504 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:10505 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules) * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules) * 1:11000 <-> DISABLED <-> SERVER-ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt (server-oracle.rules) * 1:11004 <-> ENABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication request detected (protocol-imap.rules) * 1:11176 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office PowerPoint Viewer ActiveX clsid access (browser-plugins.rules) * 1:11180 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie ftyp buffer underflow (file-multimedia.rules) * 1:11181 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Excel Viewer ActiveX clsid access (browser-plugins.rules) * 1:11185 <-> DISABLED <-> SERVER-OTHER CA eTrust key handling dos via username attempt (server-other.rules) * 1:11187 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Word Viewer ActiveX clsid access (browser-plugins.rules) * 1:11192 <-> DISABLED <-> FILE-EXECUTABLE download of executable content (file-executable.rules) * 1:11199 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Viewer ActiveX clsid access (browser-plugins.rules) * 1:11204 <-> DISABLED <-> SERVER-ORACLE Oracle Database DBMS_AQADM_SYS package GRANT_TYPE_ACCESS procedure SQL injection attempt (server-oracle.rules) * 1:11228 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Input Method Editor 3 ActiveX clsid access (browser-plugins.rules) * 1:11258 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Named Graph Information unicode overflow attempt (file-office.rules) * 1:11267 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop PNG file handling stack buffer overflow attempt (file-image.rules) * 1:11288 <-> DISABLED <-> PROTOCOL-RPC portmap mountd tcp request (protocol-rpc.rules) * 1:11289 <-> DISABLED <-> PROTOCOL-RPC portmap mountd tcp zero-length payload denial of service attempt (protocol-rpc.rules) * 1:11290 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed named graph information ascii overflow attempt (file-office.rules) * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:1147 <-> DISABLED <-> SERVER-WEBAPP cat_ access (server-webapp.rules) * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules) * 1:11679 <-> DISABLED <-> SERVER-APACHE Apache mod_rewrite buffer overflow attempt (server-apache.rules) * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (server-webapp.rules) * 1:11687 <-> DISABLED <-> SERVER-APACHE Apache SSI error page cross-site scripting attempt (server-apache.rules) * 1:11822 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Webcam Upload ActiveX clsid access (browser-plugins.rules) * 1:11826 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Voice Control Recognition ActiveX clsid access (browser-plugins.rules) * 1:11830 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Direct Speech Recognition ActiveX clsid access (browser-plugins.rules) * 1:11834 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer navcancl.htm url spoofing attempt (browser-ie.rules) * 1:11835 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:11836 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio version number anomaly (file-office.rules) * 1:11838 <-> DISABLED <-> OS-WINDOWS Microsoft Windows API res buffer overflow attempt (os-windows.rules) * 1:11947 <-> DISABLED <-> OS-WINDOWS Microsoft Windows schannel security package (os-windows.rules) * 1:11966 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS tag memory corruption attempt (browser-ie.rules) * 1:11970 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:12027 <-> ENABLED <-> SQL Ingres Database uuid_from_char buffer overflow attempt (sql.rules) * 1:12046 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind RPC Library unix authentication buffer overflow attempt (protocol-rpc.rules) * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules) * 1:12070 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed version field (file-office.rules) * 1:12075 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt (protocol-rpc.rules) * 1:12076 <-> DISABLED <-> SERVER-OTHER Ipswitch WS_FTP log server long unicode string (server-other.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer Heap buffer overflow (server-other.rules) * 1:12081 <-> DISABLED <-> SERVER-OTHER BakBone NetVault server heap overflow attempt (server-other.rules) * 1:12099 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWindow1 record handling arbitrary code execution attempt (file-office.rules) * 1:12100 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP ca-alert function 16,23 overflow attempt (netbios.rules) * 1:12182 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:12183 <-> DISABLED <-> FILE-FLASH Adobe FLV long string script data buffer overflow attempt (file-flash.rules) * 1:12184 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel workbook workspace designation handling arbitrary code execution attempt (file-office.rules) * 1:12187 <-> DISABLED <-> PROTOCOL-RPC portmap 2112 tcp rename_principal attempt (protocol-rpc.rules) * 1:12193 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Widgets Engine ActiveX clsid access (browser-plugins.rules) * 1:12197 <-> DISABLED <-> SERVER-OTHER CA message queuing server buffer overflow attempt (server-other.rules) * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules) * 1:12199 <-> DISABLED <-> SERVER-OTHER RIM BlackBerry SRP negative string size (server-other.rules) * 1:12202 <-> DISABLED <-> SERVER-OTHER Ingres long message heap buffer overflow attempt (server-other.rules) * 1:12203 <-> DISABLED <-> BROWSER-PLUGINS VMWare Vielib.dll ActiveX clsid access (browser-plugins.rules) * 1:12213 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail search date command buffer overflow attempt (server-mail.rules) * 1:12216 <-> DISABLED <-> SERVER-OTHER Borland interbase Create Request opcode string length buffer overflow attempt (server-other.rules) * 1:12218 <-> DISABLED <-> SERVER-OTHER Borland interbase string length buffer overflow attempt (server-other.rules) * 1:12219 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer SMIL wallclock parsing buffer overflow (file-multimedia.rules) * 1:12222 <-> DISABLED <-> SERVER-OTHER Squid proxy long WCCP packet (server-other.rules) * 1:12223 <-> DISABLED <-> SERVER-OTHER Novell WebAdmin long user name (server-other.rules) * 1:12250 <-> DISABLED <-> BROWSER-PLUGINS Symantec NavComUI AxSysListView32OAA ActiveX clsid access (browser-plugins.rules) * 1:12256 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed FBI record buffer overflow attempt (file-office.rules) * 1:1226 <-> DISABLED <-> X11 xopen (x11.rules) * 1:12269 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Basic 6 TLIApplication ActiveX clsid access (browser-plugins.rules) * 1:12278 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player compressed skin download request (file-identify.rules) * 1:12279 <-> DISABLED <-> OS-WINDOWS Microsoft XML substringData integer overflow attempt (os-windows.rules) * 1:12280 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML source file memory corruption attempt (browser-ie.rules) * 1:12283 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:12284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtWnDesk record memory corruption exploit attempt (file-office.rules) * 1:12286 <-> DISABLED <-> FILE-OTHER PCRE character class heap buffer overflow attempt (file-other.rules) * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules) * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules) * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules) * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules) * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules) * 1:12358 <-> DISABLED <-> SERVER-OTHER Helix DNA Server RTSP require tag heap overflow attempt (server-other.rules) * 1:12392 <-> DISABLED <-> SERVER-MAIL GNU Mailutils request tag format string vulnerability attempt (server-mail.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules) * 1:12448 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Agent Control ActiveX clsid access (browser-plugins.rules) * 1:12454 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:12455 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file download request (file-identify.rules) * 1:12456 <-> DISABLED <-> FILE-IDENTIFY SAP Crystal Reports file magic detected (file-identify.rules) * 1:12459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Studio 6 PDWizard.ocx ActiveX clsid access attempt (browser-plugins.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules) * 1:12489 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP wkssvc NetrWkstaGetInfo attempt (netbios.rules) * 1:12591 <-> DISABLED <-> SERVER-APACHE Apache mod_cache denial of service attempt (server-apache.rules) * 1:12592 <-> DISABLED <-> SERVER-MAIL Recipient arbitrary command injection attempt (server-mail.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules) * 1:12618 <-> DISABLED <-> FILE-OTHER Microsoft Visual Basic VBP file reference overflow attempt (file-other.rules) * 1:12629 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint cross site scripting attempt (server-webapp.rules) * 1:12630 <-> DISABLED <-> INDICATOR-SHELLCODE unescape unicode encoded shellcode (indicator-shellcode.rules) * 1:12635 <-> DISABLED <-> OS-WINDOWS RPC NTLMSSP malformed credentials attempt (os-windows.rules) * 1:12641 <-> DISABLED <-> FILE-IDENTIFY Microsoft Word for Mac 5 file magic detected (file-identify.rules) * 1:12665 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGSever username buffer overflow attempt (server-other.rules) * 1:12666 <-> DISABLED <-> SERVER-OTHER HP OpenView OVTrace buffer overflow attempt (server-other.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manger Express CAD Host buffer overflow (server-other.rules) * 1:12688 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ShellExecute and IE7 url handling code execution attempt (os-windows.rules) * 1:12706 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes MIF viewer statement data overflow (server-mail.rules) * 1:12707 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer lyrics heap overflow attempt (file-multimedia.rules) * 1:12713 <-> DISABLED <-> SERVER-ORACLE pitrig_dropmetadata buffer overflow attempt (server-oracle.rules) * 1:12728 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks SMIL wallclock stack overflow attempt (file-multimedia.rules) * 1:12729 <-> DISABLED <-> BROWSER-PLUGINS AOL Radio AmpX ActiveX clsid access (browser-plugins.rules) * 1:12741 <-> DISABLED <-> SERVER-OTHER Apple Quicktime TCP RTSP sdp type buffer overflow attempt (server-other.rules) * 1:12743 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC picture description metadata buffer overflow attempt (file-multimedia.rules) * 1:12744 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC VORBIS string buffer overflow attempt (file-multimedia.rules) * 1:12745 <-> DISABLED <-> FILE-MULTIMEDIA FLAC libFLAC picture metadata buffer overflow attempt (file-multimedia.rules) * 1:12746 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD atom overflow attempt (file-multimedia.rules) * 1:12757 <-> DISABLED <-> FILE-IMAGE Apple QuickTime uncompressed PICT stack overflow attempt (file-image.rules) * 1:12766 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX clsid access (browser-plugins.rules) * 1:12767 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL ActiveX function call access (browser-plugins.rules) * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules) * 1:12770 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows obfuscated RDS.Dataspace ActiveX exploit attempt (browser-plugins.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:1279 <-> DISABLED <-> PROTOCOL-RPC portmap snmpXdmi request UDP (protocol-rpc.rules) * 1:12798 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12799 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12800 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12802 <-> DISABLED <-> INDICATOR-SHELLCODE base64 x86 NOOP (indicator-shellcode.rules) * 1:12807 <-> DISABLED <-> FILE-IDENTIFY Lotus 123 file attachment (file-identify.rules) * 1:12904 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup vmd shared library buffer overflow attempt (server-other.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules) * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules) * 1:12971 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX directshow wav file overflow attempt (file-multimedia.rules) * 1:12972 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player asf/wmv/wma file magic detected (file-identify.rules) * 1:12977 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt (os-windows.rules) * 1:12978 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal overflow attempt (os-windows.rules) * 1:12983 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX SAMI file CRawParser buffer overflow attempt (file-multimedia.rules) * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules) * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules) * 1:13210 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat overflow attempt (os-windows.rules) * 1:13211 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat overflow attempt (os-windows.rules) * 1:13219 <-> DISABLED <-> BROWSER-PLUGINS HP Software Update RulesEngine.dll ActiveX clsid access (browser-plugins.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:13224 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Toolbar YShortcut ActiveX clsid access (browser-plugins.rules) * 1:13249 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 10/8 address detected (protocol-dns.rules) * 1:1325 <-> DISABLED <-> INDICATOR-SHELLCODE ssh CRC32 overflow filler (indicator-shellcode.rules) * 1:13252 <-> DISABLED <-> PROTOCOL-RPC portmap 390113 tcp procedure 4 attempt (protocol-rpc.rules) * 1:13258 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 6 ActiveX clsid access (browser-plugins.rules) * 1:13260 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 6 ActiveX function call access (browser-plugins.rules) * 1:13262 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX clsid access (browser-plugins.rules) * 1:13264 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX function call access (browser-plugins.rules) * 1:13288 <-> DISABLED <-> OS-WINDOWS Microsoft Windows remote kernel tcp/ip icmp vulnerability exploit attempt (os-windows.rules) * 1:13291 <-> DISABLED <-> SERVER-SAMBA Samba send_mailslot buffer overflow attempt (server-samba.rules) * 1:13292 <-> DISABLED <-> PUA-OTHER Skype skype4com URI handler memory corruption attempt (pua-other.rules) * 1:13293 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules) * 1:13294 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX clsid access (browser-plugins.rules) * 1:13296 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Rich TextBox ActiveX clsid access (browser-plugins.rules) * 1:13300 <-> DISABLED <-> FILE-FLASH Adobe Flash Player embedded JPG image height overflow attempt (file-flash.rules) * 1:13302 <-> DISABLED <-> SERVER-APACHE Apache mod_imagemap cross site scripting attempt (server-apache.rules) * 1:13303 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual FoxPro 2 ActiveX clsid access (browser-plugins.rules) * 1:13317 <-> DISABLED <-> FILE-MULTIMEDIA 3ivx MP4 file parsing nam buffer overflow attempt (file-multimedia.rules) * 1:13321 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Package and Deployment Wizard ActiveX clsid access (browser-plugins.rules) * 1:13356 <-> ENABLED <-> SQL SAP MaxDB shell command injection attempt (sql.rules) * 1:13361 <-> DISABLED <-> FILE-OTHER ClamAV MEW PE file integer overflow attempt (file-other.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules) * 1:13364 <-> DISABLED <-> SERVER-MAIL Novell GroupWise client IMG SRC buffer overflow (server-mail.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules) * 1:13366 <-> DISABLED <-> SERVER-ORACLE Oracle database SYS.LT.FINDRICSET SQL injection attempt (server-oracle.rules) * 1:13419 <-> DISABLED <-> BROWSER-PLUGINS Facebook Photo Uploader ActiveX clsid access (browser-plugins.rules) * 1:13449 <-> DISABLED <-> OS-WINDOWS Microsoft Windows vbscript/jscript scripting engine end buffer overflow attempt (os-windows.rules) * 1:13455 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DXLUTBuilder ActiveX function call access (browser-ie.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules) * 1:13465 <-> DISABLED <-> FILE-IDENTIFY Microsoft Works file download request (file-identify.rules) * 1:13466 <-> DISABLED <-> FILE-OFFICE Microsoft Works file converter file section length headers memory corruption attempt (file-office.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:13472 <-> DISABLED <-> FILE-OFFICE Microsoft Works invalid chunk size (file-office.rules) * 1:13473 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file download request (file-identify.rules) * 1:13513 <-> DISABLED <-> SQL generic sql insert injection attempt - GET parameter (sql.rules) * 1:13515 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime user agent (file-multimedia.rules) * 1:13516 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime HTTP error response buffer overflow (file-multimedia.rules) * 1:13517 <-> DISABLED <-> FILE-MULTIMEDIA Apple Quicktime malformed idsc atom (file-multimedia.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules) * 1:13523 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:13525 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:13539 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX clsid access (browser-plugins.rules) * 1:13551 <-> DISABLED <-> SERVER-ORACLE Oracle XDB.XDB_PITRIG_PKG sql injection attempt (server-oracle.rules) * 1:13552 <-> DISABLED <-> SERVER-OTHER Symantec VERITAS Storage Foundation Suite buffer overflow attempt (server-other.rules) * 1:13553 <-> DISABLED <-> SERVER-OTHER Sybase SQL Anywhere Mobilink username string buffer overflow (server-other.rules) * 1:13569 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel macro validation arbitrary code execution attempt (file-office.rules) * 1:13570 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel cf record arbitrary code excecution attempt (file-office.rules) * 1:13571 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel dval record arbitrary code excecution attempt (file-office.rules) * 1:13572 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:13573 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook arbitrary command line attempt (file-office.rules) * 1:13583 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file download request (file-identify.rules) * 1:13585 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:13603 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer Download Handler ActiveX function call access (browser-plugins.rules) * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules) * 1:13621 <-> DISABLED <-> BROWSER-PLUGINS CA BrightStor ListCtrl ActiveX clsid access (browser-plugins.rules) * 1:13626 <-> DISABLED <-> FILE-IDENTIFY Microsoft Office Access file magic detected (file-identify.rules) * 1:13631 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services log handling format string attempt (server-other.rules) * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (server-webapp.rules) * 1:13663 <-> DISABLED <-> SERVER-MAIL Alt-N MDaemon IMAP Server FETCH command buffer overflow attempt (server-mail.rules) * 1:13664 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:13665 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF file invalid memory allocation exploit attempt (file-office.rules) * 1:13672 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Help 2.0 Contents Control 2 ActiveX clsid access (browser-plugins.rules) * 1:13677 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer data stream memory corruption attempt (browser-ie.rules) * 1:13693 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules) * 1:13696 <-> DISABLED <-> POLICY-OTHER TOR proxy connection initiation (policy-other.rules) * 1:13714 <-> DISABLED <-> SERVER-MYSQL yaSSL SSLv3 Client Hello Message Cipher Specs Buffer Overflow attempt (server-mysql.rules) * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:13734 <-> DISABLED <-> BROWSER-PLUGINS HP eSupportDiagnostics 10 ActiveX clsid access (browser-plugins.rules) * 1:13800 <-> DISABLED <-> SERVER-OTHER ARCServe LGServer service data overflow attempt (server-other.rules) * 1:13801 <-> ENABLED <-> FILE-IDENTIFY RTF file download request (file-identify.rules) * 1:13807 <-> DISABLED <-> FILE-IMAGE Microsoft Windows metafile SetPaletteEntries heap overflow attempt (file-image.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:13820 <-> DISABLED <-> FILE-FLASH Adobe Flash Player SWF scene and label data memory corruption attempt (file-flash.rules) * 1:13827 <-> DISABLED <-> OS-WINDOWS Microsoft Windows PGM denial of service attempt (os-windows.rules) * 1:13834 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer request header overwrite (browser-ie.rules) * 1:13838 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IFRAME style change handling code execution (browser-firefox.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules) * 1:1384 <-> DISABLED <-> OS-WINDOWS Microsoft Windows UPnP malformed advertisement (os-windows.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:13846 <-> DISABLED <-> SERVER-OTHER Veritas Backup Agent password overflow attempt (server-other.rules) * 1:13865 <-> DISABLED <-> FILE-IMAGE BMP image handler buffer overflow attempt (file-image.rules) * 1:13893 <-> DISABLED <-> FILE-OTHER Microsoft malformed saved search heap corruption attempt (file-other.rules) * 1:13894 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook Web Access From field cross-site scripting attempt (server-mail.rules) * 1:13895 <-> DISABLED <-> SERVER-MAIL Microsoft Office Outlook Web Access invalid CSS escape sequence script execution attempt (server-mail.rules) * 1:13896 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL server MTF file download (server-mssql.rules) * 1:1390 <-> DISABLED <-> INDICATOR-SHELLCODE x86 inc ebx NOOP (indicator-shellcode.rules) * 1:13901 <-> DISABLED <-> NETBIOS SMB server response heap overflow attempt (netbios.rules) * 1:13902 <-> DISABLED <-> SERVER-OTHER IBM Lotus Sametime multiplexer stack buffer overflow attempt (server-other.rules) * 1:13905 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Access Snapshot Viewer ActiveX function call access (browser-plugins.rules) * 1:13911 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file download request (file-identify.rules) * 1:13913 <-> DISABLED <-> BROWSER-PLUGINS AcroPDF.PDF ActiveX function call access (browser-plugins.rules) * 1:13916 <-> DISABLED <-> SERVER-WEBAPP Alt-N SecurityGateway username buffer overflow attempt (server-webapp.rules) * 1:13917 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:13919 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file string handling integer overflow attempt (file-multimedia.rules) * 1:13920 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Obji Atom parsing stack buffer overflow attempt (file-multimedia.rules) * 1:13925 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager PASV stack overflow attempt (protocol-ftp.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules) * 1:13928 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp r0 SQL injection attempt (server-webapp.rules) * 1:13929 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp rx SQL injection attempt (server-webapp.rules) * 1:13949 <-> DISABLED <-> PROTOCOL-DNS excessive outbound NXDOMAIN replies - possible spoof of domain run by local DNS servers (protocol-dns.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules) * 1:13951 <-> DISABLED <-> SERVER-WEBAPP Oracle Database Server buffer overflow attempt (server-webapp.rules) * 1:13971 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflow attempt (file-office.rules) * 1:13972 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel country record arbitrary code execution attempt (file-office.rules) * 1:13980 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer http status response memory corruption vulnerability (browser-ie.rules) * 1:13981 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed chart arbitrary code execution attempt (file-office.rules) * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules) * 1:14013 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX clsid access (browser-plugins.rules) * 1:14015 <-> DISABLED <-> BROWSER-PLUGINS Cisco WebEx Meeting Manager atucfobj ActiveX function call access (browser-plugins.rules) * 1:14017 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file download request (file-identify.rules) * 1:14018 <-> DISABLED <-> FILE-IDENTIFY PLS multimedia playlist file download request (file-identify.rules) * 1:14021 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Visual Studio Msmask32 ActiveX clsid access (browser-plugins.rules) * 1:14025 <-> DISABLED <-> BROWSER-PLUGINS Computer Associates gui_cm_ctrls ActiveX clsid access (browser-plugins.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules) * 1:14037 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:14038 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:14039 <-> DISABLED <-> FILE-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt (file-other.rules) * 1:14255 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Encoder 9 ActiveX clsid access (browser-plugins.rules) * 1:14261 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI VML gradient size heap overflow attempt (os-windows.rules) * 1:14262 <-> DISABLED <-> FILE-OFFICE Microsoft Office OneNote iframe caller exploit attempt (file-office.rules) * 1:14264 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media Player playlist download (file-identify.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules) * 1:14642 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel file with embedded ActiveX control (file-office.rules) * 1:14643 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer location and location.href cross domain security bypass vulnerability (browser-ie.rules) * 1:14644 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain unfocusable HTML element (browser-ie.rules) * 1:14645 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain setExpression exploit attempt (browser-ie.rules) * 1:14649 <-> DISABLED <-> OS-WINDOWS SMB Search Search filename size integer underflow attempt (os-windows.rules) * 1:14657 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain componentFromPoint memory corruption attempt (browser-ie.rules) * 1:14710 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP spoolss EnumJobs attempt (os-windows.rules) * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules) * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules) * 1:14743 <-> DISABLED <-> PROTOCOL-FTP RNTO directory traversal attempt (protocol-ftp.rules) * 1:14748 <-> DISABLED <-> BROWSER-PLUGINS Autodesk LiveUpdate ActiveX clsid access (browser-plugins.rules) * 1:14756 <-> DISABLED <-> BROWSER-PLUGINS Microsoft SQL Server 2000 Client Components ActiveX clsid access (browser-plugins.rules) * 1:14760 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX clsid access (browser-plugins.rules) * 1:14764 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service Agent ActiveX clsid access attempt (browser-plugins.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules) * 1:14769 <-> ENABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules) * 1:14770 <-> DISABLED <-> PROTOCOL-FTP Ipswitch WS_FTP client format string attempt (protocol-ftp.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:14782 <-> ENABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrpPathCanonicalize path canonicalization stack overflow attempt (os-windows.rules) * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules) * 1:14986 <-> DISABLED <-> INDICATOR-SHELLCODE x86 fldz get eip shellcode (indicator-shellcode.rules) * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules) * 1:14991 <-> ENABLED <-> SQL IBM DB2 Universal Database xmlquery buffer overflow attempt (sql.rules) * 1:14992 <-> DISABLED <-> SERVER-WEBAPP Openwsman HTTP basic authentication buffer overflow attempt (server-webapp.rules) * 1:1500 <-> DISABLED <-> SERVER-WEBAPP ExAir access (server-webapp.rules) * 1:15013 <-> ENABLED <-> FILE-IDENTIFY PDF file download request (file-identify.rules) * 1:15014 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:15015 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrUseAdd/NetrUseGetInfo/NetrUseDel overflow attempt (os-windows.rules) * 1:15078 <-> DISABLED <-> SERVER-OTHER HP Openview Network Node Manager OValarmsrv buffer overflow attempt (server-other.rules) * 1:15079 <-> DISABLED <-> FILE-IDENTIFY WAV file download request (file-identify.rules) * 1:15080 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player WAV processing integer overflow attempt (file-multimedia.rules) * 1:15081 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start xml encoding buffer overflow attempt (file-java.rules) * 1:15082 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rtf malformed dpcallout buffer overflow attempt (file-office.rules) * 1:15098 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic FlexGrid ActiveX function call access (browser-plugins.rules) * 1:15100 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Visual Basic Hierarchical FlexGrid ActiveX clsid access (browser-plugins.rules) * 1:15104 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (file-multimedia.rules) * 1:15105 <-> DISABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules) * 1:15106 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file integer overflow attempt (file-office.rules) * 1:15107 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word .rtf file stylesheet buffer overflow attempt (file-office.rules) * 1:15108 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Server elevation of privilege exploit attempt (server-webapp.rules) * 1:15114 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer embed src buffer overflow attempt (browser-ie.rules) * 1:15116 <-> DISABLED <-> OS-WINDOWS Microsoft Windows search protocol remote command injection attempt (os-windows.rules) * 1:15122 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Shell.Explorer 2 ActiveX clsid access (browser-plugins.rules) * 1:15126 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt (browser-ie.rules) * 1:15143 <-> DISABLED <-> SERVER-MSSQL sp_replwritetovarbin unicode vulnerable function attempt (server-mssql.rules) * 1:15145 <-> DISABLED <-> SERVER-OTHER Apple CUPS TrueColor PNG filter overly large image height integer overflow attempt (server-other.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:15153 <-> DISABLED <-> PUA-OTHER Jive Software Openfire Jabber Server setup Authentication bypass attempt (pua-other.rules) * 1:15157 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF memory corruption attempt (file-multimedia.rules) * 1:15158 <-> DISABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file download request (file-identify.rules) * 1:15163 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio Object Header Buffer Overflow attempt (file-office.rules) * 1:15164 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG Layout Engine Index Parameter memory corruption attempt (browser-firefox.rules) * 1:15166 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player RealText buffer overflow attempt (file-multimedia.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15190 <-> DISABLED <-> SERVER-WEBAPP Youngzsoft CCProxy CONNECT Request buffer overflow attempt (server-webapp.rules) * 1:15192 <-> DISABLED <-> BROWSER-PLUGINS SizerOne ActiveX clsid access (browser-plugins.rules) * 1:15196 <-> DISABLED <-> OS-WINDOWS SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules) * 1:15220 <-> DISABLED <-> OS-WINDOWS SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules) * 1:15230 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Viewer 2 ActiveX clsid access (browser-plugins.rules) * 1:15236 <-> DISABLED <-> FILE-IMAGE ACD Systems ACDSee XPM file format overflow attempt (file-image.rules) * 1:15237 <-> ENABLED <-> FILE-IDENTIFY Java .class file download request (file-identify.rules) * 1:15238 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime for Java toQTPointer function memory corruption attempt (file-multimedia.rules) * 1:15239 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15240 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealMedia format file download request (file-identify.rules) * 1:15241 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC real.c ReadRealIndex real demuxer integer overflow attempt (file-multimedia.rules) * 1:15243 <-> DISABLED <-> BROWSER-PLUGINS AXIS Camera ActiveX clsid access (browser-plugins.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules) * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules) * 1:15264 <-> DISABLED <-> SERVER-WEBAPP Oracle TimesTen In-Memory Database evtdump CGI module format string exploit attempt (server-webapp.rules) * 1:15266 <-> DISABLED <-> BROWSER-PLUGINS MW6 Technologies Barcode ActiveX clsid access (browser-plugins.rules) * 1:15294 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file download request (file-identify.rules) * 1:15302 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange System Attendant denial of service attempt (server-mail.rules) * 1:15304 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt (browser-ie.rules) * 1:15305 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:15306 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable binary file magic detected (file-executable.rules) * 1:15311 <-> DISABLED <-> BROWSER-PLUGINS Research In Motion AxLoader ActiveX clsid access (browser-plugins.rules) * 1:15357 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JBIG2 remote code execution attempt (file-pdf.rules) * 1:15364 <-> DISABLED <-> SERVER-OTHER Ganglia Meta Daemon process_path stack buffer overflow attempt (server-other.rules) * 1:15367 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook web access script injection attempt (file-office.rules) * 1:15382 <-> DISABLED <-> SERVER-OTHER X.Org X Font Server QueryXBitmaps and QueryXExtents Handlers integer overflow attempt (server-other.rules) * 1:15383 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBL Event Handler Tags Removal memory corruption attempt (browser-firefox.rules) * 1:15384 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime pict image poly structure memory corruption attempt (file-multimedia.rules) * 1:15385 <-> DISABLED <-> FILE-IDENTIFY TwinVQ file download request (file-identify.rules) * 1:15386 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wpad dynamic update request (os-windows.rules) * 1:15387 <-> DISABLED <-> OS-WINDOWS udp WINS WPAD registration attempt (os-windows.rules) * 1:15427 <-> ENABLED <-> FILE-IDENTIFY SVG file download request (file-identify.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules) * 1:15431 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules) * 1:15443 <-> DISABLED <-> SERVER-MYSQL XML Functions UpdateXML Scalar XPath denial of service attempt (server-mysql.rules) * 1:15445 <-> DISABLED <-> SERVER-ORACLE Application Server BPEL module cross site scripting attempt (server-oracle.rules) * 1:15446 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory management console Accept-Language buffer overflow attempt (server-webapp.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:15463 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15464 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file download request (file-identify.rules) * 1:15466 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad WordPerfect 6.x converter buffer overflow attempt (file-office.rules) * 1:15467 <-> DISABLED <-> FILE-OFFICE Microsoft Office WordPad and Office Text Converters PlcPcd aCP buffer overflow attempt (file-office.rules) * 1:15468 <-> DISABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat dll request (browser-ie.rules) * 1:15472 <-> DISABLED <-> FILE-MULTIMEDIA Multiple MP3 player PLS buffer overflow attempt (file-multimedia.rules) * 1:15473 <-> DISABLED <-> FILE-MULTIMEDIA Multiple media players M3U playlist file handling buffer overflow attempt (file-multimedia.