Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-flash, file-identify, file-multimedia, file-other, file-pdf, indicator-compromise, malware-other, malware-tools, netbios, policy-other, protocol-dns, protocol-imap, protocol-scada, server-mail, server-mysql and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35940 <-> DISABLED <-> SERVER-WEBAPP PHP phar_parse_tarfile method integer overflow attempt (server-webapp.rules) * 1:35860 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime traf atom out of bounds read attempt (file-multimedia.rules) * 1:35856 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:35862 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:35859 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime traf atom out of bounds read attempt (file-multimedia.rules) * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:35864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:35933 <-> DISABLED <-> SERVER-WEBAPP Qualcomm WorldMail IMAP select directory traversal attempt (server-webapp.rules) * 1:35934 <-> DISABLED <-> SERVER-WEBAPP Qualcomm WorldMail IMAP append directory traversal attempt (server-webapp.rules) * 1:35935 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:35936 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:35937 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:35938 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:35939 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules) * 1:35854 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules) * 1:35853 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 1:35855 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules) * 3:35879 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35877 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35904 <-> ENABLED <-> SERVER-OTHER SCADA InduSoft Web Studio buffer overflow attempt (server-other.rules) * 3:35883 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules) * 3:35901 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules) * 3:35900 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules) * 3:35873 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules) * 3:35896 <-> ENABLED <-> SERVER-OTHER GE Proficy CIMPLICITY Marquee Manager stack buffer overflow attempt (server-other.rules) * 3:35894 <-> ENABLED <-> SERVER-OTHER HP OpenView Data Protector Omnilnet command injection attempt (server-other.rules) * 3:35885 <-> ENABLED <-> POLICY-OTHER MBean retrieval attempt (policy-other.rules) * 3:35923 <-> ENABLED <-> SERVER-WEBAPP LANDesk Management Suite arbitrary remote file upload attempt (server-webapp.rules) * 3:35914 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe trigger creation attempt (server-other.rules) * 3:35884 <-> ENABLED <-> POLICY-OTHER MBean retrieval attempt (policy-other.rules) * 3:35882 <-> ENABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript and U3D objects (file-pdf.rules) * 3:35886 <-> ENABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 3:35929 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35887 <-> ENABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 3:35888 <-> ENABLED <-> PROTOCOL-SCADA SCADA Engine OPC Server arbitrary file upload attempt (protocol-scada.rules) * 3:35941 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller and UCS Director directory traversal attempt (server-webapp.rules) * 3:35911 <-> ENABLED <-> SERVER-OTHER Websense TRITON xml namespace buffer overflow attempt (server-other.rules) * 3:35889 <-> ENABLED <-> PROTOCOL-SCADA Kaskad SCADA arbitrary command execution attempt (protocol-scada.rules) * 3:35916 <-> ENABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 3:35890 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL XPath number function uninitialized pointer arbitrary code execution attempt (server-mysql.rules) * 3:35891 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL XPath number function uninitialized pointer arbitrary code execution attempt (server-mysql.rules) * 3:35893 <-> ENABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules) * 3:35892 <-> ENABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules) * 3:35895 <-> ENABLED <-> SERVER-OTHER Hewlett-Packard Radia Client Automation VerbData buffer overflow attempt (server-other.rules) * 3:35897 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 3:35899 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules) * 3:35898 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:35881 <-> ENABLED <-> FILE-PDF download of a PDF with embedded JavaScript and U3D objects (file-pdf.rules) * 3:35905 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe request detected (server-other.rules) * 3:35878 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35880 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35927 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management remote file execution attempt (server-webapp.rules) * 3:35925 <-> ENABLED <-> SERVER-WEBAPP Oracle Directory Services Manager LDAP plugin field null byte injection attempt (server-webapp.rules) * 3:35875 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules) * 3:35874 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules) * 3:35876 <-> ENABLED <-> FILE-OTHER InduSoft Web Studio insecure visual basic code execution attempt (file-other.rules) * 3:35910 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight information disclosure attempt (server-other.rules) * 3:35932 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35931 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35930 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35943 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY query processing denial of service attempt (protocol-dns.rules) * 3:35913 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe authentication attempt (server-other.rules) * 3:35909 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight buffer overflow attempt (server-other.rules) * 3:35908 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe buffer overflow attempt (server-other.rules) * 3:35912 <-> ENABLED <-> SERVER-OTHER Websense TRITON xml namespace buffer overflow attempt (server-other.rules) * 3:35865 <-> ENABLED <-> BROWSER-IE Internet Explorer DataSource recordset remote code execution attempt (browser-ie.rules) * 3:35866 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt (browser-ie.rules) * 3:35915 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe rule creation attempt (server-other.rules) * 3:35917 <-> ENABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 3:35907 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe request detected (server-other.rules) * 3:35942 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY query processing denial of service attempt (protocol-dns.rules) * 3:35918 <-> ENABLED <-> SERVER-OTHER EMC NetWorker server overflow attempt (server-other.rules) * 3:35868 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35872 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules) * 3:35919 <-> ENABLED <-> SERVER-OTHER Vinzant Global ECS Agent untrusted command execution attempt (server-other.rules) * 3:35869 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35906 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe buffer overflow attempt (server-other.rules) * 3:35867 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt (browser-ie.rules) * 3:35926 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management authorization bypass attempt (server-webapp.rules) * 3:35921 <-> ENABLED <-> SERVER-OTHER General Electric Proficy malicious log forwarding request attempt (server-other.rules) * 3:35920 <-> ENABLED <-> SERVER-OTHER General Electric Proficy memory leakage request attempt (server-other.rules) * 3:35928 <-> ENABLED <-> SERVER-WEBAPP IBM Domino cross site scripting attempt (server-webapp.rules) * 3:35924 <-> ENABLED <-> SERVER-WEBAPP Oracle Directory Services Manager remote jsp code execution attempt (server-webapp.rules) * 3:35870 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35922 <-> ENABLED <-> SERVER-WEBAPP Entrust Authority Enrollment Server stack buffer overflow attempt (server-webapp.rules) * 3:35871 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
* 1:34988 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:23058 <-> ENABLED <-> MALWARE-OTHER NeoSploit Malvertising - URI Requested (malware-other.rules) * 1:34989 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules) * 1:5703 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe directory traversal attempt (protocol-imap.rules) * 1:5700 <-> DISABLED <-> PROTOCOL-IMAP rename directory traversal attempt (protocol-imap.rules) * 1:5699 <-> DISABLED <-> PROTOCOL-IMAP lsub directory traversal attempt (protocol-imap.rules) * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules) * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:33188 <-> ENABLED <-> INDICATOR-COMPROMISE Win.Trojan.Bedep variant outbound connection (indicator-compromise.rules) * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:35821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:35825 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:35822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules) * 1:5696 <-> DISABLED <-> PROTOCOL-IMAP delete directory traversal attempt (protocol-imap.rules) * 1:5697 <-> DISABLED <-> PROTOCOL-IMAP examine directory traversal attempt (protocol-imap.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2973.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35859 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime traf atom out of bounds read attempt (file-multimedia.rules) * 1:35856 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules) * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35940 <-> DISABLED <-> SERVER-WEBAPP PHP phar_parse_tarfile method integer overflow attempt (server-webapp.