Talos has added and modified multiple rules in the app-detect, browser-firefox, browser-ie, browser-other, exploit-kit, file-flash, file-identify, file-image, file-multimedia, file-office, file-other, file-pdf, indicator-compromise, indicator-scan, malware-cnc, os-other, os-windows, policy-other, protocol-dns, protocol-ftp, protocol-other, protocol-pop, protocol-voip, server-apache, server-mail, server-mysql, server-oracle, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45456 <-> DISABLED <-> SERVER-WEBAPP Samsung SRN-1670D network_ssl_upload.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:45469 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45478 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45475 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine uninitialized pointers memory corruption attempt (browser-ie.rules) * 1:45459 <-> ENABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45470 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45472 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45473 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45477 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45466 <-> ENABLED <-> FILE-OFFICE Microsoft Office None type objclass RTF evasion attempt (file-office.rules) * 1:45457 <-> DISABLED <-> SERVER-WEBAPP Samsung SRN-1670D cslog_export.php arbitrary file read attempt (server-webapp.rules) * 1:45461 <-> DISABLED <-> PROTOCOL-FTP Ayukov NFTP FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45455 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit URI redirect attempt (exploit-kit.rules) * 1:45468 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45474 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine uninitialized pointers memory corruption attempt (browser-ie.rules) * 1:45471 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45463 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:45467 <-> ENABLED <-> FILE-OFFICE Microsoft Office None type objclass RTF evasion attempt (file-office.rules) * 1:45476 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox HTTP index format out of bounds read attempt (browser-firefox.rules) * 1:45462 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:45460 <-> DISABLED <-> PROTOCOL-FTP Ayukov NFTP FTP Client buffer overflow attempt (protocol-ftp.rules) * 3:45465 <-> ENABLED <-> SERVER-WEBAPP Splunk daemon default admin credentials login attempt (server-webapp.rules) * 3:45464 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unified Customer Voice Portal denial of service attempt (protocol-voip.rules)
* 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:45447 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:44821 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free vulnerability exploit attempt (file-office.rules) * 1:45452 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45416 <-> ENABLED <-> FILE-OFFICE RTF Composite Moniker object creation attempt (file-office.rules) * 1:45414 <-> DISABLED <-> SERVER-WEBAPP DotNetNuke DNNPersonalization remote code execution attempt (server-webapp.rules) * 1:45449 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45446 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45453 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45451 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45450 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45448 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45405 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:44846 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules) * 1:45366 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45142 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array type confusion attempt (browser-ie.rules) * 1:45046 <-> ENABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:45415 <-> ENABLED <-> FILE-OFFICE RTF Composite Moniker object creation attempt (file-office.rules) * 1:45442 <-> DISABLED <-> SERVER-OTHER Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet information disclosure attempt (server-other.rules) * 1:45445 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45421 <-> DISABLED <-> SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:44965 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro security bypass attempt (file-other.rules) * 1:44862 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CommentExtension attempt (file-image.rules) * 1:45269 <-> DISABLED <-> SERVER-OTHER Apache CouchDB remote code execution attempt (server-other.rules) * 1:45359 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45010 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45039 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules) * 1:45388 <-> ENABLED <-> BROWSER-IE Microsoft Edge anonymous function type confusion attempt (browser-ie.rules) * 1:45133 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:44969 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:44987 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF font character encoding out of bounds write attempt (file-pdf.rules) * 1:45130 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:44959 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values memory corruption attempt (file-image.rules) * 1:45314 <-> ENABLED <-> SERVER-WEBAPP Beijing Hanbang Hanbanggaoke IP camera admin password change attempt (server-webapp.rules) * 1:45040 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:44976 <-> DISABLED <-> FILE-PDF Adobe Reader ActualText attribute type confusion attempt (file-pdf.rules) * 1:44954 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds buffer overflow attempt (file-other.rules) * 1:45112 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt (server-webapp.rules) * 1:44983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45199 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules) * 1:45374 <-> ENABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:44933 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:45391 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:45113 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt (server-webapp.rules) * 1:44872 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:44827 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:45128 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules) * 1:45357 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:44832 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption exploitation attempt (browser-ie.rules) * 1:44873 <-> ENABLED <-> FILE-PDF Adobe Acrobat addAnnot object untrusted pointer dereference attempt (file-pdf.rules) * 1:45083 <-> DISABLED <-> SERVER-APACHE Apache Solr RunExecutableListener arbitrary command execution attempt (server-apache.rules) * 1:44968 <-> ENABLED <-> FILE-PDF Acrobat malformed html tag out of bounds read attempt (file-pdf.rules) * 1:44831 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption exploitation attempt (browser-ie.rules) * 1:44923 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF Bezier curve out of bounds read attempt (file-other.rules) * 1:45076 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules) * 1:45123 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed spreadsheet use-after-free attempt (file-office.rules) * 1:44956 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript infinite recursion heap overflow attempt (file-pdf.rules) * 1:45014 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45156 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds read attempt (browser-ie.rules) * 1:45132 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45045 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules) * 1:44950 <-> ENABLED <-> FILE-PDF Acrobat TrueTypeFont file out of bounds read attempt (file-pdf.rules) * 1:44984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:45218 <-> ENABLED <-> SERVER-WEBAPP Embedthis GoAhead CGI information disclosure attempt (server-webapp.rules) * 1:44934 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44922 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager manageApplications.do SQL injection attempt (server-webapp.rules) * 1:45007 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:44955 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript infinite recursion heap overflow attempt (file-pdf.rules) * 1:45260 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules) * 1:45377 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:45129 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules) * 1:45163 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45361 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:44967 <-> ENABLED <-> FILE-PDF Acrobat malformed html tag out of bounds read attempt (file-pdf.rules) * 1:45134 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:44964 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44834 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use after free attempt (os-windows.rules) * 1:45067 <-> DISABLED <-> SERVER-WEBAPP WordPress Duplicator cross site scripting attempt (server-webapp.rules) * 1:44860 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro PNG file buffer over-read vulnerability attempt (file-other.rules) * 1:44953 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds buffer overflow attempt (file-other.rules) * 1:45145 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45161 <-> DISABLED <-> BROWSER-IE Microsoft Edge null pointer dereference attempt (browser-ie.rules) * 1:45116 <-> DISABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45009 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:44888 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:45404 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45016 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45081 <-> DISABLED <-> SERVER-OTHER Geutebrueck GCore web server buffer overflow attempt (server-other.rules) * 1:45109 <-> DISABLED <-> SERVER-WEBAPP OrientDB remote code execution attempt (server-webapp.rules) * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules) * 1:45110 <-> DISABLED <-> SERVER-WEBAPP OrientDB privilege escalation attempt (server-webapp.rules) * 1:44938 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMFPlus out of bounds buffer overflow attempt (file-other.rules) * 1:45167 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45031 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules) * 1:45365 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:44939 <-> ENABLED <-> FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (file-pdf.rules) * 1:44892 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:45094 <-> DISABLED <-> SERVER-WEBAPP MediaWiki arbitrary file write attempt (server-webapp.rules) * 1:45140 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra RegExp engine memory corruption attempt (browser-ie.rules) * 1:45004 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45389 <-> ENABLED <-> BROWSER-IE Microsoft IE array type confusion attempt (browser-ie.rules) * 1:44916 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44963 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:45146 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:44960 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values memory corruption attempt (file-image.rules) * 1:45002 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:44966 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro security bypass attempt (file-other.rules) * 1:44961 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:45392 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:45008 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45304 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:45362 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:44921 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager manageApplications.do SQL injection attempt (server-webapp.rules) * 1:45139 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45169 <-> ENABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:45319 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler SD-WAN command injection attempt (server-webapp.rules) * 1:45077 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules) * 1:44894 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF out of bounds read attempt (file-other.rules) * 1:45200 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules) * 1:44882 <-> DISABLED <-> FILE-PDF Adobe Acrobat acrobat URI handler security bypass (file-pdf.rules) * 1:44962 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:45032 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules) * 1:44989 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object with automatic execution embedded in RTF attempt (file-office.rules) * 1:44902 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:45396 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine toString use after free attempt (browser-ie.rules) * 1:44926 <-> ENABLED <-> FILE-PDF Adobe Acrobat thermometer object untrusted pointer dereference attempt (file-pdf.rules) * 1:44929 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture out of bounds read attempt (file-other.rules) * 1:45378 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:6431 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules) * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules) * 1:44990 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object with automatic execution embedded in RTF attempt (file-office.rules) * 1:45036 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45052 <-> DISABLED <-> SERVER-WEBAPP Wordpress wpdb prepare sprintf placeholder SQL injection attempt (server-webapp.rules) * 1:45155 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds read attempt (browser-ie.rules) * 1:45387 <-> ENABLED <-> BROWSER-IE Microsoft Edge anonymous function type confusion attempt (browser-ie.rules) * 1:44890 <-> DISABLED <-> SERVER-OTHER CouchDB remote privilege escalation attempt (server-other.rules) * 1:45379 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:45118 <-> ENABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:44883 <-> DISABLED <-> FILE-PDF Adobe Acrobat acrobat URI handler security bypass (file-pdf.rules) * 1:44949 <-> ENABLED <-> FILE-PDF Acrobat TrueTypeFont file out of bounds read attempt (file-pdf.rules) * 1:45376 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:45037 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules) * 1:44901 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded javascript events use after free attempt (file-pdf.rules) * 1:44903 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44874 <-> ENABLED <-> FILE-PDF Adobe Acrobat addAnnot object untrusted pointer dereference attempt (file-pdf.rules) * 1:45236 <-> ENABLED <-> SERVER-WEBAPP Palo Alto Networks Firewall cms_changeDeviceContext.esp session injection attempt (server-webapp.rules) * 1:44891 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:45160 <-> DISABLED <-> BROWSER-IE Microsoft Edge null pointer dereference attempt (browser-ie.rules) * 1:45367 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45148 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45013 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45412 <-> DISABLED <-> SERVER-WEBAPP Asus RT-AC88U deleteOfflineClients memory corruption attempt (server-webapp.rules) * 1:45015 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45193 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules) * 1:45395 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine toString use after free attempt (browser-ie.rules) * 1:45044 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules) * 1:45011 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45143 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array type confusion attempt (browser-ie.rules) * 1:44880 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:45360 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45162 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45413 <-> DISABLED <-> SERVER-WEBAPP Hikvision IP camera admin authentication attempt (server-webapp.rules) * 1:44859 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro PNG file buffer over-read vulnerability attempt (file-other.rules) * 1:45368 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45131 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:44925 <-> ENABLED <-> FILE-PDF Adobe Acrobat thermometer object untrusted pointer dereference attempt (file-pdf.rules) * 1:45401 <-> ENABLED <-> SERVER-WEBAPP Fortinet FortiOS redir parameter cross site scripting attempt (server-webapp.rules) * 1:45122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:45198 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess dcerpc service opcode 80061 stack buffer overflow attempt (server-other.rules) * 1:44884 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:45115 <-> DISABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45144 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:44940 <-> ENABLED <-> FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (file-pdf.rules) * 1:45384 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine integer overflow attempt (browser-ie.rules) * 1:45084 <-> DISABLED <-> SERVER-APACHE Apache Solr xmlparser external doctype or entity expansion attempt (server-apache.rules) * 1:44871 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:44866 <-> DISABLED <-> SERVER-WEBAPP Xplico decoding manager daemon command injection attempt (server-webapp.rules) * 1:45363 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45235 <-> ENABLED <-> SERVER-WEBAPP Palo Alto Networks Firewall router.php XML attribute injection attempt (server-webapp.rules) * 1:44853 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF buffer over-read attempt (file-pdf.rules) * 1:45364 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45003 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:44845 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules) * 1:45318 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler SD-WAN command injection attempt (server-webapp.rules) * 1:44854 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF buffer over-read attempt (file-pdf.rules) * 1:45168 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:44913 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro invalid APP13 marker size attempt (file-image.rules) * 1:45192 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules) * 1:45035 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:44881 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:44937 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMFPlus out of bounds buffer overflow attempt (file-other.rules) * 1:44900 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded javascript events use after free attempt (file-pdf.rules) * 1:45383 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine integer overflow attempt (browser-ie.rules) * 1:45012 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45151 <-> ENABLED <-> BROWSER-IE Microsoft Edge JsSetCurrentContext out of bounds read attempt (browser-ie.rules) * 1:45189 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules) * 1:45135 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45041 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45117 <-> ENABLED <-> SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt (server-webapp.rules) * 1:45038 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules) * 1:45375 <-> ENABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:45219 <-> ENABLED <-> SERVER-WEBAPP Embedthis GoAhead LD_preload code execution attempt (server-webapp.rules) * 1:45190 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules) * 1:44918 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44977 <-> DISABLED <-> FILE-PDF Adobe Reader ActualText attribute type confusion attempt (file-pdf.rules) * 1:44861 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CommentExtension attempt (file-image.rules) * 1:45138 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:44857 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XI JavaScript annotation use after free attempt (file-pdf.rules) * 1:45124 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed spreadsheet use-after-free attempt (file-office.rules) * 1:44930 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44988 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF font character encoding out of bounds write attempt (file-pdf.rules) * 1:45005 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45393 <-> DISABLED <-> SERVER-OTHER Quest Privilege Manager pmmasterd buffer overflow attempt (server-other.rules) * 1:45075 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules) * 1:45147 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45066 <-> DISABLED <-> SERVER-WEBAPP WordPress Duplicator cross site scripting attempt (server-webapp.rules) * 1:45073 <-> DISABLED <-> SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt (server-webapp.rules) * 1:45390 <-> ENABLED <-> BROWSER-IE Microsoft IE array type confusion attempt (browser-ie.rules) * 1:44917 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44970 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:45121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:44928 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture out of bounds read attempt (file-other.rules) * 1:44856 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XI JavaScript annotation use after free attempt (file-pdf.rules) * 1:45141 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra RegExp engine memory corruption attempt (browser-ie.rules) * 1:44893 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF out of bounds read attempt (file-other.rules) * 1:45150 <-> ENABLED <-> BROWSER-IE Microsoft Edge JsSetCurrentContext out of bounds read attempt (browser-ie.rules) * 1:45119 <-> ENABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:44887 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:45170 <-> ENABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:44924 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF Bezier curve out of bounds read attempt (file-other.rules) * 1:45006 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45358 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:44833 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use after free attempt (os-windows.rules) * 1:44912 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro invalid APP13 marker size attempt (file-image.rules) * 1:44885 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:44820 <-> ENABLED <-> BROWSER-IE Microsoft Edge array use after free attempt (browser-ie.rules) * 1:44819 <-> ENABLED <-> BROWSER-IE Microsoft Edge array use after free attempt (browser-ie.rules) * 1:44828 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:44822 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free vulnerability exploit attempt (file-office.rules) * 1:15512 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:18680 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18702 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18703 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:15513 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:21445 <-> DISABLED <-> SERVER-OTHER vsFTPd denial of service attempt (server-other.rules) * 1:21902 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:19200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:21905 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21906 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21937 