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules) * 1:15478 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid object reference code execution attempt (file-flash.rules) * 1:15483 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15485 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules) * 1:15488 <-> DISABLED <-> SERVER-ORACLE Oracle Database Application Express Component APEX password hash disclosure attempt (server-oracle.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules) * 1:15492 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader spell.customDictionaryOpen exploit attempt (file-pdf.rules) * 1:15493 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:15499 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 Component buffer overflow attempt (file-office.rules) * 1:15500 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint LinkedSlide memory corruption (file-office.rules) * 1:15504 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Download of version 4.0 file (file-office.rules) * 1:15505 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint HashCode10Atom memory corruption attempt (file-office.rules) * 1:15506 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint CurrentUserAtom remote code execution attempt (file-office.rules) * 1:15509 <-> DISABLED <-> SERVER-OTHER IBM DB2 database server CONNECT denial of service attempt (server-other.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:15514 <-> DISABLED <-> SERVER-OTHER Multiple Vendors NTP Daemon Autokey stack buffer overflow attempt (server-other.rules) * 1:15515 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server RollbackWorkspace SQL injection attempt (server-oracle.rules) * 1:15516 <-> ENABLED <-> FILE-IDENTIFY AVI multimedia file download request (file-identify.rules) * 1:15517 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI DirectShow QuickTime parsing overflow attempt (file-multimedia.rules) * 1:15518 <-> DISABLED <-> FILE-IDENTIFY Embedded Open Type Font file download request (file-identify.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:15539 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Formula record remote code execution attempt (file-office.rules) * 1:15540 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM memory corruption attempt (browser-ie.rules) * 1:15541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SST record remote code execution attempt (file-office.rules) * 1:15542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Qsir and Qsif record remote code execution attempt (file-office.rules) * 1:15555 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System Intel Alert Originator Service buffer overflow attempt (server-other.rules) * 1:15559 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie file clipping region handling heap buffer overflow attempt (file-multimedia.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules) * 1:15575 <-> DISABLED <-> FILE-IDENTIFY WordPerfect file magic detected (file-identify.rules) * 1:15580 <-> DISABLED <-> SERVER-OTHER Squid oversized reply header handling exploit attempt (server-other.rules) * 1:15586 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file download request (file-identify.rules) * 1:15587 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules) * 1:15670 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 6 ActiveX clsid access (browser-plugins.rules) * 1:15672 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 7 ActiveX clsid access (browser-plugins.rules) * 1:15681 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 file format arbitrary code execution attempt (file-office.rules) * 1:15682 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectShow QuickTime file stsc atom parsing heap corruption attempt (file-multimedia.rules) * 1:15685 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components 10 Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:15693 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table overflow attempt (file-other.rules) * 1:15694 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (file-other.rules) * 1:15697 <-> DISABLED <-> INDICATOR-OBFUSCATION rename of javascript unescape function detected (indicator-obfuscation.rules) * 1:15698 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules) * 1:15702 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules) * 1:15707 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes ITPC protocol handler stack buffer overflow attempt (file-multimedia.rules) * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules) * 1:15709 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader FlateDecode integer overflow attempt (file-pdf.rules) * 1:15710 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x3B null strings attempt (netbios.rules) * 1:15711 <-> DISABLED <-> PUA-OTHER mIRC PRIVMSG message processing overflow attempt (pua-other.rules) * 1:15722 <-> DISABLED <-> SERVER-ORACLE Oracle database server Workspace Manager multiple SQL injection attempt (server-oracle.rules) * 1:15723 <-> DISABLED <-> SERVER-ORACLE Oracle database server CompressWorkspaceTree SQL injection attempt (server-oracle.rules) * 1:15724 <-> DISABLED <-> SERVER-ORACLE Oracle database server MergeWorkspace SQL injection attempt (server-oracle.rules) * 1:15725 <-> DISABLED <-> SERVER-ORACLE Oracle database server RemoveWorkspace SQL injection attempt (server-oracle.rules) * 1:15727 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules) * 1:15731 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer javascript deleted reference arbitrary code execution attempt (browser-ie.rules) * 1:15732 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS handling memory corruption attempt (browser-ie.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:15850 <-> DISABLED <-> OS-WINDOWS Remote Desktop orderType remote code execution attempt (os-windows.rules) * 1:15854 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile media file processing memory corruption attempt (file-multimedia.rules) * 1:15858 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Web Components Spreadsheet ActiveX clsid access (browser-plugins.rules) * 1:15860 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrGetJoinInformation attempt (os-windows.rules) * 1:15861 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX clsid access (browser-plugins.rules) * 1:15863 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX function call access (browser-plugins.rules) * 1:15865 <-> ENABLED <-> FILE-IDENTIFY MP4 file download request (file-identify.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules) * 1:15867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF font processing memory corruption attempt (file-pdf.rules) * 1:15868 <-> DISABLED <-> SQL Borland InterBase username buffer overflow (sql.rules) * 1:15869 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:15870 <-> DISABLED <-> FILE-IDENTIFY 4XM file download request (file-identify.rules) * 1:15871 <-> DISABLED <-> FILE-MULTIMEDIA FFmpeg 4xm processing memory corruption attempt (file-multimedia.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:15896 <-> DISABLED <-> SERVER-OTHER Firebird SQL op_connect_request denial of service attempt (server-other.rules) * 1:15900 <-> DISABLED <-> FILE-IDENTIFY Audio Interchange file download request (file-identify.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules) * 1:15902 <-> DISABLED <-> INDICATOR-SHELLCODE x86 win2k-2k3 decoder base shellcode (indicator-shellcode.rules) * 1:15906 <-> DISABLED <-> OS-LINUX Linux Kernel DCCP Protocol Handler dccp_setsockopt_change integer overflow attempt (os-linux.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules) * 1:15909 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime VR Track Header Atom heap corruption attempt (file-multimedia.rules) * 1:15910 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getElementById object corruption attempt (browser-ie.rules) * 1:15921 <-> DISABLED <-> FILE-IDENTIFY Microsoft multimedia format file download request (file-identify.rules) * 1:15922 <-> DISABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules) * 1:15934 <-> DISABLED <-> PROTOCOL-DNS dns response for rfc1918 172.16/12 address detected (protocol-dns.rules) * 1:15940 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer Multiple Products RA file processing overflow attempt (file-multimedia.rules) * 1:15941 <-> DISABLED <-> SERVER-OTHER Squid Proxy TRACE request remote DoS attempt (server-other.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15944 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory crafted LDAP request denial of service attempt (os-windows.rules) * 1:15945 <-> DISABLED <-> FILE-IDENTIFY RSS file download request (file-identify.rules) * 1:15946 <-> DISABLED <-> FILE-OTHER Microsoft Windows Vista Feed Headlines Gagdet code execution attempt (file-other.rules) * 1:15947 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Web Access Cross-Site Scripting attempt (file-office.rules) * 1:15948 <-> DISABLED <-> SERVER-OTHER CA License Software invalid command overflow attempt (server-other.rules) * 1:15950 <-> DISABLED <-> SERVER-OTHER McAfee LHA Type-2 file handling overflow attempt (server-other.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules) * 1:15954 <-> DISABLED <-> SERVER-MAIL SpamAssassin malformed email header DoS attempt (server-mail.rules) * 1:15955 <-> DISABLED <-> SERVER-ORACLE Application Server 9i Webcache file corruption attempt (server-oracle.rules) * 1:15956 <-> DISABLED <-> SERVER-ORACLE http Server mod_access restriction bypass attempt (server-oracle.rules) * 1:15957 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus zip file handling DoS attempt (file-other.rules) * 1:15958 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Remote Management overflow attempt (server-other.rules) * 1:15960 <-> DISABLED <-> SERVER-OTHER Novell eDirectory MS-DOS device name DoS attempt (server-other.rules) * 1:15961 <-> DISABLED <-> SERVER-OTHER 3Com Network Supervisor directory traversal attempt (server-other.rules) * 1:15962 <-> DISABLED <-> SERVER-WEBAPP Sybase EAServer WebConsole overflow attempt (server-webapp.rules) * 1:15987 <-> ENABLED <-> FILE-IDENTIFY DXF file download request (file-identify.rules) * 1:15990 <-> DISABLED <-> SERVER-WEBAPP Multiple Vendor server file disclosure attempt (server-webapp.rules) * 1:15993 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript intrf_count integer overflow attempt (file-flash.rules) * 1:15994 <-> DISABLED <-> SERVER-OTHER Squid strListGetItem denial of service attempt (server-other.rules) * 1:15995 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed avi file mjpeg compression arbitrary code execution attempt (file-multimedia.rules) * 1:15997 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JIT escape function memory corruption attempt (browser-firefox.rules) * 1:15998 <-> DISABLED <-> SERVER-OTHER HP OpenView Client Configuration Manager Radia Notify Daemon code execution attempt (server-other.rules) * 1:15999 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products frame comment objects manipulation memory corruption attempt (browser-firefox.rules) * 1:16000 <-> DISABLED <-> FILE-IMAGE Sun Microsystems Java gif handling memory corruption attempt (file-image.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:16004 <-> DISABLED <-> FILE-OTHER Apple Mac OS X installer package filename format string vulnerability (file-other.rules) * 1:16005 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules) * 1:16006 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime color table id memory corruption attempt (file-multimedia.rules) * 1:16007 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt (browser-ie.rules) * 1:16008 <-> DISABLED <-> OS-WINDOWS Multiple Products excessive HTTP 304 Not Modified responses exploit attempt (os-windows.rules) * 1:16009 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products overflow event handling memory corruption attempt (browser-firefox.rules) * 1:16010 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Javascript Page update race condition attempt (browser-ie.rules) * 1:16011 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS property method handling memory corruption attempt (browser-ie.rules) * 1:16013 <-> DISABLED <-> SERVER-OTHER IBM solidDB logging function format string exploit attempt (server-other.rules) * 1:16014 <-> DISABLED <-> SERVER-OTHER Novell eDirectory HTTP headers denial of service attempt (server-other.rules) * 1:16016 <-> DISABLED <-> OS-WINDOWS Microsoft client for netware overflow attempt (os-windows.rules) * 1:16017 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino LDAP server invalid DN message buffer overflow attempt (server-other.rules) * 1:16018 <-> DISABLED <-> SERVER-OTHER HP OpenView network node manager buffer overflow (server-other.rules) * 1:16019 <-> DISABLED <-> SERVER-OTHER Novell Distributed Print Services integer overflow attempt (server-other.rules) * 1:16020 <-> DISABLED <-> SERVER-MYSQL login handshake information disclosure attempt (server-mysql.rules) * 1:16021 <-> DISABLED <-> SERVER-APACHE Apache http Server mod_tcl format string attempt (server-apache.rules) * 1:16022 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows Vista Windows mail file execution attempt (file-executable.rules) * 1:16027 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp midi file header overflow attempt (file-multimedia.rules) * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules) * 1:16031 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested object tag memory corruption attempt (browser-ie.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules) * 1:16033 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer compressed content attempt (browser-ie.rules) * 1:16035 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:16036 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products QueryInterface method memory corruption attempt (browser-firefox.rules) * 1:16037 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products graphics and XML features integer overflows attempt (browser-firefox.rules) * 1:16039 <-> DISABLED <-> SERVER-OTHER EMC Dantz Retrospect Backup Agent denial of service attempt (server-other.rules) * 1:16041 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime FLIC animation file buffer overflow attempt (file-multimedia.rules) * 1:16042 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers CSS moz-binding cross domain scripting attempt (browser-firefox.rules) * 1:16045 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross domain information disclosure attempt (browser-ie.rules) * 1:16046 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer RealMedia file format processing heap corruption attempt (file-multimedia.rules) * 1:16047 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox layout frame constructor memory corruption attempt (browser-firefox.rules) * 1:16048 <-> DISABLED <-> SERVER-OTHER Microsoft ASP.NET application folder info disclosure attempt (server-other.rules) * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules) * 1:16052 <-> DISABLED <-> SERVER-OTHER Novell iManager Tree parameter denial of service attempt (server-other.rules) * 1:16054 <-> DISABLED <-> FILE-IMAGE Apple QuickTime bitmap multiple header overflow (file-image.rules) * 1:16055 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes AAC file handling integer overflow attempt (file-multimedia.rules) * 1:16058 <-> DISABLED <-> SERVER-SAMBA Samba WINS Server Name Registration handling stack buffer overflow attempt (server-samba.rules) * 1:16059 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed file format parsing code execution attempt (file-office.rules) * 1:16060 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino LDAP server memory exception attempt (server-other.rules) * 1:16061 <-> DISABLED <-> FILE-IDENTIFY X PixMap file download request (file-identify.rules) * 1:16063 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer isindex buffer overflow attempt (browser-ie.rules) * 1:16064 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onBeforeUnload address bar spoofing attempt (browser-ie.rules) * 1:16065 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer location.replace memory corruption attempt (browser-ie.rules) * 1:16066 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Server driver crafted SMB data denial of service (os-windows.rules) * 1:16067 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer DOM object cache management memory corruption attempt (browser-ie.rules) * 1:16069 <-> DISABLED <-> SERVER-OTHER IBM Informix server argument processing overflow attempt (server-other.rules) * 1:16070 <-> DISABLED <-> FILE-OTHER X.org PCF parsing buffer overflow attempt (file-other.rules) * 1:16071 <-> DISABLED <-> SERVER-OTHER CA ARCServe Backup Discovery Service denial of service attempt (server-other.rules) * 1:16072 <-> DISABLED <-> SERVER-OTHER CUPS server query metacharacter buffer overflow attempt (server-other.rules) * 1:16075 <-> DISABLED <-> SQL Suspicious SQL ansi_padding option (sql.rules) * 1:16079 <-> DISABLED <-> SERVER-WEBAPP uselang code injection (server-webapp.rules) * 1:16083 <-> DISABLED <-> PROTOCOL-RPC portmap 395650 tcp request (protocol-rpc.rules) * 1:16087 <-> DISABLED <-> FILE-OTHER Multiple vendor AV gateway virus detection bypass attempt (file-other.rules) * 1:16089 <-> DISABLED <-> OS-WINDOWS Microsoft Windows embedded web font handling buffer overflow attempt (os-windows.rules) * 1:16090 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Core XML core services XMLHTTP control open method code execution attempt (browser-plugins.rules) * 1:16091 <-> DISABLED <-> SERVER-OTHER Macromedia Flash Media Server administration service denial of service attempt (server-other.rules) * 1:16142 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox PKCS11 module installation code execution attempt (browser-firefox.rules) * 1:16143 <-> DISABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:16145 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point buffer overflow attempt (browser-webkit.rules) * 1:16147 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS malformed URL .dll denial of service attempt (server-iis.rules) * 1:16148 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime and iTunes heap memory corruption attempt (file-multimedia.rules) * 1:16169 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer dynamic style update memory corruption attempt (browser-ie.rules) * 1:16187 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectShow MJPEG arbitrary code execution attempt (os-windows.rules) * 1:16188 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint bad text header txttype attempt (file-office.rules) * 1:16189 <-> DISABLED <-> SERVER-ORACLE Database REPCAT_RPC.VALIDATE_REMOTE_RC SQL injection attempt (server-oracle.rules) * 1:16190 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server property_box.php command injection attempt (server-oracle.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request content-length heap buffer overflow attempt (server-webapp.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:16197 <-> DISABLED <-> SERVER-OTHER OpenLDAP ber_get_next BER decoding denial of service attempt (server-other.rules) * 1:16199 <-> DISABLED <-> SERVER-MAIL SpamAssassin long message header denial of service attempt (server-mail.rules) * 1:16200 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox command line URL shell command injection attempt (browser-firefox.rules) * 1:16201 <-> DISABLED <-> SERVER-MAIL Ipswitch Collaboration Suite SMTP format string exploit attempt (server-mail.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules) * 1:16205 <-> ENABLED <-> FILE-IDENTIFY BMP file download request (file-identify.rules) * 1:16206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS server spoofing attempt (os-windows.rules) * 1:16207 <-> DISABLED <-> SERVER-WEBAPP MIT Kerberos V% KAdminD klog_vsyslog server overflow attempt (server-webapp.rules) * 1:16208 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server Distributed Management Objects overflow attempt (server-mssql.rules) * 1:16209 <-> DISABLED <-> SERVER-OTHER FreeRADIUS RADIUS server rad_decode remote denial of service attempt (server-other.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules) * 1:16214 <-> DISABLED <-> SERVER-OTHER Squid Proxy invalid HTTP response code denial of service attempt (server-other.rules) * 1:16215 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server Portal cross site scripting attempt (server-oracle.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16219 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:16231 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:16283 <-> DISABLED <-> SERVER-WEBAPP Borland StarTeam Multicast Service buffer overflow attempt (server-webapp.rules) * 1:16284 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ClearTextRun exploit attempt (browser-firefox.rules) * 1:16286 <-> ENABLED <-> FILE-IDENTIFY TrueType font file download request (file-identify.rules) * 1:16288 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt (file-java.rules) * 1:16291 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Network Security Services regexp heap overflow attempt (browser-firefox.rules) * 1:16292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla CSS value counter overflow attempt (browser-firefox.rules) * 1:16294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows TCP stack zero window size exploit attempt (os-windows.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules) * 1:16300 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML comment creation attempt (browser-ie.rules) * 1:16301 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML textnode creation attempt (browser-ie.rules) * 1:16310 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6/7 outerHTML invalid reference arbitrary code execution attempt (browser-ie.rules) * 1:16311 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6/7 single line outerHTML invalid reference arbitrary code execution attempt (browser-ie.rules) * 1:16318 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio invalid ho tag attempt (file-office.rules) * 1:16319 <-> DISABLED <-> BROWSER-IE Apple Safari-Internet Explorer SearchPath blended threat attempt (browser-ie.rules) * 1:16331 <-> DISABLED <-> FILE-FLASH Adobe Flash Player JPEG parsing heap overflow attempt (file-flash.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:16333 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader media.newPlayer memory corruption attempt (file-pdf.rules) * 1:16334 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader compressed media.newPlayer memory corruption attempt (file-pdf.rules) * 1:16339 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption attempt - obfuscated (browser-ie.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules) * 1:16341 <-> DISABLED <-> SERVER-OTHER IBM DB2 Database Server invalid data stream denial of service attempt (server-other.rules) * 1:16342 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVIFile truncated media file processing memory corruption attempt (file-multimedia.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules) * 1:16351 <-> DISABLED <-> PROTOCOL-VOIP CSeq buffer overflow attempt (protocol-voip.rules) * 1:16352 <-> DISABLED <-> OS-LINUX Linux Kernel NFSD Subsystem overflow attempt (os-linux.rules) * 1:16353 <-> DISABLED <-> FILE-MULTIMEDIA FFmpeg OGV file format memory corruption attempt (file-multimedia.rules) * 1:16359 <-> DISABLED <-> FILE-OTHER Adobe Illustrator DSC comment overflow attempt (file-other.rules) * 1:16360 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime Image Description Atom sign extension memory corruption attempt (file-multimedia.rules) * 1:16367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access memory corruption attempt (browser-ie.rules) * 1:16369 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object access memory corruption attempt - public exploit (browser-ie.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules) * 1:16376 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:16377 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:16378 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer deleted object cells reference memory corruption vulnerability (browser-ie.rules) * 1:16382 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML+TIME animatemotion property memory corruption attempt (browser-ie.rules) * 1:16383 <-> DISABLED <-> SERVER-ORACLE MDSYS drop table trigger injection attempt (server-oracle.rules) * 1:16384 <-> DISABLED <-> SERVER-OTHER VMware Server ISAPI Extension remote denial of service attempt (server-other.rules) * 1:16392 <-> DISABLED <-> SERVER-WEBAPP Oracle Java System Web Server 7.0u7 authorization digest heap overflow (server-webapp.rules) * 1:16393 <-> DISABLED <-> SERVER-OTHER PostgreSQL bit substring buffer overflow attempt (server-other.rules) * 1:16397 <-> DISABLED <-> OS-WINDOWS SMB andx invalid server name share access (os-windows.rules) * 1:16398 <-> DISABLED <-> OS-WINDOWS SMB invalid server name share access (os-windows.rules) * 1:16399 <-> DISABLED <-> OS-WINDOWS SMB unicode andx invalid server name share access (os-windows.rules) * 1:16400 <-> DISABLED <-> OS-WINDOWS SMB unicode invalid server name share access (os-windows.rules) * 1:16401 <-> DISABLED <-> OS-WINDOWS SMB andx invalid server name share access (os-windows.rules) * 1:16402 <-> DISABLED <-> OS-WINDOWS SMB invalid server name share access (os-windows.rules) * 1:16403 <-> DISABLED <-> OS-WINDOWS SMB unicode andx invalid server name share access (os-windows.rules) * 1:16404 <-> DISABLED <-> OS-WINDOWS SMB unicode invalid server name share access (os-windows.rules) * 1:16406 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16407 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16409 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:16411 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:16412 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid TextByteAtom remote code execution attempt (file-office.rules) * 1:16414 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Shell Handler remote code execution attempt (os-windows.rules) * 1:16416 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed MSODrawing Record attempt (file-office.rules) * 1:16417 <-> DISABLED <-> OS-WINDOWS SMB Negotiate Protocol Response overflow attempt (os-windows.rules) * 1:16419 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Data Analyzer 3.5 ActiveX clsid access (browser-plugins.rules) * 1:16421 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:16422 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Paint JPEG with malformed SOFx field (file-image.rules) * 1:16423 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect attempt (browser-ie.rules) * 1:16424 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Script Host Shell Object ActiveX clsid access (browser-plugins.rules) * 1:16425 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file download request (file-identify.rules) * 1:16428 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook Express and Windows Mail NNTP handling buffer overflow attempt (file-office.rules) * 1:16435 <-> DISABLED <-> FILE-IDENTIFY Ultimate Packer for Executables/UPX v0.62-v1.22 packed file magic detected (file-identify.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules) * 1:1644 <-> DISABLED <-> SERVER-WEBAPP test-cgi attempt (server-webapp.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules) * 1:16445 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk IAX2 ack response denial of service attempt (protocol-voip.rules) * 1:16447 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmap sadmin request attempt (protocol-rpc.rules) * 1:16452 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer .hlp samba share download attempt (browser-ie.rules) * 1:16461 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel EntExU2 write access violation attempt (file-office.rules) * 1:16462 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF8 formulas from records parsing code execution attempt (file-office.rules) * 1:16463 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF5 formulas from records parsing code execution attempt (file-office.rules) * 1:16464 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ContinueFRT12 heap overflow attempt (file-office.rules) * 1:16465 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ContinueFRT12 and MDXSet heap overflow attempt (file-office.rules) * 1:16466 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel uninitialized stack variable code execution attempt (file-office.rules) * 1:16467 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 1 (file-office.rules) * 1:16468 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 2 (file-office.rules) * 1:16469 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fOdbcConn parsing remote code execution attempt (file-office.rules) * 1:16470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:16471 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DbOrParamQry.fWeb parsing remote code execution attempt (file-office.rules) * 1:16473 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker project file download request (file-identify.rules) * 1:16474 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules) * 1:16482 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:16490 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules) * 1:16492 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari inline text box use after free attempt (browser-webkit.rules) * 1:16501 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt - TrueType (browser-firefox.rules) * 1:16502 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox WOFF font processing integer overflow attempt - CFF-based (browser-firefox.rules) * 1:16503 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handling remote code execution attempt (browser-ie.rules) * 1:16506 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer innerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:16507 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onreadystatechange memory corruption attempt (browser-ie.rules) * 1:16508 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 non-IE8 compatibility mode htmltime remote code execution attempt (browser-ie.rules) * 1:16510 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by CLSID (browser-plugins.rules) * 1:16511 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Tabular Control ActiveX overflow by ProgID (browser-plugins.rules) * 1:16512 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed span/div html document heap corruption attempt (browser-ie.rules) * 1:16514 <-> DISABLED <-> PUA-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (pua-other.rules) * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules) * 1:16516 <-> DISABLED <-> SERVER-ORACLE Database sys.olapimpl_t package odcitablestart overflow attempt (server-oracle.rules) * 1:16517 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing comment overflow attempt (file-other.rules) * 1:16518 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing announce overflow attempt (file-other.rules) * 1:16519 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing name overflow attempt (file-other.rules) * 1:16520 <-> DISABLED <-> FILE-OTHER Free Download Manager .torrent parsing path overflow attempt (file-other.rules) * 1:16522 <-> DISABLED <-> SERVER-OTHER Novell QuickFinder server cross-site-scripting attempt (server-other.rules) * 1:16524 <-> DISABLED <-> PROTOCOL-FTP ProFTPD username sql injection attempt (protocol-ftp.rules) * 1:16529 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:16537 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player ActiveX unknow compression algorithm use arbitrary code execution attempt (browser-plugins.rules) * 1:16540 <-> DISABLED <-> OS-WINDOWS SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules) * 1:16541 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Media Service stack overflow attempt (os-windows.rules) * 1:16542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:16543 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player codec code execution attempt (file-multimedia.rules) * 1:16545 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed Richmedia annotation exploit attempt (file-pdf.rules) * 1:16549 <-> DISABLED <-> FILE-OTHER Oracle JRE Java Platform SE and Java Deployment Toolkit plugins code execution attempt - npruntime-scriptable-plugin (file-other.rules) * 1:16554 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader javascript getIcon method buffer overflow attempt (file-pdf.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules) * 1:16560 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint XSS attempt (server-webapp.rules) * 1:16574 <-> DISABLED <-> BROWSER-PLUGINS obfuscated ActiveX object instantiation via fromCharCode (browser-plugins.rules) * 1:16576 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix AgentX receive_agentx stack buffer overflow attempt (server-other.rules) * 1:16589 <-> DISABLED <-> BROWSER-PLUGINS iseemedia LPViewer ActiveX function call access (browser-plugins.rules) * 1:16593 <-> DISABLED <-> FILE-OFFICE Microsoft VBE6.dll stack corruption attempt (file-office.rules) * 1:16595 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Mail remote code execution attempt (server-mail.rules) * 1:16596 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari information disclosure and remote code execution attempt (browser-webkit.rules) * 1:16597 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent Email address processing buffer overflow attempt (server-mail.rules) * 1:16603 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Linux malformed U3D mesh deceleration block exploit attempt (file-pdf.rules) * 1:16605 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested SPAN tag memory corruption attempt (browser-ie.rules) * 1:16606 <-> DISABLED <-> SERVER-ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt (server-oracle.rules) * 1:16631 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari image use after remove attempt (browser-webkit.rules) * 1:16632 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari image use after reparent attempt (browser-webkit.rules) * 1:16633 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader File containing Flash use-after-free attack attempt (file-pdf.rules) * 1:16634 <-> DISABLED <-> FILE-FLASH Adobe Flash use-after-free attack attempt (file-flash.rules) * 1:16635 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer 8 Developer Tool ActiveX clsid access (browser-plugins.rules) * 1:16637 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer security zone restriction bypass attempt (browser-ie.rules) * 1:16638 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt (file-office.rules) * 1:16639 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro (file-office.rules) * 1:16640 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with linkFmla (file-office.rules) * 1:16641 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel OBJ record stack buffer overflow attempt - with macro and linkFmla (file-office.rules) * 1:16642 <-> DISABLED <-> POLICY-OTHER file URI scheme attempt (policy-other.rules) * 1:16643 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:16644 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:16645 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:16646 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record stack buffer overflow attempt (file-office.rules) * 1:16647 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt - 2 (file-office.rules) * 1:16648 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record heap memory corruption attempt - 1 (file-office.rules) * 1:16650 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 1 (file-office.rules) * 1:16651 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 2 (file-office.rules) * 1:16652 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 3 (file-office.rules) * 1:16653 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ExternName record stack buffer overflow attempt - 4 (file-office.rules) * 1:16654 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Publisher record heap buffer overflow attempt (file-office.rules) * 1:16656 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BIFF5 ExternSheet record stack overflow attempt (file-office.rules) * 1:16657 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel DBQueryExt record memory corruption attempt (file-office.rules) * 1:16659 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style sheet array memory corruption attempt (browser-ie.rules) * 1:16660 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint Server 2007 help.aspx denial of service attempt (server-webapp.rules) * 1:16661 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (file-multimedia.rules) * 1:16664 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader authplay.dll vulnerability exploit attempt (file-pdf.rules) * 1:16665 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Help Centre escape sequence XSS attempt (os-windows.rules) * 1:16666 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari window.parent.close unspecified remote code execution vulnerability (browser-webkit.