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:35862 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:35860 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime traf atom out of bounds read attempt (file-multimedia.rules) * 1:35863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:35864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:35933 <-> DISABLED <-> SERVER-WEBAPP Qualcomm WorldMail IMAP select directory traversal attempt (server-webapp.rules) * 1:35934 <-> DISABLED <-> SERVER-WEBAPP Qualcomm WorldMail IMAP append directory traversal attempt (server-webapp.rules) * 1:35936 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:35935 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:35937 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:35938 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:35853 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules) * 1:35939 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules) * 1:35855 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules) * 1:35854 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 3:35914 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe trigger creation attempt (server-other.rules) * 3:35912 <-> ENABLED <-> SERVER-OTHER Websense TRITON xml namespace buffer overflow attempt (server-other.rules) * 3:35913 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe authentication attempt (server-other.rules) * 3:35911 <-> ENABLED <-> SERVER-OTHER Websense TRITON xml namespace buffer overflow attempt (server-other.rules) * 3:35909 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight buffer overflow attempt (server-other.rules) * 3:35908 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe buffer overflow attempt (server-other.rules) * 3:35904 <-> ENABLED <-> SERVER-OTHER SCADA InduSoft Web Studio buffer overflow attempt (server-other.rules) * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:35898 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:35899 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules) * 3:35893 <-> ENABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules) * 3:35878 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35879 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35881 <-> ENABLED <-> FILE-PDF download of a PDF with embedded JavaScript and U3D objects (file-pdf.rules) * 3:35882 <-> ENABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript and U3D objects (file-pdf.rules) * 3:35883 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules) * 3:35884 <-> ENABLED <-> POLICY-OTHER MBean retrieval attempt (policy-other.rules) * 3:35873 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules) * 3:35885 <-> ENABLED <-> POLICY-OTHER MBean retrieval attempt (policy-other.rules) * 3:35886 <-> ENABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 3:35943 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY query processing denial of service attempt (protocol-dns.rules) * 3:35941 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller and UCS Director directory traversal attempt (server-webapp.rules) * 3:35942 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY query processing denial of service attempt (protocol-dns.rules) * 3:35931 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35932 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35930 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35880 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35923 <-> ENABLED <-> SERVER-WEBAPP LANDesk Management Suite arbitrary remote file upload attempt (server-webapp.rules) * 3:35887 <-> ENABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 3:35874 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules) * 3:35888 <-> ENABLED <-> PROTOCOL-SCADA SCADA Engine OPC Server arbitrary file upload attempt (protocol-scada.rules) * 3:35889 <-> ENABLED <-> PROTOCOL-SCADA Kaskad SCADA arbitrary command execution attempt (protocol-scada.rules) * 3:35875 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules) * 3:35891 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL XPath number function uninitialized pointer arbitrary code execution attempt (server-mysql.rules) * 3:35890 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL XPath number function uninitialized pointer arbitrary code execution attempt (server-mysql.rules) * 3:35892 <-> ENABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules) * 3:35894 <-> ENABLED <-> SERVER-OTHER HP OpenView Data Protector Omnilnet command injection attempt (server-other.rules) * 3:35895 <-> ENABLED <-> SERVER-OTHER Hewlett-Packard Radia Client Automation VerbData buffer overflow attempt (server-other.rules) * 3:35896 <-> ENABLED <-> SERVER-OTHER GE Proficy CIMPLICITY Marquee Manager stack buffer overflow attempt (server-other.rules) * 3:35897 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 3:35900 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules) * 3:35901 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules) * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 3:35905 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe request detected (server-other.rules) * 3:35906 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe buffer overflow attempt (server-other.rules) * 3:35907 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe request detected (server-other.rules) * 3:35910 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight information disclosure attempt (server-other.rules) * 3:35866 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt (browser-ie.rules) * 3:35924 <-> ENABLED <-> SERVER-WEBAPP Oracle Directory Services Manager remote jsp code execution attempt (server-webapp.rules) * 3:35865 <-> ENABLED <-> BROWSER-IE Internet Explorer DataSource recordset remote code execution attempt (browser-ie.rules) * 3:35925 <-> ENABLED <-> SERVER-WEBAPP Oracle Directory Services Manager LDAP plugin field null byte injection attempt (server-webapp.rules) * 3:35926 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management authorization bypass attempt (server-webapp.rules) * 3:35928 <-> ENABLED <-> SERVER-WEBAPP IBM Domino cross site scripting attempt (server-webapp.rules) * 3:35927 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management remote file execution attempt (server-webapp.rules) * 3:35915 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe rule creation attempt (server-other.rules) * 3:35929 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35917 <-> ENABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 3:35916 <-> ENABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 3:35918 <-> ENABLED <-> SERVER-OTHER EMC NetWorker server overflow attempt (server-other.rules) * 3:35919 <-> ENABLED <-> SERVER-OTHER Vinzant Global ECS Agent untrusted command execution attempt (server-other.rules) * 3:35876 <-> ENABLED <-> FILE-OTHER InduSoft Web Studio insecure visual basic code execution attempt (file-other.rules) * 3:35920 <-> ENABLED <-> SERVER-OTHER General Electric Proficy memory leakage request attempt (server-other.rules) * 3:35921 <-> ENABLED <-> SERVER-OTHER General Electric Proficy malicious log forwarding request attempt (server-other.rules) * 3:35922 <-> ENABLED <-> SERVER-WEBAPP Entrust Authority Enrollment Server stack buffer overflow attempt (server-webapp.rules) * 3:35872 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules) * 3:35877 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35868 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35867 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt (browser-ie.rules) * 3:35869 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35870 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35871 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
* 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules) * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules) * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules) * 1:23058 <-> ENABLED <-> MALWARE-OTHER NeoSploit Malvertising - URI Requested (malware-other.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:5696 <-> DISABLED <-> PROTOCOL-IMAP delete directory traversal attempt (protocol-imap.rules) * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:34988 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules) * 1:34989 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules) * 1:5699 <-> DISABLED <-> PROTOCOL-IMAP lsub directory traversal attempt (protocol-imap.rules) * 1:5700 <-> DISABLED <-> PROTOCOL-IMAP rename directory traversal attempt (protocol-imap.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:5703 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe directory traversal attempt (protocol-imap.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:33188 <-> ENABLED <-> INDICATOR-COMPROMISE Win.Trojan.Bedep variant outbound connection (indicator-compromise.rules) * 1:35825 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:35821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:35822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:5697 <-> DISABLED <-> PROTOCOL-IMAP examine directory traversal attempt (protocol-imap.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2975.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:35940 <-> DISABLED <-> SERVER-WEBAPP PHP phar_parse_tarfile method integer overflow attempt (server-webapp.rules) * 1:35939 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules) * 1:35938 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:35937 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:35936 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:35935 <-> DISABLED <-> FILE-FLASH Adobe Flash Player attachMovie use after free attempt (file-flash.rules) * 1:35934 <-> DISABLED <-> SERVER-WEBAPP Qualcomm WorldMail IMAP append directory traversal attempt (server-webapp.rules) * 1:35933 <-> DISABLED <-> SERVER-WEBAPP Qualcomm WorldMail IMAP select directory traversal attempt (server-webapp.rules) * 1:35864 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:35863 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:35862 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:35861 <-> DISABLED <-> FILE-FLASH Adobe Flash Player swapDepths use after free