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21904 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:24500 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitrary dll load attempt (file-other.rules) * 1:26299 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26300 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:23305 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:26391 <-> DISABLED <-> PROTOCOL-POP libcurl MD5 digest buffer overflow attempt (protocol-pop.rules) * 1:31027 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31028 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:26301 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:31030 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31302 <-> DISABLED <-> APP-DETECT Oracle Java debug wire protocol remote debugging attempt (app-detect.rules) * 1:32863 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:31029 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:33637 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query object integer overflow attempt (server-mysql.rules) * 1:35093 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules) * 1:35832 <-> DISABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules) * 1:32872 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:36037 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:36038 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:36039 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:35833 <-> ENABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules) * 1:38225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules) * 1:38226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules) * 1:38835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules) * 1:36040 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:39273 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:39274 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:39308 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt (file-flash.rules) * 1:38836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules) * 1:39607 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39615 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39843 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:39309 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt (file-flash.rules) * 1:40132 <-> ENABLED <-> BROWSER-IE VBScript ADODB.Connection object use after free attempt (browser-ie.rules) * 1:40133 <-> ENABLED <-> BROWSER-IE VBScript ADODB.Connection object use after free attempt (browser-ie.rules) * 1:40364 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:39844 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:40394 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Ntoskrnl integer overflow privilege escalation attempt (os-windows.rules) * 1:40395 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Ntoskrnl integer overflow privilege escalation attempt (os-windows.rules) * 1:40490 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules) * 1:40365 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:40573 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules) * 1:40574 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules) * 1:40889 <-> DISABLED <-> SERVER-WEBAPP Barracuda WAF UPDATE_scan_information_in_use command injection attempt (server-webapp.rules) * 1:40491 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules) * 1:41111 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules) * 1:41138 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display list structure memory corruption attempt (file-flash.rules) * 1:41139 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display list structure memory corruption attempt (file-flash.rules) * 1:41110 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules) * 1:41141 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Out-of-Bounds Write attempt (file-office.rules) * 1:41142 <-> ENABLED <-> FILE-PDF Adobe Acrobat animateSyncButton use after free attempt (file-pdf.rules) * 1:41143 <-> ENABLED <-> FILE-PDF Adobe Acrobat animateSyncButton use after free attempt (file-pdf.rules) * 1:41140 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Out-of-Bounds Write attempt (file-office.rules) * 1:41145 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41146 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41147 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41144 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41149 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41150 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript navigation pane use after free attempt (file-pdf.rules) * 1:41151 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript navigation pane use after free attempt (file-pdf.rules) * 1:41148 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules) * 1:41154 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed CFF global subroutine memory corruption attempt (file-pdf.rules) * 1:41155 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed CFF global subroutine memory corruption attempt (file-pdf.rules) * 1:41152 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules) * 1:41157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length heap overflow attempt (file-flash.rules) * 1:41158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player visual blend out of bounds read attempt (file-flash.rules) * 1:41159 <-> ENABLED <-> FILE-FLASH Adobe Flash Player visual blend out of bounds read attempt (file-flash.rules) * 1:41156 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length heap overflow attempt (file-flash.rules) * 1:41164 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XSL stylesheet heap overflow attempt (file-pdf.rules) * 1:41193 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine stack buffer overflow attempt (file-pdf.rules) * 1:41194 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine stack buffer overflow attempt (file-pdf.rules) * 1:41163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XSL stylesheet heap overflow attempt (file-pdf.rules) * 1:41199 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41200 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41201 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41198 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41215 <-> DISABLED <-> FILE-FLASH Adobe Flash Player onSetFocus movie clip use after free attempt (file-flash.rules) * 1:41325 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA Engine use after free attempt (file-pdf.rules) * 1:41326 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA Engine use after free attempt (file-pdf.rules) * 1:41214 <-> DISABLED <-> FILE-FLASH Adobe Flash Player onSetFocus movieclip use after free attempt (file-flash.rules) * 1:41328 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules) * 1:41338 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41339 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41327 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules) * 1:41341 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules) * 1:41343 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules) * 1:41340 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41351 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules) * 1:41370 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules) * 1:41371 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules) * 1:41350 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules) * 1:41392 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41393 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41394 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41391 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41396 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41397 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41398 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41395 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41400 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt (file-pdf.rules) * 1:41407 <-> ENABLED <-> BROWSER-OTHER Cisco WebEx extension command execution attempt (browser-other.rules) * 1:41408 <-> ENABLED <-> BROWSER-OTHER Cisco WebEx extension command execution attempt (browser-other.rules) * 1:41399 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt (file-pdf.rules) * 1:41412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:41447 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules) * 1:41448 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules) * 1:41411 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:41455 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess updateTemplate SQL injection attempt (server-webapp.rules) * 1:41504 <-> DISABLED <-> SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt (server-webapp.rules) * 1:41505 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules) * 1:41454 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess updateTemplate SQL injection attempt (server-webapp.rules) * 1:41508 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client Memcpy heap overflow attempt (server-other.rules) * 1:41509 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap buffer overflow attempt (server-other.rules) * 1:41510 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap buffer overflow attempt (server-other.rules) * 1:41506 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules) * 1:41512 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules) * 1:41536 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder file.php directory traversal attempt (server-webapp.rules) * 1:41543 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules) * 1:41511 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules) * 1:41545 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules) * 1:41546 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules) * 1:41553 <-> ENABLED <-> BROWSER-IE Microsoft Edge url forgery attempt (browser-ie.rules) * 1:41544 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules) * 1:41557 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41558 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41559 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41554 <-> ENABLED <-> BROWSER-IE Microsoft Edge url forgery attempt (browser-ie.rules) * 1:41565 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41566 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41567 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41560 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41569 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41570 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41571 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41568 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41573 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS animation style information disclosure attempt (browser-ie.rules) * 1:41574 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS animation style information disclosure attempt (browser-ie.rules) * 1:41577 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF footnote format use after free attempt (file-office.rules) * 1:41572 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41579 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DirectComposition double free attempt (os-windows.rules) * 1:41580 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DirectComposition double free attempt (os-windows.rules) * 1:41581 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed CellXF memory corruption attempt (file-office.rules) * 1:41578 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF footnote format use after free attempt (file-office.rules) * 1:41583 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOMAttrModified event use after free attempt (browser-ie.rules) * 1:41584 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOMAttrModified event use after free attempt (browser-ie.rules) * 1:41585 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mutated scope with generator memory corruption attempt (browser-ie.rules) * 1:41582 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed CellXF memory corruption attempt (file-office.rules) * 1:41587 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds memory corruption (browser-ie.rules) * 1:41588 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds memory corruption (browser-ie.rules) * 1:41589 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHtmlTab use after free attempt (browser-ie.rules) * 1:41586 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mutated scope with generator memory corruption attempt (browser-ie.rules) * 1:41591 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI privilege escalation attempt (os-windows.rules) * 1:41592 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI privilege escalation attempt (os-windows.rules) * 1:41595 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI invalid EMF cbBitsSrc memory disclosure attempt (os-windows.rules) * 1:41590 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHtmlTab use after free attempt (browser-ie.rules) * 1:41597 <-> DISABLED <-> FILE-OTHER Windows Uniscribe remote code execution vulnerability attempt (file-other.rules) * 1:41598 <-> DISABLED <-> FILE-OTHER Windows Uniscribe remote code execution vulnerability attempt (file-other.rules) * 1:41601 <-> ENABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI invalid EMF cbBitsSrc memory disclosure attempt (os-windows.rules) * 1:41605 <-> DISABLED <-> BROWSER-IE Microsoft Edge AsmJs memory corruption attempt (browser-ie.rules) * 1:41606 <-> DISABLED <-> BROWSER-IE Microsoft Edge AsmJs memory corruption attempt (browser-ie.rules) * 1:41607 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41602 <-> ENABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41609 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41610 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41611 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41608 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41613 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41614 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41615 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41612 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41617 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41618 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41619 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41616 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41621 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41622 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41623 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41620 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41625 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41626 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41627 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41624 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41631 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41628 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41652 <-> DISABLED <-> SERVER-WEBAPP Geutebruck IP Camera testaction.cgi command injection attempt (server-webapp.rules) * 1:41653 <-> DISABLED <-> SERVER-WEBAPP Geutebruck IP Camera testaction.cgi command injection attempt (server-webapp.rules) * 1:41654 <-> DISABLED <-> SERVER-WEBAPP Geutebruck IP Camera testaction.cgi command injection attempt (server-webapp.rules) * 1:41632 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules) * 1:41679 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41680 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules) * 1:41699 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41700 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41703 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules) * 1:41698 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41726 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules) * 1:41727 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules) * 1:41745 <-> ENABLED <-> FILE-MULTIMEDIA Chrome Pepper Flash Player SampleCount heap overflow attempt (file-multimedia.rules) * 1:41704 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules) * 1:41748 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41749 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41750 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41746 <-> ENABLED <-> FILE-MULTIMEDIA Chrome Pepper Flash Player SampleCount heap overflow attempt (file-multimedia.rules) * 1:41753 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules) * 1:41754 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules) * 1:41759 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules) * 1:41751 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41763 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41764 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41765 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules) * 1:41760 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules) * 1:41767 <-> DISABLED <-> SERVER-WEBAPP WP_Query plugin SQL injection attempt (server-webapp.rules) * 1:41768 <-> DISABLED <-> SERVER-WEBAPP WP_Query plugin SQL injection attempt (server-webapp.rules) * 1:41769 <-> DISABLED <-> SERVER-WEBAPP WP_Query plugin SQL injection attempt (server-webapp.rules) * 1:41766 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules) * 1:41798 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:41926 <-> ENABLED <-> OS-WINDOWS Microsoft Win32u NtUserThunkedMenuItemInfo use after free attempt (os-windows.rules) * 1:41927 <-> ENABLED <-> OS-WINDOWS Microsoft Win32u NtUserThunkedMenuItemInfo use after free attempt (os-windows.rules) * 1:41797 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:41929 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41930 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41931 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41928 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41933 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41934 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41935 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41932 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41937 <-> ENABLED <-> BROWSER-IE Microsoft Edge TypedArray setter arbitrary write attempt (browser-ie.rules) * 1:41938 <-> ENABLED <-> BROWSER-IE Microsoft Edge reverse helper heap buffer overflow attempt (browser-ie.rules) * 1:41939 <-> ENABLED <-> BROWSER-IE Microsoft Edge reverse helper heap buffer overflow attempt (browser-ie.rules) * 1:41936 <-> ENABLED <-> BROWSER-IE Microsoft Edge TypedArray setter arbitrary write attempt (browser-ie.rules) * 1:41941 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41944 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:41945 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:41940 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41951 <-> ENABLED <-> BROWSER-IE Microsoft Edge WebAssembly memory corruption attempt (browser-ie.rules) * 1:41952 <-> ENABLED <-> BROWSER-IE Microsoft Edge local file read information leak attempt (browser-ie.rules) * 1:41953 <-> ENABLED <-> BROWSER-IE Microsoft Edge local file read information leak attempt (browser-ie.rules) * 1:41950 <-> ENABLED <-> BROWSER-IE Microsoft Edge WebAssembly memory corruption attempt (browser-ie.rules) * 1:41955 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules) * 1:41956 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules) * 1:41957 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules) * 1:41954 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules) * 1:41959 <-> ENABLED <-> BROWSER-IE Microsoft Edge malformed UTF-8 decode arbitrary read attempt (browser-ie.rules) * 1:41960 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font LookupTable out of bounds write attempt (os-windows.rules) * 1:41961 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font LookupTable out of bounds write attempt (os-windows.rules) * 1:41958 <-> ENABLED <-> BROWSER-IE Microsoft Edge malformed UTF-8 decode arbitrary read attempt (browser-ie.rules) * 1:41963 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word template remote code execution attempt (file-office.rules) * 1:41964 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word 2010 use-after-free memory corruption vulnerability attempt (file-office.rules) * 1:41965 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word 2010 use-after-free memory corruption vulnerability attempt (file-office.rules) * 1:41962 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word template remote code execution attempt (file-office.rules) * 1:41967 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont GSUB table out of bounds write attempt (os-windows.rules) * 1:41972 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41973 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41966 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont GSUB table out of bounds write attempt (os-windows.rules) * 1:41975 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41976 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41977 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41974 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41980 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41981 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word out of bounds read attempt (file-office.rules) * 1:41982 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word out of bounds read attempt (file-office.rules) * 1:41979 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41985 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41986 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41991 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF file out of bounds access attempt (file-other.rules) * 1:41984 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMBv1 identical MID and FID type confusion attempt (os-windows.rules) * 1:41993 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI WMF out of bounds read attempt (os-windows.rules) * 1:41994 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI WMF out of bounds read attempt (os-windows.rules) * 1:41995 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DDI privilege escalation attempt (os-windows.rules) * 1:41992 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF file out of bounds access attempt (file-other.rules) * 1:41998 <-> DISABLED <-> OS-WINDOWS Microsoft GDI+ privilege escalation attempt (os-windows.rules) * 1:41999 <-> ENABLED <-> OS-OTHER Apple OSX and iOS x509 certificate name constraints parsing use after free attempt (os-other.rules) * 1:42010 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField use after free attempt (file-flash.rules) * 1:41996 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DDI privilege escalation attempt (os-windows.rules) * 1:42012 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuditudeSettings stack overflow attempt (file-flash.rules) * 1:42013 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuditudeSettings stack overflow attempt (file-flash.rules) * 1:42044 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free attempt (file-flash.rules) * 1:42011 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField use after free attempt (file-flash.rules) * 1:42046 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free (file-flash.rules) * 1:42047 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free (file-flash.rules) * 1:42048 <-> ENABLED <-> SERVER-WEBAPP dnaLIMS sysAdmin.cgi arbitrary command execution attempt (server-webapp.rules) * 1:42045 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free attempt (file-flash.rules) * 1:42053 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime TVSDK memory corruption attempt (file-flash.rules) * 1:42078 <-> DISABLED <-> SERVER-WEBAPP Foscam cgiproxy.fcgi stack buffer overflow attempt (server-webapp.rules) * 1:42088 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42052 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime TVSDK memory corruption attempt (file-flash.rules) * 1:42090 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42091 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42096 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42089 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42105 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork ged_actions.php command injection attempt (server-webapp.rules) * 1:42106 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork ged_actions.php command injection attempt (server-webapp.rules) * 1:42107 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork module command injection attempt (server-webapp.rules) * 1:42097 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42137 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules) * 1:42138 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules) * 1:42148 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42108 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork module command injection attempt (server-webapp.rules) * 1:42150 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42151 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42152 <-> ENABLED <-> BROWSER-IE Microsoft Edge JavaScript string object type confusion attempt (browser-ie.rules) * 1:42149 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42154 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k information disclosure attempt (os-windows.rules) * 1:42155 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k information disclosure attempt (os-windows.rules) * 1:42156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer recordset use after free attempt (browser-ie.rules) * 1:42153 <-> ENABLED <-> BROWSER-IE Microsoft Edge JavaScript string object type confusion attempt (browser-ie.rules) * 1:42158 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k privilege escalation attempt (os-windows.rules) * 1:42159 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k privilege escalation attempt (os-windows.rules) * 1:42160 <-> ENABLED <-> SERVER-OTHER Microsoft LDAP MaxBuffSize buffer overflow attempt (server-other.rules) * 1:42157 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer recordset use after free attempt (browser-ie.rules) * 1:42162 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42165 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer type confusion vulnerability attempt (browser-ie.rules) * 1:42166 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer type confusion vulnerability attempt (browser-ie.rules) * 1:42161 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42168 <-> ENABLED <-> FILE-OFFICE Microsoft Office custom message class security bypass attempt (file-office.rules) * 1:42173 <-> ENABLED <-> OS-WINDOWS Microsoft GDI PolyTextOutW out of bounds memory write attempt (os-windows.rules) * 1:42174 <-> ENABLED <-> OS-WINDOWS Microsoft GDI PolyTextOutW out of bounds memory write attempt (os-windows.rules) * 1:42167 <-> ENABLED <-> FILE-OFFICE Microsoft Office custom message class security bypass attempt (file-office.rules) * 1:42176 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API documentToStream use after free attempt (file-pdf.rules) * 1:42177 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules) * 1:42178 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules) * 1:42175 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API documentToStream use after free attempt (file-pdf.rules) * 1:42184 <-> ENABLED <-> BROWSER-IE Microsoft Edge format rendering type confusion attempt (browser-ie.rules) * 1:42185 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt (os-windows.rules) * 1:42186 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt (os-windows.rules) * 1:42183 <-> ENABLED <-> BROWSER-IE Microsoft Edge format rendering type confusion attempt (browser-ie.rules) * 1:42188 <-> ENABLED <-> OS-WINDOWS Microsoft Windows IE ETW Collector Service privilege escalation attempt (os-windows.rules) * 1:42189 <-> DISABLED <-> FILE-OFFICE RTF objautlink url moniker file download attempt (file-office.rules) * 1:42190 <-> DISABLED <-> FILE-OFFICE RTF objautlink url moniker file download attempt (file-office.rules) * 1:42187 <-> ENABLED <-> OS-WINDOWS Microsoft Windows IE ETW Collector Service privilege escalation attempt (os-windows.rules) * 1:42196 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules) * 1:42199 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI null pointer dereference attempt (os-windows.rules) * 1:42200 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI null pointer dereference attempt (os-windows.rules) * 1:42195 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules) * 1:42203 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript string from stream memory corruption attempt (file-pdf.rules) * 1:42204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlFile ActiveX control universal XSS attempt (browser-ie.rules) * 1:42205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlFile ActiveX control universal XSS attempt (browser-ie.rules) * 1:42202 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript string from stream memory corruption attempt (file-pdf.rules) * 1:42207 <-> ENABLED <-> FILE-FLASH Adobe Flash Player allocator use-after-free attempt (file-flash.rules) * 1:42208 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Clipboard Broker privilege escalation vulnerability attempt (os-windows.rules) * 1:42209 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Clipboard Broker privilege escalation vulnerability attempt (os-windows.rules) * 1:42206 <-> ENABLED <-> FILE-FLASH Adobe Flash Player allocator use-after-free attempt (file-flash.rules) * 1:42211 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules) * 1:42212 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules) * 1:42213 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules) * 1:42210 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules) * 1:42215 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetStream use after free attempt (file-flash.rules) * 1:42216 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader pcx planes memory corruption attempt (file-other.rules) * 1:42217 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader pcx planes memory corruption attempt (file-other.rules) * 1:42214 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetStream use after free attempt (file-flash.rules) * 1:42219 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF memory corruption attempt (file-image.rules) * 1:42221 <-> ENABLED <-> SERVER-WEBAPP Moxa private key disclosure attempt (server-webapp.rules) * 1:42222 <-> ENABLED <-> SERVER-WEBAPP Moxa MX Studio login page denial of service attempt (server-webapp.rules) * 1:42218 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed GIF memory corruption attempt (file-image.rules) * 1:42235 <-> DISABLED <-> SERVER-OTHER NTP malformed config request denial of service attempt (server-other.rules) * 1:42236 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS userConfig.cgi command injection attempt (server-webapp.rules) * 1:42237 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS userConfig.cgi command injection attempt (server-webapp.rules) * 1:42234 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS authLogin.cgi command injection attempt (server-webapp.rules) * 1:42239 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS utilRequest.cgi command injection attempt (server-webapp.rules) * 1:42240 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS utilRequest.cgi command injection attempt (server-webapp.rules) * 1:42241 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS utilRequest.cgi command injection attempt (server-webapp.rules) * 1:42238 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS userConfig.cgi command injection attempt (server-webapp.rules) * 1:42245 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42246 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42247 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42244 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42273 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules) * 1:42274 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules) * 1:42275 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG2000 pclr tag out of bounds read attempt (file-pdf.rules) * 1:42255 <-> DISABLED <-> OS-WINDOWS Microsoft Windows empty RDP cookie negotiation attempt (os-windows.rules) * 1:42285 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42286 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42290 <-> DISABLED <-> SERVER-WEBAPP Openfire userimportexport plugin XML external entity injection attempt (server-webapp.rules) * 1:42276 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG2000 pclr tag out of bounds read attempt (file-pdf.rules) * 1:42296 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed PRC file out of bounds read attempt (file-pdf.rules) * 1:42297 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed PRC file out of bounds read attempt (file-pdf.rules) * 1:42298 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:42294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 WriteAndX and TransSecondaryRequest TotalDataCount out of bounds write attempt (os-windows.rules) * 1:42309 <-> ENABLED <-> FILE-PDF Adobe Acrobat embedded JPEG2000 invalid header out of bounds memory access attempt (file-pdf.rules) * 1:42310 <-> ENABLED <-> FILE-PDF Adobe Acrobat embedded JPEG2000 invalid header out of bounds memory access attempt (file-pdf.rules) * 1:42311 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42299 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:42321 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules) * 1:42322 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules) * 1:42324 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader overly large segment size out of bounds read attempt (file-image.rules) * 1:42312 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42326 <-> ENABLED <-> SERVER-OTHER Zabbix Server Trapper code execution attempt (server-other.rules) * 1:42327 <-> DISABLED <-> SERVER-WEBAPP Cpanel cgiemail format string code execution attempt (server-webapp.rules) * 1:42328 <-> DISABLED <-> SERVER-WEBAPP Cpanel cgiemail format string code execution attempt (server-webapp.rules) * 1:42325 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader overly large segment size out of bounds read attempt (file-image.rules) * 1:42339 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB possible leak of kernel heap memory (os-windows.rules) * 1:42345 <-> DISABLED <-> SERVER-WEBAPP Tenable Appliance simpleupload.py command injection attempt (server-webapp.rules) * 1:42346 <-> DISABLED <-> SERVER-WEBAPP Tenable Appliance simpleupload.py command injection attempt (server-webapp.rules) * 1:42337 <-> DISABLED <-> INDICATOR-COMPROMISE Zabbix Proxy configuration containing script detected (indicator-compromise.rules) * 1:42354 <-> DISABLED <-> SERVER-WEBAPP Squirrelmail sendmail delivery parameter injection attempt (server-webapp.rules) * 1:42355 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42356 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42347 <-> DISABLED <-> SERVER-WEBAPP Tenable Appliance simpleupload.py command injection attempt (server-webapp.rules) * 1:42358 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42359 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42360 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42357 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42362 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42361 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42414 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules) * 1:42415 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules) * 1:42431 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Video Camera CGIProxy.fcgi query append buffer overflow attempt (server-webapp.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42433 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42434 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42435 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules) * 1:42432 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42437 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera multipart boundary stack buffer overflow attempt (server-webapp.rules) * 1:42455 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules) * 1:42456 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules) * 1:42436 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules) * 1:42461 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php PHP file injection attempt (server-webapp.rules) * 1:42462 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php directory traversal attempt (server-webapp.rules) * 1:42475 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42457 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules) * 1:42749 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine postMessage use after free attempt (browser-ie.rules) * 1:42750 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine postMessage use after free attempt (browser-ie.rules) * 1:42751 <-> ENABLED <-> OS-WINDOWS Microsoft Windows AFD.sys double fetch race condition attempt (os-windows.rules) * 1:42476 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42753 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:42754 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:42755 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2010 Sepx memory corruption attempt (file-office.rules) * 1:42752 <-> ENABLED <-> OS-WINDOWS Microsoft Windows AFD.sys double fetch race condition attempt (os-windows.rules) * 1:42757 <-> ENABLED <-> OS-WINDOWS Microsoft Windows dxgkrnl CreateDriverAllocations null pointer dereference attempt (os-windows.rules) * 1:42758 <-> ENABLED <-> OS-WINDOWS Microsoft Windows dxgkrnl CreateDriverAllocations null pointer dereference attempt (os-windows.rules) * 1:42759 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42756 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2010 Sepx memory corruption attempt (file-office.rules) * 1:42761 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra array unshift heap overflow attempt (browser-ie.rules) * 1:42762 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra array unshift heap overflow attempt (browser-ie.rules) * 1:42763 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (os-windows.rules) * 1:42760 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42765 <-> DISABLED <-> OS-WINDOWS Microsoft win32k privilege escalation attempt (os-windows.rules) * 1:42766 <-> DISABLED <-> OS-WINDOWS Microsoft win32k privilege escalation attempt (os-windows.rules) * 1:42769 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k kernel memory leak attempt (os-windows.rules) * 1:42764 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (os-windows.rules) * 1:42771 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GdiGradientFill null pointer dereference attempt (os-windows.rules) * 1:42772 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GdiGradientFill null pointer dereference attempt (os-windows.rules) * 1:42775 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra JIT memory corruption attempt (browser-ie.rules) * 1:42770 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k kernel memory leak attempt (os-windows.rules) * 1:42777 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:42778 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:42779 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS writing mode type confusion attempt (browser-ie.rules) * 1:42776 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra JIT memory corruption attempt (browser-ie.rules) * 1:42781 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge AudioContext use after free attempt (browser-ie.rules) * 1:42782 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge AudioContext use after free attempt (browser-ie.rules) * 1:42783 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl information disclosure attempt (os-windows.rules) * 1:42780 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS writing mode type confusion attempt (browser-ie.rules) * 1:42785 <-> DISABLED <-> INDICATOR-SCAN DNS version.bind string information disclosure attempt (indicator-scan.rules) * 1:42788 <-> DISABLED <-> FILE-PDF Adobe Reader malformed app13 tag information disclosure attempt (file-pdf.rules) * 1:42789 <-> DISABLED <-> FILE-PDF Adobe Reader malformed app13 tag information disclosure attempt (file-pdf.rules) * 1:42784 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl information disclosure attempt (os-windows.rules) * 1:42791 <-> ENABLED <-> FILE-PDF Adobe Reader invalid object reference use after free attempt (file-pdf.rules) * 1:42792 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid tag buffer overflow attempt (file-flash.rules) * 1:42793 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid tag buffer overflow attempt (file-flash.rules) * 1:42790 <-> ENABLED <-> FILE-PDF Adobe Reader invalid object reference use after free attempt (file-pdf.rules) * 1:42795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player beginGradientFill color array out of bounds read attempt (file-flash.rules) * 1:42796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter memory corruption attempt (file-flash.rules) * 1:42797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter memory corruption attempt (file-flash.rules) * 1:42794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player beginGradientFill color array out of bounds read attempt (file-flash.rules) * 1:42799 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds read attempt (browser-ie.rules) * 1:42800 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush out of bounds read attempt (file-flash.rules) * 1:42801 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush out of bounds read attempt (file-flash.rules) * 1:42798 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds read attempt (browser-ie.rules) * 1:42803 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed AES key memory corruption attempt (file-pdf.rules) * 1:42807 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player BlendMode memory corruption attempt (file-flash.rules) * 1:42808 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player BlendMode memory corruption attempt (file-flash.rules) * 1:42802 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed AES key memory corruption attempt (file-pdf.rules) * 1:42810 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42811 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42812 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42814 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed URI information disclosure attempt (file-pdf.rules) * 1:42815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42813 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed URI information disclosure attempt (file-pdf.rules) * 1:42821 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:42843 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance download-files command injection attempt (server-webapp.rules) * 1:42844 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42820 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:42859 <-> ENABLED <-> FILE-PDF Adobe Reader PDF memory corruption attempt (file-pdf.rules) * 1:42860 <-> ENABLED <-> FILE-PDF Adobe Reader PDF memory corruption attempt (file-pdf.rules) * 1:42868 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA forms engine use after free attempt (file-pdf.rules) * 1:42845 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42887 <-> ENABLED <-> SERVER-OTHER ntpq flagstr buffer overflow attempt (server-other.rules) * 1:42888 <-> DISABLED <-> FILE-PDF Adobe Acrobat JP2 parser information disclosure attempt (file-pdf.rules) * 1:42889 <-> DISABLED <-> FILE-PDF Adobe Acrobat JP2 parser information disclosure attempt (file-pdf.rules) * 1:42869 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA forms engine use after free attempt (file-pdf.rules) * 1:42897 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CTJPEGWriter null pointer dereference attempt (file-pdf.rules) * 1:42900 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42903 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42896 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CTJPEGWriter null pointer dereference attempt (file-pdf.rules) * 1:42911 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42912 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42913 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42910 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42915 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42932 <-> DISABLED <-> FILE-FLASH Adobe Flash Player javascript decompressor use after free attempt (file-flash.rules) * 1:42933 <-> DISABLED <-> FILE-FLASH Adobe Flash Player javascript decompressor use after free attempt (file-flash.rules) * 1:42914 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42942 <-> ENABLED <-> FILE-PDF Adobe Reader XFA large array use after free attempt (file-pdf.rules) * 1:42943 <-> ENABLED <-> FILE-PDF Adobe Reader XFA large array use after free attempt (file-pdf.rules) * 1:42951 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer arbitrary JSP file upload attempt (server-webapp.rules) * 1:42941 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP PER length integer underflow attempt (protocol-other.rules) * 1:42953 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer directory traversal attempt (server-webapp.rules) * 1:42954 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer directory traversal attempt (server-webapp.rules) * 1:42958 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:42952 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer directory traversal attempt (server-webapp.rules) * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42973 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP RSA modulus length integer underflow attempt (protocol-other.rules) * 1:42959 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:42975 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid EncryptedPlatformChallenge null pointer dereference attempt (protocol-other.rules) * 1:42998 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid MCS serverRandomLen out of bounds read attempt (protocol-other.rules) * 1:43004 <-> ENABLED <-> SERVER-SAMBA Samba is_known_pipe arbitrary module load code execution attempt (server-samba.rules) * 1:42974 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid cbCompanyName out of bounds read attempt (protocol-other.rules) * 1:43055 <-> DISABLED <-> SERVER-OTHER Veritas Netbackup bprd remote code execution attempt (server-other.rules) * 1:43056 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt (os-windows.rules) * 1:43057 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt (os-windows.rules) * 1:43005 <-> DISABLED <-> SERVER-WEBAPP Foscam setWifiSetting command psk stack buffer overflow attempt (server-webapp.rules) * 1:43059 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid DefinedEditText tag memory corruption attempt (file-flash.rules) * 1:43061 <-> DISABLED <-> SERVER-WEBAPP Foscam changeUserName command passwd file injection attempt (server-webapp.rules) * 1:43064 <-> ENABLED <-> SERVER-OTHER NetBackup bprd remote file write attempt (server-other.rules) * 1:43058 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid DefinedEditText tag memory corruption attempt (file-flash.rules) * 1:43155 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:43156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:43157 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:43147 <-> ENABLED <-> SERVER-WEBAPP IBM OpenAdmin Tool SOAP welcomeService.php PHP code injection attempt (server-webapp.rules) * 1:43159 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2016 use after free attempt (file-office.rules) * 1:43160 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2016 use after free attempt (file-office.rules) * 1:43163 <-> ENABLED <-> BROWSER-IE Microsoft Edge object property type confusion attempt (browser-ie.rules) * 1:43158 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:43165 <-> ENABLED <-> BROWSER-IE Microsoft Edge cssText use after free attempt (browser-ie.rules) * 1:43166 <-> ENABLED <-> BROWSER-IE Microsoft Edge cssText use after free attempt (browser-ie.rules) * 1:43169 <-> ENABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43164 <-> ENABLED <-> BROWSER-IE Microsoft Edge object property type confusion attempt (browser-ie.rules) * 1:43173 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 RS2 x64 linked cursor double free attempt (os-windows.rules) * 1:43174 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 RS2 x64 linked cursor double free attempt (os-windows.rules) * 1:43175 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Search Service out of bounds memory access attempt (os-windows.rules) * 1:43170 <-> ENABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43181 <-> ENABLED <-> FILE-OTHER Oniguruma expression parser out of bounds write attempt (file-other.rules) * 1:43182 <-> ENABLED <-> FILE-OTHER Oniguruma expression parser out of bounds write attempt (file-other.rules) * 1:43191 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway performBackupNow.do command injection attempt (server-webapp.rules) * 1:43176 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Search Service out of bounds memory access attempt (os-windows.rules) * 1:43213 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules) * 1:43249 <-> DISABLED <-> SERVER-WEBAPP Nuxeo CMS BatchUploadObject arbitrary JSP file upload attempt (server-webapp.rules) * 1:43250 <-> DISABLED <-> SERVER-WEBAPP Nuxeo CMS BatchUploadObject directory traversal attempt (server-webapp.rules) * 1:43212 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules) * 1:43380 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (os-windows.rules) * 1:43381 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (os-windows.rules) * 1:43382 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43284 <-> DISABLED <-> SERVER-WEBAPP HP Network Automation RedirectServlet SQL injection attempt (server-webapp.rules) * 1:43393 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPEG-4 AVC decoding out of bounds read attempt (file-flash.rules) * 1:43394 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPEG-4 AVC decoding out of bounds read attempt (file-flash.rules) * 1:43395 <-> ENABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules) * 1:43383 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43405 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:43406 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:43410 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43396 <-> ENABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules) * 1:43412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43414 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43411 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43416 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43417 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43418 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43415 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43420 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:43421 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:43433 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotations memory corruption attempt (file-pdf.rules) * 1:43419 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43460 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43461 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43462 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43434 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotations memory corruption attempt (file-pdf.rules) * 1:43465 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:43466 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:43469 <-> ENABLED <-> BROWSER-IE Microsoft Edge uninitialized memory attempt (browser-ie.rules) * 1:43463 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43471 <-> ENABLED <-> BROWSER-IE Microsoft Edge VBScript VarType out of bounds read attempt (browser-ie.rules) * 1:43472 <-> ENABLED <-> BROWSER-IE Microsoft Edge VBScript VarType out of bounds read attempt (browser-ie.rules) * 1:43473 <-> ENABLED <-> OS-WINDOWS Microsoft win32u PlgBlt out of bounds memory write attempt (os-windows.rules) * 1:43470 <-> ENABLED <-> BROWSER-IE Microsoft Edge uninitialized memory attempt (browser-ie.rules) * 1:43479 <-> ENABLED <-> FILE-FLASH Adobe Flash Player applyFilter memory corruption attempt (file-flash.rules) * 1:43480 <-> ENABLED <-> FILE-FLASH Adobe Flash Player applyFilter memory corruption attempt (file-flash.rules) * 1:43490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows unsafe memory access privilege escalation attempt (os-windows.rules) * 1:43474 <-> ENABLED <-> OS-WINDOWS Microsoft win32u PlgBlt out of bounds memory write attempt (os-windows.rules) * 1:43492 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge array out of bounds write (browser-ie.rules) * 1:43493 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge array out of bounds write (browser-ie.rules) * 1:43497 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EPM brokercreatefile file access bypass attempt (browser-ie.rules) * 1:43491 <-> DISABLED <-> OS-WINDOWS Microsoft Windows unsafe memory access privilege escalation attempt (os-windows.rules) * 1:43521 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 type confusion vulnerability attempt (browser-ie.rules) * 1:43522 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 type confusion vulnerability attempt (browser-ie.rules) * 1:43528 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43498 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EPM brokercreatefile file access bypass attempt (browser-ie.rules) * 1:43530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43531 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43532 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43534 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43535 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43536 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43533 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:43694 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:43790 <-> ENABLED <-> SERVER-OTHER Apache mod_auth_digest out of bounds read attempt (server-other.rules) * 1:43625 <-> ENABLED <-> SERVER-WEBAPP Axis M3004 remote code execution attempt (server-webapp.rules) * 1:43810 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt (server-webapp.rules) * 1:43811 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt (server-webapp.rules) * 1:43812 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt (server-webapp.rules) * 1:43809 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC cross site request forgery attempt (server-webapp.rules) * 1:43820 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43821 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43847 <-> ENABLED <-> FILE-OFFICE Microsoft Office Access Jet Database Engine integer overflow attempt (file-office.rules) * 1:43819 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43851 <-> ENABLED <-> FILE-OTHER Microsoft Windows Device Guard bypass via compiled help file attempt (file-other.rules) * 1:43852 <-> ENABLED <-> FILE-OTHER Microsoft Windows Device Guard bypass via compiled help file attempt (file-other.rules) * 1:43865 <-> ENABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:43848 <-> ENABLED <-> FILE-OFFICE Microsoft Office Access Jet Database Engine integer overflow attempt (file-office.rules) * 1:43867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43869 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43866 <-> ENABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:43995 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:43996 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:44002 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:43870 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:44013 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules) * 1:44014 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules) * 1:44025 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44003 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44061 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44062 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44073 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44074 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44075 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44072 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44098 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript launchURL command injection and remote code execution attempt (file-pdf.rules) * 1:44116 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway localBackupFileSelection command injection attempt (server-webapp.rules) * 1:44117 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway localBackupFileSelection command injection attempt (server-webapp.rules) * 1:44097 <-> DISABLED <-> FILE-PDF Foxit Reader launchURL Command Injection Remote Code Execution attempt (file-pdf.rules) * 1:44160 <-> ENABLED <-> SERVER-OTHER tcpdump ISAKMP parser buffer overflow attempt (server-other.rules) * 1:44161 <-> ENABLED <-> SERVER-OTHER tcpdump ISAKMP parser buffer overflow attempt (server-other.rules) * 1:44315 <-> ENABLED <-> SERVER-WEBAPP Java XML deserialization remote code execution attempt (server-webapp.rules) * 1:44118 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway localBackupFileSelection command injection attempt (server-webapp.rules) * 1:44328 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44329 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44330 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44327 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44332 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge memory corruption attempt (browser-ie.rules) * 1:44333 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:44334 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:44331 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge memory corruption attempt (browser-ie.rules) * 1:44336 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys TrueType font out of bounds write attempt (os-windows.rules) * 1:44338 <-> ENABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:44339 <-> ENABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:44335 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys TrueType font out of bounds write attempt (os-windows.rules) * 1:44341 <-> ENABLED <-> BROWSER-IE Microsoft Edge setSelectionRange memory corruption attempt (browser-ie.rules) * 1:44342 <-> ENABLED <-> BROWSER-IE Internet Explorer WeakMap Freeze memory corruption attempt (browser-ie.rules) * 1:44343 <-> ENABLED <-> BROWSER-IE Internet Explorer WeakMap Freeze memory corruption attempt (browser-ie.rules) * 1:44340 <-> ENABLED <-> BROWSER-IE Microsoft Edge setSelectionRange memory corruption attempt (browser-ie.rules) * 1:44346 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44347 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44348 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44345 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44350 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object use after free attempt (browser-ie.rules) * 1:44351 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44352 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44349 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object use after free attempt (browser-ie.rules) * 1:44354 <-> DISABLED <-> FILE-OTHER WSDL soap endpoint location code injection attempt (file-other.rules) * 1:44356 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS padding property memory corruption attempt (browser-ie.rules) * 1:44357 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS padding property memory corruption attempt (browser-ie.rules) * 1:44353 <-> DISABLED <-> FILE-OTHER WSDL soap endpoint location code injection attempt (file-other.rules) * 1:44372 <-> DISABLED <-> FILE-OFFICE RTF WSDL file download attempt (file-office.rules) * 1:44477 <-> DISABLED <-> SERVER-OTHER dnsmasq dhcp6_maybe_relay stack buffer overflow attempt (server-other.rules) * 1:44478 <-> DISABLED <-> PROTOCOL-DNS dnsmasq add_pseudoheader memory leak attempt (protocol-dns.rules) * 1:44371 <-> DISABLED <-> FILE-OFFICE RTF WSDL file download attempt (file-office.rules) * 1:44483 <-> DISABLED <-> SERVER-OTHER Supervisord remote code execution attempt (server-other.rules) * 1:44493 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ONVIF device_service SQL injection attempt (server-webapp.rules) * 1:44508 <-> ENABLED <-> BROWSER-IE scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:44480 <-> DISABLED <-> SERVER-OTHER dnsmasq Relay-forw information leak attempt (server-other.rules) * 1:44510 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:44511 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:44512 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44509 <-> ENABLED <-> BROWSER-IE scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:44514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32kfull.sys privilege escalation attempt (os-windows.rules) * 1:44515 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32kfull.sys privilege escalation attempt (os-windows.rules) * 1:44516 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateMenu use after free attempt (os-windows.rules) * 1:44513 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44518 <-> DISABLED <-> FILE-OFFICE Microsoft Graphics remote code execution attempt (file-office.rules) * 1:44519 <-> DISABLED <-> FILE-OFFICE Microsoft Graphics remote code execution attempt (file-office.rules) * 1:44526 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44517 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateMenu use after free attempt (os-windows.rules) * 1:44528 <-> DISABLED <-> FILE-OTHER Microsoft Graphics remote code execution attempt (file-other.rules) * 1:44529 <-> DISABLED <-> FILE-OTHER Microsoft Graphics remote code execution attempt (file-other.rules) * 1:44531 <-> ENABLED <-> SERVER-APACHE Apache Tomcat remote JSP file upload attempt (server-apache.rules) * 1:44527 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44533 <-> ENABLED <-> BROWSER-IE Microsoft Edge getOwnPropertyDescriptor memory corruption attempt (browser-ie.rules) * 1:44578 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS HelpDesk App supportutils.php SQL injection attempt (server-webapp.rules) * 1:44583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44532 <-> ENABLED <-> BROWSER-IE Microsoft Edge getOwnPropertyDescriptor memory corruption attempt (browser-ie.rules) * 1:44657 <-> ENABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup API SQL injection attempt (server-webapp.rules) * 1:44658 <-> ENABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup storage API command injection attempt (server-webapp.rules) * 1:44684 <-> DISABLED <-> SERVER-WEBAPP Kaltura userzone cookie PHP object injection attempt (server-webapp.rules) * 1:44584 <-> ENABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44701 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec Agent use after free attempt (server-other.rules) * 1:44731 <-> DISABLED <-> SERVER-WEBAPP Tuleap getRecentElements PHP object injection attempt (server-webapp.rules) * 1:44764 <-> DISABLED <-> SERVER-WEBAPP CMS Made Simple editusertag.php arbitrary PHP code execution attempt (server-webapp.rules) * 1:44700 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec Agent use after free attempt (server-other.rules) * 1:44809 <-> ENABLED <-> BROWSER-IE Microsoft Edge postMessage use after free attempt (browser-ie.rules) * 1:44810 <-> ENABLED <-> BROWSER-IE Microsoft Edge postMessage use after free attempt (browser-ie.rules) * 1:44811 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:44767 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server cm_agent.php command injection attempt (server-webapp.rules) * 1:44813 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Closure use after free attempt (browser-ie.rules) * 1:44814 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Closure use after free attempt (browser-ie.rules) * 1:44815 <-> DISABLED <-> BROWSER-IE Microsoft Edge use after free attempt (browser-ie.rules) * 1:44812 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:44817 <-> ENABLED <-> BROWSER-IE Microsoft Edge custom property memory corruption attempt (browser-ie.rules) * 1:44818 <-> ENABLED <-> BROWSER-IE Microsoft Edge custom property memory corruption attempt (browser-ie.rules) * 1:44816 <-> DISABLED <-> BROWSER-IE Microsoft Edge use after free attempt (browser-ie.rules) * 3:32218 <-> ENABLED <-> PROTOCOL-VOIP out of range port specification exploit attempt (protocol-voip.rules) * 3:32212 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32216 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32213 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32215 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32214 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45478 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45456 <-> DISABLED <-> SERVER-WEBAPP Samsung SRN-1670D network_ssl_upload.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:45469 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45455 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit URI redirect attempt (exploit-kit.rules) * 1:45471 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45460 <-> DISABLED <-> PROTOCOL-FTP Ayukov NFTP FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45472 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45474 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine uninitialized pointers memory corruption attempt (browser-ie.rules) * 1:45461 <-> DISABLED <-> PROTOCOL-FTP Ayukov NFTP FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45476 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox HTTP index format out of bounds read attempt (browser-firefox.rules) * 1:45466 <-> ENABLED <-> FILE-OFFICE Microsoft Office None type objclass RTF evasion attempt (file-office.rules) * 1:45477 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45468 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45462 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:45463 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:45470 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45459 <-> ENABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45475 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine uninitialized pointers memory corruption attempt (browser-ie.rules) * 1:45457 <-> DISABLED <-> SERVER-WEBAPP Samsung SRN-1670D cslog_export.php arbitrary file read attempt (server-webapp.rules) * 1:45473 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45467 <-> ENABLED <-> FILE-OFFICE Microsoft Office None type objclass RTF evasion attempt (file-office.rules) * 3:45464 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unified Customer Voice Portal denial of service attempt (protocol-voip.rules) * 3:45465 <-> ENABLED <-> SERVER-WEBAPP Splunk daemon default admin credentials login attempt (server-webapp.rules)