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16671 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access ActiveX exploit attempt (browser-plugins.rules) * 1:16672 <-> DISABLED <-> BROWSER-PLUGINS Symantec Backup Exec ActiveX control buffer overflow attempt (browser-plugins.rules) * 1:16673 <-> DISABLED <-> FILE-OTHER Adobe Shockwave DIR file PAMI chunk code execution attempt (file-other.rules) * 1:16674 <-> ENABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:16675 <-> DISABLED <-> BROWSER-PLUGINS CA BrightStor ListCtrl ActiveX control access (browser-plugins.rules) * 1:16676 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode colors declaration (file-pdf.rules) * 1:16677 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed FlateDecode colors declaration (file-pdf.rules) * 1:16683 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp CAF file processing integer overflow attempt (file-multimedia.rules) * 1:16684 <-> DISABLED <-> SERVER-SAMBA Samba smbd Session Setup AndX security blob length dos attempt (server-samba.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules) * 1:16688 <-> DISABLED <-> SERVER-OTHER iscsi target format string code execution attempt (server-other.rules) * 1:16694 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP request denial of service attempt (server-other.rules) * 1:16699 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v2 udp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16700 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v2 tcp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16701 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v3 udp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16702 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v3 tcp CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:16703 <-> DISABLED <-> SERVER-MYSQL Database COM_FIELD_LIST Buffer Overflow attempt (server-mysql.rules) * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules) * 1:16709 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETERS empty DataConvertBuffer header denial of service attempt (server-other.rules) * 1:16710 <-> DISABLED <-> SERVER-OTHER Oracle BEA Weblogic server console-help.portal cross-site scripting attempt (server-other.rules) * 1:16716 <-> DISABLED <-> FILE-IMAGE Oracle Java Web Start Splashscreen PNG processing buffer overflow attempt (file-image.rules) * 1:16717 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Enterprise Search search_p_groups cross-site scripting attempt (server-oracle.rules) * 1:16719 <-> DISABLED <-> FILE-OTHER CA multiple product AV engine CAB header parsing stack overflow attempt (file-other.rules) * 1:1672 <-> DISABLED <-> PROTOCOL-FTP CWD ~ attempt (protocol-ftp.rules) * 1:16720 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player TY processing buffer overflow attempt (file-multimedia.rules) * 1:16721 <-> DISABLED <-> FILE-OTHER Orbital Viewer .orb stack buffer overflow attempt (file-other.rules) * 1:16722 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE procedure SQL injection attempt (server-oracle.rules) * 1:16723 <-> DISABLED <-> SERVER-ORACLE Oracle Database Server DBMS_CDC_PUBLISH.ALTER_CHANGE_SOURCE procedure SQL injection attempt (server-oracle.rules) * 1:16724 <-> DISABLED <-> OS-LINUX Linux kernel sctp_process_unk_param SCTPChunkInit buffer overflow attempt (os-linux.rules) * 1:16746 <-> DISABLED <-> BROWSER-PLUGINS IBM Access Support ActiveX clsid access (browser-plugins.rules) * 1:16752 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules) * 1:16753 <-> DISABLED <-> SERVER-WEBAPP VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (server-webapp.rules) * 1:16754 <-> DISABLED <-> NETBIOS SMB /PlughNTCommand andx create tree attempt (netbios.rules) * 1:16755 <-> DISABLED <-> NETBIOS SMB /PlughNTCommand create tree attempt (netbios.rules) * 1:16756 <-> DISABLED <-> NETBIOS SMB /PlughNTCommand unicode andx create tree attempt (netbios.rules) * 1:16757 <-> DISABLED <-> NETBIOS SMB /PlughNTCommand unicode create tree attempt (netbios.rules) * 1:16763 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX attempt (netbios.rules) * 1:16765 <-> DISABLED <-> NETBIOS SMB Timbuktu Pro overflow WriteAndX unicode attempt (netbios.rules) * 1:16772 <-> ENABLED <-> BROWSER-PLUGINS EMC Captiva QuickScan Pro ActiveX clsid access (browser-plugins.rules) * 1:16788 <-> DISABLED <-> SERVER-OTHER RealVNC VNC Server ClientCutText message memory corruption attempt (server-other.rules) * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules) * 1:16800 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FRTWrapper record buffer overflow attempt (file-office.rules) * 1:17034 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules) * 1:17035 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules) * 1:17036 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook AttachMethods local file execution attempt (file-office.rules) * 1:17037 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Office Access multiple control instantiation memory corruption attempt (browser-plugins.rules) * 1:17038 <-> DISABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 1 (file-office.rules) * 1:17039 <-> DISABLED <-> FILE-OFFICE Microsoft Office Access ACCWIZ library release after free attempt - 2 (file-office.rules) * 1:17042 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitrary dll load attempt (file-other.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:17051 <-> DISABLED <-> BROWSER-PLUGINS Symantec AppStream Client LaunchObj ActiveX clsid access (browser-plugins.rules) * 1:17055 <-> DISABLED <-> SERVER-ORACLE Oracle Database DBMS TNS Listener denial of service attempt (server-oracle.rules) * 1:17056 <-> DISABLED <-> NETBIOS Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (netbios.rules) * 1:17057 <-> DISABLED <-> NETBIOS Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (netbios.rules) * 1:17092 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX clsid access (browser-plugins.rules) * 1:17094 <-> DISABLED <-> BROWSER-PLUGINS Symantec Altirix Deployment Solution AeXNSPkgDLLib.dll ActiveX function call access (browser-plugins.rules) * 1:17103 <-> DISABLED <-> SERVER-IIS IIS 5.1 alternate data stream authentication bypass attempt (server-iis.rules) * 1:17107 <-> DISABLED <-> SERVER-APACHE Apache Tomcat JK Web Server Connector long URL stack overflow attempt - 1 (server-apache.rules) * 1:17111 <-> DISABLED <-> INDICATOR-OBFUSCATION known JavaScript obfuscation routine (indicator-obfuscation.rules) * 1:17113 <-> ENABLED <-> OS-WINDOWS Microsoft SilverLight ImageSource redefine flowbit (os-windows.rules) * 1:17114 <-> DISABLED <-> OS-WINDOWS Microsoft SilverLight ImageSource remote code execution attempt (os-windows.rules) * 1:17116 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASX file download request (file-identify.rules) * 1:17117 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-multimedia.rules) * 1:17119 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority SPRM overflow attempt (file-office.rules) * 1:17120 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (file-office.rules) * 1:17121 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (file-office.rules) * 1:17122 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format unexpected field type memory corruption attempt 3 (file-office.rules) * 1:17123 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word rich text format invalid field size memory corruption attempt (file-office.rules) * 1:17124 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word malformed table record memory corruption attempt (file-office.rules) * 1:17128 <-> DISABLED <-> FILE-MULTIMEDIA Cinepak Codec VIDC decompression remote code execution attempt (file-multimedia.rules) * 1:17129 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer use-after-free memory corruption attempt (browser-ie.rules) * 1:17130 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer boundElements arbitrary code execution (browser-ie.rules) * 1:17133 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:17134 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:17135 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker string size overflow attempt (file-multimedia.rules) * 1:17137 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center information disclosure attempt (server-webapp.rules) * 1:17138 <-> DISABLED <-> SERVER-OTHER iSCSI target multiple implementations iSNS stack buffer overflow attempt (server-other.rules) * 1:17139 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System HNDLRSVC arbitrary command execution attempt (server-other.rules) * 1:17140 <-> DISABLED <-> SERVER-WEBAPP OpenView Network Node Manager cookie buffer overflow attempt (server-webapp.rules) * 1:17143 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 1 (file-image.rules) * 1:17144 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt - 2 (file-image.rules) * 1:17145 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ASL file processing buffer overflow attempt (file-image.rules) * 1:17146 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 GRD file processing buffer overflow attempt (file-image.rules) * 1:17147 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 ABR file processing buffer overflow attempt (file-image.rules) * 1:17148 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 1 (file-multimedia.rules) * 1:17149 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 2 (file-multimedia.rules) * 1:17150 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 3 (file-multimedia.rules) * 1:17151 <-> DISABLED <-> NETBIOS SMB negotiate protocol request - ascii strings (netbios.rules) * 1:17152 <-> DISABLED <-> SERVER-SAMBA Samba smbd flags2 header parsing denial of service attempt (server-samba.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules) * 1:17155 <-> DISABLED <-> SERVER-OTHER Multiple vendors OPIE off-by-one stack buffer overflow attempt (server-other.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules) * 1:17157 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 1 (server-webapp.rules) * 1:17158 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 2 (server-webapp.rules) * 1:17159 <-> DISABLED <-> SERVER-WEBAPP HP Intelligent Management Center database credentials information disclosure attempt - 3 (server-webapp.rules) * 1:17160 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio LtXmlComHelp8.dll ActiveX OpenFile buffer overflow attempt (browser-plugins.rules) * 1:17161 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio ActiveX clsid access (browser-plugins.rules) * 1:17163 <-> DISABLED <-> BROWSER-PLUGINS Liquid XML Studio ActiveX function call access (browser-plugins.rules) * 1:17165 <-> DISABLED <-> BROWSER-OTHER Opera browser document writing uninitialized memory access attempt (browser-other.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:17179 <-> DISABLED <-> FILE-OTHER Adobe Director file pamm record exploit attempt (file-other.rules) * 1:17191 <-> DISABLED <-> FILE-OTHER Adobe Director remote code execution attempt (file-other.rules) * 1:17194 <-> DISABLED <-> FILE-OTHER Adobe Director file tSAC tag exploit attempt (file-other.rules) * 1:17202 <-> DISABLED <-> FILE-OTHER Adobe Director file file Shockwave 3D overflow attempt (file-other.rules) * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules) * 1:17207 <-> DISABLED <-> SERVER-OTHER IBM Cognos Server backdoor account remote code execution attempt (server-other.rules) * 1:17208 <-> DISABLED <-> SERVER-OTHER Squid Proxy HTCP packet processing denial of service attempt (server-other.rules) * 1:17209 <-> ENABLED <-> SQL IBM DB2 DATABASE SERVER SQL REPEAT Buffer Overflow (sql.rules) * 1:17210 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows executable file load from SMB share attempt (file-executable.rules) * 1:17211 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime marshaled punk remote code execution (file-multimedia.rules) * 1:17212 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox JavaScript eval arbitrary code execution attempt (browser-firefox.rules) * 1:17214 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules) * 1:17215 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt (file-pdf.rules) * 1:17219 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domain name handling buffer overflow attempt (browser-firefox.rules) * 1:17223 <-> DISABLED <-> FILE-FLASH Adobe Flash Player navigateToURL cross-site scripting attempt (file-flash.rules) * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules) * 1:17225 <-> DISABLED <-> SERVER-OTHER Alt-N MDaemon WorldClient invalid user (server-other.rules) * 1:17227 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet name memory corruption attempt (file-office.rules) * 1:17229 <-> DISABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:17230 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:17231 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging small offset malformed tiff - little-endian (file-image.rules) * 1:17232 <-> DISABLED <-> FILE-IMAGE Microsoft Kodak Imaging large offset malformed tiff - big-endian (file-image.rules) * 1:17233 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules) * 1:17238 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XBM file handling buffer overflow attempt (file-other.rules) * 1:17239 <-> ENABLED <-> SERVER-MAIL Multiple IMAP server CREATE command buffer overflow attempt (server-mail.rules) * 1:17241 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media wmv file download request (file-identify.rules) * 1:17243 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 krb5_recvauth double free attempt (server-other.rules) * 1:17244 <-> DISABLED <-> FILE-OTHER Antivirus ACE file handling buffer overflow attempt (file-other.rules) * 1:17245 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox image dragging exploit attempt (browser-firefox.rules) * 1:17250 <-> DISABLED <-> FILE-OFFICE Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt (file-office.rules) * 1:17252 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Print Spooler arbitrary file write attempt (os-windows.rules) * 1:17254 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:17256 <-> DISABLED <-> OS-WINDOWS Microsoft Windows uniscribe fonts parsing memory corruption attempt (os-windows.rules) * 1:17258 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XUL tree element code execution attempt (browser-firefox.rules) * 1:17259 <-> ENABLED <-> FILE-IDENTIFY MOV file download request (file-identify.rules) * 1:17260 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (browser-firefox.rules) * 1:17261 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer createTextRange code execution attempt (browser-ie.rules) * 1:17264 <-> DISABLED <-> SERVER-ORACLE Permission declaration exploit attempt (server-oracle.rules) * 1:17265 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin access control bypass attempt (browser-firefox.rules) * 1:17266 <-> DISABLED <-> FILE-OTHER Multiple vendor malformed ZIP archive Antivirus detection bypass attempt (file-other.rules) * 1:17268 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox sidebar panel arbitrary code execution attempt (browser-firefox.rules) * 1:17270 <-> DISABLED <-> SERVER-ORACLE DBMS_METADATA Package SQL Injection attempt (server-oracle.rules) * 1:17271 <-> DISABLED <-> FILE-OFFICE Microsoft Windows Web View script injection attempt (file-office.rules) * 1:17273 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (server-other.rules) * 1:17274 <-> DISABLED <-> SERVER-OTHER MIT Kerberos V5 KDC krb5_unparse_name overflow attempt (server-other.rules) * 1:17275 <-> DISABLED <-> SERVER-MAIL Symantec Brightmail AntiSpam nested Zip handling denial of service attempt (server-mail.rules) * 1:17276 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules) * 1:17279 <-> DISABLED <-> SERVER-WEBAPP Ipswitch WhatsUp Small Business directory traversal attempt (server-webapp.rules) * 1:17281 <-> DISABLED <-> FILE-OTHER Panda Antivirus ZOO archive decompression buffer overflow attempt (file-other.rules) * 1:17282 <-> DISABLED <-> SERVER-OTHER Panda Antivirus ZOO archive decompression buffer overflow attempt (server-other.rules) * 1:17283 <-> DISABLED <-> SERVER-MAIL Mercury Mail Transport System buffer overflow attempt (server-mail.rules) * 1:17284 <-> DISABLED <-> FILE-OFFICE Microsoft Office malformed routing slip code execution attempt (file-office.rules) * 1:17285 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PPT file parsing memory corruption attempt (file-office.rules) * 1:17286 <-> DISABLED <-> FILE-OTHER Microsoft Visual Basic for Applications document properties overflow attempt (file-other.rules) * 1:17287 <-> DISABLED <-> SERVER-WEBAPP Cisco IOS HTTP service HTML injection attempt (server-webapp.rules) * 1:17289 <-> DISABLED <-> FILE-OTHER GNU gzip LZH decompression make_table overflow attempt (file-other.rules) * 1:17291 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded uri data object found (indicator-obfuscation.rules) * 1:17292 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed data record code execution attempt (file-office.rules) * 1:17293 <-> DISABLED <-> SERVER-ORACLE sdo_lrs.convert_to_lrs_layer buffer overflow attempt (server-oracle.rules) * 1:17294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NAT Helper DNS query denial of service attempt (os-windows.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules) * 1:17297 <-> DISABLED <-> SERVER-OTHER McAfee VirusScan on-access scanner long unicode filename handling buffer overflow attempt (server-other.rules) * 1:17298 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Monitoring Express Universal Agent Buffer Overflow (server-other.rules) * 1:17299 <-> DISABLED <-> SERVER-OTHER ISC BIND RRSIG query denial of service attempt (server-other.rules) * 1:17301 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word TextBox sub-document memory corruption attempt (file-office.rules) * 1:17302 <-> DISABLED <-> OS-LINUX Linux kernel SCTP Unknown Chunk Types denial of service attempt (os-linux.rules) * 1:17303 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer clone object memory corruption attempt (browser-ie.rules) * 1:17304 <-> DISABLED <-> FILE-OFFICE Microsoft Works file converter file section header index table stack overflow attempt (file-office.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules) * 1:17306 <-> DISABLED <-> OS-WINDOWS Microsoft Malware Protection Engine file processing denial of service attempt (os-windows.rules) * 1:17307 <-> DISABLED <-> SERVER-MSSQL Microsoft SQL Server INSERT Statement Buffer Overflow attempt (server-mssql.rules) * 1:17308 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules) * 1:17309 <-> DISABLED <-> FILE-OTHER CoolPlayer Playlist File Handling Buffer Overflow (file-other.rules) * 1:17310 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint Viewer memory allocation code execution attempt (file-office.rules) * 1:17312 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS import cross-domain restriction bypass attempt (browser-ie.rules) * 1:17314 <-> ENABLED <-> FILE-IDENTIFY OLE document file magic detected (file-identify.rules) * 1:17315 <-> DISABLED <-> FILE-OFFICE OpenOffice OLE file stream buffer overflow attempt (file-office.rules) * 1:17317 <-> DISABLED <-> SERVER-OTHER OpenSSH sshd identical blocks DoS attempt (server-other.rules) * 1:17318 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint MCAtom remote code execution attempt (file-office.rules) * 1:17321 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters name overflow attempt (netbios.rules) * 1:17322 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip dword xor decoder (indicator-shellcode.rules) * 1:17324 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Linux reverse connect shellcode (indicator-shellcode.rules) * 1:17325 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha numeric upper case decoder variant (indicator-shellcode.rules) * 1:17326 <-> DISABLED <-> SERVER-OTHER Citrix Program Neighborhood Client buffer overflow attempt (server-other.rules) * 1:17327 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail Server Response (server-mail.rules) * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules) * 1:17329 <-> DISABLED <-> PROTOCOL-FTP EPRT overflow attempt (protocol-ftp.rules) * 1:17330 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GRE WMF Handling Memory Read Exception attempt (file-image.rules) * 1:17331 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes HTML Speed Reader Long URL buffer overflow attempt (server-mail.rules) * 1:17332 <-> DISABLED <-> SERVER-MAIL Content-Disposition attachment (server-mail.rules) * 1:17333 <-> DISABLED <-> SERVER-MAIL Lotus Notes Attachment Viewer UUE file buffer overflow attempt (server-mail.rules) * 1:17334 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer SWF flash file buffer overflow attempt (file-flash.rules) * 1:17335 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic fnstenv geteip byte xor decoder (indicator-shellcode.rules) * 1:17336 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic call geteip byte xor decoder (indicator-shellcode.rules) * 1:17337 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Microsoft Win32 export table enumeration variant (indicator-shellcode.rules) * 1:17338 <-> DISABLED <-> INDICATOR-SHELLCODE x86 Microsoft Windows 32-bit SEH get EIP technique (indicator-shellcode.rules) * 1:17339 <-> DISABLED <-> INDICATOR-SHELLCODE x86 generic OS alpha numeric mixed case decoder (indicator-shellcode.rules) * 1:1734 <-> DISABLED <-> PROTOCOL-FTP USER overflow attempt (protocol-ftp.rules) * 1:17340 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha numeric upper case decoder (indicator-shellcode.rules) * 1:17341 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic alpha UTF8 tolower avoidance decoder (indicator-shellcode.rules) * 1:17342 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode mixed case decoder (indicator-shellcode.rules) * 1:17343 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode upper case decoder (indicator-shellcode.rules) * 1:17344 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic xor dword decoder (indicator-shellcode.rules) * 1:17345 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic dword additive feedback decoder (indicator-shellcode.rules) * 1:17346 <-> DISABLED <-> SERVER-OTHER IBM Lotus Notes Cross Site Scripting attempt (server-other.rules) * 1:17347 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Color Management Module buffer overflow attempt (os-windows.rules) * 1:17350 <-> DISABLED <-> SERVER-ORACLE Application Server Forms Arbitrary System Command Execution Attempt (server-oracle.rules) * 1:17351 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp ID3v2 Tag Handling Buffer Overflow attempt (file-other.rules) * 1:17352 <-> DISABLED <-> FILE-OTHER ClamAV CHM File Handling Integer Overflow attempt (file-other.rules) * 1:17353 <-> DISABLED <-> OS-SOLARIS Oracle Solaris printd Daemon Arbitrary File Deletion attempt (os-solaris.rules) * 1:17354 <-> DISABLED <-> SERVER-APACHE Apache Byte-Range Filter denial of service attempt (server-apache.rules) * 1:17356 <-> DISABLED <-> FILE-OTHER NOD32 Anti-Virus ARJ Archive Handling Buffer Overflow attempt (file-other.rules) * 1:17357 <-> DISABLED <-> PUA-OTHER AOL GAIM AIM-ICQ Protocol Handling buffer overflow attempt (pua-other.rules) * 1:17358 <-> DISABLED <-> FILE-EXECUTABLE ClamAV UPX File Handling Buffer Overflow attempt (file-executable.rules) * 1:17359 <-> DISABLED <-> FILE-IDENTIFY XBM image file download request (file-identify.rules) * 1:17360 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox XBM image processing buffer overflow attempt (browser-firefox.rules) * 1:17361 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader PDF Catalog Handling denial of service attempt (file-pdf.rules) * 1:17362 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel IMDATA buffer overflow attempt (file-office.rules) * 1:17363 <-> DISABLED <-> FILE-OTHER Apple OSX Finder DMG volume name memory corruption attempt (file-other.rules) * 1:17364 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Help Workshop CNT Help file download request (file-identify.rules) * 1:17365 <-> DISABLED <-> FILE-OTHER Microsoft Windows Help Workshop CNT Help contents buffer overflow attempt (file-other.rules) * 1:17366 <-> DISABLED <-> FILE-OTHER Microsoft Help Workshop HPJ OPTIONS section buffer overflow attempt (file-other.rules) * 1:17368 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document stream handling code execution attempt (file-office.rules) * 1:17369 <-> DISABLED <-> SERVER-MAIL MailEnable service APPEND command handling buffer overflow attempt (server-mail.rules) * 1:17370 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17371 <-> DISABLED <-> SERVER-WEBAPP Squid authentication headers handling denial of service attempt (server-webapp.rules) * 1:17372 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime udta atom parsing heap overflow vulnerability (file-multimedia.rules) * 1:17373 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime panorama atoms buffer overflow attempt (file-multimedia.rules) * 1:17376 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Expeditor cai URI handler command execution attempt (server-webapp.rules) * 1:17377 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Filter Records Handling Code Execution attempt (file-office.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17380 <-> DISABLED <-> FILE-IDENTIFY PNG file download request (file-identify.rules) * 1:17381 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime PDAT Atom parsing buffer overflow attempt (file-multimedia.rules) * 1:17382 <-> DISABLED <-> FILE-OTHER Microsoft Project Invalid Memory Pointer Code Execution attempt (file-other.rules) * 1:17383 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Object Handler Validation Code Execution attempted (file-office.rules) * 1:17387 <-> DISABLED <-> SERVER-APACHE Apache Tomcat allowLinking URIencoding directory traversal attempt (server-apache.rules) * 1:17389 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox DOMNodeRemoved attack attempt (browser-firefox.rules) * 1:17390 <-> DISABLED <-> FILE-IMAGE ClamAV Antivirus Function Denial of Service attempt (file-image.rules) * 1:17391 <-> DISABLED <-> SERVER-APACHE Apache Tomcat UNIX platform backslash directory traversal (server-apache.rules) * 1:17392 <-> DISABLED <-> INDICATOR-SHELLCODE JavaScript var shellcode (indicator-shellcode.rules) * 1:17393 <-> DISABLED <-> INDICATOR-SHELLCODE JavaScript var heapspray (indicator-shellcode.rules) * 1:17394 <-> ENABLED <-> FILE-IDENTIFY GIF file download request (file-identify.rules) * 1:17395 <-> DISABLED <-> FILE-IMAGE Oracle Java Web Start Splashscreen GIF decoding buffer overflow attempt (file-image.rules) * 1:17396 <-> DISABLED <-> SERVER-OTHER VNC client authentication response (server-other.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17400 <-> DISABLED <-> INDICATOR-OBFUSCATION rename of javascript unescape function detected (indicator-obfuscation.rules) * 1:17401 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt - unescaped (browser-ie.rules) * 1:17402 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer nested tag memory corruption attempt (browser-ie.rules) * 1:17403 <-> DISABLED <-> FILE-OFFICE OpenOffice RTF File parsing heap buffer overflow attempt (file-office.rules) * 1:17404 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Converter XST structure buffer overflow attempt (file-office.rules) * 1:17407 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows help file download request (file-identify.rules) * 1:17408 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DirectX Targa image file heap overflow attempt (os-windows.rules) * 1:17409 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products IDN Spoofing Vulnerability Attempt (browser-firefox.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:17411 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDF cross-domain scripting attempt (browser-ie.rules) * 1:17412 <-> DISABLED <-> SERVER-MYSQL create function mysql.func arbitrary library injection attempt (server-mysql.rules) * 1:17414 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript Engine Information Disclosure attempt (browser-firefox.rules) * 1:17416 <-> DISABLED <-> SERVER-ORACLE Database Intermedia Denial of Service Attempt (server-oracle.rules) * 1:17418 <-> DISABLED <-> SERVER-ORACLE Oracle connection established (server-oracle.rules) * 1:17419 <-> DISABLED <-> SERVER-ORACLE Oracle database SQL compiler read-only join auth bypass attempt (server-oracle.rules) * 1:17420 <-> DISABLED <-> SERVER-WEBAPP Citrix Program Neighborhood Agent Arbitrary Shortcut Creation attempt (server-webapp.rules) * 1:17421 <-> DISABLED <-> FILE-OFFICE Microsoft OLE automation string manipulation overflow attempt (file-office.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:17423 <-> DISABLED <-> SERVER-WEBAPP Citrix Program Neighborhood Agent Buffer Overflow attempt (server-webapp.rules) * 1:17424 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IconURL Arbitrary Javascript Execution attempt (browser-firefox.rules) * 1:17425 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer ActiveX Import playlist name buffer overflow attempt (browser-plugins.rules) * 1:17426 <-> DISABLED <-> FILE-IDENTIFY RAT file download request (file-identify.rules) * 1:17427 <-> DISABLED <-> SERVER-ORACLE Oracle database DBMS_Scheduler privilege escalation attempt (server-oracle.rules) * 1:17428 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:17429 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASP.NET information disclosure attempt (os-windows.rules) * 1:17430 <-> DISABLED <-> FILE-PDF BitDefender Antivirus PDF processing memory corruption attempt (file-pdf.rules) * 1:17431 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS SChannel improper certificate verification (server-iis.rules) * 1:17432 <-> DISABLED <-> SERVER-WEBAPP Squid Gopher protocol handling buffer overflow attempt (server-webapp.rules) * 1:17433 <-> DISABLED <-> OS-SOLARIS Oracle Solaris DHCP Client Arbitrary Code Execution attempt (os-solaris.rules) * 1:17434 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Unicode sequence handling stack corruption attempt (browser-firefox.rules) * 1:17435 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules) * 1:17436 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules) * 1:17437 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt (os-windows.rules) * 1:17438 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt (os-windows.rules) * 1:17439 <-> DISABLED <-> OS-WINDOWS Microsoft Distributed Transaction Controller TIP DoS attempt (os-windows.rules) * 1:17441 <-> DISABLED <-> FILE-IDENTIFY LNK file download request (file-identify.rules) * 1:17442 <-> DISABLED <-> FILE-OTHER Microsoft Windows download of .lnk file that executes cmd.exe detected (file-other.rules) * 1:17443 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft DirectShow AVI decoder buffer overflow attempt (file-multimedia.rules) * 1:17444 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox 3 xsl parsing heap overflow attempt (browser-firefox.rules) * 1:17446 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP client directory traversal attempt (browser-ie.rules) * 1:17448 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTTPS proxy information disclosure vulnerability (browser-ie.rules) * 1:17449 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks patch management SQL injection attempt (server-webapp.rules) * 1:17450 <-> DISABLED <-> SERVER-WEBAPP CommuniGate Systems CommuniGate Pro LDAP Server buffer overflow attempt (server-webapp.rules) * 1:17457 <-> DISABLED <-> FILE-FLASH Adobe Flash ActionDefineFunction memory access exploit attempt (file-flash.rules) * 1:17458 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules) * 1:17462 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer marquee object handling memory corruption attempt (browser-ie.rules) * 1:17463 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer File Download Dialog Box Manipulation (browser-ie.rules) * 1:17466 <-> DISABLED <-> BROWSER-PLUGINS IBM Lotus Domino Web Access 7 ActiveX exploit attempt (browser-plugins.rules) * 1:17469 <-> DISABLED <-> FILE-MULTIMEDIA Mplayer Real Demuxer stream_read heap overflow attempt (file-multimedia.rules) * 1:17470 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime STSD JPEG atom heap corruption attempt (file-multimedia.rules) * 1:17473 <-> DISABLED <-> SERVER-ORACLE DBMS_CDC_SUBSCRIBE.EXTEND_WINDOW arbitrary command execution attempt (server-oracle.rules) * 1:17481 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange and Outlook TNEF Decoding Integer Overflow attempt (server-mail.rules) * 1:17482 <-> DISABLED <-> BROWSER-FIREFOX Mozilla NNTP URL Handling Buffer Overflow attempt (browser-firefox.rules) * 1:17483 <-> DISABLED <-> PROTOCOL-DNS squid proxy dns A record response denial of service attempt (protocol-dns.rules) * 1:17484 <-> DISABLED <-> PROTOCOL-DNS squid proxy dns PTR record response denial of service attempt (protocol-dns.rules) * 1:17485 <-> DISABLED <-> PROTOCOL-DNS Symantec Gateway products DNS cache poisoning attempt (protocol-dns.rules) * 1:17486 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager Chunked overflow attempt (server-webapp.rules) * 1:17487 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt (browser-ie.rules) * 1:17488 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:17490 <-> DISABLED <-> FILE-OTHER Microsoft Windows itss.dll CHM File Handling Heap Corruption attempt (file-other.rules) * 1:17491 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word mso.dll LsCreateLine memory corruption attempt (file-office.rules) * 1:17492 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed SELECTION Record Code Execution attempt (file-office.rules) * 1:17493 <-> DISABLED <-> FILE-OTHER ClamAV UPX FileHandling Heap overflow attempt (file-other.rules) * 1:17496 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed NamedShows record code execution attempt (file-office.rules) * 1:17497 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed NamedShows record code execution attempt (file-office.rules) * 1:17504 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Asset Management buffer overflow attempt (server-other.rules) * 1:17506 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word formatted disk pages table memory corruption attempt (file-office.rules) * 1:17509 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows .NET Manifest file download request (file-identify.rules) * 1:17510 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows .NET Deploy file download request (file-identify.rules) * 1:17511 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed Graphic Code Execution (file-office.rules) * 1:17515 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Script Action Handler buffer overflow attempt (browser-ie.rules) * 1:17517 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Record Code Execution attempt (file-office.