attempt (file-flash.rules) * 1:35860 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime traf atom out of bounds read attempt (file-multimedia.rules) * 1:35859 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime traf atom out of bounds read attempt (file-multimedia.rules) * 1:35858 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35856 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules) * 1:35855 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules) * 1:35854 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules) * 1:35853 <-> DISABLED <-> SERVER-WEBAPP PHP exif_ifd_make_value thumbnail heap buffer overflow attempt (server-webapp.rules) * 1:35852 <-> ENABLED <-> FILE-IDENTIFY JPEG file upload detected (file-identify.rules) * 3:35943 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY query processing denial of service attempt (protocol-dns.rules) * 3:35942 <-> ENABLED <-> PROTOCOL-DNS ISC BIND TKEY query processing denial of service attempt (protocol-dns.rules) * 3:35941 <-> ENABLED <-> SERVER-WEBAPP Cisco Integrated Management Controller and UCS Director directory traversal attempt (server-webapp.rules) * 3:35932 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35931 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35930 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35929 <-> ENABLED <-> SERVER-WEBAPP Nagios XI Incident Manager SQL injection attempt (server-webapp.rules) * 3:35928 <-> ENABLED <-> SERVER-WEBAPP IBM Domino cross site scripting attempt (server-webapp.rules) * 3:35927 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management remote file execution attempt (server-webapp.rules) * 3:35926 <-> ENABLED <-> SERVER-WEBAPP Oracle Identity Management authorization bypass attempt (server-webapp.rules) * 3:35925 <-> ENABLED <-> SERVER-WEBAPP Oracle Directory Services Manager LDAP plugin field null byte injection attempt (server-webapp.rules) * 3:35924 <-> ENABLED <-> SERVER-WEBAPP Oracle Directory Services Manager remote jsp code execution attempt (server-webapp.rules) * 3:35923 <-> ENABLED <-> SERVER-WEBAPP LANDesk Management Suite arbitrary remote file upload attempt (server-webapp.rules) * 3:35922 <-> ENABLED <-> SERVER-WEBAPP Entrust Authority Enrollment Server stack buffer overflow attempt (server-webapp.rules) * 3:35921 <-> ENABLED <-> SERVER-OTHER General Electric Proficy malicious log forwarding request attempt (server-other.rules) * 3:35920 <-> ENABLED <-> SERVER-OTHER General Electric Proficy memory leakage request attempt (server-other.rules) * 3:35919 <-> ENABLED <-> SERVER-OTHER Vinzant Global ECS Agent untrusted command execution attempt (server-other.rules) * 3:35918 <-> ENABLED <-> SERVER-OTHER EMC NetWorker server overflow attempt (server-other.rules) * 3:35917 <-> ENABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 3:35916 <-> ENABLED <-> SERVER-OTHER Websense Triton Web Security untrusted remote file creation attempt (server-other.rules) * 3:35915 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe rule creation attempt (server-other.rules) * 3:35866 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt (browser-ie.rules) * 3:35865 <-> ENABLED <-> BROWSER-IE Internet Explorer DataSource recordset remote code execution attempt (browser-ie.rules) * 3:35914 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe trigger creation attempt (server-other.rules) * 3:35913 <-> ENABLED <-> SERVER-OTHER EMC AutoStart ftAgent.exe authentication attempt (server-other.rules) * 3:35912 <-> ENABLED <-> SERVER-OTHER Websense TRITON xml namespace buffer overflow attempt (server-other.rules) * 3:35911 <-> ENABLED <-> SERVER-OTHER Websense TRITON xml namespace buffer overflow attempt (server-other.rules) * 3:35910 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight information disclosure attempt (server-other.rules) * 3:35909 <-> ENABLED <-> SERVER-OTHER Siemens Desigo Insight buffer overflow attempt (server-other.rules) * 3:35908 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe buffer overflow attempt (server-other.rules) * 3:35907 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe request detected (server-other.rules) * 3:35906 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe buffer overflow attempt (server-other.rules) * 3:35905 <-> ENABLED <-> SERVER-OTHER HP Network Node Manager pmd.exe request detected (server-other.rules) * 3:35904 <-> ENABLED <-> SERVER-OTHER SCADA InduSoft Web Studio buffer overflow attempt (server-other.rules) * 3:35903 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:35902 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 3:35901 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules) * 3:35900 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules) * 3:35899 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack stack buffer overflow attempt (server-other.rules) * 3:35898 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack buffer overflow attempt (server-other.rules) * 3:35897 <-> ENABLED <-> SERVER-OTHER IBM Tivoli Storage Manager FastBack