* 1:44862 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CommentExtension attempt (file-image.rules) * 1:45135 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45134 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45133 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45132 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45138 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45139 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45140 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra RegExp engine memory corruption attempt (browser-ie.rules) * 1:45141 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra RegExp engine memory corruption attempt (browser-ie.rules) * 1:45142 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array type confusion attempt (browser-ie.rules) * 1:45147 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45146 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45145 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45144 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45143 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array type confusion attempt (browser-ie.rules) * 1:45151 <-> ENABLED <-> BROWSER-IE Microsoft Edge JsSetCurrentContext out of bounds read attempt (browser-ie.rules) * 1:45150 <-> ENABLED <-> BROWSER-IE Microsoft Edge JsSetCurrentContext out of bounds read attempt (browser-ie.rules) * 1:45149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45148 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45156 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds read attempt (browser-ie.rules) * 1:45155 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds read attempt (browser-ie.rules) * 1:45168 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45167 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45163 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45162 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45161 <-> DISABLED <-> BROWSER-IE Microsoft Edge null pointer dereference attempt (browser-ie.rules) * 1:45160 <-> DISABLED <-> BROWSER-IE Microsoft Edge null pointer dereference attempt (browser-ie.rules) * 1:45190 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules) * 1:45189 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules) * 1:45170 <-> ENABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:45169 <-> ENABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:45360 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45359 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45358 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45357 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45319 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler SD-WAN command injection attempt (server-webapp.rules) * 1:45318 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler SD-WAN command injection attempt (server-webapp.rules) * 1:45314 <-> ENABLED <-> SERVER-WEBAPP Beijing Hanbang Hanbanggaoke IP camera admin password change attempt (server-webapp.rules) * 1:45304 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:45269 <-> DISABLED <-> SERVER-OTHER Apache CouchDB remote code execution attempt (server-other.rules) * 1:45260 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules) * 1:45255 <-> ENABLED <-> SERVER-SAMBA Samba tree connect andx memory corruption attempt (server-samba.rules) * 1:45236 <-> ENABLED <-> SERVER-WEBAPP Palo Alto Networks Firewall cms_changeDeviceContext.esp session injection attempt (server-webapp.rules) * 1:45235 <-> ENABLED <-> SERVER-WEBAPP Palo Alto Networks Firewall router.php XML attribute injection attempt (server-webapp.rules) * 1:45219 <-> ENABLED <-> SERVER-WEBAPP Embedthis GoAhead LD_preload code execution attempt (server-webapp.rules) * 1:45218 <-> ENABLED <-> SERVER-WEBAPP Embedthis GoAhead CGI information disclosure attempt (server-webapp.rules) * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules) * 1:45200 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules) * 1:45199 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules) * 1:45198 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess dcerpc service opcode 80061 stack buffer overflow attempt (server-other.rules) * 1:45193 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules) * 1:45192 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules) * 1:45384 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine integer overflow attempt (browser-ie.rules) * 1:45383 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine integer overflow attempt (browser-ie.rules) * 1:45379 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:45378 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:45377 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:45376 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:45375 <-> ENABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:45374 <-> ENABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:45368 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45367 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45366 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45365 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45364 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45363 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45362 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45361 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45444 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45443 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45442 <-> DISABLED <-> SERVER-OTHER Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet information disclosure attempt (server-other.rules) * 1:45421 <-> DISABLED <-> SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:45416 <-> ENABLED <-> FILE-OFFICE RTF Composite Moniker object creation attempt (file-office.rules) * 1:45415 <-> ENABLED <-> FILE-OFFICE RTF Composite Moniker object creation attempt (file-office.rules) * 1:45414 <-> DISABLED <-> SERVER-WEBAPP DotNetNuke DNNPersonalization remote code execution attempt (server-webapp.rules) * 1:45413 <-> DISABLED <-> SERVER-WEBAPP Hikvision IP camera admin authentication attempt (server-webapp.rules) * 1:45412 <-> DISABLED <-> SERVER-WEBAPP Asus RT-AC88U deleteOfflineClients memory corruption attempt (server-webapp.rules) * 1:45405 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45404 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45401 <-> ENABLED <-> SERVER-WEBAPP Fortinet FortiOS redir parameter cross site scripting attempt (server-webapp.rules) * 1:45396 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine toString use after free attempt (browser-ie.rules) * 1:45395 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine toString use after free attempt (browser-ie.rules) * 1:45393 <-> DISABLED <-> SERVER-OTHER Quest Privilege Manager pmmasterd buffer overflow attempt (server-other.rules) * 1:45392 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:45391 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:45390 <-> ENABLED <-> BROWSER-IE Microsoft IE array type confusion attempt (browser-ie.rules) * 1:45389 <-> ENABLED <-> BROWSER-IE Microsoft IE array type confusion attempt (browser-ie.rules) * 1:45388 <-> ENABLED <-> BROWSER-IE Microsoft Edge anonymous function type confusion attempt (browser-ie.rules) * 1:45387 <-> ENABLED <-> BROWSER-IE Microsoft Edge anonymous function type confusion attempt (browser-ie.rules) * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules) * 1:6431 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules) * 1:45453 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45452 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45451 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45450 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45449 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45448 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45447 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45446 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45445 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:44874 <-> ENABLED <-> FILE-PDF Adobe Acrobat addAnnot object untrusted pointer dereference attempt (file-pdf.rules) * 1:44818 <-> ENABLED <-> BROWSER-IE Microsoft Edge custom property memory corruption attempt (browser-ie.rules) * 1:44861 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CommentExtension attempt (file-image.rules) * 1:44873 <-> ENABLED <-> FILE-PDF Adobe Acrobat addAnnot object untrusted pointer dereference attempt (file-pdf.rules) * 1:44820 <-> ENABLED <-> BROWSER-IE Microsoft Edge array use after free attempt (browser-ie.rules) * 1:44887 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:42813 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed URI information disclosure attempt (file-pdf.rules) * 1:44822 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free vulnerability exploit attempt (file-office.rules) * 1:44885 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:44883 <-> DISABLED <-> FILE-PDF Adobe Acrobat acrobat URI handler security bypass (file-pdf.rules) * 1:44882 <-> DISABLED <-> FILE-PDF Adobe Acrobat acrobat URI handler security bypass (file-pdf.rules) * 1:44881 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:44880 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:44871 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:44872 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:44866 <-> DISABLED <-> SERVER-WEBAPP Xplico decoding manager daemon command injection attempt (server-webapp.rules) * 1:44891 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44890 <-> DISABLED <-> SERVER-OTHER CouchDB remote privilege escalation attempt (server-other.rules) * 1:44888 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44928 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture out of bounds read attempt (file-other.rules) * 1:44927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture out of bounds read attempt (file-other.rules) * 1:44926 <-> ENABLED <-> FILE-PDF Adobe Acrobat thermometer object untrusted pointer dereference attempt (file-pdf.rules) * 1:44925 <-> ENABLED <-> FILE-PDF Adobe Acrobat thermometer object untrusted pointer dereference attempt (file-pdf.rules) * 1:44884 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:44924 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF Bezier curve out of bounds read attempt (file-other.rules) * 1:44923 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF Bezier curve out of bounds read attempt (file-other.rules) * 1:44922 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager manageApplications.do SQL injection attempt (server-webapp.rules) * 1:44921 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager manageApplications.do SQL injection attempt (server-webapp.rules) * 1:44918 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44917 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44916 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44913 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro invalid APP13 marker size attempt (file-image.rules) * 1:44912 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro invalid APP13 marker size attempt (file-image.rules) * 1:44903 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44902 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44901 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded javascript events use after free attempt (file-pdf.rules) * 1:44900 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded javascript events use after free attempt (file-pdf.rules) * 1:44894 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF out of bounds read attempt (file-other.rules) * 1:44893 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF out of bounds read attempt (file-other.rules) * 1:44892 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44950 <-> ENABLED <-> FILE-PDF Acrobat TrueTypeFont file out of bounds read attempt (file-pdf.rules) * 1:44949 <-> ENABLED <-> FILE-PDF Acrobat TrueTypeFont file out of bounds read attempt (file-pdf.rules) * 1:44940 <-> ENABLED <-> FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (file-pdf.rules) * 1:44939 <-> ENABLED <-> FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (file-pdf.rules) * 1:44938 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMFPlus out of bounds buffer overflow attempt (file-other.rules) * 1:44937 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMFPlus out of bounds buffer overflow attempt (file-other.rules) * 1:44934 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44933 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44860 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro PNG file buffer over-read vulnerability attempt (file-other.rules) * 1:44857 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XI JavaScript annotation use after free attempt (file-pdf.rules) * 1:44859 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro PNG file buffer over-read vulnerability attempt (file-other.rules) * 1:44854 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF buffer over-read attempt (file-pdf.rules) * 1:44856 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XI JavaScript annotation use after free attempt (file-pdf.rules) * 1:44846 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules) * 1:44853 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF buffer over-read attempt (file-pdf.rules) * 1:44834 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use after free attempt (os-windows.rules) * 1:44845 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules) * 1:44832 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption exploitation attempt (browser-ie.rules) * 1:44833 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use after free attempt (os-windows.rules) * 1:44828 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:44831 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption exploitation attempt (browser-ie.rules) * 1:44819 <-> ENABLED <-> BROWSER-IE Microsoft Edge array use after free attempt (browser-ie.rules) * 1:44827 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:44821 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free vulnerability exploit attempt (file-office.rules) * 1:44930 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44929 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44953 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds buffer overflow attempt (file-other.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44956 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript infinite recursion heap overflow attempt (file-pdf.rules) * 1:44955 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript infinite recursion heap overflow attempt (file-pdf.rules) * 1:44954 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds buffer overflow attempt (file-other.rules) * 1:44960 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values memory corruption attempt (file-image.rules) * 1:44959 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values memory corruption attempt (file-image.rules) * 1:44963 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44962 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44961 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44965 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro security bypass attempt (file-other.rules) * 1:44964 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44966 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro security bypass attempt (file-other.rules) * 1:45010 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45009 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45008 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45007 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45006 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45005 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45004 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45003 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45002 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:44990 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object with automatic execution embedded in RTF attempt (file-office.rules) * 1:44989 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object with automatic execution embedded in RTF attempt (file-office.rules) * 1:44988 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF font character encoding out of bounds write attempt (file-pdf.rules) * 1:44987 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF font character encoding out of bounds write attempt (file-pdf.rules) * 1:44984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:44983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:44977 <-> DISABLED <-> FILE-PDF Adobe Reader ActualText attribute type confusion attempt (file-pdf.rules) * 1:44976 <-> DISABLED <-> FILE-PDF Adobe Reader ActualText attribute type confusion attempt (file-pdf.rules) * 1:44970 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:44969 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:44968 <-> ENABLED <-> FILE-PDF Acrobat malformed html tag out of bounds read attempt (file-pdf.rules) * 1:44967 <-> ENABLED <-> FILE-PDF Acrobat malformed html tag out of bounds read attempt (file-pdf.rules) * 1:45044 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules) * 1:45041 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45040 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45039 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules) * 1:45038 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules) * 1:45037 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules) * 1:45036 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45035 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45032 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules) * 1:45031 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules) * 1:45016 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45015 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45014 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45013 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45012 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45011 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45117 <-> ENABLED <-> SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt (server-webapp.rules) * 1:45116 <-> DISABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45115 <-> DISABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45113 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt (server-webapp.rules) * 1:45112 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt (server-webapp.rules) * 1:45110 <-> DISABLED <-> SERVER-WEBAPP OrientDB privilege escalation attempt (server-webapp.rules) * 1:45109 <-> DISABLED <-> SERVER-WEBAPP OrientDB remote code execution attempt (server-webapp.rules) * 1:45094 <-> DISABLED <-> SERVER-WEBAPP MediaWiki arbitrary file write attempt (server-webapp.rules) * 1:45084 <-> DISABLED <-> SERVER-APACHE Apache Solr xmlparser external doctype or entity expansion attempt (server-apache.rules) * 1:45083 <-> DISABLED <-> SERVER-APACHE Apache Solr RunExecutableListener arbitrary command execution attempt (server-apache.rules) * 1:45081 <-> DISABLED <-> SERVER-OTHER Geutebrueck GCore web server buffer overflow attempt (server-other.rules) * 1:45077 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules) * 1:45076 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules) * 1:45075 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules) * 1:45074 <-> ENABLED <-> SERVER-SAMBA Samba unsigned connections attempt (server-samba.rules) * 1:45073 <-> DISABLED <-> SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt (server-webapp.rules) * 1:45067 <-> DISABLED <-> SERVER-WEBAPP WordPress Duplicator cross site scripting attempt (server-webapp.rules) * 1:45066 <-> DISABLED <-> SERVER-WEBAPP WordPress Duplicator cross site scripting attempt (server-webapp.rules) * 1:45052 <-> DISABLED <-> SERVER-WEBAPP Wordpress wpdb prepare sprintf placeholder SQL injection attempt (server-webapp.rules) * 1:45046 <-> ENABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules) * 1:45045 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules) * 1:45119 <-> ENABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45118 <-> ENABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:44817 <-> ENABLED <-> BROWSER-IE Microsoft Edge custom property memory corruption attempt (browser-ie.rules) * 1:44815 <-> DISABLED <-> BROWSER-IE Microsoft Edge use after free attempt (browser-ie.rules) * 1:44814 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Closure use after free attempt (browser-ie.rules) * 1:44816 <-> DISABLED <-> BROWSER-IE Microsoft Edge use after free attempt (browser-ie.rules) * 1:45121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:45130 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:45129 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules) * 1:45128 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules) * 1:45124 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed spreadsheet use-after-free attempt (file-office.rules) * 1:45123 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed spreadsheet use-after-free attempt (file-office.rules) * 1:45122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:45131 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:15512 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15513 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:18680 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18702 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18703 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:19200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:21445 <-> DISABLED <-> SERVER-OTHER vsFTPd denial of service attempt (server-other.rules) * 1:21902 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21904 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21905 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21906 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21937 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:23305 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:24500 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitrary dll load attempt (file-other.rules) * 1:26299 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26300 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26301 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26391 <-> DISABLED <-> PROTOCOL-POP libcurl MD5 digest buffer overflow attempt (protocol-pop.rules) * 1:31027 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31028 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31029 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31030 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31302 <-> DISABLED <-> APP-DETECT Oracle Java debug wire protocol remote debugging attempt (app-detect.rules) * 1:32863 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:32872 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:33637 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query object integer overflow attempt (server-mysql.rules) * 1:35093 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules) * 1:35832 <-> DISABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules) * 1:35833 <-> ENABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules) * 1:36037 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:36038 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:36039 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:36040 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:38225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules) * 1:38226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules) * 1:38835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules) * 1:38836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules) * 1:39273 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:39274 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:39308 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt (file-flash.rules) * 1:39309 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt (file-flash.rules) * 1:39607 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39615 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39843 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:39844 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:40132 <-> ENABLED <-> BROWSER-IE VBScript ADODB.Connection object use after free attempt (browser-ie.rules) * 1:40133 <-> ENABLED <-> BROWSER-IE VBScript ADODB.Connection object use after free attempt (browser-ie.rules) * 1:40364 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:40365 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:40394 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Ntoskrnl integer overflow privilege escalation attempt (os-windows.rules) * 1:40395 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Ntoskrnl integer overflow privilege escalation attempt (os-windows.rules) * 1:40490 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules) * 1:40491 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules) * 1:40573 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules) * 1:40574 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules) * 1:40889 <-> DISABLED <-> SERVER-WEBAPP Barracuda WAF UPDATE_scan_information_in_use command injection attempt (server-webapp.rules) * 1:41110 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules) * 1:41111 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules) * 1:41138 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display list structure memory corruption attempt (file-flash.rules) * 1:41139 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display list structure memory corruption attempt (file-flash.rules) * 1:41140 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Out-of-Bounds Write attempt (file-office.rules) * 1:41141 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Out-of-Bounds Write attempt (file-office.rules) * 1:41142 <-> ENABLED <-> FILE-PDF Adobe Acrobat animateSyncButton use after free attempt (file-pdf.rules) * 1:41143 <-> ENABLED <-> FILE-PDF Adobe Acrobat animateSyncButton use after free attempt (file-pdf.rules) * 1:41144 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41145 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41146 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41147 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41148 