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules) * 1:17520 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup DB Engine Denial of Service (server-other.rules) * 1:17521 <-> DISABLED <-> SERVER-OTHER GoodTech SSH Server SFTP processing buffer overflow attempt (server-other.rules) * 1:17522 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Pack200 Decompression Integer Overflow (file-java.rules) * 1:17523 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime H.264 Movie File Buffer Overflow (file-multimedia.rules) * 1:17524 <-> DISABLED <-> SERVER-OTHER Fujitsu SystemcastWizard Lite PXEService UDP Handling Buffer Overflow (server-other.rules) * 1:17525 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS 5.0 WebDav Request Directory Security Bypass (server-iis.rules) * 1:17526 <-> DISABLED <-> FILE-PDF Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt (file-pdf.rules) * 1:17527 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player MP4_BoxDumpStructure Buffer Overflow (file-multimedia.rules) * 1:17528 <-> DISABLED <-> SERVER-WEBAPP nginx URI parsing buffer overflow attempt (server-webapp.rules) * 1:17529 <-> DISABLED <-> SERVER-WEBAPP Adobe RoboHelp Server Arbitrary File Upload and Execute (server-webapp.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules) * 1:17531 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV file JVTCompEncodeFrame heap overflow attempt (file-multimedia.rules) * 1:17532 <-> DISABLED <-> FILE-OFFICE Micrsoft Office Excel TXO and OBJ Records Parsing Stack Memory Corruption (file-office.rules) * 1:17533 <-> DISABLED <-> SERVER-APACHE Apache Struts Information Disclosure Attempt (server-apache.rules) * 1:17534 <-> DISABLED <-> SERVER-OTHER IPP Application Content (server-other.rules) * 1:17535 <-> DISABLED <-> SERVER-OTHER Apple CUPS Text to PostScript Filter Integer Overflow attempt (server-other.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules) * 1:17538 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel unspecified memory corruption attempt (file-office.rules) * 1:17540 <-> ENABLED <-> FILE-IDENTIFY LZH file download request (file-identify.rules) * 1:17541 <-> DISABLED <-> FILE-OTHER Avast Antivirus Engine Remote LHA buffer overflow attempt (file-other.rules) * 1:17542 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MalformedPalete Record Memory Corruption attempt (file-office.rules) * 1:17543 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Column record handling memory corruption attempt (file-office.rules) * 1:17544 <-> DISABLED <-> SERVER-OTHER Wireshark LWRES Dissector getaddrsbyname buffer overflow attempt (server-other.rules) * 1:17545 <-> DISABLED <-> BROWSER-PLUGINS Lotus Domino Web Access ActiveX Controls buffer overflow attempt (browser-plugins.rules) * 1:17547 <-> DISABLED <-> FILE-IDENTIFY SMIL file download request (file-identify.rules) * 1:17548 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime SMIL File Handling Integer Overflow attempt (file-multimedia.rules) * 1:17550 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Font Parsing Buffer Overflow attempt (file-office.rules) * 1:17551 <-> DISABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:17552 <-> DISABLED <-> FILE-IDENTIFY Adobe Pagemaker file download request (file-identify.rules) * 1:17553 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Font Name Buffer Overflow attempt (file-other.rules) * 1:17555 <-> DISABLED <-> BROWSER-PLUGINS Macrovision InstallShield Update Service ActiveX exploit attempt (browser-plugins.rules) * 1:17556 <-> DISABLED <-> SERVER-OTHER Firebird database invalid state integer overflow attempt (server-other.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules) * 1:17558 <-> DISABLED <-> FILE-IMAGE CUPS Gif Decoding Routine Buffer Overflow attempt (file-image.rules) * 1:17559 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes Applix Graphics Parsing Buffer Overflow (file-other.rules) * 1:17560 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word global array index heap overflow attempt (file-office.rules) * 1:17561 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR Overly Long Filename Code Execution attempt (file-multimedia.rules) * 1:17562 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Pack200 Decompression Integer Overflow attempt (file-java.rules) * 1:17563 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment JAR File Processing Stack Buffer Overflow (file-java.rules) * 1:17564 <-> DISABLED <-> SERVER-IIS WebDAV Request Directory Security Bypass attempt (server-iis.rules) * 1:17565 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint PP7 File Handling Memory Corruption attempt (file-office.rules) * 1:17566 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handler memory corruption attempt (browser-ie.rules) * 1:17567 <-> DISABLED <-> SERVER-OTHER LANDesk Management Suite Alerting Service buffer overflow attempt (server-other.rules) * 1:17569 <-> DISABLED <-> SERVER-OTHER BEA Weblogic Admin Console Cross Site Scripting Vulnerability attempt (server-other.rules) * 1:17571 <-> DISABLED <-> BROWSER-PLUGINS obfuscated instantiation of ActiveX object - likely malicious (browser-plugins.rules) * 1:17572 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services cross-site information disclosure attempt (os-windows.rules) * 1:17573 <-> DISABLED <-> FILE-MULTIMEDIA ffdshow codec URL parsing buffer overflow attempt (file-multimedia.rules) * 1:17574 <-> DISABLED <-> FILE-OFFICE Sophos Anti-Virus Visio File Parsing Buffer Overflow attempt (file-office.rules) * 1:17575 <-> DISABLED <-> BROWSER-PLUGINS SizerOne 2 ActiveX clsid access (browser-plugins.rules) * 1:17577 <-> DISABLED <-> POLICY-OTHER CA BightStor ARCserver Backup possible insecure method access (policy-other.rules) * 1:17578 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word Section Table Array Buffer Overflow attempt (file-office.rules) * 1:17579 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing Record msofbtOPT Code Execution attempt (file-office.rules) * 1:17580 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer span tag memory corruption attempt (browser-ie.rules) * 1:17581 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox tag order memory corruption attempt (browser-firefox.rules) * 1:17582 <-> DISABLED <-> BROWSER-PLUGINS Symantec Norton AntiVirus CcErrDisp ActiveX function call access (browser-plugins.rules) * 1:17584 <-> DISABLED <-> SERVER-ORACLE UTL_FILE directory traversal attempt (server-oracle.rules) * 1:17585 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer possible javascript onunload event memory corruption (browser-ie.rules) * 1:17586 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start malicious parameter value (file-java.rules) * 1:17587 <-> DISABLED <-> BROWSER-PLUGINS Adobe Multiple Product AcroPDF.PDF ActiveX exploit attempt (browser-plugins.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules) * 1:17590 <-> DISABLED <-> SERVER-ORACLE DBMS_ASSERT.simple_sql_name double quote SQL injection attempt (server-oracle.rules) * 1:17591 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word crafted sprm structure memory corruption attempt (file-office.rules) * 1:17596 <-> DISABLED <-> BROWSER-PLUGINS Microsoft ciodm.dll ActiveX clsid access (browser-plugins.rules) * 1:17597 <-> DISABLED <-> SERVER-WEBAPP TikiWiki jhot.php script file upload attempt (server-webapp.rules) * 1:17598 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database accsec command without rdbnam (server-other.rules) * 1:17599 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database rdbname denial of service attempt (server-other.rules) * 1:17600 <-> DISABLED <-> FILE-IDENTIFY XUL file download request (file-identify.rules) * 1:17601 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox file type memory corruption attempt (browser-firefox.rules) * 1:17602 <-> DISABLED <-> FILE-OTHER ClamAV antivirus CHM file handling DOS (file-other.rules) * 1:17603 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox file type memory corruption attempt (browser-firefox.rules) * 1:17604 <-> DISABLED <-> SERVER-OTHER Oracle Java AWT ConvolveOp memory corruption attempt (server-other.rules) * 1:17605 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan CGI password decryption buffer overflow attempt (server-webapp.rules) * 1:17606 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ASnative command execution attempt (file-flash.rules) * 1:17607 <-> DISABLED <-> SERVER-OTHER Xi Software Net Transport eDonkey Protocol Buffer Overflow attempt (server-other.rules) * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:17610 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules) * 1:17611 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules) * 1:17612 <-> DISABLED <-> FILE-MULTIMEDIA GStreamer QuickTime file parsing multiple heap overflow attempt (file-multimedia.rules) * 1:17613 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:17614 <-> DISABLED <-> BROWSER-PLUGINS SAP GUI SAPBExCommonResources ActiveX clsid access (browser-plugins.rules) * 1:17616 <-> DISABLED <-> BROWSER-PLUGINS SAP GUI SAPBExCommonResources ActiveX function call access (browser-plugins.rules) * 1:17618 <-> DISABLED <-> OS-WINDOWS Microsoft Windows hraphics engine EMF rendering vulnerability (os-windows.rules) * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules) * 1:17620 <-> ENABLED <-> SERVER-OTHER Products Discovery Service Buffer Overflow (server-other.rules) * 1:17622 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object reference memory corruption attempt (browser-ie.rules) * 1:17623 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-java.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules) * 1:17629 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Chrome Page Loading Restriction Bypass attempt (browser-firefox.rules) * 1:17630 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products CSSValue array memory corruption attempt (browser-firefox.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:17633 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer SWF frame handling buffer overflow attempt (file-other.rules) * 1:17635 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 0 little endian overflow attempt (netbios.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules) * 1:17639 <-> DISABLED <-> SERVER-SAMBA Samba Root File System access bypass attempt (server-samba.rules) * 1:17640 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opnum 43 overflow attempt (netbios.rules) * 1:17641 <-> DISABLED <-> FILE-PDF CUPS and Xpdf JBIG2 symbol dictionary buffer overflow attempt (file-pdf.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules) * 1:17645 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS strings parsing memory corruption attempt (browser-ie.rules) * 1:17649 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word array data handling buffer overflow attempt (file-office.rules) * 1:17650 <-> DISABLED <-> FILE-OTHER Adobe Pagemaker Key Strings Stack Buffer Overflow attempt (file-other.rules) * 1:17651 <-> DISABLED <-> FILE-OTHER Multiple AV vendor invalid archive checksum bypass attempt (file-other.rules) * 1:17653 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS source code disclosure attempt (server-iis.rules) * 1:17655 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed formula parsing code execution attempt (file-office.rules) * 1:17656 <-> DISABLED <-> SERVER-APACHE Apache HTTP server mod_rewrite module LDAP scheme handling buffer overflow attempt (server-apache.rules) * 1:17657 <-> DISABLED <-> SERVER-OTHER Symantec NetBackup BPCD Daemon exploit attempt (server-other.rules) * 1:17658 <-> DISABLED <-> FILE-FLASH Adobe Flash frame type identifier memory corruption attempt (file-flash.rules) * 1:17659 <-> DISABLED <-> SERVER-ORACLE xdb.dbms_xmlschema buffer overflow attempt (server-oracle.rules) * 1:17660 <-> DISABLED <-> SERVER-OTHER Oracle Java Web Start arbitrary command execution attempt (server-other.rules) * 1:17661 <-> DISABLED <-> SERVER-SAMBA Samba send_mailslot buffer overflow attempt (server-samba.rules) * 1:17662 <-> DISABLED <-> SERVER-OTHER VMware Workstation DHCP service integer overflow attempt (server-other.rules) * 1:17666 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer invalid chunk size heap overflow attempt (file-multimedia.rules) * 1:17668 <-> DISABLED <-> FILE-PDF download of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules) * 1:17669 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules) * 1:17679 <-> DISABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:17680 <-> DISABLED <-> SERVER-OTHER ISC BIND DNSSEC Validation Multiple RRsets DoS (server-other.rules) * 1:17685 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules) * 1:17686 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules) * 1:17687 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid pointer memory corruption attempt (browser-ie.rules) * 1:17688 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:17689 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer userdata behavior memory corruption attempt (browser-ie.rules) * 1:17690 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:17692 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ExecWB security zone bypass attempt (browser-ie.rules) * 1:17698 <-> DISABLED <-> SERVER-MAIL RealNetworks RealPlayer wav chunk string overflow attempt in email (server-mail.rules) * 1:17701 <-> DISABLED <-> BROWSER-PLUGINS Office Viewer ActiveX arbitrary command execution attempt (browser-plugins.rules) * 1:17702 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP srvsvc NetrDfsCreateExitPoint dos attempt (os-windows.rules) * 1:17703 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup title bar spoofing attempt (browser-ie.rules) * 1:17704 <-> DISABLED <-> FILE-OTHER McAfee LHA file parsing buffer overflow attempt (file-other.rules) * 1:17705 <-> DISABLED <-> SERVER-IIS web agent chunked encoding overflow attempt (server-iis.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules) * 1:17708 <-> DISABLED <-> SERVER-OTHER VNC password request URL buffer overflow attempt (server-other.rules) * 1:17709 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMBED element memory corruption attempt (browser-ie.rules) * 1:17710 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup vmd shared library buffer overflow attempt (server-other.rules) * 1:17711 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ASF parsing memory corruption attempt (os-windows.rules) * 1:17712 <-> DISABLED <-> OS-WINDOWS TFTP PUT Microsoft RIS filename overwrite attempt (os-windows.rules) * 1:17713 <-> DISABLED <-> SERVER-OTHER Novell NetMail NMAP STOR buffer overflow attempt (server-other.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17716 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes DOC attachment viewer buffer overflow (server-mail.rules) * 1:17717 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes HTML input tag buffer overflow attempt (server-mail.rules) * 1:17718 <-> DISABLED <-> SERVER-ORACLE Oracle MDSYS drop table trigger injection attempt (server-oracle.rules) * 1:17719 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ClearTextRun exploit attempt (browser-firefox.rules) * 1:17720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer static text range overflow attempt (browser-ie.rules) * 1:17721 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS replication inform2 request memory corruption attempt (os-windows.rules) * 1:17722 <-> DISABLED <-> SERVER-ORACLE XDB.XDB_PITRIG_PKG buffer overflow attempt (server-oracle.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 1:17724 <-> DISABLED <-> OS-WINDOWS malicious ASP file upload attempt (os-windows.rules) * 1:17725 <-> DISABLED <-> BROWSER-OTHER Opera file URI handling buffer overflow (browser-other.rules) * 1:17726 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer address bar spoofing attempt (browser-ie.rules) * 1:17727 <-> DISABLED <-> FILE-OTHER Oracle JDK image parsing library ICC buffer overflow attempt (file-other.rules) * 1:17729 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer EMBED element memory corruption attempt (browser-ie.rules) * 1:17730 <-> DISABLED <-> OS-WINDOWS Microsoft XML Core Services MIME Viewer memory corruption attempt (os-windows.rules) * 1:17731 <-> DISABLED <-> OS-WINDOWS Microsoft Windows wpad dynamic update request (os-windows.rules) * 1:17732 <-> ENABLED <-> FILE-IDENTIFY TIFF file download request (file-identify.rules) * 1:17733 <-> ENABLED <-> FILE-IDENTIFY XML file download request (file-identify.rules) * 1:17734 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel REPT integer underflow attempt (file-office.rules) * 1:17738 <-> DISABLED <-> SERVER-OTHER Linux Kernel SNMP Netfilter Memory Corruption attempt (server-other.rules) * 1:17739 <-> DISABLED <-> FILE-IDENTIFY FlashPix file download request (file-identify.rules) * 1:17740 <-> DISABLED <-> FILE-IMAGE Apple Quicktime FlashPix processing overflow attempt (file-image.rules) * 1:17742 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word remote code execution attempt (file-office.rules) * 1:17743 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word RTF parsing memory corruption (file-office.rules) * 1:17746 <-> DISABLED <-> OS-WINDOWS SMB client TRANS response Find_First2 filename overflow attempt (os-windows.rules) * 1:17747 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer compressed HDMX font processing integer overflow attempt (browser-ie.rules) * 1:17749 <-> DISABLED <-> PROTOCOL-RPC Linux Kernel nfsd v4 CAP_MKNOD security bypass attempt (protocol-rpc.rules) * 1:17750 <-> DISABLED <-> SERVER-IIS Microsoft IIS 7.5 client verify null pointer attempt (server-iis.rules) * 1:17751 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file download request (file-identify.rules) * 1:17753 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player network sharing service RTSP code execution attempt (file-multimedia.rules) * 1:17756 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word XP PLFLSInTableStream heap overflow attempt (file-office.rules) * 1:17757 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel CrErr record integer overflow attempt (file-office.rules) * 1:17758 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (file-office.rules) * 1:17759 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid SerAr object exploit attempt (file-office.rules) * 1:17760 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:17764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:17766 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 XSS in toStaticHTML API attempt (browser-ie.rules) * 1:17767 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 tostaticHTML CSS import vulnerability (browser-ie.rules) * 1:17768 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 object event handler use after free exploit attempt (browser-ie.rules) * 1:17769 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 CSS invalid mapping exploit attempt (browser-ie.rules) * 1:17770 <-> DISABLED <-> FILE-OFFICE Microsoft HtmlDlgHelper ActiveX clsid access (file-office.rules) * 1:17771 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer cross-domain information disclosure attempt (browser-ie.rules) * 1:17772 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Scriptlet Component ActiveX clsid access (browser-plugins.rules) * 1:17777 <-> DISABLED <-> SERVER-MAIL IBM Lotus Notes WPD attachment handling buffer overflow (server-mail.rules) * 1:17778 <-> DISABLED <-> FILE-OTHER BitDefender Internet Security script code execution attempt (file-other.rules) * 1:17801 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:17802 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file download request (file-identify.rules) * 1:17803 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules) * 1:17804 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox html tag attributes memory corruption (browser-firefox.rules) * 1:17806 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:17807 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules) * 1:17809 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime qt file download request (file-identify.rules) * 1:18065 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint converter bad indirection remote code execution attempt (file-office.rules) * 1:18066 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint integer underflow heap corruption attempt (file-office.rules) * 1:18067 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules) * 1:18068 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed MsoDrawingObject record attempt (file-office.rules) * 1:18069 <-> DISABLED <-> FILE-OFFICE Microsoft Office Art drawing invalid shape identifier attempt (file-office.rules) * 1:18076 <-> DISABLED <-> OS-WINDOWS Microsoft Forefront UAG URL XSS alternate attempt (os-windows.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:18102 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt (file-pdf.rules) * 1:18103 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 5yvod.net (blacklist.rules) * 1:18104 <-> DISABLED <-> BLACKLIST DNS request for known malware domain b.9s3.info (blacklist.rules) * 1:18106 <-> DISABLED <-> BLACKLIST DNS request for known malware domain e.msssm.com (blacklist.rules) * 1:18108 <-> DISABLED <-> BLACKLIST DNS request for known malware domain phoroshop.es (blacklist.rules) * 1:18114 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.5fqq.com (blacklist.rules) * 1:18115 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ajs2002.com (blacklist.rules) * 1:18116 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.bnbsoft.co.kr (blacklist.rules) * 1:18117 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cineseoul.com (blacklist.rules) * 1:18118 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.hao1345.com (blacklist.rules) * 1:18119 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ilbondrama.net (blacklist.rules) * 1:18120 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.iwebdy.net (blacklist.rules) * 1:18121 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.linzhiling123.com (blacklist.rules) * 1:18122 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.opusgame.com (blacklist.rules) * 1:18123 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.phoroshop.es (blacklist.rules) * 1:18124 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.sijianfeng.com (blacklist.rules) * 1:18125 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.tpydb.com (blacklist.rules) * 1:18127 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.univus.co.kr (blacklist.rules) * 1:18128 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.uwonderfull.com (blacklist.rules) * 1:18129 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.w22rt.com (blacklist.rules) * 1:18130 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.wwmei.com (blacklist.rules) * 1:18133 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.001zs.com (blacklist.rules) * 1:18134 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.551sf.com (blacklist.rules) * 1:18135 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.555hd.com (blacklist.rules) * 1:18136 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.66xihu.com (blacklist.rules) * 1:18137 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.9292cs.cn (blacklist.rules) * 1:18138 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.chateaulegend.com (blacklist.rules) * 1:18139 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.china-aoben.com (blacklist.rules) * 1:18140 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cqtjg.com (blacklist.rules) * 1:18141 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.dspenter.com (blacklist.rules) * 1:18142 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.eastadmin.com (blacklist.rules) * 1:18143 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.fp0755.cn (blacklist.rules) * 1:18144 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.fp0769.com (blacklist.rules) * 1:18145 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.fp360.net (blacklist.rules) * 1:18146 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.gdfp365.cn (blacklist.rules) * 1:18147 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.gev.cn (blacklist.rules) * 1:18148 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.haoleyou.com (blacklist.rules) * 1:18149 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.haosf08.com (blacklist.rules) * 1:18150 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.jxbaike.com (blacklist.rules) * 1:18151 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.kingsoftduba2009.com (blacklist.rules) * 1:18152 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.mainhu.com (blacklist.rules) * 1:18154 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.nc57.com (blacklist.rules) * 1:18155 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.pplog.cn (blacklist.rules) * 1:18156 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.pxflm.com (blacklist.rules) * 1:18157 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.quyou365.com (blacklist.rules) * 1:18158 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.shzhaotian.cn (blacklist.rules) * 1:18159 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.soanala.com (blacklist.rules) * 1:18160 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.stony-skunk.com (blacklist.rules) * 1:18161 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.street08.com (blacklist.rules) * 1:18162 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.weilingcy.com (blacklist.rules) * 1:18163 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.yisaa.com (blacklist.rules) * 1:18164 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.yx240.com (blacklist.rules) * 1:18165 <-> DISABLED <-> BLACKLIST DNS request for known malware domain e.mssm.com (blacklist.rules) * 1:18167 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules) * 1:18168 <-> DISABLED <-> INDICATOR-SHELLCODE Possible generic javascript heap spray attempt (indicator-shellcode.rules) * 1:18184 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnf.gametime.co.kr (blacklist.rules) * 1:18185 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.dd0415.net (blacklist.rules) * 1:18196 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS importer use-after-free attempt (browser-ie.rules) * 1:18197 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:18198 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:18199 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer COleSite ActiveX memory corruption attempt (browser-plugins.rules) * 1:18200 <-> ENABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:18204 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Address Book wab32res.dll dll-load exploit attempt (os-windows.rules) * 1:18205 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt (os-windows.rules) * 1:18206 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Address Book wab32res.dll dll-load exploit attempt (os-windows.rules) * 1:18207 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Address Book msoeres32.dll dll-load exploit attempt (os-windows.rules) * 1:18212 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher tyo.oty field heap overflow attempt (file-office.rules) * 1:18216 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 6 #default#anim attempt (browser-ie.rules) * 1:18217 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer select element memory corruption attempt (browser-ie.rules) * 1:18218 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer time element memory corruption attempt (browser-ie.rules) * 1:18219 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver remote code execution attempt (file-other.rules) * 1:18221 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table remote code execution attempt (browser-ie.rules) * 1:18233 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Adobe Font Driver code execution attempt (file-office.rules) * 1:18234 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:18235 <-> DISABLED <-> FILE-OFFICE Microsoft Office PICT graphics converter memory corruption attempt (file-office.rules) * 1:18237 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Flashpix graphics filter fpx32.flt remote code execution attempt (file-image.rules) * 1:18238 <-> DISABLED <-> SERVER-WEBAPP Microsoft Office SharePoint document conversion remote code excution attempt (server-webapp.rules) * 1:18239 <-> DISABLED <-> INDICATOR-OBFUSCATION known malicious JavaScript decryption routine (indicator-obfuscation.rules) * 1:18240 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS importer use-after-free attempt (browser-ie.rules) * 1:18241 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI administrator tools object viewer ActiveX clsid access (browser-plugins.rules) * 1:18242 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI Administrator Tools Object Viewer ActiveX function call access (browser-plugins.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules) * 1:18265 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:18269 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnf.6bom.com (blacklist.rules) * 1:18270 <-> DISABLED <-> BLACKLIST DNS request for known malware domain koonol.com (blacklist.rules) * 1:18272 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.886.com (blacklist.rules) * 1:18277 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt (os-windows.rules) * 1:18278 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista Backup Tool fveapi.dll dll-load exploit attempt (os-windows.rules) * 1:18280 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer oversize recordset object cache size exploit attempt (browser-ie.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules) * 1:18297 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Comctl32.dll third-party SVG viewer heap overflow attempt (os-windows.rules) * 1:18308 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader ICC mluc integer overflow attempt (file-pdf.rules) * 1:18309 <-> DISABLED <-> OS-WINDOWS Microsoft Vector Markup Language fill method overflow attempt (os-windows.rules) * 1:18310 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18329 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows WMI Administrator Tools Object Viewer ActiveX function call access (browser-plugins.rules) * 1:18331 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio DXF variable name overflow attempt (file-office.rules) * 1:18335 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MHTML XSS attempt (os-windows.rules) * 1:18398 <-> DISABLED <-> FILE-OFFICE Microsoft Office thumbnail bitmap invalid biClrUsed attempt (file-office.rules) * 1:18399 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel BRAI record remote code execution attempt (file-office.rules) * 1:18401 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Base64 encoded script overflow attempt (browser-ie.rules) * 1:18402 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD Adobe font driver remote code execution attempt (file-other.rules) * 1:18403 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Data Source Object memory corruption attempt (browser-ie.rules) * 1:18404 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer document.insertBefore memory corruption attempt (browser-ie.rules) * 1:18416 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio ORMinfo classes length overflow attempt (file-office.rules) * 1:18417 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio ORMinfo classes length overflow attempt (file-office.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules) * 1:18448 <-> DISABLED <-> FILE-PDF Adobe Acrobat Universal 3D stream memory corruption attempt (file-pdf.rules) * 1:18450 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed BMP RGBQUAD attempt (file-pdf.rules) * 1:18451 <-> ENABLED <-> FILE-PDF Adobe Acrobat ICC color integer overflow attempt (file-pdf.rules) * 1:18453 <-> DISABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:18454 <-> ENABLED <-> FILE-PDF Adobe Acrobat universal 3D format memory corruption attempt (file-pdf.rules) * 1:18457 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader U3D rgba parsing overflow attempt (file-pdf.rules) * 1:18460 <-> ENABLED <-> SERVER-WEBAPP Symantec Alert Management System pin number buffer overflow attempt (server-webapp.rules) * 1:18461 <-> DISABLED <-> SERVER-MAIL IBM Lotus Domino nrouter.exe iCalendar MAILTO stack buffer overflow attempt (server-mail.rules) * 1:18463 <-> DISABLED <-> FILE-OTHER Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-other.rules) * 1:18464 <-> DISABLED <-> SERVER-WEBAPP Adobe ColdFusion locale directory traversal attempt (server-webapp.rules) * 1:18465 <-> DISABLED <-> SERVER-WEBAPP FreePBX recording interface file upload code execution attempt (server-webapp.rules) * 1:18469 <-> DISABLED <-> CONTENT-REPLACE Microsoft Windows Encrypted DCERPC request attempt (content-replace.rules) * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules) * 1:18482 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer History.go method double free corruption attempt (browser-ie.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules) * 1:18494 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules) * 1:18495 <-> DISABLED <-> OS-WINDOWS Microsoft product .dll dll-load exploit attempt (os-windows.rules) * 1:18496 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (os-windows.rules) * 1:18497 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Media Player and shell extension ehtrace.dll dll-load exploit attempt (os-windows.rules) * 1:18498 <-> ENABLED <-> FILE-OTHER Microsoft Media Player dvr-ms file parsing remote code execution attempt (file-other.rules) * 1:18499 <-> DISABLED <-> OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt (os-windows.rules) * 1:18500 <-> DISABLED <-> OS-WINDOWS Microsoft Groove mso.dll dll-load exploit attempt (os-windows.rules) * 1:18506 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules) * 1:18507 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CCITT stream compression filter invalid image size heap overflow attempt (file-pdf.rules) * 1:18510 <-> DISABLED <-> FILE-IMAGE Apple QuickTime FlashPix Movie file integer overflow attempt (file-image.rules) * 1:18511 <-> DISABLED <-> SERVER-OTHER Sourcefire Snort packet fragmentation reassembly denial of service attempt (server-other.rules) * 1:18513 <-> DISABLED <-> SERVER-MYSQL yaSSL SSL Hello Message Buffer Overflow attempt (server-mysql.rules) * 1:18514 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint malformed shapeid arbitrary code execution attempt (file-office.rules) * 1:18515 <-> DISABLED <-> FILE-OFFICE Microsoft Office Visio VSD file icon memory corruption attempt (file-office.rules) * 1:18516 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file download request (file-identify.rules) * 1:18519 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML DOM invalid DHTML element creation attempt (browser-ie.rules) * 1:18524 <-> DISABLED <-> SERVER-OTHER Multiple vendor anti-virus extended ASCII filename scan bypass attempt (server-other.