command injection attempt (server-other.rules) * 3:35896 <-> ENABLED <-> SERVER-OTHER GE Proficy CIMPLICITY Marquee Manager stack buffer overflow attempt (server-other.rules) * 3:35895 <-> ENABLED <-> SERVER-OTHER Hewlett-Packard Radia Client Automation VerbData buffer overflow attempt (server-other.rules) * 3:35894 <-> ENABLED <-> SERVER-OTHER HP OpenView Data Protector Omnilnet command injection attempt (server-other.rules) * 3:35892 <-> ENABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules) * 3:35893 <-> ENABLED <-> SERVER-OTHER GE Proficy Real-Time Information Portal arbitrary dll load attempt (server-other.rules) * 3:35891 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL XPath number function uninitialized pointer arbitrary code execution attempt (server-mysql.rules) * 3:35890 <-> ENABLED <-> SERVER-MYSQL Oracle MySQL XPath number function uninitialized pointer arbitrary code execution attempt (server-mysql.rules) * 3:35889 <-> ENABLED <-> PROTOCOL-SCADA Kaskad SCADA arbitrary command execution attempt (protocol-scada.rules) * 3:35888 <-> ENABLED <-> PROTOCOL-SCADA SCADA Engine OPC Server arbitrary file upload attempt (protocol-scada.rules) * 3:35887 <-> ENABLED <-> POLICY-OTHER SCADA Engine BACnet OPC Server untrusted SQL query execution attempt (policy-other.rules) * 3:35886 <-> ENABLED <-> POLICY-OTHER Kaskad SCADA default username and password attempt (policy-other.rules) * 3:35885 <-> ENABLED <-> POLICY-OTHER MBean retrieval attempt (policy-other.rules) * 3:35884 <-> ENABLED <-> POLICY-OTHER MBean retrieval attempt (policy-other.rules) * 3:35883 <-> ENABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor opcode 0x13 overflow attempt (netbios.rules) * 3:35882 <-> ENABLED <-> FILE-PDF transfer of a PDF with embedded JavaScript and U3D objects (file-pdf.rules) * 3:35881 <-> ENABLED <-> FILE-PDF download of a PDF with embedded JavaScript and U3D objects (file-pdf.rules) * 3:35880 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35879 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35878 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35877 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader javascript AcroForm object use after free attempt (file-pdf.rules) * 3:35876 <-> ENABLED <-> FILE-OTHER InduSoft Web Studio insecure visual basic code execution attempt (file-other.rules) * 3:35875 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules) * 3:35874 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules) * 3:35873 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules) * 3:35872 <-> ENABLED <-> BROWSER-PLUGINS Steema Software SL TeeChart Pro ActiveX clsid access (browser-plugins.rules) * 3:35871 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35870 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35869 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35868 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 3:35867 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer XMLDOM double free corruption attempt (browser-ie.rules)
* 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA PLF playlist name buffer overflow attempt (file-multimedia.rules) * 1:17328 <-> DISABLED <-> SERVER-MAIL Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow (server-mail.rules) * 1:20496 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:21513 <-> ENABLED <-> MALWARE-TOOLS HOIC http denial of service attack (malware-tools.rules) * 1:23058 <-> ENABLED <-> MALWARE-OTHER NeoSploit Malvertising - URI Requested (malware-other.rules) * 1:23680 <-> ENABLED <-> FILE-IDENTIFY Adobe Shockwave Flash file magic detected (file-identify.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:33188 <-> ENABLED <-> INDICATOR-COMPROMISE Win.Trojan.Bedep variant outbound connection (indicator-compromise.rules) * 1:34988 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules) * 1:34989 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed FLV file buffer overflow attempt (file-flash.rules) * 1:35664 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules) * 1:35821 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:35822 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:35825 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:5696 <-> DISABLED <-> PROTOCOL-IMAP delete directory traversal attempt (protocol-imap.rules) * 1:5697 <-> DISABLED <-> PROTOCOL-IMAP examine directory traversal attempt (protocol-imap.rules) * 1:5700 <-> DISABLED <-> PROTOCOL-IMAP rename directory traversal attempt (protocol-imap.rules) * 1:5699 <-> DISABLED <-> PROTOCOL-IMAP lsub directory traversal attempt (protocol-imap.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:5703 <-> DISABLED <-> PROTOCOL-IMAP unsubscribe directory traversal attempt (protocol-imap.rules) * 1:35820 <-> ENABLED <-> FILE-FLASH Adobe Flash Player scale9Grid use after free attempt (file-flash.rules) * 1:35665 <-> DISABLED <-> FILE-FLASH Adobe Flash Player DefineVideoStream out of bounds memory access attempt (file-flash.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