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41149 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41150 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript navigation pane use after free attempt (file-pdf.rules) * 1:41151 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript navigation pane use after free attempt (file-pdf.rules) * 1:41152 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules) * 1:41153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules) * 1:41154 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed CFF global subroutine memory corruption attempt (file-pdf.rules) * 1:41155 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed CFF global subroutine memory corruption attempt (file-pdf.rules) * 1:41156 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length heap overflow attempt (file-flash.rules) * 1:41157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length heap overflow attempt (file-flash.rules) * 1:41158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player visual blend out of bounds read attempt (file-flash.rules) * 1:41159 <-> ENABLED <-> FILE-FLASH Adobe Flash Player visual blend out of bounds read attempt (file-flash.rules) * 1:41163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XSL stylesheet heap overflow attempt (file-pdf.rules) * 1:41164 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XSL stylesheet heap overflow attempt (file-pdf.rules) * 1:41193 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine stack buffer overflow attempt (file-pdf.rules) * 1:41194 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine stack buffer overflow attempt (file-pdf.rules) * 1:41198 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41199 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41200 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41201 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41214 <-> DISABLED <-> FILE-FLASH Adobe Flash Player onSetFocus movieclip use after free attempt (file-flash.rules) * 1:41215 <-> DISABLED <-> FILE-FLASH Adobe Flash Player onSetFocus movie clip use after free attempt (file-flash.rules) * 1:41325 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA Engine use after free attempt (file-pdf.rules) * 1:41326 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA Engine use after free attempt (file-pdf.rules) * 1:41327 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules) * 1:41328 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules) * 1:41338 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41339 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41340 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41341 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules) * 1:41343 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules) * 1:41350 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules) * 1:41351 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules) * 1:41370 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules) * 1:41371 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules) * 1:41391 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41392 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41393 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41394 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41395 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41396 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41397 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41398 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41399 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt (file-pdf.rules) * 1:41400 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt (file-pdf.rules) * 1:41407 <-> ENABLED <-> BROWSER-OTHER Cisco WebEx extension command execution attempt (browser-other.rules) * 1:41408 <-> ENABLED <-> BROWSER-OTHER Cisco WebEx extension command execution attempt (browser-other.rules) * 1:41411 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:41412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:41447 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules) * 1:41448 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules) * 1:41454 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess updateTemplate SQL injection attempt (server-webapp.rules) * 1:41455 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess updateTemplate SQL injection attempt (server-webapp.rules) * 1:41504 <-> DISABLED <-> SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt (server-webapp.rules) * 1:41505 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules) * 1:41506 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules) * 1:41508 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client Memcpy heap overflow attempt (server-other.rules) * 1:41509 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap buffer overflow attempt (server-other.rules) * 1:41510 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap buffer overflow attempt (server-other.rules) * 1:41511 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules) * 1:41512 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules) * 1:41536 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder file.php directory traversal attempt (server-webapp.rules) * 1:41543 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules) * 1:41544 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules) * 1:41545 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules) * 1:41546 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules) * 1:41553 <-> ENABLED <-> BROWSER-IE Microsoft Edge url forgery attempt (browser-ie.rules) * 1:41554 <-> ENABLED <-> BROWSER-IE Microsoft Edge url forgery attempt (browser-ie.rules) * 1:41557 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41558 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41559 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41560 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41565 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41566 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41567 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41568 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41569 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41570 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41571 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41572 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41573 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS animation style information disclosure attempt (browser-ie.rules) * 1:41574 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS animation style information disclosure attempt (browser-ie.rules) * 1:41577 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF footnote format use after free attempt (file-office.rules) * 1:41578 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF footnote format use after free attempt (file-office.rules) * 1:41579 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DirectComposition double free attempt (os-windows.rules) * 1:41580 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DirectComposition double free attempt (os-windows.rules) * 1:41581 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed CellXF memory corruption attempt (file-office.rules) * 1:41582 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed CellXF memory corruption attempt (file-office.rules) * 1:41583 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOMAttrModified event use after free attempt (browser-ie.rules) * 1:41584 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOMAttrModified event use after free attempt (browser-ie.rules) * 1:41585 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mutated scope with generator memory corruption attempt (browser-ie.rules) * 1:41586 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mutated scope with generator memory corruption attempt (browser-ie.rules) * 1:41587 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds memory corruption (browser-ie.rules) * 1:41588 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds memory corruption (browser-ie.rules) * 1:41589 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHtmlTab use after free attempt (browser-ie.rules) * 1:41590 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHtmlTab use after free attempt (browser-ie.rules) * 1:41591 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI privilege escalation attempt (os-windows.rules) * 1:41592 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI privilege escalation attempt (os-windows.rules) * 1:41595 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI invalid EMF cbBitsSrc memory disclosure attempt (os-windows.rules) * 1:41596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI invalid EMF cbBitsSrc memory disclosure attempt (os-windows.rules) * 1:41597 <-> DISABLED <-> FILE-OTHER Windows Uniscribe remote code execution vulnerability attempt (file-other.rules) * 1:41598 <-> DISABLED <-> FILE-OTHER Windows Uniscribe remote code execution vulnerability attempt (file-other.rules) * 1:41601 <-> ENABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41602 <-> ENABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41605 <-> DISABLED <-> BROWSER-IE Microsoft Edge AsmJs memory corruption attempt (browser-ie.rules) * 1:41606 <-> DISABLED <-> BROWSER-IE Microsoft Edge AsmJs memory corruption attempt (browser-ie.rules) * 1:41607 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41608 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41609 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41610 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41611 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41612 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41613 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41614 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41615 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41616 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41617 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41618 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41619 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41620 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41621 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41622 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41623 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41624 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41625 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41626 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41627 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41628 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41631 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41632 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41652 <-> DISABLED <-> SERVER-WEBAPP Geutebruck IP Camera testaction.cgi command injection attempt (server-webapp.rules) * 1:41653 <-> DISABLED <-> SERVER-WEBAPP Geutebruck IP Camera testaction.cgi command injection attempt (server-webapp.rules) * 1:41654 <-> DISABLED <-> SERVER-WEBAPP Geutebruck IP Camera testaction.cgi command injection attempt (server-webapp.rules) * 1:41673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules) * 1:41674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules) * 1:41679 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41680 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41698 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41699 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41700 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41703 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules) * 1:41704 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules) * 1:41726 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules) * 1:41727 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules) * 1:41745 <-> ENABLED <-> FILE-MULTIMEDIA Chrome Pepper Flash Player SampleCount heap overflow attempt (file-multimedia.rules) * 1:41746 <-> ENABLED <-> FILE-MULTIMEDIA Chrome Pepper Flash Player SampleCount heap overflow attempt (file-multimedia.rules) * 1:41748 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41749 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41750 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41751 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41753 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules) * 1:41754 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules) * 1:41759 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules) * 1:41760 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules) * 1:41763 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41764 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41765 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules) * 1:41766 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules) * 1:41767 <-> DISABLED <-> SERVER-WEBAPP WP_Query plugin SQL injection attempt (server-webapp.rules) * 1:41768 <-> DISABLED <-> SERVER-WEBAPP WP_Query plugin SQL injection attempt (server-webapp.rules) * 1:41769 <-> DISABLED <-> SERVER-WEBAPP WP_Query plugin SQL injection attempt (server-webapp.rules) * 1:41797 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:41798 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:41926 <-> ENABLED <-> OS-WINDOWS Microsoft Win32u NtUserThunkedMenuItemInfo use after free attempt (os-windows.rules) * 1:41927 <-> ENABLED <-> OS-WINDOWS Microsoft Win32u NtUserThunkedMenuItemInfo use after free attempt (os-windows.rules) * 1:41928 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41929 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41930 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41931 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41932 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41933 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41934 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41935 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41936 <-> ENABLED <-> BROWSER-IE Microsoft Edge TypedArray setter arbitrary write attempt (browser-ie.rules) * 1:41937 <-> ENABLED <-> BROWSER-IE Microsoft Edge TypedArray setter arbitrary write attempt (browser-ie.rules) * 1:41938 <-> ENABLED <-> BROWSER-IE Microsoft Edge reverse helper heap buffer overflow attempt (browser-ie.rules) * 1:41939 <-> ENABLED <-> BROWSER-IE Microsoft Edge reverse helper heap buffer overflow attempt (browser-ie.rules) * 1:41940 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41941 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41944 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:41945 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:41950 <-> ENABLED <-> BROWSER-IE Microsoft Edge WebAssembly memory corruption attempt (browser-ie.rules) * 1:41951 <-> ENABLED <-> BROWSER-IE Microsoft Edge WebAssembly memory corruption attempt (browser-ie.rules) * 1:41952 <-> ENABLED <-> BROWSER-IE Microsoft Edge local file read information leak attempt (browser-ie.rules) * 1:41953 <-> ENABLED <-> BROWSER-IE Microsoft Edge local file read information leak attempt (browser-ie.rules) * 1:41954 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules) * 1:41955 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules) * 1:41956 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules) * 1:41957 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules) * 1:41958 <-> ENABLED <-> BROWSER-IE Microsoft Edge malformed UTF-8 decode arbitrary read attempt (browser-ie.rules) * 1:41959 <-> ENABLED <-> BROWSER-IE Microsoft Edge malformed UTF-8 decode arbitrary read attempt (browser-ie.rules) * 1:41960 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font LookupTable out of bounds write attempt (os-windows.rules) * 1:41961 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font LookupTable out of bounds write attempt (os-windows.rules) * 1:41962 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word template remote code execution attempt (file-office.rules) * 1:41963 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word template remote code execution attempt (file-office.rules) * 1:41964 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word 2010 use-after-free memory corruption vulnerability attempt (file-office.rules) * 1:41965 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word 2010 use-after-free memory corruption vulnerability attempt (file-office.rules) * 1:41966 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont GSUB table out of bounds write attempt (os-windows.rules) * 1:41967 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont GSUB table out of bounds write attempt (os-windows.rules) * 1:41972 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41973 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41974 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41975 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41976 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41977 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41979 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41980 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41981 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word out of bounds read attempt (file-office.rules) * 1:41982 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word out of bounds read attempt (file-office.rules) * 1:41984 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMBv1 identical MID and FID type confusion attempt (os-windows.rules) * 1:41985 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41986 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41991 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF file out of bounds access attempt (file-other.rules) * 1:41992 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF file out of bounds access attempt (file-other.rules) * 1:41993 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI WMF out of bounds read attempt (os-windows.rules) * 1:41994 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI WMF out of bounds read attempt (os-windows.rules) * 1:41995 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DDI privilege escalation attempt (os-windows.rules) * 1:41996 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DDI privilege escalation attempt (os-windows.rules) * 1:41998 <-> DISABLED <-> OS-WINDOWS Microsoft GDI+ privilege escalation attempt (os-windows.rules) * 1:41999 <-> ENABLED <-> OS-OTHER Apple OSX and iOS x509 certificate name constraints parsing use after free attempt (os-other.rules) * 1:42010 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField use after free attempt (file-flash.rules) * 1:42011 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField use after free attempt (file-flash.rules) * 1:42012 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuditudeSettings stack overflow attempt (file-flash.rules) * 1:42013 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuditudeSettings stack overflow attempt (file-flash.rules) * 1:42044 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free attempt (file-flash.rules) * 1:42045 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free attempt (file-flash.rules) * 1:42046 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free (file-flash.rules) * 1:42047 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free (file-flash.rules) * 1:42048 <-> ENABLED <-> SERVER-WEBAPP dnaLIMS sysAdmin.cgi arbitrary command execution attempt (server-webapp.rules) * 1:42052 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime TVSDK memory corruption attempt (file-flash.rules) * 1:42053 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime TVSDK memory corruption attempt (file-flash.rules) * 1:42078 <-> DISABLED <-> SERVER-WEBAPP Foscam cgiproxy.fcgi stack buffer overflow attempt (server-webapp.rules) * 1:42088 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42089 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42090 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42091 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42096 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42097 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42105 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork ged_actions.php command injection attempt (server-webapp.rules) * 1:42106 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork ged_actions.php command injection attempt (server-webapp.rules) * 1:42107 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork module command injection attempt (server-webapp.rules) * 1:42108 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork module command injection attempt (server-webapp.rules) * 1:42137 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules) * 1:42138 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules) * 1:42148 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42149 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42150 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42151 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42152 <-> ENABLED <-> BROWSER-IE Microsoft Edge JavaScript string object type confusion attempt (browser-ie.rules) * 1:42153 <-> ENABLED <-> BROWSER-IE Microsoft Edge JavaScript string object type confusion attempt (browser-ie.rules) * 1:42154 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k information disclosure attempt (os-windows.rules) * 1:42155 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k information disclosure attempt (os-windows.rules) * 1:42156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer recordset use after free attempt (browser-ie.rules) * 1:42157 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer recordset use after free attempt (browser-ie.rules) * 1:42158 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k privilege escalation attempt (os-windows.rules) * 1:42159 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k privilege escalation attempt (os-windows.rules) * 1:42160 <-> ENABLED <-> SERVER-OTHER Microsoft LDAP MaxBuffSize buffer overflow attempt (server-other.rules) * 1:42161 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42162 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42165 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer type confusion vulnerability attempt (browser-ie.rules) * 1:42166 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer type confusion vulnerability attempt (browser-ie.rules) * 1:42167 <-> ENABLED <-> FILE-OFFICE Microsoft Office custom message class security bypass attempt (file-office.rules) * 1:42168 <-> ENABLED <-> FILE-OFFICE Microsoft Office custom message class security bypass attempt (file-office.rules) * 1:42173 <-> ENABLED <-> OS-WINDOWS Microsoft GDI PolyTextOutW out of bounds memory write attempt (os-windows.rules) * 1:42174 <-> ENABLED <-> OS-WINDOWS Microsoft GDI PolyTextOutW out of bounds memory write attempt (os-windows.rules) * 1:42175 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API documentToStream use after free attempt (file-pdf.rules) * 1:42176 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API documentToStream use after free attempt (file-pdf.rules) * 1:42177 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules) * 1:42178 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules) * 1:42183 <-> ENABLED <-> BROWSER-IE Microsoft Edge format rendering type confusion attempt (browser-ie.rules) * 1:42184 <-> ENABLED <-> BROWSER-IE Microsoft Edge format rendering type confusion attempt (browser-ie.rules) * 1:42185 