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules) * 1:18528 <-> DISABLED <-> SERVER-ORACLE Oracle TimesTen In-Memory Database HTTP request denial of service attempt (server-oracle.rules) * 1:18533 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC authentication denial of service attempt (server-other.rules) * 1:18534 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC authentication denial of service attempt (server-other.rules) * 1:18535 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt (file-office.rules) * 1:18536 <-> DISABLED <-> FILE-OFFICE OpenOffice.org Microsoft Office Word file processing integer underflow attempt (file-office.rules) * 1:18537 <-> DISABLED <-> FILE-OTHER OpenOffice.org XPM file processing integer overflow attempt (file-other.rules) * 1:18538 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgName invalid index exploit attempt (file-office.rules) * 1:18539 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer event handling remote code execution attempt (browser-ie.rules) * 1:18541 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel 2007 invalid comments.xml uninitialized pointer access attempt 3 (file-office.rules) * 1:18542 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Media Player ActiveX unknow compression algorithm use arbitrary code execution attempt (browser-plugins.rules) * 1:18543 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:18544 <-> ENABLED <-> FILE-FLASH embedded Shockwave dropper in email attachment (file-flash.rules) * 1:18545 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file transfer (file-office.rules) * 1:18546 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file transfer (file-office.rules) * 1:18547 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint with embedded Flash file transfer (file-office.rules) * 1:18548 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment (file-office.rules) * 1:18549 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word with embedded Flash file attachment (file-office.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:18556 <-> DISABLED <-> SERVER-WEBAPP Symantec IM manager IMAdminReportTrendFormRun.asp sql injection attempt (server-webapp.rules) * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18559 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules) * 1:18560 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Performance Insight Server backdoor account code execution attempt (server-webapp.rules) * 1:18561 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file overread buffer overflow attempt (file-image.rules) * 1:18575 <-> DISABLED <-> PROTOCOL-FTP Computer Associates eTrust Secure Content Manager LIST stack overflow attempt (protocol-ftp.rules) * 1:18578 <-> DISABLED <-> BROWSER-PLUGINS RealNetworks RealPlayer RMOC3260.DLL cdda URI overflow attempt (browser-plugins.rules) * 1:18583 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules) * 1:18585 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TIFF remote code execution attempt (file-pdf.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18588 <-> DISABLED <-> PROTOCOL-FTP Ipswitch Ws_ftp XCRC overflow attempt (protocol-ftp.rules) * 1:18589 <-> DISABLED <-> NETBIOS Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (netbios.rules) * 1:18590 <-> DISABLED <-> OS-WINDOWS Outlook Express WAB file parsing buffer overflow attempt (os-windows.rules) * 1:18592 <-> DISABLED <-> BROWSER-PLUGINS Yahoo Music Jukebox ActiveX exploit (browser-plugins.rules) * 1:18593 <-> DISABLED <-> FILE-IDENTIFY BitTorrent torrent file download request (file-identify.rules) * 1:18594 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules) * 1:18595 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro Web Deployment ActiveX clsid access (browser-plugins.rules) * 1:18596 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader util.printf buffer overflow attempt (file-pdf.rules) * 1:18597 <-> DISABLED <-> BROWSER-OTHER Opera file URI handling buffer overflow (browser-other.rules) * 1:18599 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PictureViewer buffer overflow attempt (file-image.rules) * 1:18601 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Common Controls Animation Object ActiveX clsid access (browser-plugins.rules) * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules) * 1:18615 <-> DISABLED <-> FILE-OFFICE Microsoft Works 4.x converter font name buffer overflow attempt (file-office.rules) * 1:18632 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed Label record exploit attempt (file-office.rules) * 1:18638 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel drawing layer use after free attempt (file-office.rules) * 1:18643 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTTextFflow overflow attempt (file-office.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules) * 1:18654 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe format string attempt (protocol-scada.rules) * 1:18655 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LLMNR invalid reverse name lookup stack corruption attempt (os-windows.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules) * 1:1866 <-> DISABLED <-> PROTOCOL-POP USER overflow attempt (protocol-pop.rules) * 1:18668 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Windows Messenger ActiveX clsid access (browser-plugins.rules) * 1:18670 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:18671 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object management memory corruption attempt (browser-ie.rules) * 1:18675 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:18679 <-> ENABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules) * 1:18680 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18681 <-> DISABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript - JavaScript object detected (file-pdf.rules) * 1:18682 <-> DISABLED <-> FILE-PDF transfer of a PDF with OpenAction object attempt (file-pdf.rules) * 1:18710 <-> DISABLED <-> SERVER-OTHER McAfee ePolicy Orchestrator Framework Services buffer overflow attempt (server-other.rules) * 1:18713 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS connection record handling denial of service attempt (server-other.rules) * 1:18714 <-> DISABLED <-> SERVER-OTHER OpenSSL TLS connection record handling denial of service attempt (server-other.rules) * 1:18740 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel sheet object type confusion exploit attempt (file-office.rules) * 1:18753 <-> DISABLED <-> SERVER-OTHER Zend Server Java Bridge remote code execution attempt (server-other.rules) * 1:18754 <-> ENABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:18755 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio Data Type Memory Corruption (file-office.rules) * 1:18756 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner Windows 7/Server 2008R2 (indicator-compromise.rules) * 1:18757 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner Windows Vista (indicator-compromise.rules) * 1:18759 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules) * 1:18760 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules) * 1:18764 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18766 <-> DISABLED <-> SERVER-OTHER OpenSSL CMS structure OriginatorInfo memory corruption attempt (server-other.rules) * 1:18767 <-> DISABLED <-> PROTOCOL-TFTP Multiple TFTP product buffer overflow attempt (protocol-tftp.rules) * 1:18768 <-> ENABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules) * 1:18770 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit range object remote code execution attempt (browser-webkit.rules) * 1:18776 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Director pamm chunk memory corruption attempt (file-other.rules) * 1:18777 <-> DISABLED <-> SERVER-OTHER HP data protector OmniInet service NULL dereference denial of service attempt (server-other.rules) * 1:18790 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe overflow attempt (server-other.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:18792 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management UploadServlet code execution attempt (server-webapp.rules) * 1:18794 <-> DISABLED <-> SERVER-WEBAPP RedHat JBoss Enterprise Application Platform JMX authentication bypass attempt (server-webapp.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules) * 1:18796 <-> DISABLED <-> SERVER-WEBAPP Novell iManager ClassName handling overflow attempt (server-webapp.rules) * 1:18797 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration property_box.php other variable command execution attempt (server-webapp.rules) * 1:18798 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations denial of service attempt (server-other.rules) * 1:18799 <-> DISABLED <-> SERVER-OTHER HP Data Protector Media Operations denial of service attempt (server-other.rules) * 1:18801 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader JpxDecode invalid crgn memory corruption attempt (file-pdf.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules) * 1:18803 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Runtime CMM readMabCurveData buffer overflow attempt (server-webapp.rules) * 1:18804 <-> DISABLED <-> SERVER-WEBAPP OpenLDAP Modrdn utf-8 string code execution attempt (server-webapp.rules) * 1:18806 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record exploit attempt (file-office.rules) * 1:18807 <-> DISABLED <-> SERVER-OTHER OpenLDAP Modrdn RDN NULL string denial of service attempt (server-other.rules) * 1:18808 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server List Mailer Reply-To address buffer overflow attempt (server-mail.rules) * 1:18809 <-> DISABLED <-> BROWSER-FIREFOX Mozilla EnsureCachedAttrParamArrays integer overflow attempt (browser-firefox.rules) * 1:1882 <-> DISABLED <-> INDICATOR-COMPROMISE id check returned userid (indicator-compromise.rules) * 1:18901 <-> DISABLED <-> SERVER-OTHER MIT Kerberos KDC Ticket validation double free memory corruption attempt (server-other.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules) * 1:18903 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Rendering Counter Code Execution (browser-webkit.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:18928 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime streaming debug error logging buffer overflow attempt (file-multimedia.rules) * 1:18929 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration objectname variable command injection attempt (server-oracle.rules) * 1:18930 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:18935 <-> DISABLED <-> SERVER-OTHER ISC DHCP server zero length client ID denial of service attempt (server-other.rules) * 1:18948 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint converter bad indirection remote code execution attempt (file-office.rules) * 1:18951 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CTableLayout memory corruption attempt (browser-ie.rules) * 1:18952 <-> DISABLED <-> FILE-OTHER Microsoft Windows uniscribe fonts parsing memory corruption attempt (file-other.rules) * 1:18953 <-> DISABLED <-> FILE-OTHER rich text format unexpected field type memory corruption attempt (file-other.rules) * 1:18954 <-> DISABLED <-> FILE-OTHER rich text format unexpected field type memory corruption attempt (file-other.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:18959 <-> DISABLED <-> SERVER-WEBAPP VMware SpringSource Spring Framework class.classloader remote code execution attempt (server-webapp.rules) * 1:18960 <-> ENABLED <-> SERVER-WEBAPP Novell GroupWise agents HTTP request remote code execution attempt (server-webapp.rules) * 1:18961 <-> DISABLED <-> OS-WINDOWS Microsoft Windows MSXML2 ActiveX malformed HTTP response (os-windows.rules) * 1:18972 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration selector variable command injection attempt (server-oracle.rules) * 1:18973 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit button first-letter style rendering code execution attempt (browser-webkit.rules) * 1:18974 <-> DISABLED <-> BROWSER-PLUGINS SAP Crystal Reports PrintControl.dll ActiveX function call attempt (browser-plugins.rules) * 1:18975 <-> DISABLED <-> BROWSER-PLUGINS SAP Crystal Reports PrintControl.dll ActiveX function call access (browser-plugins.rules) * 1:18985 <-> DISABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules) * 1:18986 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18987 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18988 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18989 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18990 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18991 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader TTF SING table parsing remote code execution attempt (file-pdf.rules) * 1:18995 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit removeAllRanges use-after-free attempt (browser-webkit.rules) * 1:18996 <-> DISABLED <-> SERVER-ORACLE DBMS_JAVA.SET_OUTPUT_TO_JAVA privilege escalation attempt (server-oracle.rules) * 1:18997 <-> DISABLED <-> OS-LINUX Linux kernel sctp_rcv_ootb invalid chunk length DoS attempt (os-linux.rules) * 1:18998 <-> ENABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:19000 <-> DISABLED <-> SERVER-MYSQL Database CASE NULL argument denial of service attempt (server-mysql.rules) * 1:19001 <-> DISABLED <-> SERVER-MYSQL IN NULL argument denial of service attempt (server-mysql.rules) * 1:19002 <-> DISABLED <-> FILE-FLASH RealNetworks RealPlayer FLV parsing two integer overflow vulnerabilities (file-flash.rules) * 1:19003 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit run-in use-after-free attempt (browser-webkit.rules) * 1:19004 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit run-in use-after-free attempt (browser-webkit.rules) * 1:19005 <-> DISABLED <-> BROWSER-CHROME Apple Safari/Google Chrome Webkit memory corruption attempt (browser-chrome.rules) * 1:19006 <-> DISABLED <-> SERVER-OTHER HP Data Protector Express DtbClsLogin buffer overflow attempt (server-other.rules) * 1:19007 <-> DISABLED <-> SERVER-SAMBA Samba SID parsing overflow attempt (server-samba.rules) * 1:19008 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit floating point conversion memory corruption attempt (browser-webkit.rules) * 1:19009 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit menu onchange memory corruption attempt (browser-webkit.rules) * 1:19010 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit menu onchange memory corruption attempt (browser-webkit.rules) * 1:19011 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (file-other.rules) * 1:19012 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player Lnam chunk processing buffer overflow attempt (file-other.rules) * 1:19013 <-> ENABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules) * 1:19063 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker string size overflow attempt (file-multimedia.rules) * 1:19064 <-> DISABLED <-> FILE-OTHER Microsoft OpenType font index remote code execution attempt (file-other.rules) * 1:19065 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel with embedded Flash file attachment attempt (file-office.rules) * 1:19071 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19072 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server NTLM authentication heap overflow attempt (server-other.rules) * 1:19073 <-> DISABLED <-> SERVER-OTHER Squid Proxy Expect header null pointer denial of service attempt (server-other.rules) * 1:19074 <-> DISABLED <-> INDICATOR-OBFUSCATION javascript uuencoded noop sled attempt (indicator-obfuscation.rules) * 1:19078 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox html tag attributes memory corruption (browser-firefox.rules) * 1:19080 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19081 <-> DISABLED <-> INDICATOR-OBFUSCATION known suspicious decryption routine (indicator-obfuscation.rules) * 1:19082 <-> ENABLED <-> FILE-PDF Adobe Flash Player memory corruption attempt (file-pdf.rules) * 1:19083 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:19084 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules) * 1:19085 <-> DISABLED <-> BROWSER-PLUGINS LEADTOOLS Raster Twain LtocxTwainu.dll ActiveX clsid access (browser-plugins.rules) * 1:19086 <-> DISABLED <-> BROWSER-PLUGINS LEADTOOLS Raster Twain LtocxTwainu.dll ActiveX function call (browser-plugins.rules) * 1:19091 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl3_get_key_exchange use-after-free attempt (server-other.rules) * 1:19092 <-> DISABLED <-> SERVER-OTHER OpenSSL ssl3_get_key_exchange use-after-free attempt (server-other.rules) * 1:19093 <-> DISABLED <-> SERVER-MYSQL Database unique set column denial of service attempt (server-mysql.rules) * 1:19094 <-> DISABLED <-> SERVER-MYSQL Database unique set column denial of service attempt (server-mysql.rules) * 1:19095 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit CSS Charset Text transformation code execution attempt (browser-webkit.rules) * 1:19096 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit CSS Charset Text transformation code execution attempt (browser-webkit.rules) * 1:19097 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit ContentEditable code execution attempt (browser-webkit.rules) * 1:19098 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit ContentEditable code exeuction attempt (browser-webkit.rules) * 1:19099 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari CSS font format corruption attempt (browser-webkit.rules) * 1:19100 <-> DISABLED <-> FILE-JAVA Oracle Java Soundbank resource name overflow attempt (file-java.rules) * 1:19101 <-> DISABLED <-> SERVER-ORACLE Oracle Java Web Server Admin Server denial of service attempt (server-oracle.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules) * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:19107 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer code execution attempt (server-apache.rules) * 1:19108 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInstaller ActiveX clsid access (browser-plugins.rules) * 1:19109 <-> DISABLED <-> BROWSER-PLUGINS SonicWall Aventail EPInstaller ActiveX function call access (browser-plugins.rules) * 1:19110 <-> DISABLED <-> SERVER-WEBAPP IBM Rational Quality Manager and Test Lab Manager policy bypass attempt (server-webapp.rules) * 1:19111 <-> DISABLED <-> FILE-FLASH Adobe Flash Media Server memory exhaustion (file-flash.rules) * 1:19112 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D stucture heap overflow (file-other.rules) * 1:19113 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 81 overflow attempt (file-other.rules) * 1:19114 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 45 overflow attempt (file-other.rules) * 1:19115 <-> DISABLED <-> FILE-OTHER Adobe Shockwave 3D structure opcode 89 overflow attempt (file-other.rules) * 1:19116 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack mount service code execution attempt (server-other.rules) * 1:19117 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed U3D integer overflow (file-pdf.rules) * 1:19118 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader script injection vulnerability (file-pdf.rules) * 1:19119 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver remote code execution attempt (os-windows.rules) * 1:19120 <-> DISABLED <-> SERVER-OTHER IBM Informix DBINFO stack buffer overflow (server-other.rules) * 1:19121 <-> DISABLED <-> SERVER-OTHER IBM Informix EXPLAIN stack buffer overflow attempt (server-other.rules) * 1:19124 <-> DISABLED <-> SERVER-APACHE Apache mod_isapi dangling pointer exploit attempt (server-apache.rules) * 1:19126 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR handling heap buffer overflow attempt (file-multimedia.rules) * 1:19127 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer IVR handling heap buffer overflow attempt (file-multimedia.rules) * 1:19128 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:19129 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:19130 <-> DISABLED <-> FILE-IMAGE Microsoft Windows MSPaint jpeg with malformed SOFx field exploit attempt (file-image.rules) * 1:19131 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:19132 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RTD buffer overflow attempt (file-office.rules) * 1:19133 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel EntExU2 write access violation attempt (file-office.rules) * 1:19134 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray data parsing vulnerability exploit attempt (file-office.rules) * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:19141 <-> DISABLED <-> FILE-OFFICE Microsoft Access Wizard control memory corruption ActiveX clsid access (file-office.rules) * 1:19142 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager IMAdminScheduleReport.asp SQL injection attempt (server-webapp.rules) * 1:19143 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player JPG header record mismatch memory corruption attempt (file-multimedia.rules) * 1:19144 <-> DISABLED <-> FILE-OTHER Microsoft Windows MPEG Layer-3 audio heap corruption attempt (file-other.rules) * 1:19145 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:19146 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX quartz.dll MJPEG content processing memory corruption attempt (file-multimedia.rules) * 1:19147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer outerHTML against incomplete element heap corruption attempt (browser-ie.rules) * 1:19148 <-> DISABLED <-> FILE-MULTIMEDIA Adobe Flash Player SWF file MP4 data parsing memory corruption attempt (file-multimedia.rules) * 1:19149 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table tag memory corruption attempt (browser-ie.rules) * 1:19150 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed table tag memory corruption attempt (browser-ie.rules) * 1:19151 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX clsid access (browser-plugins.rules) * 1:19152 <-> DISABLED <-> BROWSER-PLUGINS Trend Micro HouseCall ActiveX function call access (browser-plugins.rules) * 1:19153 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word malformed index code execution attempt (file-office.rules) * 1:19154 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel PtgExtraArray parsing attempt (file-office.rules) * 1:19155 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector Media Operations SignInName Parameter overflow attempt (server-webapp.rules) * 1:19156 <-> ENABLED <-> FILE-OFFICE Microsoft Office .CGM file cell array heap overflow attempt (file-office.rules) * 1:19158 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB server axis2 service upload attempt (policy-other.rules) * 1:19159 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager RDS attempt (server-other.rules) * 1:19160 <-> DISABLED <-> SERVER-OTHER NetSupport Manager client buffer overflow attempt (server-other.rules) * 1:19161 <-> DISABLED <-> SERVER-OTHER NetSupport Manager client buffer overflow attempt (server-other.rules) * 1:19162 <-> DISABLED <-> SERVER-ORACLE get_domain_index_metadata privilege escalation attempt (server-oracle.rules) * 1:19163 <-> DISABLED <-> SERVER-ORACLE get_v2_domain_index_tables privilege escalation attempt (server-oracle.rules) * 1:19166 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:19167 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk UDPTL processing overflow attempt (protocol-voip.rules) * 1:19168 <-> DISABLED <-> SERVER-WEBAPP Oracle GoldenGate Veridata Server soap request overflow attempt (server-webapp.rules) * 1:19169 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer vidplin.dll avi header parsing execution attempt (file-multimedia.rules) * 1:1917 <-> DISABLED <-> INDICATOR-SCAN UPnP service discover attempt (indicator-scan.rules) * 1:19170 <-> ENABLED <-> FILE-OTHER Microsoft Windows .NET Framework XAML browser applications stack corruption (file-other.rules) * 1:19171 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (browser-ie.rules) * 1:19172 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 8 ieshims.dll dll-load exploit attempt (browser-ie.rules) * 1:19173 <-> ENABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules) * 1:19174 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Vista feed headlines cross-site scripting attack attempt (os-windows.rules) * 1:19180 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel pivot item index boundary corruption attempt (file-office.rules) * 1:19181 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer iframe uninitialized memory corruption attempt (browser-ie.rules) * 1:19182 <-> DISABLED <-> SERVER-OTHER strongSwan Certificate and Identification payload overflow attempt (server-other.rules) * 1:19183 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS FastCGI request header buffer overflow attempt (server-iis.rules) * 1:19184 <-> ENABLED <-> OS-WINDOWS Microsoft Windows OLEAUT32.DLL malicious WMF file remote code execution attempt (os-windows.rules) * 1:19186 <-> DISABLED <-> OS-WINDOWS Microsoft Certification service XSS attempt (os-windows.rules) * 1:19192 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS stack exhaustion DoS attempt (server-iis.rules) * 1:19193 <-> ENABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX clsid access (browser-plugins.rules) * 1:19194 <-> ENABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX function call access (browser-plugins.rules) * 1:19195 <-> ENABLED <-> BROWSER-PLUGINS Oracle Document Capture ActiveX function call access (browser-plugins.rules) * 1:19196 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ATMFD Adobe font driver remote code execution attempt (os-windows.rules) * 1:19197 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX clsid access (browser-plugins.rules) * 1:19198 <-> DISABLED <-> BROWSER-PLUGINS CA Internet Security Suite XMLSecDB ActiveX function call access (browser-plugins.rules) * 1:19201 <-> DISABLED <-> SQL waitfor delay function - possible SQL injection attempt (sql.rules) * 1:19202 <-> DISABLED <-> SQL declare varchar - possible SQL injection attempt (sql.rules) * 1:19203 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MsgBox arbitrary code execution attempt (browser-ie.rules) * 1:19204 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MsgBox arbitrary code execution attempt (browser-ie.rules) * 1:19205 <-> DISABLED <-> SERVER-OTHER Novell iManager Tree parameter denial of service attempt (server-other.rules) * 1:19206 <-> DISABLED <-> SERVER-OTHER IBM DB2 Universal Database receiveDASMessage buffer overflow attempt (server-other.rules) * 1:19207 <-> DISABLED <-> SERVER-OTHER Symantec Alert Management System AMSSendAlertAck stack buffer overflow attempt (server-other.rules) * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules) * 1:19209 <-> ENABLED <-> SERVER-WEBAPP Symantec Alert Management System modem string buffer overflow attempt (server-webapp.rules) * 1:19210 <-> ENABLED <-> SERVER-OTHER IBM Informix Dynamic Server set environment buffer overflow attempt (server-other.rules) * 1:19211 <-> ENABLED <-> FILE-IDENTIFY ZIP archive file download request (file-identify.rules) * 1:19213 <-> DISABLED <-> SERVER-MAIL Ipswitch IMail Server Mailing List Message Subject buffer overflow (server-mail.rules) * 1:19215 <-> ENABLED <-> FILE-IDENTIFY Google Chrome extension file download request (file-identify.rules) * 1:19216 <-> ENABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19217 <-> ENABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19218 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file download request (file-identify.rules) * 1:19219 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (file-other.rules) * 1:19220 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption (file-other.rules) * 1:19221 <-> ENABLED <-> OS-WINDOWS SMB-DS Trans2 Distributed File System response PathConsumed integer overflow attempt (os-windows.rules) * 1:19222 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff validation exploit attempt (file-office.rules) * 1:19223 <-> DISABLED <-> SERVER-OTHER SAP Crystal Reports 2008 directory traversal attempt (server-other.rules) * 1:19224 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex wrf file download request (file-identify.rules) * 1:19225 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SerAuxTrend biff record corruption attempt (file-office.rules) * 1:19226 <-> ENABLED <-> FILE-OTHER Cisco Webex Player .wrf stack buffer overflow (file-other.rules) * 1:19227 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Scenario heap memory overflow (file-office.rules) * 1:19228 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Administration preauth variable command injection attempt (server-webapp.rules) * 1:19237 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:19241 <-> DISABLED <-> BROWSER-IE Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (browser-ie.rules) * 1:19242 <-> DISABLED <-> BROWSER-IE Microsoft Windows Vector Markup Language imagedata page deconstruction attempt (browser-ie.rules) * 1:19243 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:19245 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer redirect to cdl protocol attempt (browser-ie.rules) * 1:19246 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS expression defined to empty selection attempt (browser-ie.rules) * 1:19258 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel SxView record memory pointer corruption attempt (file-office.rules) * 1:19259 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel WOpt record memory corruption attempt (file-office.rules) * 1:19260 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed MsoDrawingObject record attempt (file-office.rules) * 1:19262 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:19265 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:19266 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:19268 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules) * 1:19269 <-> DISABLED <-> FILE-PDF attempted download of a PDF with embedded Flash (file-pdf.rules) * 1:19281 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic single-byte xor countodwn encoder (indicator-shellcode.rules) * 1:19282 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic cpuid-based context keyed encoder (indicator-shellcode.rules) * 1:19283 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic stat-based context keyed encoder (indicator-shellcode.rules) * 1:19284 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic time-based context keyed encoder (indicator-shellcode.rules) * 1:19285 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic non-alpha/non-upper encoder (indicator-shellcode.rules) * 1:19286 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode uppercase encoder (indicator-shellcode.rules) * 1:19287 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode mixed encoder (indicator-shellcode.rules) * 1:19288 <-> DISABLED <-> INDICATOR-SHELLCODE x86 OS agnostic unicode tolower encoder (indicator-shellcode.rules) * 1:19290 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitary dll load attempt (file-other.rules) * 1:19294 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Chart Sheet Substream memory corruption attempt (file-office.rules) * 1:19295 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word HTML linked objects memory corruption attempt (file-office.rules) * 1:19296 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint improper filename remote code execution attempt (file-office.rules) * 1:19303 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint out of bounds value remote code execution attempt (file-office.rules) * 1:19304 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail ActiveX clsid access (browser-plugins.rules) * 1:19305 <-> DISABLED <-> BROWSER-PLUGINS Oracle EasyMail ActiveX function call access (browser-plugins.rules) * 1:19306 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher pubconv.dll corruption attempt (file-office.rules) * 1:19308 <-> DISABLED <-> FILE-OTHER Microsoft Windows embedded OpenType EOT font integer overflow attempt (file-other.rules) * 1:19313 <-> ENABLED <-> SERVER-OTHER Symantec Antivirus Intel Service DoS Attempt (server-other.rules) * 1:19314 <-> DISABLED <-> OS-WINDOWS Groove GroovePerfmon.dll dll-load exploit attempt (os-windows.rules) * 1:19315 <-> DISABLED <-> OS-WINDOWS Microsoft Groove GroovePerfmon.dll dll-load exploit attempt (os-windows.rules) * 1:19317 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmTDiagLine80 record parsing stack buffer overflow attempt (file-office.rules) * 1:19320 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI Header insufficient data corruption attempt (file-multimedia.rules) * 1:19321 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products nsCSSValue Array Index Integer Overflow (browser-firefox.rules) * 1:19322 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer and SharePoint toStaticHTML information disclosure attempt (browser-ie.rules) * 1:19403 <-> DISABLED <-> FILE-MULTIMEDIA Cinepak Codec VIDC decompression remote code execution attempt (file-multimedia.rules) * 1:19405 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:19406 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:19407 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:19408 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption exploit attempt (file-flash.rules) * 1:1941 <-> DISABLED <-> PROTOCOL-TFTP GET filename overflow attempt (protocol-tftp.rules) * 1:19411 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Cross-Domain information disclosure attempt (browser-ie.rules) * 1:19412 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel RealTimeData record parsing memory corruption (file-office.rules) * 1:19413 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:19414 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 and earlier stack buffer overflow attempt (file-office.rules) * 1:19420 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (file-multimedia.rules) * 1:19421 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player Subtitle StripTags Heap Buffer Overflow (file-multimedia.rules) * 1:19422 <-> DISABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:19423 <-> DISABLED <-> FILE-IDENTIFY MKV file download request (file-identify.rules) * 1:19424 <-> DISABLED <-> FILE-IDENTIFY MKA file download request (file-identify.rules) * 1:19425 <-> DISABLED <-> FILE-IDENTIFY MKS file download request (file-identify.rules) * 1:19430 <-> ENABLED <-> FILE-IDENTIFY MIDI file download request (file-identify.rules) * 1:19431 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI Timestamp buffer overflow attempt (file-multimedia.rules) * 1:19432 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI Timestamp buffer overflow attempt (file-multimedia.rules) * 1:19436 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CStyleSheetRule array memory corruption attempt (browser-ie.rules) * 1:19438 <-> ENABLED <-> SQL url ending in comment characters - possible sql injection attempt (sql.rules) * 1:19441 <-> DISABLED <-> SERVER-WEBAPP Oracle Virtual Server Agent command injection attempt (server-webapp.rules) * 1:19442 <-> DISABLED <-> FILE-OFFICE Microsoft Office embedded Office Art drawings execution attempt (file-office.rules) * 1:19444 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media sample duration header RCE attempt (file-multimedia.rules) * 1:19445 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Timecode header RCE attempt (file-multimedia.rules) * 1:19446 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media file name header RCE attempt (file-multimedia.rules) * 1:19447 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media content type header RCE attempt (file-multimedia.rules) * 1:19448 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media pixel aspect ratio header RCE attempt (file-multimedia.rules) * 1:19449 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:19450 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media encryption sample ID header RCE attempt (file-multimedia.rules) * 1:19451 <-> DISABLED <-> SERVER-OTHER Oracle VM server agent command injection (server-other.rules) * 1:19452 <-> DISABLED <-> SERVER-OTHER Oracle VM server agent command injection (server-other.rules) * 1:19458 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules) * 1:19459 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word sprmCMajority record buffer overflow attempt (file-office.rules) * 1:1952 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount request (protocol-rpc.rules) * 1:19552 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel format record code execution attempt (file-office.rules) * 1:19600 <-> DISABLED <-> SERVER-ORACLE Warehouse builder WE_OLAP_AW_SET_SOLVE_ID SQL Injection attempt (server-oracle.rules) * 1:19645 <-> DISABLED <-> SERVER-WEBAPP cross-site scripting attempt via form data attempt (server-webapp.rules) * 1:19649 <-> ENABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules) * 1:19650 <-> DISABLED <-> BROWSER-PLUGINS Cisco AnyConnect ActiveX clsid access (browser-plugins.rules) * 1:19668 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer telnet.exe file load exploit attempt (browser-ie.rules) * 1:19670 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer telnet.exe file load exploit attempt (browser-ie.rules) * 1:19671 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer XSLT memory corruption attempt (browser-ie.rules) * 1:19672 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer stylesheet dynamic access memory corruption attempt (browser-ie.rules) * 1:19675 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio invalid UMLString data length exploit attempt (file-office.rules) * 1:19687 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionStoreRegister instruction length invalidation attempt (file-flash.rules) * 1:19707 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Converter sprmTSplit overflow attempt (file-office.rules) * 1:19708 <-> DISABLED <-> SERVER-MAIL Postfix SMTP Server SASL AUTH Handle Reuse Memory Corruption (server-mail.rules) * 1:19710 <-> DISABLED <-> BROWSER-CHROME Google Chrome float rendering corruption attempt (browser-chrome.rules) * 1:19713 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:1972 <-> DISABLED <-> PROTOCOL-FTP PASS overflow attempt (protocol-ftp.rules) * 1:1973 <-> DISABLED <-> PROTOCOL-FTP MKD overflow attempt (protocol-ftp.rules) * 1:1975 <-> DISABLED <-> PROTOCOL-FTP DELE overflow attempt (protocol-ftp.rules) * 1:1976 <-> DISABLED <-> PROTOCOL-FTP RMD overflow attempt (protocol-ftp.rules) * 1:19803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos.FH variant outbound connection (malware-cnc.rules) * 1:19808 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules) * 1:19809 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer covered object memory corruption attempt (browser-ie.rules) * 1:19810 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS deleteReportTemplate SQL injection attempt (server-other.rules) * 1:19812 <-> ENABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules) * 1:19813 <-> ENABLED <-> SERVER-WEBAPP Novell File Reporter Agent XMLK parsing stack bugger overflow attempt (server-webapp.rules) * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:19818 <-> DISABLED <-> OS-WINDOWS Microsoft XML core services cross-domain information disclosure attempt (os-windows.rules) * 1:19825 <-> DISABLED <-> SERVER-APACHE Apache Killer denial of service tool exploit attempt (server-apache.rules) * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:19867 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules) * 1:19871 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer VML buffer overflow attempt (browser-ie.rules) * 1:19872 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer MDAC remote code execution attempt (browser-ie.rules) * 1:19873 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules) * 1:19884 <-> DISABLED <-> INDICATOR-OBFUSCATION String.fromCharCode with multiple encoding types detected (indicator-obfuscation.rules) * 1:19885 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer daxctle.ocx spline method buffer overflow attempt (browser-ie.rules) * 1:19887 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:19888 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:19889 <-> DISABLED <-> INDICATOR-OBFUSCATION base64-encoded data object found (indicator-obfuscation.rules) * 1:19890 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP CA Arcserve Backup directory traversal attempt (netbios.rules) * 1:19893 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Tabular Control ActiveX overflow by CLSID / param tag (browser-plugins.rules) * 1:19894 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint unbound memcpy and remote code execution attempt (file-office.rules) * 1:19907 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:19909 <-> DISABLED <-> BROWSER-PLUGINS Cisco AnyConnect ActiveX clsid access (browser-plugins.rules) * 1:19910 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer VML use after free attempt (browser-ie.rules) * 1:19911 <-> ENABLED <-> FILE-OTHER Microsoft SYmbolic LinK stack overflow attempt (file-other.rules) * 1:19926 <-> DISABLED <-> FILE-JAVA Oracle Java Runtime AWT setDiffICM stack buffer overflow attempt (file-java.rules) * 1:1993 <-> DISABLED <-> PROTOCOL-IMAP login literal buffer overflow attempt (protocol-imap.rules) * 1:19932 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher 2007 pointer dereference attempt (file-office.rules) * 1:19937 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer invalid object access memory corruption attempt (browser-ie.rules) * 1:19938 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules) * 1:19943 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MsoDrawingGroup record remote code execution attempt (file-office.rules) * 1:19956 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules) * 1:19972 <-> DISABLED <-> OS-WINDOWS SMB client TRANS response paramcount overflow attempt (os-windows.rules) * 1:20029 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel FNGROUPNAME record memory corruption attempt (file-office.rules) * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules) * 1:20031 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:20032 <-> ENABLED <-> FILE-IDENTIFY MIME file type file download request (file-identify.rules) * 1:20034 <-> DISABLED <-> FILE-OTHER ESTsoft ALZip MIM file buffer overflow attempt (file-other.rules) * 1:20061 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP ca-alert function 16,23,40, and 41 overflow attempt (netbios.rules) * 1:20062 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel File Importing Code Execution (file-office.rules) * 1:20072 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:20073 <-> ENABLED <-> OS-WINDOWS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (os-windows.rules) * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:20124 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Lbl record attempt (file-office.rules) * 1:20127 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Conditional Formatting record vulnerability (file-office.rules) * 1:20128 <-> DISABLED <-> FILE-OFFICE Microsoft Office invalid MS-OGRAPH DataFormat buffer overflow attempt (file-office.rules) * 1:20131 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20134 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector buffer overflow attempt (server-webapp.rules) * 1:20137 <-> DISABLED <-> INDICATOR-OBFUSCATION Possible generic javascript heap spray attempt (indicator-obfuscation.rules) * 1:20139 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules) * 1:20140 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules) * 1:20141 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word document summary information string overflow attempt (file-office.rules) * 1:20154 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll glyf directory table buffer overflow attempt (file-pdf.rules) * 1:20155 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CoolType.dll composite glyf buffer overflow attempt (file-pdf.rules) * 1:20158 <-> ENABLED <-> SERVER-WEBAPP Oracle GlassFish Server default credentials login attempt (server-webapp.rules) * 1:20175 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Remote Desktop Client ActiveX clsid access (browser-plugins.rules) * 1:20188 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_sys_config_method request/response attempt (indicator-shellcode.rules) * 1:20191 <-> DISABLED <-> INDICATOR-SHELLCODE Metasploit meterpreter stdapi_net_method request/response attempt (indicator-shellcode.rules) * 1:20210 <-> ENABLED <-> PROTOCOL-SCADA Cogent unicode buffer overflow attempt (protocol-scada.rules) * 1:20214 <-> ENABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules) * 1:20215 <-> ENABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules) * 1:20216 <-> DISABLED <-> PROTOCOL-SCADA Beckhoff TwinCAT DoS (protocol-scada.rules) * 1:20223 <-> DISABLED <-> FILE-IDENTIFY SMI file download request (file-identify.rules) * 1:20246 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:20247 <-> DISABLED <-> FILE-OFFICE Microsoft Office Outlook SMB attach by reference code execution attempt (file-office.rules) * 1:20255 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight inheritance restriction bypass (browser-plugins.rules) * 1:20259 <-> ENABLED <-> FILE-OTHER Microsoft Agent Helper Malicious JAR download attempt (file-other.rules) * 1:20261 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Windows win32k.sys kernel mode null pointer dereference attempt (file-executable.rules) * 1:20262 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules) * 1:20263 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlfile null attribute access attempt (browser-ie.rules) * 1:20264 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer form selection reset attempt (browser-ie.rules) * 1:20265 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer null attribute DoS attempt (browser-ie.rules) * 1:20266 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 8 Javascript negative option index attack attempt (browser-ie.rules) * 1:20267 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer circular reference exploit attempt (browser-ie.rules) * 1:20268 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Marquee stylesheet object removal (browser-ie.rules) * 1:20269 <-> ENABLED <-> FILE-IDENTIFY FON font file download request (file-identify.rules) * 1:20276 <-> DISABLED <-> INDICATOR-OBFUSCATION standard ASCII encoded with UTF-8 possible evasion detected (indicator-obfuscation.rules) * 1:20282 <-> DISABLED <-> FILE-IDENTIFY S3M file download request (file-identify.rules) * 1:20283 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC ModPlug ReadS3M overflow attempt (file-multimedia.rules) * 1:20284 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC ModPlug ReadS3M overflow attempt (file-multimedia.rules) * 1:20287 <-> ENABLED <-> FILE-IDENTIFY QCP file download request (file-identify.rules) * 1:20288 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer QCP parsing buffer overflow attempt (file-multimedia.rules) * 1:20294 <-> DISABLED <-> FILE-IMAGE Adobe Reader and Acrobat Libtiff TIFFFetchShortPair stack buffer overflow attempt (file-image.rules) * 1:20295 <-> DISABLED <-> FILE-IMAGE Public LibTiff Exploit (file-image.rules) * 1:20381 <-> DISABLED <-> PROTOCOL-VOIP Remote-Party-ID header hexadecimal characters in IP address field (protocol-voip.rules) * 1:20390 <-> DISABLED <-> PROTOCOL-VOIP Attribute header rtpmap field invalid payload type (protocol-voip.rules) * 1:20391 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:20392 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Attribute header rtpmap field buffer overflow attempt (protocol-voip.rules) * 1:20425 <-> DISABLED <-> PROTOCOL-VOIP Cisco 7940/7960 INVITE Remote-Party-ID header denial of service attempt (protocol-voip.rules) * 1:2045 <-> DISABLED <-> PROTOCOL-RPC snmpXdmi overflow attempt UDP (protocol-rpc.rules) * 1:20450 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:20451 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:20456 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:20459 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:20460 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20463 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20464 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20465 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20466 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20467 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20468 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20469 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:20471 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:20472 <-> DISABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:20478 <-> DISABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:20480 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detection (file-identify.rules) * 1:20481 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:20483 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:20486 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:20492 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:20493 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:20494 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20497 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20500 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20501 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20502 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20503 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20507 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:20514 <-> DISABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:20518 <-> ENABLED <-> FILE-IDENTIFY rmf file download request (file-identify.rules) * 1:20521 <-> DISABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:20522 <-> DISABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:20528 <-> DISABLED <-> SERVER-APACHE Apache mod_proxy reverse proxy information disclosure attempt (server-apache.rules) * 1:20530 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector directory traversal attempt (server-webapp.rules) * 1:20531 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector directory traversal attempt (server-webapp.rules) * 1:20532 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (server-webapp.rules) * 1:20544 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player FLV file download request (file-identify.rules) * 1:20554 <-> DISABLED <-> PUA-OTHER Microsoft MSN Messenger and Windows Live Messenger Code Execution attempt (pua-other.rules) * 1:20577 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malicious TIFF remote code execution attempt (file-pdf.rules) * 1:20579 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari Ruby before and after memory corruption (browser-chrome.rules) * 1:20591 <-> DISABLED <-> BROWSER-PLUGINS Flexera InstallShield ISGrid2.dll DoFindReplace heap buffer overlow ActiveX clsid access (browser-plugins.rules) * 1:20592 <-> DISABLED <-> BROWSER-PLUGINS Flexera InstallShield ISGrid2.dll DoFindReplace heap buffer overlow ActiveX function call access (browser-plugins.rules) * 1:20593 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit libxslt arbitrary file creation attempt (browser-webkit.rules) * 1:20600 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:20607 <-> ENABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20621 <-> ENABLED <-> FILE-IDENTIFY JAR file download request (file-identify.rules) * 1:20622 <-> ENABLED <-> FILE-JAVA Oracle Java Applet remote code execution attempt (file-java.rules) * 1:20628 <-> ENABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:20634 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer onscroll DOS attempt (browser-ie.rules) * 1:20635 <-> ENABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:20636 <-> ENABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:20637 <-> ENABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules) * 1:20659 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20700 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (file-office.rules) * 1:20701 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (file-office.rules) * 1:20702 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt (file-office.rules) * 1:20703 <-> DISABLED <-> FILE-OFFICE Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt (file-office.rules) * 1:20704 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer defaulttime behavior attack attempt (browser-plugins.rules) * 1:20708 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:20709 <-> ENABLED <-> BROWSER-PLUGINS HP Photo Creative ActiveX clsid access (browser-plugins.rules) * 1:20720 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:20722 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules) * 1:20723 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file download request (file-identify.rules) * 1:20724 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt (file-office.rules) * 1:20733 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file download request (file-identify.rules) * 1:20734 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player digital video recording buffer overflow attempt (file-multimedia.rules) * 1:20749 <-> DISABLED <-> SERVER-OTHER EMC Retrospect client crafted packet buffer overflow attempt (server-other.rules) * 1:20764 <-> DISABLED <-> SERVER-WEBAPP SyBase MBusiness xml closing tag overflow attempt (server-webapp.rules) * 1:20766 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20767 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20778 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20779 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20780 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20781 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20782 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - economy.rar (file-flash.rules) * 1:20783 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - dear chu.rar (file-flash.rules) * 1:20784 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt - namelist.xls (file-flash.rules) * 1:20785 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20786 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20787 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20788 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20789 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20790 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer layout-grid-char value exploit attempt (browser-ie.rules) * 1:20792 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20793 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file attachment detected (file-identify.rules) * 1:20795 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20796 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word file attachment detected (file-identify.rules) * 1:20798 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20799 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20800 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20801 <-> ENABLED <-> FILE-IDENTIFY MIME file type file attachment detected (file-identify.rules) * 1:20803 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript callMethod type confusion attempt (file-flash.rules) * 1:20804 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20805 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20806 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20807 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20808 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20809 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20810 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20811 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt (browser-ie.rules) * 1:20822 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer contenteditable corruption attempt malicious string (browser-ie.rules) * 1:20824 <-> DISABLED <-> OS-WINDOWS generic web server hashing collision attack (os-windows.rules) * 1:20828 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS aspx login ReturnURL arbitrary redirect attempt (server-iis.rules) * 1:20829 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:20834 <-> DISABLED <-> BROWSER-PLUGINS Novell ZENworks LaunchHelp.dll LaunchProcess Code Execution ActiveX clsid access (browser-plugins.rules) * 1:20835 <-> DISABLED <-> BROWSER-PLUGINS Novell ZENworks LaunchHelp.dll LaunchProcess Code Execution ActiveX function call access (browser-plugins.rules) * 1:20839 <-> ENABLED <-> FILE-IDENTIFY eSignal .quo file download request (file-identify.rules) * 1:20840 <-> ENABLED <-> FILE-IDENTIFY eSignal .por file download request (file-identify.rules) * 1:20841 <-> ENABLED <-> FILE-IDENTIFY eSignal .sum file download request (file-identify.rules) * 1:20842 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20843 <-> ENABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20854 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20855 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Visio file attachment detected (file-identify.rules) * 1:20856 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20857 <-> ENABLED <-> FILE-IDENTIFY TwinVQ file attachment detected (file-identify.rules) * 1:20874 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup initialization packet (server-other.rules) * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules) * 1:20884 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules) * 1:20897 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:20898 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20899 <-> ENABLED <-> FILE-IDENTIFY MIDI file attachment detected (file-identify.rules) * 1:20900 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:20903 <-> ENABLED <-> FILE-OTHER Microsoft Windows OpenType font parsing stack overflow attempt (file-other.rules) * 1:20905 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20906 <-> ENABLED <-> FILE-IDENTIFY X PixMap file attachment detected (file-identify.rules) * 1:20907 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20908 <-> ENABLED <-> FILE-IDENTIFY DXF file attachment detected (file-identify.rules) * 1:20909 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20910 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file attachment detected (file-identify.rules) * 1:20913 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20914 <-> ENABLED <-> FILE-IDENTIFY XML Shareable Playlist Format file attachment detected (file-identify.rules) * 1:20924 <-> DISABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:20925 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20926 <-> ENABLED <-> FILE-IDENTIFY Adobe Pagemaker file attachment detected (file-identify.rules) * 1:20928 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:20929 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20930 <-> ENABLED <-> FILE-IDENTIFY MKV file attachment detected (file-identify.rules) * 1:20931 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20932 <-> ENABLED <-> FILE-IDENTIFY MKS file attachment detected (file-identify.rules) * 1:20933 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20934 <-> ENABLED <-> FILE-IDENTIFY MKA file attachment detected (file-identify.rules) * 1:20935 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20936 <-> ENABLED <-> FILE-IDENTIFY QCP file attachment detected (file-identify.rules) * 1:20937 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20938 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20939 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20940 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file download request (file-identify.rules) * 1:20941 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20942 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20943 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20944 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20945 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20946 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20947 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20948 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file attachment detected (file-identify.rules) * 1:20950 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20951 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20952 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20953 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20954 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20955 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20956 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20957 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20958 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20959 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:20960 <-> DISABLED <-> FILE-IDENTIFY Flac file download request (file-identify.rules) * 1:20961 <-> ENABLED <-> FILE-IDENTIFY TTE file download request (file-identify.rules) * 1:20962 <-> ENABLED <-> FILE-IDENTIFY OTF file download request (file-identify.rules) * 1:20963 <-> ENABLED <-> FILE-IDENTIFY DIB file download request (file-identify.rules) * 1:20964 <-> DISABLED <-> FILE-IDENTIFY SAMI file download request (file-identify.rules) * 1:20965 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20966 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20967 <-> ENABLED <-> FILE-IDENTIFY JPEG file download request (file-identify.rules) * 1:20968 <-> DISABLED <-> FILE-IDENTIFY Apple disk image file download request (file-identify.rules) * 1:20969 <-> ENABLED <-> FILE-IDENTIFY M4A file download request (file-identify.rules) * 1:20970 <-> ENABLED <-> FILE-IDENTIFY M4P file download request (file-identify.rules) * 1:20971 <-> ENABLED <-> FILE-IDENTIFY M4R file download request (file-identify.rules) * 1:20972 <-> DISABLED <-> FILE-IDENTIFY M4V file magic request (file-identify.rules) * 1:20973 <-> ENABLED <-> FILE-IDENTIFY M4B file download request (file-identify.rules) * 1:20974 <-> ENABLED <-> FILE-IDENTIFY 3GP file download request (file-identify.rules) * 1:20975 <-> ENABLED <-> FILE-IDENTIFY 3G2 file download request (file-identify.rules) * 1:20976 <-> ENABLED <-> FILE-IDENTIFY K3G file download request (file-identify.rules) * 1:20977 <-> ENABLED <-> FILE-IDENTIFY SKM file download request (file-identify.rules) * 1:20978 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20979 <-> ENABLED <-> FILE-IDENTIFY TTE file attachment detected (file-identify.rules) * 1:20980 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20981 <-> ENABLED <-> FILE-IDENTIFY OTF file attachment detected (file-identify.rules) * 1:20982 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20983 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office PowerPoint file attachment detected (file-identify.rules) * 1:20986 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20987 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Word docx file attachment detected (file-identify.rules) * 1:20991 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:20992 <-> DISABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:20993 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow (server-other.rules) * 1:20994 <-> ENABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow (server-other.rules) * 1:20999 <-> ENABLED <-> BROWSER-WEBKIT Microsoft Windows 7 x64 Apple Safari abnormally long iframe exploit attempt (browser-webkit.rules) * 1:21002 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word border use-after-free attempt (file-office.rules) * 1:21035 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21036 <-> ENABLED <-> FILE-IDENTIFY PDF file attachment detected (file-identify.rules) * 1:21037 <-> DISABLED <-> INDICATOR-OBFUSCATION randomized javascript encodings detected (indicator-obfuscation.rules) * 1:21038 <-> DISABLED <-> INDICATOR-OBFUSCATION String.fromCharCode with multiple encoding types detected (indicator-obfuscation.rules) * 1:21039 <-> DISABLED <-> INDICATOR-OBFUSCATION potential javascript unescape obfuscation attempt detected (indicator-obfuscation.rules) * 1:21050 <-> ENABLED <-> SERVER-OTHER HP Diagnostics Server magentservice.exe stack overflow attempt (server-other.rules) * 1:21059 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:21060 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Administrator console site injection attempt (server-webapp.rules) * 1:21061 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21062 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21063 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:21064 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call access (browser-plugins.rules) * 1:21072 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - GET parameter (server-apache.rules) * 1:21073 <-> ENABLED <-> SERVER-APACHE Apache Struts allowStaticMethodAccess invocation attempt (server-apache.rules) * 1:21074 <-> ENABLED <-> SERVER-APACHE Apache Struts remote code execution attempt - CookieInterceptor (server-apache.rules) * 1:21076 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:21077 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call (browser-plugins.rules) * 1:21086 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer object clone deletion memory corruption (browser-ie.rules) * 1:21101 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk channel driver denial of service attempt (protocol-voip.rules) * 1:21109 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file download request (file-identify.rules) * 1:21110 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21111 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file attachment detected (file-identify.rules) * 1:21112 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer mpeg width integer memory underflow attempt (file-multimedia.rules) * 1:21113 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:21116 <-> ENABLED <-> FILE-OTHER Cisco Webex selector and size2 subrecords corruption attempt (file-other.rules) * 1:21152 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21153 <-> ENABLED <-> FILE-IDENTIFY S3M file attachment detected (file-identify.rules) * 1:21159 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:21167 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:21170 <-> ENABLED <-> FILE-OFFICE Microsoft Office OLESS stream object name corruption attempt (file-office.rules) * 1:21174 <-> DISABLED <-> FILE-IDENTIFY RealNetworks RealPlayer realtext file download request (file-identify.rules) * 1:2118 <-> DISABLED <-> PROTOCOL-IMAP list overflow attempt (protocol-imap.rules) * 1:21190 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products MozOrientation loading attempt (browser-firefox.rules) * 1:21191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products MozOrientation loading attempt (browser-firefox.rules) * 1:21214 <-> DISABLED <-> SERVER-APACHE Apache server mod_proxy reverse proxy bypass attempt (server-apache.rules) * 1:2123 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft cmd.exe banner (indicator-compromise.rules) * 1:21243 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher 2003 EscherStm memory corruption attempt (file-office.rules) * 1:21253 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed shading modifier heap corruption attempt (file-pdf.rules) * 1:21258 <-> DISABLED <-> INDICATOR-SHELLCODE Feng-Shui heap grooming using Oleaut32 (indicator-shellcode.rules) * 1:21260 <-> DISABLED <-> SERVER-APACHE Apache Byte-Range Filter denial of service attempt (server-apache.rules) * 1:21282 <-> ENABLED <-> FILE-IDENTIFY XSL file download request (file-identify.rules) * 1:21283 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21284 <-> ENABLED <-> FILE-IDENTIFY XSL file attachment detected (file-identify.rules) * 1:21285 <-> ENABLED <-> FILE-IDENTIFY XSLT file download request (file-identify.rules) * 1:21286 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21287 <-> ENABLED <-> FILE-IDENTIFY XSLT file attachment detected (file-identify.rules) * 1:21288 <-> ENABLED <-> FILE-IDENTIFY XML download detected (file-identify.rules) * 1:21292 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:21299 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight privilege escalation attempt (browser-plugins.rules) * 1:21300 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 null character in string information disclosure attempt (browser-ie.rules) * 1:21301 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules) * 1:21302 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_OLEChunk code execution attempt (file-office.rules) * 1:21305 <-> ENABLED <-> FILE-EXECUTABLE Microsoft .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (file-executable.rules) * 1:21307 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSheet code execution attempt (file-office.rules) * 1:21308 <-> ENABLED <-> FILE-OTHER Microsoft Windows C Run-Time Library remote code execution attempt (file-other.rules) * 1:21316 <-> ENABLED <-> FILE-OTHER Adobe shockwave director tSAC string termination memory corruption attempt (file-other.rules) * 1:21336 <-> ENABLED <-> FILE-FLASH Adobe Flash ASConstructor insecure calling attempt (file-flash.rules) * 1:21338 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 zero length atom attempt (file-flash.rules) * 1:21339 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom auth field attempt (file-multimedia.rules) * 1:21340 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom titl field attempt (file-multimedia.rules) * 1:21341 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom 'dscp' field attempt (file-multimedia.rules) * 1:21342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 zero length atom cprt field attempt (file-multimedia.rules) * 1:21371 <-> ENABLED <-> FILE-OTHER Adobe Shockwave Director KEY chunk buffer overflow attempt (file-other.rules) * 1:21378 <-> DISABLED <-> SERVER-OTHER Novell iPrint attributes-natural-language buffer overflow attempt (server-other.rules) * 1:21392 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer writing-mode property memory corruption attempt (browser-ie.rules) * 1:21405 <-> DISABLED <-> OS-WINDOWS Microsoft Anti-Cross Site Scripting library bypass attempt (os-windows.rules) * 1:21410 <-> ENABLED <-> FILE-IDENTIFY paq8o file download request (file-identify.rules) * 1:21411 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21412 <-> ENABLED <-> FILE-IDENTIFY paq8o file attachment detected (file-identify.rules) * 1:21415 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel MergeCells record parsing code execution attempt (file-office.rules) * 1:21422 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules) * 1:21423 <-> ENABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules) * 1:21447 <-> DISABLED <-> BROWSER-CHROME Google Chrome FileSystemObject function call (browser-chrome.rules) * 1:21457 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:21458 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption (file-flash.rules) * 1:21478 <-> ENABLED <-> FILE-IDENTIFY CHM file attachment detected (file-identify.rules) * 1:21479 <-> ENABLED <-> FILE-IDENTIFY CHM file attachment detected (file-identify.rules) * 1:21480 <-> DISABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21481 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start arbitrary command execution attempt (file-java.rules) * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules) * 1:21498 <-> DISABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:21499 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21500 <-> ENABLED <-> FILE-IDENTIFY XML file attachment detected (file-identify.rules) * 1:21504 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21505 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21506 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21507 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21508 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Object Packager ClickOnce object remote code execution attempt (os-windows.rules) * 1:21516 <-> DISABLED <-> SERVER-WEBAPP JBoss JMX console access attempt (server-webapp.rules) * 1:21522 <-> DISABLED <-> SERVER-APACHE Apache Struts parameters interceptor remote code execution attempt (server-apache.rules) * 1:21568 <-> DISABLED <-> OS-WINDOWS Microsoft Windows RDP RST denial of service attempt (os-windows.rules) * 1:21570 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RemoteDesktop new session flood attempt (os-windows.rules) * 1:21611 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21612 <-> ENABLED <-> FILE-IDENTIFY RAT file attachment detected (file-identify.rules) * 1:21613 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21614 <-> ENABLED <-> FILE-IDENTIFY PNG file attachment detected (file-identify.rules) * 1:21615 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21616 <-> ENABLED <-> FILE-IDENTIFY WMF file attachment detected (file-identify.rules) * 1:21617 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21618 <-> ENABLED <-> FILE-IDENTIFY RT file attachment detected (file-identify.rules) * 1:21620 <-> DISABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:21621 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:21623 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21624 <-> ENABLED <-> FILE-IDENTIFY QUO file attachment detected (file-identify.rules) * 1:21625 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21626 <-> ENABLED <-> FILE-IDENTIFY POR file attachment detected (file-identify.rules) * 1:21627 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21628 <-> ENABLED <-> FILE-IDENTIFY SUM file attachment detected (file-identify.rules) * 1:21648 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21649 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21650 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file download request (file-identify.rules) * 1:21651 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21652 <-> ENABLED <-> FILE-IDENTIFY QuickDraw/PICT file attachment detected (file-identify.rules) * 1:21663 <-> DISABLED <-> SERVER-OTHER CA BrightStor Agent for Microsoft SQL overflow attempt (server-other.rules) * 1:21664 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules) * 1:21665 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules) * 1:21666 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules) * 1:21667 <-> ENABLED <-> FILE-JAVA Oracle Java JRE sandbox Atomic breach attempt (file-java.rules) * 1:21687 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21688 <-> ENABLED <-> FILE-IDENTIFY PLS file attachment detected (file-identify.rules) * 1:21691 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21692 <-> ENABLED <-> FILE-IDENTIFY SMIL file attachment detected (file-identify.rules) * 1:21693 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21694 <-> ENABLED <-> FILE-IDENTIFY FLAC file attachment detected (file-identify.rules) * 1:21695 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21696 <-> ENABLED <-> FILE-IDENTIFY SMI file attachment detected (file-identify.rules) * 1:21697 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21698 <-> ENABLED <-> FILE-IDENTIFY SAMI file attachment detected (file-identify.rules) * 1:21699 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21700 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file attachment detected (file-identify.rules) * 1:21701 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21702 <-> ENABLED <-> FILE-IDENTIFY FlashPix file attachment detected (file-identify.rules) * 1:21703 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21704 <-> ENABLED <-> FILE-IDENTIFY 4XM file attachment detected (file-identify.rules) * 1:21705 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21706 <-> ENABLED <-> FILE-IDENTIFY BitTorrent torrent file attachment detected (file-identify.rules) * 1:21709 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21710 <-> ENABLED <-> FILE-IDENTIFY AIFF file attachment detected (file-identify.rules) * 1:21711 <-> DISABLED <-> FILE-IDENTIFY PFA file download request (file-identify.rules) * 1:21712 <-> DISABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:21713 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21714 <-> ENABLED <-> FILE-IDENTIFY PFA file attachment detected (file-identify.rules) * 1:21715 <-> DISABLED <-> FILE-IDENTIFY PFB file download request (file-identify.rules) * 1:21716 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21717 <-> ENABLED <-> FILE-IDENTIFY PFB file attachment detected (file-identify.rules) * 1:21718 <-> DISABLED <-> FILE-IDENTIFY PFM file download request (file-identify.rules) * 1:21719 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21720 <-> ENABLED <-> FILE-IDENTIFY PFM file attachment detected (file-identify.rules) * 1:21721 <-> DISABLED <-> FILE-IDENTIFY AFM file download request (file-identify.rules) * 1:21722 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21723 <-> ENABLED <-> FILE-IDENTIFY AFM file attachment detected (file-identify.rules) * 1:21724 <-> DISABLED <-> FILE-IDENTIFY ANI file download request (file-identify.rules) * 1:21725 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21726 <-> ENABLED <-> FILE-IDENTIFY ANI file attachment detected (file-identify.rules) * 1:21727 <-> DISABLED <-> FILE-IDENTIFY ANI file magic detection (file-identify.rules) * 1:21728 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21729 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21730 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21731 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21732 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21733 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21734 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21735 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21736 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21737 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21738 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21739 <-> ENABLED <-> FILE-IDENTIFY JPG file attachment detected (file-identify.rules) * 1:21740 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21741 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media asx file attachment detected (file-identify.rules) * 1:21742 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21743 <-> ENABLED <-> FILE-IDENTIFY Embedded Open Type Font file attachment detected (file-identify.rules) * 1:21744 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21745 <-> ENABLED <-> FILE-IDENTIFY AVI file attachment detected (file-identify.rules) * 1:21746 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21747 <-> ENABLED <-> FILE-IDENTIFY RTF file attachment detected (file-identify.rules) * 1:21748 <-> DISABLED <-> FILE-IDENTIFY HPJ file download request (file-identify.rules) * 1:21749 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21750 <-> ENABLED <-> FILE-IDENTIFY HPJ file attachment detected (file-identify.rules) * 1:21751 <-> DISABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:21752 <-> ENABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules) * 1:21753 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Management Interface HTTP digest authentication stack buffer overflow attempt (protocol-voip.rules) * 1:21776 <-> DISABLED <-> SERVER-MAIL Microsoft Windows Exchange MODPROPS denial of service attempt (server-mail.rules) * 1:21792 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows .NET invalid parsing of graphics data attempt (file-executable.rules) * 1:21793 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer vector graphics reference counting use-after-free attempt (browser-ie.rules) * 1:21795 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:21796 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:21797 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21798 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21799 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21800 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21801 <-> ENABLED <-> FILE-OFFICE MSCOMCTL ActiveX control deserialization arbitrary code execution attempt (file-office.rules) * 1:21807 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file download request (file-identify.rules) * 1:21808 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21809 <-> ENABLED <-> FILE-IDENTIFY Adobe Download Manager aom file attachment detected (file-identify.rules) * 1:21810 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:21811 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file download request (file-identify.rules) * 1:21812 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21813 <-> ENABLED <-> FILE-IDENTIFY Apple Quicktime FLIC animation file file attachment detected (file-identify.rules) * 1:21814 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:21815 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:21816 <-> ENABLED <-> FILE-IDENTIFY LZH file attachment detected (file-identify.rules) * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules) * 1:21854 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21855 <-> ENABLED <-> FILE-IDENTIFY LNK file attachment detected (file-identify.rules) * 1:21856 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21857 <-> ENABLED <-> FILE-IDENTIFY ZIP file attachment detected (file-identify.rules) * 1:21861 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21862 <-> ENABLED <-> FILE-IDENTIFY WRF file attachment detected (file-identify.rules) * 1:21865 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21866 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21867 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21868 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Fax Cover page document file attachment detected (file-identify.rules) * 1:21869 <-> ENABLED <-> FILE-OTHER Java JRE sandbox breach attempt (file-other.rules) * 1:21870 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21871 <-> ENABLED <-> FILE-IDENTIFY CNT file attachment detected (file-identify.rules) * 1:21872 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21873 <-> ENABLED <-> FILE-IDENTIFY GIF file attachment detected (file-identify.rules) * 1:21878 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:21879 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file attachment detected (file-identify.rules) * 1:21880 <-> ENABLED <-> FILE-IDENTIFY Microsoft search file attachment detected (file-identify.rules) * 1:21884 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules) * 1:21885 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file attachment detected (file-identify.rules) * 1:21886 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21887 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file attachment detected (file-identify.rules) * 1:21888 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21889 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Movie Maker file attachment detected (file-identify.rules) * 1:21890 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21891 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21892 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21893 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file attachment detected (file-identify.rules) * 1:21894 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21895 <-> ENABLED <-> FILE-IDENTIFY SVG file attachment detected (file-identify.rules) * 1:21896 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21897 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21898 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21899 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21900 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21901 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21902 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21904 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21905 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21906 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21908 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules) * 1:21909 <-> ENABLED <-> FILE-IDENTIFY Portable Executable file attachment detected (file-identify.rules) * 1:21913 <-> DISABLED <-> SERVER-OTHER EMC data protection advisor DOS attempt (server-other.rules) * 1:21914 <-> ENABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:21915 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21918 <-> ENABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express Buffer Overflow ActiveX clsid access attempt (browser-plugins.rules) * 1:21919 <-> ENABLED <-> BROWSER-PLUGINS IBM Tivoli Provisioning Manager Express Buffer Overflow ActiveX function call access attempt (browser-plugins.rules) * 1:21922 <-> DISABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (file-other.rules) * 1:21927 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style handling overflow attempt (file-office.rules) * 1:21935 <-> DISABLED <-> FILE-OFFICE Microsoft Works 9 and Word 12 converter heap overflow attempt (file-office.rules) * 1:21937 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21944 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Endpoint Manager Web Reports xss attempt (server-other.rules) * 1:21948 <-> DISABLED <-> FILE-IMAGE Adobe Photoshop CS4 TIFF parsing heap overflow attempt (file-image.rules) * 1:21999 <-> ENABLED <-> FILE-IDENTIFY OpenType Font file magic detection (file-identify.rules) * 1:22009 <-> ENABLED <-> SERVER-SAMBA Samba malicious user defined array size and buffer attempt (server-samba.rules) * 1:22038 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer SelectAll dangling pointer use after free attempt (browser-ie.rules) * 1:22042 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows .NET invalid parsing of graphics data attempt (file-executable.rules) * 1:22052 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel style record overflow attempt (file-office.rules) * 1:22066 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word ScriptBridge OCX controller attempt (file-office.rules) * 1:22069 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22070 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22075 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio IndexDirectorySize greater than ChildrenSize memory access attempt (file-office.rules) * 1:22076 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:22077 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel ObjectLink invalid wLinkVar2 value attempt (file-office.rules) * 1:22078 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:22091 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:22092 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record sdtY memory corruption attempt (file-office.rules) * 1:22093 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxTrend sdtX memory corruption attempt (file-office.rules) * 1:22094 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SERIES record SerAuxErrBar sdtX memory corruption attempt (file-office.rules) * 1:22104 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22105 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22106 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22107 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22108 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:22109 <-> DISABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules) * 1:2278 <-> DISABLED <-> SERVER-WEBAPP client negative Content-Length attempt (server-webapp.rules) * 1:22915 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22916 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:22938 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded TTF integer overflow attempt (file-pdf.rules) * 1:22942 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:22943 <-> DISABLED <-> FILE-IDENTIFY NAB file download request (file-identify.rules) * 1:22944 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22945 <-> ENABLED <-> FILE-IDENTIFY NAB file attachment detected (file-identify.rules) * 1:22946 <-> DISABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:22947 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (file-other.rules) * 1:22950 <-> DISABLED <-> SERVER-WEBAPP EXIF header parsing integer overflow attempt big endian (server-webapp.rules) * 1:22952 <-> ENABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:22954 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed SELECTION Record Code Execution attempt (file-office.rules) * 1:22961 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22962 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RAM file attachment detected (file-identify.rules) * 1:22965 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22966 <-> ENABLED <-> FILE-IDENTIFY RealNetworks RealPlayer RT file attachment detected (file-identify.rules) * 1:22971 <-> ENABLED <-> FILE-IDENTIFY MPEG Layer 3 playlist file attachment detected (file-identify.rules) * 1:22972 <-> ENABLED <-> FILE-IDENTIFY m3u playlist file file attachment detected (file-identify.rules) * 1:22979 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22980 <-> ENABLED <-> FILE-IDENTIFY M4V file attachment detected (file-identify.rules) * 1:22993 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22994 <-> ENABLED <-> FILE-IDENTIFY MP4 file attachment detected (file-identify.rules) * 1:22995 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22996 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime Movie file attachment detected (file-identify.rules) * 1:22999 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:23000 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23001 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows Media Player DVR file attachment detected (file-identify.rules) * 1:23009 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel SXLI record integer overrun attempt (file-office.rules) * 1:23011 <-> DISABLED <-> FILE-IDENTIFY Collada file download request (file-identify.rules) * 1:23012 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23013 <-> ENABLED <-> FILE-IDENTIFY Collada file attachment detected (file-identify.rules) * 1:23014 <-> DISABLED <-> FILE-OTHER Adobe Photoshop asset elements stack based buffer overflow attempt (file-other.rules) * 1:23015 <-> DISABLED <-> BROWSER-CHROME Google Chrome and Apple Safari runin handling use after free attempt (browser-chrome.rules) * 1:23041 <-> DISABLED <-> FILE-PDF EmbeddedFile contained within a PDF (file-pdf.rules) * 1:23046 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Enterprise server cross site scripting attempt (server-webapp.rules) * 1:23047 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish Enterprise server cross site scripting attempt (server-webapp.rules) * 1:23056 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceR3Info buffer overflow attempt (server-other.rules) * 1:23059 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio TAG_xxxSect code execution attempt (file-office.rules) * 1:23060 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer style.position use-after-free memory corruption attempt (browser-ie.rules) * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:23097 <-> DISABLED <-> SERVER-OTHER IBM solidDB SELECT statement denial of service attempt (server-other.rules) * 1:23098 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 sequence parameter set parsing overflow attempt (file-multimedia.rules) * 1:23099 <-> ENABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher DiagTraceHex denial of service attempt (server-other.rules) * 1:23100 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:23101 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:23111 <-> ENABLED <-> POLICY-OTHER PHP uri tag injection attempt (policy-other.rules) * 1:23112 <-> DISABLED <-> SERVER-OTHER SAP NetWeaver Dispatcher denial of service attempt (server-other.rules) * 1:23116 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules) * 1:23117 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 9 DOM element use after free attempt (browser-ie.rules) * 1:23118 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer console object use after free attempt (browser-ie.rules) * 1:23121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer center element dynamic manipulation attempt (browser-ie.rules) * 1:23123 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer getBoundingClientRect incorrect rebalancing attempt (browser-ie.rules) * 1:23124 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer html table column span width increase memory corruption attempt (browser-ie.rules) * 1:23125 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM manipulation memory corruption attempt (browser-ie.rules) * 1:23136 <-> DISABLED <-> BROWSER-IE Microsoft multiple product toStaticHTML XSS attempt (browser-ie.rules) * 1:23137 <-> DISABLED <-> BROWSER-IE Microsoft multiple product toStaticHTML XSS attempt (browser-ie.rules) * 1:23151 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel zero-width worksheet code execution attempt (file-office.rules) * 1:23152 <-> DISABLED <-> FILE-OTHER OpenType Font file integer overflow attempt (file-other.rules) * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules) * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules) * 1:23170 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime MPEG stream padding buffer overflow attempt (file-multimedia.rules) * 1:23175 <-> ENABLED <-> BROWSER-PLUGINS IBM Lotus Quickr ActiveX stack buffer overflow attempt (browser-plugins.rules) * 1:23177 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway timer.php cross site scripting attempt (server-webapp.rules) * 1:23186 <-> DISABLED <-> BROWSER-PLUGINS Dell CrazyTalk.DLL ActiveX clsid access (browser-plugins.rules) * 1:23188 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23189 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23190 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23191 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23192 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23193 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23194 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23195 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23196 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23197 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23198 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23199 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23200 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23201 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23202 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23203 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23204 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23205 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file download request (file-identify.rules) * 1:23206 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23207 <-> ENABLED <-> FILE-IDENTIFY Windows Media Metafile file attachment detected (file-identify.rules) * 1:23208 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager Interface initial banner (protocol-voip.rules) * 1:23209 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager command shell execution attempt (protocol-voip.rules) * 1:23210 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk Manager command shell execution attempt (protocol-voip.rules) * 1:23212 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:23213 <-> DISABLED <-> SQL Ruby on rails SQL injection attempt (sql.rules) * 1:23227 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel rtMergeCells heap overflow attempt (file-office.rules) * 1:23229 <-> DISABLED <-> BROWSER-PLUGINS Oracle Webcenter ActiveX function call access (browser-plugins.rules) * 1:23237 <-> DISABLED <-> OS-WINDOWS SMB2 client NetBufferList NULL entry remote code execution attempt (os-windows.rules) * 1:23238 <-> DISABLED <-> NETBIOS Wireshark console.lua file load exploit attempt (netbios.rules) * 1:23241 <-> ENABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules) * 1:23243 <-> DISABLED <-> FILE-JAVA Oracle Java Zip file directory record overflow attempt (file-java.rules) * 1:23253 <-> DISABLED <-> BROWSER-PLUGINS HP Easy Printer Care XMLSimpleAccessor ActiveX function call access attempt (browser-plugins.rules) * 1:23256 <-> DISABLED <-> FILE-EXECUTABLE Armadillo v1.71 packer file magic detected (file-executable.rules) * 1:23258 <-> DISABLED <-> SERVER-WEBAPP LANDesk Thinkmanagement Suite ServerSetup directory traversal attempt (server-webapp.rules) * 1:23263 <-> DISABLED <-> FILE-PDF Adobe flash player newfunction memory corruption attempt (file-pdf.rules) * 1:23264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:23265 <-> DISABLED <-> FILE-FLASH Adobe Flash Player newfunction memory corruption attempt (file-flash.rules) * 1:23269 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules) * 1:23271 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules) * 1:23273 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23274 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23275 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23276 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23277 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:23278 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer nested list memory corruption attempt (browser-ie.rules) * 1:23280 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer corrupted HROW instance write access violation attempt (browser-ie.rules) * 1:23284 <-> DISABLED <-> BROWSER-PLUGINS Oracle WebCenter Forms Recognition ActiveX function call attempt (browser-plugins.rules) * 1:23285 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer iframe onreadystatechange handler use after free attempt (browser-ie.rules) * 1:23286 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt (browser-plugins.rules) * 1:23305 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:23314 <-> DISABLED <-> OS-WINDOWS SMB invalid character argument injection attempt (os-windows.rules) * 1:23346 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules) * 1:23347 <-> DISABLED <-> FILE-IDENTIFY Lotus file download request (file-identify.rules) * 1:23348 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23349 <-> ENABLED <-> FILE-IDENTIFY Lotus file attachment detected (file-identify.rules) * 1:23352 <-> ENABLED <-> BROWSER-PLUGINS Cisco Linksys PlayerPT ActiveX clsid access attempt (browser-plugins.rules) * 1:23354 <-> DISABLED <-> SERVER-WEBAPP Novell iManager buffer overflow attempt (server-webapp.rules) * 1:23355 <-> ENABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules) * 1:23368 <-> DISABLED <-> PROTOCOL-DNS Tftpd32 DNS server denial of service attempt (protocol-dns.rules) * 1:23370 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules) * 1:2338 <-> DISABLED <-> PROTOCOL-FTP LIST buffer overflow attempt (protocol-ftp.rules) * 1:23384 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger parameter memory corruption attempt (server-webapp.rules) * 1:23385 <-> DISABLED <-> SERVER-WEBAPP Novell Groupwise Messenger parameter memory corruption attempt (server-webapp.rules) * 1:23392 <-> DISABLED <-> SERVER-OTHER IBM SolidDB redundant where clause DoS attempt (server-other.rules) * 1:23393 <-> DISABLED <-> SQL IBM SolidDB initial banner (sql.rules) * 1:23395 <-> ENABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:23398 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services stack buffer overflow attempt (server-other.rules) * 1:23400 <-> ENABLED <-> FILE-OTHER Apple Quicktime JPEG2000 length integer underflow attempt (file-other.rules) * 1:23401 <-> DISABLED <-> SERVER-WEBAPP Oracle GlassFish server REST interface cross site request forgery attempt (server-webapp.rules) * 1:23414 <-> DISABLED <-> BROWSER-PLUGINS Veritas Storage Exec ActiveX clsid access attempt (browser-plugins.rules) * 1:23444 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet License Server buffer overflow attempt (server-other.rules) * 1:23461 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML Transform attribute overflow attempt (file-other.rules) * 1:23462 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23463 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML sampleData attribute overflow attempt (file-other.rules) * 1:23464 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules) * 1:23465 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:23504 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader getAnnots exploit attempt (file-pdf.rules) * 1:23577 <-> ENABLED <-> FILE-OTHER VLC mms hostname buffer overflow attempt (file-other.rules) * 1:23580 <-> DISABLED <-> FILE-OTHER Novell Groupwise Addressbook buffer overflow attempt (file-other.rules) * 1:23605 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23609 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer getBoundingClientRect incorrect rebalancing attempt (browser-ie.rules) * 1:23614 <-> ENABLED <-> FILE-JAVA Oracle JavaScript heap exploitation library usage attempt (file-java.rules) * 1:23626 <-> DISABLED <-> SERVER-IIS cmd.exe access (server-iis.rules) * 1:23632 <-> ENABLED <-> SERVER-OTHER HP Data Protector Express stack buffer overflow attempt (server-other.rules) * 1:23637 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23638 <-> ENABLED <-> FILE-IDENTIFY Java .class file attachment detected (file-identify.rules) * 1:23639 <-> ENABLED <-> FILE-IDENTIFY MPEG video stream file magic detected (file-identify.rules) * 1:23640 <-> ENABLED <-> FILE-IDENTIFY MPEG sys stream file magic detected (file-identify.rules) * 1:23645 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Real Media file magic detected (file-identify.rules) * 1:23647 <-> ENABLED <-> FILE-IDENTIFY GIF file magic detected (file-identify.rules) * 1:23648 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23651 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23652 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23653 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23654 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23655 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23656 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23657 <-> ENABLED <-> FILE-IDENTIFY JAR/ZIP file magic detected (file-identify.rules) * 1:23658 <-> ENABLED <-> FILE-IDENTIFY RIFX file magic detected (file-identify.rules) * 1:23659 <-> DISABLED <-> FILE-IDENTIFY RAR file magic detected (file-identify.rules) * 1:23664 <-> DISABLED <-> FILE-IDENTIFY PNG file magic detected (file-identify.rules) * 1:23666 <-> DISABLED <-> FILE-IDENTIFY MP3 file magic detected (file-identify.rules) * 1:23667 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:23670 <-> ENABLED <-> FILE-IDENTIFY RTF file magic detected (file-identify.rules) * 1:23676 <-> ENABLED <-> FILE-IDENTIFY Universal Binary/Java Bytecode file magic detected (file-identify.rules) * 1:23677 <-> ENABLED <-> FILE-IDENTIFY jarpack file magic detected (file-identify.rules) * 1:23678 <-> ENABLED <-> FILE-IDENTIFY PDF file magic detected (file-identify.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23681 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23682 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23683 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23684 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23685 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23687 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:23691 <-> DISABLED <-> FILE-IDENTIFY dmg file magic detected (file-identify.rules) * 1:23695 <-> DISABLED <-> FILE-IDENTIFY Flac file magic detected (file-identify.rules) * 1:23696 <-> DISABLED <-> FILE-IDENTIFY VideoLAN VLC file magic detected (file-identify.rules) * 1:23697 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel xlw file magic detected (file-identify.rules) * 1:23698 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Media ASF file magic detected (file-identify.rules) * 1:23701 <-> ENABLED <-> FILE-IDENTIFY Microsoft SYmbolic LinK file magic detected (file-identify.rules) * 1:23703 <-> DISABLED <-> FILE-IDENTIFY Microsoft asf file magic detected (file-identify.rules) * 1:23707 <-> DISABLED <-> FILE-IDENTIFY Microsoft Compound File Binary v3 file magic detected (file-identify.rules) * 1:23709 <-> DISABLED <-> FILE-IDENTIFY Tiff little endian file magic detected (file-identify.rules) * 1:23710 <-> ENABLED <-> FILE-IDENTIFY Tiff big endian file magic detected (file-identify.rules) * 1:23711 <-> ENABLED <-> FILE-IDENTIFY OLE Document file magic detected (file-identify.rules) * 1:23712 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Excel file magic detected (file-identify.rules) * 1:23714 <-> ENABLED <-> FILE-IDENTIFY Microsoft Office Publisher file magic detected (file-identify.rules) * 1:23720 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer REC file magic detected (file-identify.rules) * 1:23721 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .r1m file magic detected (file-identify.rules) * 1:23723 <-> ENABLED <-> FILE-IDENTIFY M3U file magic detected (file-identify.rules) * 1:23724 <-> ENABLED <-> FILE-IDENTIFY Adobe Director Movie file magic detected (file-identify.rules) * 1:23725 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:23727 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Video file magic detected (file-identify.rules) * 1:23728 <-> DISABLED <-> FILE-IDENTIFY matroska file magic detected (file-identify.rules) * 1:23729 <-> ENABLED <-> FILE-IDENTIFY PICT file magic detected (file-identify.rules) * 1:23732 <-> DISABLED <-> FILE-IDENTIFY Microsoft Media Player .asf file magic detected (file-identify.rules) * 1:23735 <-> ENABLED <-> FILE-IDENTIFY MIDI file magic detected (file-identify.rules) * 1:23736 <-> DISABLED <-> FILE-IDENTIFY PLS file magic detected (file-identify.rules) * 1:23737 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:23738 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23739 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23740 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23741 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23742 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23743 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23744 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23745 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23746 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23747 <-> ENABLED <-> FILE-IDENTIFY MOV file magic detected (file-identify.rules) * 1:23748 <-> ENABLED <-> FILE-IDENTIFY TTF file magic detected (file-identify.rules) * 1:23749 <-> DISABLED <-> FILE-IDENTIFY SAMI file magic detected (file-identify.rules) * 1:23753 <-> ENABLED <-> FILE-IDENTIFY Visio file magic detected (file-identify.rules) * 1:23754 <-> ENABLED <-> FILE-IDENTIFY AVI Video file magic detected (file-identify.rules) * 1:23755 <-> ENABLED <-> FILE-IDENTIFY Cisco Webex Player .wrf file magic detected (file-identify.rules) * 1:23757 <-> ENABLED <-> FILE-IDENTIFY Microsoft Windows CHM file magic detected (file-identify.rules) * 1:23758 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23759 <-> ENABLED <-> FILE-IDENTIFY XML file magic detected (file-identify.rules) * 1:23760 <-> DISABLED <-> FILE-IDENTIFY WAV file magic detected (file-identify.rules) * 1:23761 <-> ENABLED <-> FILE-IDENTIFY AVI file magic detected (file-identify.rules) * 1:23762 <-> DISABLED <-> FILE-IDENTIFY PFA file magic detected (file-identify.rules) * 1:23763 <-> DISABLED <-> FILE-IDENTIFY HPJ file magic detected (file-identify.rules) * 1:23764 <-> DISABLED <-> FILE-IDENTIFY Adobe Download Manager aom file magic detected (file-identify.rules) * 1:23765 <-> DISABLED <-> FILE-IDENTIFY Apple Quicktime FLIC file magic detected (file-identify.rules) * 1:23774 <-> DISABLED <-> FILE-IDENTIFY NAB file magic detected (file-identify.rules) * 1:23775 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:23777 <-> ENABLED <-> FILE-IDENTIFY Armadillo v1.xx - v2.xx file magic detected (file-identify.rules) * 1:23783 <-> ENABLED <-> SERVER-WEBAPP Symantec Web Gateway pbcontrol.php filename parameter command injection attempt (server-webapp.rules) * 1:23789 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Multiple Products table frames memory corruption attempt (browser-firefox.rules) * 1:23805 <-> ENABLED <-> BROWSER-WEBKIT WebKit button column memory corruption attempt (browser-webkit.rules) * 1:23806 <-> DISABLED <-> FILE-OTHER Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt (file-other.rules) * 1:23807 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23808 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23809 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23810 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23811 