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt (os-windows.rules) * 1:42186 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt (os-windows.rules) * 1:42187 <-> ENABLED <-> OS-WINDOWS Microsoft Windows IE ETW Collector Service privilege escalation attempt (os-windows.rules) * 1:42188 <-> ENABLED <-> OS-WINDOWS Microsoft Windows IE ETW Collector Service privilege escalation attempt (os-windows.rules) * 1:42189 <-> DISABLED <-> FILE-OFFICE RTF objautlink url moniker file download attempt (file-office.rules) * 1:42190 <-> DISABLED <-> FILE-OFFICE RTF objautlink url moniker file download attempt (file-office.rules) * 1:42195 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules) * 1:42196 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules) * 1:42199 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI null pointer dereference attempt (os-windows.rules) * 1:42200 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI null pointer dereference attempt (os-windows.rules) * 1:42202 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript string from stream memory corruption attempt (file-pdf.rules) * 1:42203 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript string from stream memory corruption attempt (file-pdf.rules) * 1:42204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlFile ActiveX control universal XSS attempt (browser-ie.rules) * 1:42205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlFile ActiveX control universal XSS attempt (browser-ie.rules) * 1:42206 <-> ENABLED <-> FILE-FLASH Adobe Flash Player allocator use-after-free attempt (file-flash.rules) * 1:42207 <-> ENABLED <-> FILE-FLASH Adobe Flash Player allocator use-after-free attempt (file-flash.rules) * 1:42208 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Clipboard Broker privilege escalation vulnerability attempt (os-windows.rules) * 1:42209 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Clipboard Broker privilege escalation vulnerability attempt (os-windows.rules) * 1:42210 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules) * 1:42211 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules) * 1:42212 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules) * 1:42213 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules) * 1:42214 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetStream use after free attempt (file-flash.rules) * 1:42215 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetStream use after free attempt (file-flash.rules) * 1:42216 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader pcx planes memory corruption attempt (file-other.rules) * 1:42217 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader pcx planes memory corruption attempt (file-other.rules) * 1:42218 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed GIF memory corruption attempt (file-image.rules) * 1:42219 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF memory corruption attempt (file-image.rules) * 1:42221 <-> ENABLED <-> SERVER-WEBAPP Moxa private key disclosure attempt (server-webapp.rules) * 1:42222 <-> ENABLED <-> SERVER-WEBAPP Moxa MX Studio login page denial of service attempt (server-webapp.rules) * 1:42234 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS authLogin.cgi command injection attempt (server-webapp.rules) * 1:42235 <-> DISABLED <-> SERVER-OTHER NTP malformed config request denial of service attempt (server-other.rules) * 1:42236 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS userConfig.cgi command injection attempt (server-webapp.rules) * 1:42237 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS userConfig.cgi command injection attempt (server-webapp.rules) * 1:42238 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS userConfig.cgi command injection attempt (server-webapp.rules) * 1:42239 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS utilRequest.cgi command injection attempt (server-webapp.rules) * 1:42240 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS utilRequest.cgi command injection attempt (server-webapp.rules) * 1:42241 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS utilRequest.cgi command injection attempt (server-webapp.rules) * 1:42244 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42245 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42246 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42247 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42255 <-> DISABLED <-> OS-WINDOWS Microsoft Windows empty RDP cookie negotiation attempt (os-windows.rules) * 1:42273 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules) * 1:42274 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules) * 1:42275 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG2000 pclr tag out of bounds read attempt (file-pdf.rules) * 1:42276 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG2000 pclr tag out of bounds read attempt (file-pdf.rules) * 1:42285 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42286 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42290 <-> DISABLED <-> SERVER-WEBAPP Openfire userimportexport plugin XML external entity injection attempt (server-webapp.rules) * 1:42294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 WriteAndX and TransSecondaryRequest TotalDataCount out of bounds write attempt (os-windows.rules) * 1:42296 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed PRC file out of bounds read attempt (file-pdf.rules) * 1:42297 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed PRC file out of bounds read attempt (file-pdf.rules) * 1:42298 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:42299 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:42309 <-> ENABLED <-> FILE-PDF Adobe Acrobat embedded JPEG2000 invalid header out of bounds memory access attempt (file-pdf.rules) * 1:42310 <-> ENABLED <-> FILE-PDF Adobe Acrobat embedded JPEG2000 invalid header out of bounds memory access attempt (file-pdf.rules) * 1:42311 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42312 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42321 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules) * 1:42322 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules) * 1:42324 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader overly large segment size out of bounds read attempt (file-image.rules) * 1:42325 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader overly large segment size out of bounds read attempt (file-image.rules) * 1:42326 <-> ENABLED <-> SERVER-OTHER Zabbix Server Trapper code execution attempt (server-other.rules) * 1:42327 <-> DISABLED <-> SERVER-WEBAPP Cpanel cgiemail format string code execution attempt (server-webapp.rules) * 1:42328 <-> DISABLED <-> SERVER-WEBAPP Cpanel cgiemail format string code execution attempt (server-webapp.rules) * 1:42337 <-> DISABLED <-> INDICATOR-COMPROMISE Zabbix Proxy configuration containing script detected (indicator-compromise.rules) * 1:42339 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB possible leak of kernel heap memory (os-windows.rules) * 1:42345 <-> DISABLED <-> SERVER-WEBAPP Tenable Appliance simpleupload.py command injection attempt (server-webapp.rules) * 1:42346 <-> DISABLED <-> SERVER-WEBAPP Tenable Appliance simpleupload.py command injection attempt (server-webapp.rules) * 1:42347 <-> DISABLED <-> SERVER-WEBAPP Tenable Appliance simpleupload.py command injection attempt (server-webapp.rules) * 1:42354 <-> DISABLED <-> SERVER-WEBAPP Squirrelmail sendmail delivery parameter injection attempt (server-webapp.rules) * 1:42355 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42356 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42357 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42358 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42359 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42360 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42361 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42362 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42414 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules) * 1:42415 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules) * 1:42431 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Video Camera CGIProxy.fcgi query append buffer overflow attempt (server-webapp.rules) * 1:42432 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42433 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42434 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42435 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules) * 1:42436 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules) * 1:42437 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera multipart boundary stack buffer overflow attempt (server-webapp.rules) * 1:42455 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules) * 1:42456 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules) * 1:42457 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules) * 1:42461 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php PHP file injection attempt (server-webapp.rules) * 1:42462 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php directory traversal attempt (server-webapp.rules) * 1:42475 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42476 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42749 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine postMessage use after free attempt (browser-ie.rules) * 1:42750 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine postMessage use after free attempt (browser-ie.rules) * 1:42751 <-> ENABLED <-> OS-WINDOWS Microsoft Windows AFD.sys double fetch race condition attempt (os-windows.rules) * 1:42752 <-> ENABLED <-> OS-WINDOWS Microsoft Windows AFD.sys double fetch race condition attempt (os-windows.rules) * 1:42753 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:42754 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:42755 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2010 Sepx memory corruption attempt (file-office.rules) * 1:42756 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2010 Sepx memory corruption attempt (file-office.rules) * 1:42757 <-> ENABLED <-> OS-WINDOWS Microsoft Windows dxgkrnl CreateDriverAllocations null pointer dereference attempt (os-windows.rules) * 1:42758 <-> ENABLED <-> OS-WINDOWS Microsoft Windows dxgkrnl CreateDriverAllocations null pointer dereference attempt (os-windows.rules) * 1:42759 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42760 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42761 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra array unshift heap overflow attempt (browser-ie.rules) * 1:42762 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra array unshift heap overflow attempt (browser-ie.rules) * 1:42763 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (os-windows.rules) * 1:42764 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (os-windows.rules) * 1:42765 <-> DISABLED <-> OS-WINDOWS Microsoft win32k privilege escalation attempt (os-windows.rules) * 1:42766 <-> DISABLED <-> OS-WINDOWS Microsoft win32k privilege escalation attempt (os-windows.rules) * 1:42769 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k kernel memory leak attempt (os-windows.rules) * 1:42770 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k kernel memory leak attempt (os-windows.rules) * 1:42771 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GdiGradientFill null pointer dereference attempt (os-windows.rules) * 1:42772 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GdiGradientFill null pointer dereference attempt (os-windows.rules) * 1:42775 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra JIT memory corruption attempt (browser-ie.rules) * 1:42776 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra JIT memory corruption attempt (browser-ie.rules) * 1:42777 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:42778 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:42779 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS writing mode type confusion attempt (browser-ie.rules) * 1:42780 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS writing mode type confusion attempt (browser-ie.rules) * 1:42781 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge AudioContext use after free attempt (browser-ie.rules) * 1:42782 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge AudioContext use after free attempt (browser-ie.rules) * 1:42783 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl information disclosure attempt (os-windows.rules) * 1:42784 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl information disclosure attempt (os-windows.rules) * 1:42785 <-> DISABLED <-> INDICATOR-SCAN DNS version.bind string information disclosure attempt (indicator-scan.rules) * 1:42788 <-> DISABLED <-> FILE-PDF Adobe Reader malformed app13 tag information disclosure attempt (file-pdf.rules) * 1:42789 <-> DISABLED <-> FILE-PDF Adobe Reader malformed app13 tag information disclosure attempt (file-pdf.rules) * 1:42790 <-> ENABLED <-> FILE-PDF Adobe Reader invalid object reference use after free attempt (file-pdf.rules) * 1:42791 <-> ENABLED <-> FILE-PDF Adobe Reader invalid object reference use after free attempt (file-pdf.rules) * 1:42792 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid tag buffer overflow attempt (file-flash.rules) * 1:42793 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid tag buffer overflow attempt (file-flash.rules) * 1:42794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player beginGradientFill color array out of bounds read attempt (file-flash.rules) * 1:42795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player beginGradientFill color array out of bounds read attempt (file-flash.rules) * 1:42796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter memory corruption attempt (file-flash.rules) * 1:42797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter memory corruption attempt (file-flash.rules) * 1:42798 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds read attempt (browser-ie.rules) * 1:42799 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds read attempt (browser-ie.rules) * 1:42800 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush out of bounds read attempt (file-flash.rules) * 1:42801 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush out of bounds read attempt (file-flash.rules) * 1:42802 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed AES key memory corruption attempt (file-pdf.rules) * 1:42803 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed AES key memory corruption attempt (file-pdf.rules) * 1:42807 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player BlendMode memory corruption attempt (file-flash.rules) * 1:42808 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player BlendMode memory corruption attempt (file-flash.rules) * 1:42809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42810 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42811 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42812 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42814 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed URI information disclosure attempt (file-pdf.rules) * 1:42816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42820 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:42821 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:42843 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance download-files command injection attempt (server-webapp.rules) * 1:42844 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42845 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42859 <-> ENABLED <-> FILE-PDF Adobe Reader PDF memory corruption attempt (file-pdf.rules) * 1:42860 <-> ENABLED <-> FILE-PDF Adobe Reader PDF memory corruption attempt (file-pdf.rules) * 1:42868 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA forms engine use after free attempt (file-pdf.rules) * 1:42869 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA forms engine use after free attempt (file-pdf.rules) * 1:42887 <-> ENABLED <-> SERVER-OTHER ntpq flagstr buffer overflow attempt (server-other.rules) * 1:42888 <-> DISABLED <-> FILE-PDF Adobe Acrobat JP2 parser information disclosure attempt (file-pdf.rules) * 1:42889 <-> DISABLED <-> FILE-PDF Adobe Acrobat JP2 parser information disclosure attempt (file-pdf.rules) * 1:42896 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CTJPEGWriter null pointer dereference attempt (file-pdf.rules) * 1:42897 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CTJPEGWriter null pointer dereference attempt (file-pdf.rules) * 1:42900 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42903 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42910 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42911 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42912 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42913 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42914 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42915 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42932 <-> DISABLED <-> FILE-FLASH Adobe Flash Player javascript decompressor use after free attempt (file-flash.rules) * 1:42933 <-> DISABLED <-> FILE-FLASH Adobe Flash Player javascript decompressor use after free attempt (file-flash.rules) * 1:42941 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP PER length integer underflow attempt (protocol-other.rules) * 1:42942 <-> ENABLED <-> FILE-PDF Adobe Reader XFA large array use after free attempt (file-pdf.rules) * 1:42943 <-> ENABLED <-> FILE-PDF Adobe Reader XFA large array use after free attempt (file-pdf.rules) * 1:42951 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer arbitrary JSP file upload attempt (server-webapp.rules) * 1:42952 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer directory traversal attempt (server-webapp.rules) * 1:42953 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer directory traversal attempt (server-webapp.rules) * 1:42954 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer directory traversal attempt (server-webapp.rules) * 1:42958 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:42959 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42973 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP RSA modulus length integer underflow attempt (protocol-other.rules) * 1:42974 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid cbCompanyName out of bounds read attempt (protocol-other.rules) * 1:42975 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid EncryptedPlatformChallenge null pointer dereference attempt (protocol-other.rules) * 1:42998 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid MCS serverRandomLen out of bounds read attempt (protocol-other.rules) * 1:43004 <-> ENABLED <-> SERVER-SAMBA Samba is_known_pipe arbitrary module load code execution attempt (server-samba.rules) * 1:43005 <-> DISABLED <-> SERVER-WEBAPP Foscam setWifiSetting command psk stack buffer overflow attempt (server-webapp.rules) * 1:43055 <-> DISABLED <-> SERVER-OTHER Veritas Netbackup bprd remote code execution attempt (server-other.rules) * 1:43056 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt (os-windows.rules) * 1:43057 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt (os-windows.rules) * 1:43058 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid DefinedEditText tag memory corruption attempt (file-flash.rules) * 1:43059 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid DefinedEditText tag memory corruption attempt (file-flash.rules) * 1:43061 <-> DISABLED <-> SERVER-WEBAPP Foscam changeUserName command passwd file injection attempt (server-webapp.rules) * 1:43064 <-> ENABLED <-> SERVER-OTHER NetBackup bprd remote file write attempt (server-other.rules) * 1:43147 <-> ENABLED <-> SERVER-WEBAPP IBM OpenAdmin Tool SOAP welcomeService.php PHP code injection attempt (server-webapp.rules) * 1:43155 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:43156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:43157 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:43158 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:43159 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2016 use after free attempt (file-office.rules) * 1:43160 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2016 use after free attempt (file-office.rules) * 1:43163 <-> ENABLED <-> BROWSER-IE Microsoft Edge object property type confusion attempt (browser-ie.rules) * 1:43164 <-> ENABLED <-> BROWSER-IE Microsoft Edge object property type confusion attempt (browser-ie.rules) * 1:43165 <-> ENABLED <-> BROWSER-IE Microsoft Edge cssText use after free attempt (browser-ie.rules) * 1:43166 <-> ENABLED <-> BROWSER-IE Microsoft Edge cssText use after free attempt (browser-ie.rules) * 1:43169 <-> ENABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43170 <-> ENABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43173 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 RS2 x64 linked cursor double free attempt (os-windows.rules) * 1:43174 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 RS2 x64 linked cursor double free attempt (os-windows.rules) * 1:43175 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Search Service out of bounds memory access attempt (os-windows.rules) * 1:43176 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Search Service out of bounds memory access attempt (os-windows.rules) * 1:43181 <-> ENABLED <-> FILE-OTHER Oniguruma expression parser out of bounds write attempt (file-other.rules) * 1:43182 <-> ENABLED <-> FILE-OTHER Oniguruma expression parser out of bounds write attempt (file-other.rules) * 1:43191 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway performBackupNow.do command injection attempt (server-webapp.rules) * 1:43212 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules) * 1:43213 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules) * 1:43249 <-> DISABLED <-> SERVER-WEBAPP Nuxeo CMS BatchUploadObject arbitrary JSP file upload attempt (server-webapp.rules) * 1:43250 <-> DISABLED <-> SERVER-WEBAPP Nuxeo CMS BatchUploadObject directory traversal attempt (server-webapp.rules) * 1:43284 <-> DISABLED <-> SERVER-WEBAPP HP Network Automation RedirectServlet SQL injection attempt (server-webapp.rules) * 1:43380 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (os-windows.rules) * 1:43381 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (os-windows.rules) * 1:43382 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43383 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43393 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPEG-4 AVC decoding out of bounds read attempt (file-flash.rules) * 1:43394 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPEG-4 AVC decoding out of bounds read attempt (file-flash.rules) * 1:43395 <-> ENABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules) * 1:43396 <-> ENABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules) * 1:43405 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:43406 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:43410 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43411 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43414 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43415 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43416 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43417 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43418 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43419 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43420 