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23812 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23813 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23814 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23815 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23816 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23817 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23818 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23819 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file download request (file-identify.rules) * 1:23820 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23821 <-> ENABLED <-> FILE-IDENTIFY JPEG2000 file attachment detected (file-identify.rules) * 1:23822 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23823 <-> DISABLED <-> FILE-IDENTIFY JPEG2000 file magic detected (file-identify.rules) * 1:23834 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer asynchronous code execution attempt (browser-ie.rules) * 1:23835 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer asynchronous code execution attempt (browser-ie.rules) * 1:23836 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer negative margin use after free attempt (browser-ie.rules) * 1:23838 <-> ENABLED <-> OS-WINDOWS SMB NetServerEnum response host format string exploit attempt (os-windows.rules) * 1:23839 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:23842 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23844 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt (file-office.rules) * 1:23853 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23854 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt (file-flash.rules) * 1:23855 <-> DISABLED <-> FILE-FLASH string heapspray flash file - likely attack (file-flash.rules) * 1:23856 <-> DISABLED <-> FILE-FLASH string heapspray flash file - likely attack (file-flash.rules) * 1:23857 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - ASCII (indicator-shellcode.rules) * 1:23858 <-> DISABLED <-> FILE-OTHER heapspray characters detected - binary (file-other.rules) * 1:23859 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - hexadecimal encoding (indicator-shellcode.rules) * 1:23860 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - ASCII (indicator-shellcode.rules) * 1:23861 <-> DISABLED <-> FILE-OTHER heapspray characters detected - binary (file-other.rules) * 1:23862 <-> DISABLED <-> INDICATOR-SHELLCODE heapspray characters detected - hexadecimal encoding (indicator-shellcode.rules) * 1:23878 <-> DISABLED <-> BROWSER-PLUGINS Oracle JRE Deployment Toolkit ActiveX clsid access attempt (browser-plugins.rules) * 1:23879 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:23880 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Texture Declaration buffer overflow attempt (file-pdf.rules) * 1:23889 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:2389 <-> DISABLED <-> PROTOCOL-FTP RNTO overflow attempt (protocol-ftp.rules) * 1:23890 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader getAnnotsRichMedia return type confusion attempt (file-pdf.rules) * 1:23897 <-> DISABLED <-> FILE-PDF Sending of a PDF with embedded JavaScript - JS string attempt (file-pdf.rules) * 1:23904 <-> DISABLED <-> BLACKLIST DNS request for known malware domain publicnews.mooo.com - Backdoor.Briba (blacklist.rules) * 1:2392 <-> DISABLED <-> PROTOCOL-FTP RETR overflow attempt (protocol-ftp.rules) * 1:23934 <-> DISABLED <-> SERVER-WEBAPP Symantec Web Gateway blocked.php blind sql injection attempt (server-webapp.rules) * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23957 <-> ENABLED <-> FILE-OFFICE Microsoft Office Visio DXF file text overflow attempt (file-office.rules) * 1:23958 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:23959 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:23960 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:23961 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:23967 <-> ENABLED <-> FILE-FLASH Adobe Flash OpenType font memory corruption attempt - compressed (file-flash.rules) * 1:23985 <-> ENABLED <-> BROWSER-PLUGINS Apple Quicktime plugin SetLanguage buffer overflow attempt (browser-plugins.rules) * 1:23986 <-> ENABLED <-> BROWSER-PLUGINS Apple Quicktime plugin SetLanguage buffer overflow attempt (browser-plugins.rules) * 1:23989 <-> ENABLED <-> FILE-OFFICE Microsoft Office EMF image EMFPlusPointF record memory corruption attempt (file-office.rules) * 1:23993 <-> DISABLED <-> SERVER-OTHER Dhcpcd packet size buffer overflow attempt (server-other.rules) * 1:23996 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23997 <-> ENABLED <-> FILE-FLASH Adobe Flash ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23999 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24000 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24001 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24002 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24003 <-> ENABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules) * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method access (file-office.rules) * 1:24006 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt (file-office.rules) * 1:24007 <-> ENABLED <-> OS-WINDOWS SMB Microsoft Windows RAP API NetServerEnum2 long server name buffer overflow attempt (os-windows.rules) * 1:24026 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24029 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules) * 1:24039 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX function call access (browser-plugins.rules) * 1:24040 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:24041 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:24042 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:24043 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:24044 <-> ENABLED <-> BROWSER-PLUGINS HP Easy Printer Care Software ActiveX clsid access (browser-plugins.rules) * 1:24063 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24074 <-> DISABLED <-> FILE-IDENTIFY MP3 file download request (file-identify.rules) * 1:24075 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24076 <-> ENABLED <-> FILE-IDENTIFY MP3 file attachment detected (file-identify.rules) * 1:24078 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24079 <-> ENABLED <-> FILE-IDENTIFY RMF file attachment detected (file-identify.rules) * 1:24080 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24081 <-> ENABLED <-> FILE-IDENTIFY Microsoft Works file attachment detected (file-identify.rules) * 1:24091 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver SOAP interface command injection attempt (server-webapp.rules) * 1:24138 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24139 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24140 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed RTMP response attempt (file-flash.rules) * 1:24142 <-> ENABLED <-> FILE-FLASH Adobe Flash Player object confusion attempt (file-flash.rules) * 1:2419 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .ram playlist file download request (file-identify.rules) * 1:24190 <-> DISABLED <-> FILE-IDENTIFY X PixMap file magic detected (file-identify.rules) * 1:24195 <-> DISABLED <-> SERVER-WEBAPP socket_connect buffer overflow attempt (server-webapp.rules) * 1:24196 <-> ENABLED <-> BROWSER-PLUGINS GE Intelligent Platforms Proficy HTML help ActiveX clsid access attempt (browser-plugins.rules) * 1:24199 <-> ENABLED <-> SERVER-MAIL IBM Lotus Notes URI handler command execution attempt (server-mail.rules) * 1:2420 <-> ENABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rmp playlist file download request (file-identify.rules) * 1:24201 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:24202 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:24206 <-> ENABLED <-> FILE-IDENTIFY LZH archive file magic detected (file-identify.rules) * 1:24207 <-> ENABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24208 <-> ENABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow (file-other.rules) * 1:24210 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand use-after-free attempt (browser-ie.rules) * 1:24212 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand use-after-free attempt (browser-ie.rules) * 1:24213 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24218 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:24219 <-> DISABLED <-> FILE-IDENTIFY SMIL file magic detected (file-identify.rules) * 1:2422 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rt playlist file download request (file-identify.rules) * 1:2423 <-> DISABLED <-> FILE-IDENTIFY RealNetworks Realplayer .rp playlist file download request (file-identify.rules) * 1:24239 <-> ENABLED <-> SERVER-WEBAPP Novell GroupWise Internet Agent content-length integer overflow attempt (server-webapp.rules) * 1:24244 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24245 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Matrix3D copyRawDataTo integer overflow attempt (file-flash.rules) * 1:24252 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer execCommand use embedded within javascript tags (browser-ie.rules) * 1:24263 <-> DISABLED <-> FILE-PDF Overly large CreationDate within a pdf - likely malicious (file-pdf.rules) * 1:24267 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:24268 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:24269 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Malformed Range Code Execution attempt (file-office.rules) * 1:24281 <-> ENABLED <-> BROWSER-PLUGINS Cisco Secure Desktop CSDWebInstaller ActiveX clsid access (browser-plugins.rules) * 1:24284 <-> DISABLED <-> FILE-OFFICE Microsoft Office Drawing object code execution attempt (file-office.rules) * 1:24291 <-> ENABLED <-> SERVER-WEBAPP HP SiteScope APISiteScopeImpl information disclosure attempt (server-webapp.rules) * 1:24292 <-> ENABLED <-> SERVER-WEBAPP HP SiteScope APISiteScopeImpl information disclosure attempt (server-webapp.rules) * 1:24293 <-> DISABLED <-> SERVER-OTHER EMC NetWorker SunRPC buffer overflow attempt (server-other.rules) * 1:24303 <-> DISABLED <-> PROTOCOL-ICMP IPv6 multicast neighbor add attempt (protocol-icmp.rules) * 1:24313 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent request attempt (server-webapp.rules) * 1:24315 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24316 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24317 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24318 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24319 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24320 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24321 <-> DISABLED <-> SERVER-OTHER HP StorageWorks File Migration Agent buffer overflow attempt (server-other.rules) * 1:24329 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:24335 <-> DISABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in buffer overflow attempt (browser-plugins.rules) * 1:24336 <-> DISABLED <-> OS-WINDOWS SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules) * 1:24337 <-> DISABLED <-> SERVER-OTHER Novell Remote Manager off-by-one denial of service attempt (server-other.rules) * 1:24338 <-> ENABLED <-> FILE-OTHER Apple Quicktime TeXML Style attribute overflow attempt (file-other.rules) * 1:24339 <-> DISABLED <-> SERVER-WEBAPP XML entity parsing information disclosure attempt (server-webapp.rules) * 1:2435 <-> ENABLED <-> FILE-IDENTIFY Microsoft emf file download request (file-identify.rules) * 1:24351 <-> ENABLED <-> FILE-OFFICE Microsoft Works 9 use-after-free attempt (file-office.rules) * 1:24352 <-> ENABLED <-> FILE-OFFICE Microsoft Works 9 use-after-free attempt (file-office.rules) * 1:24353 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF malformed listid attempt (file-office.rules) * 1:24354 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word RTF malformed listid attempt (file-office.rules) * 1:24357 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rgfc value overflow attempt (file-office.rules) * 1:24358 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rgfc value overflow attempt (file-office.rules) * 1:2436 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file download request (file-identify.rules) * 1:2438 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer playlist file URL overflow attempt (file-multimedia.rules) * 1:2439 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer playlist http URL overflow attempt (file-multimedia.rules) * 1:2440 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer playlist rtsp URL overflow attempt (file-multimedia.rules) * 1:24428 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24429 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24430 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24431 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24435 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Asset Management default admin credentials function call attempt (server-webapp.rules) * 1:24436 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Asset Management default admin credentials function call attempt (server-webapp.rules) * 1:24446 <-> ENABLED <-> SERVER-OTHER EMC NetWorker SunRPC format string exploit attempt (server-other.rules) * 1:24455 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24456 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24457 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24458 <-> ENABLED <-> FILE-IDENTIFY JPEG file magic detected (file-identify.rules) * 1:24463 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24464 <-> ENABLED <-> FILE-IDENTIFY TIFF file attachment detected (file-identify.rules) * 1:24465 <-> DISABLED <-> FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected (file-identify.rules) * 1:24472 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24473 <-> ENABLED <-> FILE-IDENTIFY FLV file attachment detected (file-identify.rules) * 1:24480 <-> ENABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:24483 <-> DISABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24484 <-> DISABLED <-> FILE-IDENTIFY Embedded Open Type Font file magic detected (file-identify.rules) * 1:24485 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:24486 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:24487 <-> DISABLED <-> FILE-PDF Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt (file-pdf.rules) * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules) * 1:24507 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:24508 <-> DISABLED <-> FILE-PDF Adobe Acrobat font parsing integer overflow attempt (file-pdf.rules) * 1:24520 <-> ENABLED <-> SERVER-WEBAPP Avaya IP Office Customer Call Reporter invalid file upload attempt (server-webapp.rules) * 1:24549 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime MOV Atom length buffer overflow attempt (file-multimedia.rules) * 1:24554 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24555 <-> ENABLED <-> FILE-IDENTIFY Apple QuickTime PICT v2.0 Image header (file-identify.rules) * 1:24559 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ShowPropertiesDialog ActiveX clsid access (browser-plugins.rules) * 1:24560 <-> DISABLED <-> BROWSER-PLUGINS CYME Power Engineering ShowPropertiesDialog ActiveX function call access (browser-plugins.rules) * 1:24570 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24571 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24572 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24573 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24574 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (browser-firefox.rules) * 1:24587 <-> ENABLED <-> FILE-OFFICE Microsoft Works Word document use after free attempt (file-office.rules) * 1:24588 <-> ENABLED <-> FILE-OFFICE Microsoft Works Word document use after free attempt (file-office.rules) * 1:24599 <-> DISABLED <-> FILE-IDENTIFY Alt-N MDaemon IMAP Server (file-identify.rules) * 1:24639 <-> DISABLED <-> PROTOCOL-RPC portmap CA BrightStor ARCserve tcp procedure 122 invalid function call attempt (protocol-rpc.rules) * 1:24640 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime movie buffer overflow attempt (file-multimedia.rules) * 1:24645 <-> ENABLED <-> BROWSER-PLUGINS Tom Sawyer GET Extension ActiveX clsid access (browser-plugins.rules) * 1:24646 <-> ENABLED <-> BROWSER-PLUGINS Tom Sawyer GET exetension ActiveX clsid access (browser-plugins.rules) * 1:24675 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules) * 1:24676 <-> ENABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules) * 1:24677 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix server open PDU denial of service attempt (server-other.rules) * 1:24678 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24679 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24680 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:24686 <-> DISABLED <-> SERVER-OTHER HP StorageWorks file migration agent buffer overflow attempt (server-other.rules) * 1:24687 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:24688 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:24693 <-> ENABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:24694 <-> ENABLED <-> FILE-IMAGE Apple QuickTime PICT file opcode corruption attempt (file-image.rules) * 1:24696 <-> ENABLED <-> PROTOCOL-RPC EMC Networker nsrindexd.exe procedure 0x01 buffer overflow attempt (protocol-rpc.rules) * 1:24697 <-> DISABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules) * 1:24698 <-> DISABLED <-> SERVER-APACHE Apache mod_log_config cookie handling denial of service attempt (server-apache.rules) * 1:24700 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime text track descriptors heap buffer overflow attempt (file-multimedia.rules) * 1:24701 <-> ENABLED <-> FILE-JAVA Oracle Java Runtime true type font idef opcode heap buffer overflow attempt (file-java.rules) * 1:24702 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24704 <-> ENABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24705 <-> ENABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24706 <-> DISABLED <-> SERVER-WEBAPP Netop Remote Control dws file buffer overflow attempt (server-webapp.rules) * 1:24708 <-> DISABLED <-> FILE-IDENTIFY Netop Remote Control file download request (file-identify.rules) * 1:24709 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24710 <-> ENABLED <-> FILE-IDENTIFY Netop Remote Control file attachment detected (file-identify.rules) * 1:24711 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules) * 1:24712 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules) * 1:24713 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules) * 1:24714 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules) * 1:24715 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules) * 1:24716 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules) * 1:24717 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COD parameter buffer overflow attempt (file-image.rules) * 1:24718 <-> DISABLED <-> FILE-IMAGE Oracle Outside In JPEG COC parameter buffer overflow attempt (file-image.rules) * 1:24719 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP call state message offhook (protocol-voip.rules) * 1:24720 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk SCCP keypad button message denial of service attempt (protocol-voip.rules) * 1:24723 <-> ENABLED <-> BROWSER-PLUGINS IBM Rational Rhapsody BBFlashback ActiveX clsid access attempt (browser-plugins.rules) * 1:24738 <-> DISABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe integer overflow attempt (server-other.rules) * 1:24739 <-> DISABLED <-> SERVER-OTHER Gimp Script-Fu server buffer overflow attempt (server-other.rules) * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules) * 1:24761 <-> ENABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24768 <-> DISABLED <-> SERVER-OTHER RealPlayer Helix rn5auth credential overflow attempt (server-other.rules) * 1:24769 <-> ENABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:24773 <-> ENABLED <-> BROWSER-PLUGINS IBM Lotus iNotes buffer overflow ActiveX clsid access (browser-plugins.rules) * 1:24774 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access (browser-plugins.rules) * 1:24776 <-> DISABLED <-> BROWSER-PLUGINS ASUS Net4Switch ipswcom.dll ActiveX clsid access (browser-plugins.rules) * 1:24801 <-> DISABLED <-> SERVER-WEBAPP IBM Tivoli Provisioning Manager Express asset.getmimetype sql injection attempt (server-webapp.rules) * 1:24802 <-> ENABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules) * 1:24803 <-> DISABLED <-> PROTOCOL-SCADA GE Proficy Real-Time Information Portal directory traversal attempt (protocol-scada.rules) * 1:24816 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24817 <-> ENABLED <-> FILE-IDENTIFY MP4 file magic detected (file-identify.rules) * 1:24818 <-> DISABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24819 <-> DISABLED <-> FILE-IDENTIFY M4V file magic detected (file-identify.rules) * 1:24820 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file download request (file-identify.rules) * 1:24821 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24822 <-> ENABLED <-> FILE-IDENTIFY Computer Graphics Metafile file attachment detected (file-identify.rules) * 1:24824 <-> DISABLED <-> FILE-IDENTIFY RealPlayer skin file download request (file-identify.rules) * 1:24825 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24826 <-> ENABLED <-> FILE-IDENTIFY RealPlayer skin file attachment detected (file-identify.rules) * 1:24827 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24828 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24829 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24830 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24831 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24832 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24833 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24834 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24835 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24836 <-> ENABLED <-> SERVER-WEBAPP HP OpenView Operations Agent buffer overflow attempt (server-webapp.rules) * 1:24869 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:24870 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:24871 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:24872 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOM mergeAttributes memory corruption attempt (browser-ie.rules) * 1:24874 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24875 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24876 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24877 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionScript virtual machine opcode verifying code execution attempt (file-flash.rules) * 1:24898 <-> ENABLED <-> SERVER-OTHER ABB Multiple Product RobNetScanHost.exe buffer overflow attempt (server-other.rules) * 1:24901 <-> DISABLED <-> FILE-IDENTIFY JNLP file download request (file-identify.rules) * 1:24902 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24903 <-> ENABLED <-> FILE-IDENTIFY JNLP file attachment detected (file-identify.rules) * 1:24911 <-> DISABLED <-> SERVER-ORACLE Oracle Outside In Excel file parsing integer overflow attempt (server-oracle.rules) * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24957 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24958 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24959 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24960 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24961 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24962 <-> ENABLED <-> BROWSER-PLUGINS Microsoft dpnet.dll DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24963 <-> ENABLED <-> BROWSER-PLUGINS Microsoft DirectPlay ActiveX clsid access (browser-plugins.rules) * 1:24964 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24965 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24966 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24967 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24968 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24969 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24970 <-> ENABLED <-> FILE-OFFICE Microsoft Office dpnet.dll DirectPlay CFixedPool-Get clsid access (file-office.rules) * 1:24974 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf invalid listoverridecount value attempt (file-office.rules) * 1:24975 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word rtf invalid listoverridecount value attempt (file-office.rules) * 1:24987 <-> DISABLED <-> POLICY-OTHER Adobe InDesign SOAP interface RunScript method access attempt (policy-other.rules) * 1:24994 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules) * 1:24995 <-> DISABLED <-> SERVER-OTHER Free Software Foundation GnuTLS record application integer overflow attempt (server-other.rules) * 1:24998 <-> ENABLED <-> FILE-OTHER Cisco WebEx recording format buffer overflow attempt (file-other.rules) * 1:25003 <-> ENABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules) * 1:25005 <-> ENABLED <-> BROWSER-PLUGINS ClearQuest session stack corruption attempt (browser-plugins.rules) * 1:25006 <-> ENABLED <-> FILE-JAVA Oracle JavaScript heap exploitation library usage attempt (file-java.rules) * 1:25019 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules) * 1:25032 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file download request (file-identify.rules) * 1:25033 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25034 <-> ENABLED <-> FILE-IDENTIFY Microsoft Silverlight application file attachment detected (file-identify.rules) * 1:25035 <-> ENABLED <-> BROWSER-PLUGINS Microsoft Silverlight inheritance restriction bypass (browser-plugins.rules) * 1:25036 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit form elements virtual function DoS attempt (browser-webkit.rules) * 1:25037 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25038 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit css title memory corruption attempt (browser-webkit.rules) * 1:25061 <-> DISABLED <-> FILE-EXECUTABLE Microsoft Software Installer MSI binary file magic detected (file-executable.rules) * 1:25062 <-> ENABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25063 <-> DISABLED <-> SERVER-WEBAPP PHP htmlspecialchars htmlentities function buffer overflow attempt (server-webapp.rules) * 1:25078 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer sign extension vulnerability exploitation attempt (browser-ie.rules) * 1:2508 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP lsass DsRolerUpgradeDownlevelServer overflow attempt (os-windows.rules) * 1:25111 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX clsid access attempt (browser-plugins.rules) * 1:25112 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25113 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25114 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25115 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX clsid access attempt (browser-plugins.rules) * 1:25116 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25117 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25118 <-> DISABLED <-> BROWSER-PLUGINS Oracle SetMarkupMode buffer overflow ActiveX function call access attempt (browser-plugins.rules) * 1:25122 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:25123 <-> ENABLED <-> FILE-JAVA Oracle Java field bytecode verifier cache code execution attempt (file-java.rules) * 1:25225 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Marquee stylesheet object removal (browser-ie.rules) * 1:25226 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Marquee stylesheet object removal (browser-ie.rules) * 1:25250 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS .NET null character username truncation attempt (server-iis.rules) * 1:25252 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (file-executable.rules) * 1:25253 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery overflow attempt (file-executable.rules) * 1:25287 <-> DISABLED <-> SERVER-OTHER Rails XML parameter parsing vulnerability exploitation attempt (server-other.rules) * 1:25288 <-> DISABLED <-> SERVER-OTHER Rails XML parameter parsing vulnerability exploitation attempt (server-other.rules) * 1:25293 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel IPMT record buffer overflow attempt (file-office.rules) * 1:25297 <-> ENABLED <-> FILE-MULTIMEDIA Mozilla products Ogg Vorbis decoding memory corruption attempt (file-multimedia.rules) * 1:25299 <-> ENABLED <-> BROWSER-PLUGINS IBM VsVIEW ActiveX control directory traversal attempt (browser-plugins.rules) * 1:25300 <-> ENABLED <-> BROWSER-PLUGINS IBM VsVIEW ActiveX control directory traversal attempt (browser-plugins.rules) * 1:25303 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF memory corruption attempt (file-other.rules) * 1:25304 <-> ENABLED <-> FILE-OTHER Cisco WebEx WRF memory corruption attempt (file-other.rules) * 1:25305 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file magic detected (file-identify.rules) * 1:25306 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file download request (file-identify.rules) * 1:25307 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25308 <-> ENABLED <-> FILE-IDENTIFY Adobe Audition Session file attachment detected (file-identify.rules) * 1:25309 <-> ENABLED <-> FILE-OTHER Adobe Audition Session file stack buffer overflow attempt (file-other.rules) * 1:25310 <-> ENABLED <-> FILE-OTHER Adobe Audition Session file stack buffer overflow attempt (file-other.rules) * 1:25312 <-> ENABLED <-> SERVER-OTHER Microsoft Forefront Threat Management Gateway remote code execution attempt (server-other.rules) * 1:25314 <-> DISABLED <-> OS-LINUX Linux kernel IGMP queries denial of service attempt (os-linux.rules) * 1:25315 <-> DISABLED <-> SERVER-ORACLE Oracle TNS listener service registration (server-oracle.rules) * 1:25316 <-> ENABLED <-> BROWSER-PLUGINS InduSoft ISSymbol InternationalSeparator heap overflow attempt (browser-plugins.rules) * 1:25317 <-> DISABLED <-> POLICY-OTHER RedHat JBOSS JNDI service naming (policy-other.rules) * 1:25318 <-> ENABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25319 <-> ENABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25320 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer nonexistent attribute removal memory corruption attempt (browser-ie.rules) * 1:25321 <-> DISABLED <-> SERVER-ORACLE Oracle Database tablefunc_asown buffer overflow attempt (server-oracle.rules) * 1:25329 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CSS style memory corruption attempt (browser-ie.rules) * 1:25330 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel conditional code execution attempt (file-office.rules) * 1:25331 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel conditional code execution attempt (file-office.rules) * 1:25332 <-> ENABLED <-> FILE-OTHER Adobe Audition Session file tkrm stack buffer overflow attempt (file-other.rules) * 1:25333 <-> DISABLED <-> PROTOCOL-DNS Exim DKIM decoding buffer overflow attempt (protocol-dns.rules) * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25341 <-> ENABLED <-> FILE-OTHER Cisco WebEx player remote code execution attempt (file-other.rules) * 1:25342 <-> DISABLED <-> SERVER-OTHER ISC dhcpd bootp request missing options field DOS attempt (server-other.rules) * 1:25343 <-> ENABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (browser-plugins.rules) * 1:25344 <-> ENABLED <-> BROWSER-PLUGINS Citrix Access Gateway plug-in ActiveX code execution attempt (browser-plugins.rules) * 1:25345 <-> DISABLED <-> SERVER-WEBAPP Symantec IM Manager Web interface arbitrary command execution attempt (server-webapp.rules) * 1:25346 <-> ENABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25347 <-> ENABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25348 <-> ENABLED <-> FILE-IMAGE ImageMagick EXIF resolutionunit handling memory corruption attempt (file-image.rules) * 1:25352 <-> DISABLED <-> SERVER-OTHER HP HP Intelligent Management Center syslog remote code execution attempt (server-other.rules) * 1:25353 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules) * 1:25354 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules) * 1:25355 <-> ENABLED <-> FILE-OFFICE Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord exploit attempt (file-office.rules) * 1:25356 <-> DISABLED <-> SERVER-OTHER Squid Gopher response processing buffer overflow attempt (server-other.rules) * 1:25357 <-> ENABLED <-> FILE-EXECUTABLE Microsoft Windows Authenticode signature verification bypass attempt (file-executable.rules) * 1:25366 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:25367 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel invalid Window2 BIFF record value attempt (file-office.rules) * 1:25380 <-> DISABLED <-> SERVER-OTHER EMC AutoStart domain name logging stack buffer overflow attempt (server-other.rules) * 1:25472 <-> ENABLED <-> FILE-JAVA Oracle Java JMX class arbitrary code execution attempt (file-java.rules) * 1:25513 <-> ENABLED <-> FILE-IDENTIFY Portable Executable download detected (file-identify.rules) * 1:25514 <-> ENABLED <-> FILE-IDENTIFY Portable Executable download detected (file-identify.rules) * 1:25515 <-> ENABLED <-> FILE-IDENTIFY Portable Executable binary file magic detected (file-identify.rules) * 1:25516 <-> DISABLED <-> FILE-IDENTIFY Microsoft Software Installer MSI binary file magic detected (file-identify.rules) * 1:25517 <-> DISABLED <-> FILE-IDENTIFY Armadillo v1.71 packer file magic detected (file-identify.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:25535 <-> ENABLED <-> PROTOCOL-SERVICES Cisco Prime Lan Management rsh command execution attempt (protocol-services.rules) * 1:25542 <-> ENABLED <-> PROTOCOL-RPC EMC NetWorker nsrindexd service buffer overflow attempt (protocol-rpc.rules) * 1:25549 <-> ENABLED <-> SERVER-OTHER Novell eDirectory NCP stack buffer overflow attempt (server-other.rules) * 1:25550 <-> ENABLED <-> SERVER-OTHER Novell eDirectory NCP stack buffer overflow attempt (server-other.rules) * 1:25562 <-> DISABLED <-> FILE-JAVA Oracle Java obfuscated jar file download attempt (file-java.rules) * 1:25582 <-> ENABLED <-> SERVER-OTHER EMC AlphaStor Device Manager command injection attempt (server-other.rules) * 1:25586 <-> DISABLED <-> SERVER-WEBAPP Nagios Core get_history buffer overflow attempt (server-webapp.rules) * 1:25634 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoder shellcode (indicator-shellcode.rules) * 1:25636 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25639 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25640 <-> DISABLED <-> INDICATOR-SHELLCODE unescape encoded shellcode (indicator-shellcode.rules) * 1:25644 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25645 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25646 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25647 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25648 <-> ENABLED <-> FILE-OTHER Apple QuickTime TeXML style sub-element buffer overflow attempt (file-other.rules) * 1:25659 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - spam_bot (blacklist.rules) * 1:25676 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25677 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25678 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25679 <-> ENABLED <-> FILE-FLASH Adobe Flash malformed regular expression exploit attempt (file-flash.rules) * 1:25680 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:25681 <-> ENABLED <-> FILE-FLASH Adobe Flash Player CFF FeatureCount integer overflow attempt (file-flash.rules) * 1:25682 <-> ENABLED <-> FILE-IDENTIFY Adobe Flash Player embedded compact font detected (file-identify.rules) * 1:2570 <-> DISABLED <-> SERVER-WEBAPP Invalid HTTP Version String (server-webapp.rules) * 1:25803 <-> ENABLED <-> EXPLOIT-KIT Multiple exploit kit jar file dropped (exploit-kit.rules) * 1:25810 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25811 <-> DISABLED <-> FILE-OTHER VMWare OVF Tool format string exploit attempt (file-other.rules) * 1:25817 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bolsilloner.es (blacklist.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