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:43421 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:43433 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotations memory corruption attempt (file-pdf.rules) * 1:43434 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotations memory corruption attempt (file-pdf.rules) * 1:43460 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43461 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43462 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43463 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43465 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:43466 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:43469 <-> ENABLED <-> BROWSER-IE Microsoft Edge uninitialized memory attempt (browser-ie.rules) * 1:43470 <-> ENABLED <-> BROWSER-IE Microsoft Edge uninitialized memory attempt (browser-ie.rules) * 1:43471 <-> ENABLED <-> BROWSER-IE Microsoft Edge VBScript VarType out of bounds read attempt (browser-ie.rules) * 1:43472 <-> ENABLED <-> BROWSER-IE Microsoft Edge VBScript VarType out of bounds read attempt (browser-ie.rules) * 1:43473 <-> ENABLED <-> OS-WINDOWS Microsoft win32u PlgBlt out of bounds memory write attempt (os-windows.rules) * 1:43474 <-> ENABLED <-> OS-WINDOWS Microsoft win32u PlgBlt out of bounds memory write attempt (os-windows.rules) * 1:43479 <-> ENABLED <-> FILE-FLASH Adobe Flash Player applyFilter memory corruption attempt (file-flash.rules) * 1:43480 <-> ENABLED <-> FILE-FLASH Adobe Flash Player applyFilter memory corruption attempt (file-flash.rules) * 1:43490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows unsafe memory access privilege escalation attempt (os-windows.rules) * 1:43491 <-> DISABLED <-> OS-WINDOWS Microsoft Windows unsafe memory access privilege escalation attempt (os-windows.rules) * 1:43492 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge array out of bounds write (browser-ie.rules) * 1:43493 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge array out of bounds write (browser-ie.rules) * 1:43497 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EPM brokercreatefile file access bypass attempt (browser-ie.rules) * 1:43498 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EPM brokercreatefile file access bypass attempt (browser-ie.rules) * 1:43521 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 type confusion vulnerability attempt (browser-ie.rules) * 1:43522 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 type confusion vulnerability attempt (browser-ie.rules) * 1:43528 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43531 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43532 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43533 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43534 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43535 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43536 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43625 <-> ENABLED <-> SERVER-WEBAPP Axis M3004 remote code execution attempt (server-webapp.rules) * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:43694 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:43790 <-> ENABLED <-> SERVER-OTHER Apache mod_auth_digest out of bounds read attempt (server-other.rules) * 1:43809 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC cross site request forgery attempt (server-webapp.rules) * 1:43810 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt (server-webapp.rules) * 1:43811 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt (server-webapp.rules) * 1:43812 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt (server-webapp.rules) * 1:43819 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43820 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43821 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43847 <-> ENABLED <-> FILE-OFFICE Microsoft Office Access Jet Database Engine integer overflow attempt (file-office.rules) * 1:43848 <-> ENABLED <-> FILE-OFFICE Microsoft Office Access Jet Database Engine integer overflow attempt (file-office.rules) * 1:43851 <-> ENABLED <-> FILE-OTHER Microsoft Windows Device Guard bypass via compiled help file attempt (file-other.rules) * 1:43852 <-> ENABLED <-> FILE-OTHER Microsoft Windows Device Guard bypass via compiled help file attempt (file-other.rules) * 1:43865 <-> ENABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:43866 <-> ENABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:43867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43869 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43870 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43995 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:43996 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:44002 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44003 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44013 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules) * 1:44014 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules) * 1:44025 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44061 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44062 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44072 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44073 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44074 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44075 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44097 <-> DISABLED <-> FILE-PDF Foxit Reader launchURL Command Injection Remote Code Execution attempt (file-pdf.rules) * 1:44098 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript launchURL command injection and remote code execution attempt (file-pdf.rules) * 1:44116 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway localBackupFileSelection command injection attempt (server-webapp.rules) * 1:44117 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway localBackupFileSelection command injection attempt (server-webapp.rules) * 1:44118 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway localBackupFileSelection command injection attempt (server-webapp.rules) * 1:44160 <-> ENABLED <-> SERVER-OTHER tcpdump ISAKMP parser buffer overflow attempt (server-other.rules) * 1:44161 <-> ENABLED <-> SERVER-OTHER tcpdump ISAKMP parser buffer overflow attempt (server-other.rules) * 1:44315 <-> ENABLED <-> SERVER-WEBAPP Java XML deserialization remote code execution attempt (server-webapp.rules) * 1:44327 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44328 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44329 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44330 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44331 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge memory corruption attempt (browser-ie.rules) * 1:44332 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge memory corruption attempt (browser-ie.rules) * 1:44333 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:44334 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:44335 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys TrueType font out of bounds write attempt (os-windows.rules) * 1:44336 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys TrueType font out of bounds write attempt (os-windows.rules) * 1:44338 <-> ENABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:44339 <-> ENABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:44340 <-> ENABLED <-> BROWSER-IE Microsoft Edge setSelectionRange memory corruption attempt (browser-ie.rules) * 1:44341 <-> ENABLED <-> BROWSER-IE Microsoft Edge setSelectionRange memory corruption attempt (browser-ie.rules) * 1:44342 <-> ENABLED <-> BROWSER-IE Internet Explorer WeakMap Freeze memory corruption attempt (browser-ie.rules) * 1:44343 <-> ENABLED <-> BROWSER-IE Internet Explorer WeakMap Freeze memory corruption attempt (browser-ie.rules) * 1:44345 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44346 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44347 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44348 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44349 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object use after free attempt (browser-ie.rules) * 1:44350 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object use after free attempt (browser-ie.rules) * 1:44351 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44352 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44353 <-> DISABLED <-> FILE-OTHER WSDL soap endpoint location code injection attempt (file-other.rules) * 1:44354 <-> DISABLED <-> FILE-OTHER WSDL soap endpoint location code injection attempt (file-other.rules) * 1:44356 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS padding property memory corruption attempt (browser-ie.rules) * 1:44357 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS padding property memory corruption attempt (browser-ie.rules) * 1:44371 <-> DISABLED <-> FILE-OFFICE RTF WSDL file download attempt (file-office.rules) * 1:44372 <-> DISABLED <-> FILE-OFFICE RTF WSDL file download attempt (file-office.rules) * 1:44477 <-> DISABLED <-> SERVER-OTHER dnsmasq dhcp6_maybe_relay stack buffer overflow attempt (server-other.rules) * 1:44478 <-> DISABLED <-> PROTOCOL-DNS dnsmasq add_pseudoheader memory leak attempt (protocol-dns.rules) * 1:44480 <-> DISABLED <-> SERVER-OTHER dnsmasq Relay-forw information leak attempt (server-other.rules) * 1:44482 <-> DISABLED <-> PROTOCOL-DNS dnsmasq add_pseudoheader integer underflow attempt (protocol-dns.rules) * 1:44483 <-> DISABLED <-> SERVER-OTHER Supervisord remote code execution attempt (server-other.rules) * 1:44493 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ONVIF device_service SQL injection attempt (server-webapp.rules) * 1:44508 <-> ENABLED <-> BROWSER-IE scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:44509 <-> ENABLED <-> BROWSER-IE scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:44510 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:44511 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:44512 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44513 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32kfull.sys privilege escalation attempt (os-windows.rules) * 1:44515 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32kfull.sys privilege escalation attempt (os-windows.rules) * 1:44516 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateMenu use after free attempt (os-windows.rules) * 1:44517 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateMenu use after free attempt (os-windows.rules) * 1:44518 <-> DISABLED <-> FILE-OFFICE Microsoft Graphics remote code execution attempt (file-office.rules) * 1:44519 <-> DISABLED <-> FILE-OFFICE Microsoft Graphics remote code execution attempt (file-office.rules) * 1:44526 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44527 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44528 <-> DISABLED <-> FILE-OTHER Microsoft Graphics remote code execution attempt (file-other.rules) * 1:44529 <-> DISABLED <-> FILE-OTHER Microsoft Graphics remote code execution attempt (file-other.rules) * 1:44531 <-> ENABLED <-> SERVER-APACHE Apache Tomcat remote JSP file upload attempt (server-apache.rules) * 1:44532 <-> ENABLED <-> BROWSER-IE Microsoft Edge getOwnPropertyDescriptor memory corruption attempt (browser-ie.rules) * 1:44533 <-> ENABLED <-> BROWSER-IE Microsoft Edge getOwnPropertyDescriptor memory corruption attempt (browser-ie.rules) * 1:44578 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS HelpDesk App supportutils.php SQL injection attempt (server-webapp.rules) * 1:44583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44584 <-> ENABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44657 <-> ENABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup API SQL injection attempt (server-webapp.rules) * 1:44658 <-> ENABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup storage API command injection attempt (server-webapp.rules) * 1:44684 <-> DISABLED <-> SERVER-WEBAPP Kaltura userzone cookie PHP object injection attempt (server-webapp.rules) * 1:44700 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec Agent use after free attempt (server-other.rules) * 1:44701 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec Agent use after free attempt (server-other.rules) * 1:44731 <-> DISABLED <-> SERVER-WEBAPP Tuleap getRecentElements PHP object injection attempt (server-webapp.rules) * 1:44764 <-> DISABLED <-> SERVER-WEBAPP CMS Made Simple editusertag.php arbitrary PHP code execution attempt (server-webapp.rules) * 1:44767 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server cm_agent.php command injection attempt (server-webapp.rules) * 1:44809 <-> ENABLED <-> BROWSER-IE Microsoft Edge postMessage use after free attempt (browser-ie.rules) * 1:44810 <-> ENABLED <-> BROWSER-IE Microsoft Edge postMessage use after free attempt (browser-ie.rules) * 1:44811 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:44812 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:44813 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Closure use after free attempt (browser-ie.rules) * 3:32212 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32213 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32214 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32215 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32216 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32218 <-> ENABLED <-> PROTOCOL-VOIP out of range port specification exploit attempt (protocol-voip.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45471 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45474 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine uninitialized pointers memory corruption attempt (browser-ie.rules) * 1:45475 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine uninitialized pointers memory corruption attempt (browser-ie.rules) * 1:45455 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit URI redirect attempt (exploit-kit.rules) * 1:45477 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45476 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox HTTP index format out of bounds read attempt (browser-firefox.rules) * 1:45462 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:45468 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45461 <-> DISABLED <-> PROTOCOL-FTP Ayukov NFTP FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45466 <-> ENABLED <-> FILE-OFFICE Microsoft Office None type objclass RTF evasion attempt (file-office.rules) * 1:45473 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45467 <-> ENABLED <-> FILE-OFFICE Microsoft Office None type objclass RTF evasion attempt (file-office.rules) * 1:45470 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45472 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45463 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:45460 <-> DISABLED <-> PROTOCOL-FTP Ayukov NFTP FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45459 <-> ENABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45457 <-> DISABLED <-> SERVER-WEBAPP Samsung SRN-1670D cslog_export.php arbitrary file read attempt (server-webapp.rules) * 1:45458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45478 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45469 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45456 <-> DISABLED <-> SERVER-WEBAPP Samsung SRN-1670D network_ssl_upload.php arbitrary PHP file upload attempt (server-webapp.rules) * 3:45464 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unified Customer Voice Portal denial of service attempt (protocol-voip.rules) * 3:45465 <-> ENABLED <-> SERVER-WEBAPP Splunk daemon default admin credentials login attempt (server-webapp.rules)
* 1:44817 <-> ENABLED <-> BROWSER-IE Microsoft Edge custom property memory corruption attempt (browser-ie.rules) * 1:44815 <-> DISABLED <-> BROWSER-IE Microsoft Edge use after free attempt (browser-ie.rules) * 1:44814 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Closure use after free attempt (browser-ie.rules) * 1:15512 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15513 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:18680 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18702 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18703 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:19200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:21445 <-> DISABLED <-> SERVER-OTHER vsFTPd denial of service attempt (server-other.rules) * 1:21902 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21904 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21905 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21906 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21937 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:23305 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:24500 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitrary dll load attempt (file-other.rules) * 1:26299 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:26300 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26301 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26391 <-> DISABLED <-> PROTOCOL-POP libcurl MD5 digest buffer overflow attempt (protocol-pop.rules) * 1:31027 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31028 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31029 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31030 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31302 <-> DISABLED <-> APP-DETECT Oracle Java debug wire protocol remote debugging attempt (app-detect.rules) * 1:32863 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:32872 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:33637 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query object integer overflow attempt (server-mysql.rules) * 1:35093 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules) * 1:35832 <-> DISABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules) * 1:35833 <-> ENABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules) * 1:36037 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:36038 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:36039 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:36040 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:38225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules) * 1:38226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules) * 1:38835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules) * 1:38836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules) * 1:39273 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:39274 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:39308 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt (file-flash.rules) * 1:39309 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt (file-flash.rules) * 1:39607 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39615 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39843 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:39844 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:40132 <-> ENABLED <-> BROWSER-IE VBScript ADODB.Connection object use after free attempt (browser-ie.rules) * 1:40133 <-> ENABLED <-> BROWSER-IE VBScript ADODB.Connection object use after free attempt (browser-ie.rules) * 1:40364 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:40365 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:40394 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Ntoskrnl integer overflow privilege escalation attempt (os-windows.rules) * 1:40395 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Ntoskrnl integer overflow privilege escalation attempt (os-windows.rules) * 1:40490 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules) * 1:40491 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules) * 1:40573 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules) * 1:40574 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules) * 1:40889 <-> DISABLED <-> SERVER-WEBAPP Barracuda WAF UPDATE_scan_information_in_use command injection attempt (server-webapp.rules) * 1:41110 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules) * 1:41111 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules) * 1:41138 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display list structure memory corruption attempt (file-flash.rules) * 1:41139 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display list structure memory corruption attempt (file-flash.rules) * 1:41140 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Out-of-Bounds Write attempt (file-office.rules) * 1:41141 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Out-of-Bounds Write attempt (file-office.rules) * 1:41142 <-> ENABLED <-> FILE-PDF Adobe Acrobat animateSyncButton use after free attempt (file-pdf.rules) * 1:41143 <-> ENABLED <-> FILE-PDF Adobe Acrobat animateSyncButton use after free attempt (file-pdf.rules) * 1:41144 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41145 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41146 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41147 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41148 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41149 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41150 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript navigation pane use after free attempt (file-pdf.rules) * 1:41151 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript navigation pane use after free attempt (file-pdf.rules) * 1:41152 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules) * 1:41153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules) * 1:41154 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed CFF global subroutine memory corruption attempt (file-pdf.rules) * 1:41155 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed CFF global subroutine memory corruption attempt (file-pdf.rules) * 1:41156 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length heap overflow attempt (file-flash.rules) * 1:41157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length heap overflow attempt (file-flash.rules) * 1:41158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player visual blend out of bounds read attempt (file-flash.rules) * 1:41159 <-> ENABLED <-> FILE-FLASH Adobe Flash Player visual blend out of bounds read attempt (file-flash.rules) * 1:41163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XSL stylesheet heap overflow attempt (file-pdf.rules) * 1:41164 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XSL stylesheet heap overflow attempt (file-pdf.rules) * 1:41193 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine stack buffer overflow attempt (file-pdf.rules) * 1:41194 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine stack buffer overflow attempt (file-pdf.rules) * 1:41198 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41199 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41200 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41201 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41214 <-> DISABLED <-> FILE-FLASH Adobe Flash Player onSetFocus movieclip use after free attempt (file-flash.rules) * 1:41215 <-> DISABLED <-> FILE-FLASH Adobe Flash Player onSetFocus movie clip use after free attempt (file-flash.rules) * 1:41325 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA Engine use after free attempt (file-pdf.rules) * 1:41326 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA Engine use after free attempt (file-pdf.rules) * 1:41327 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules) * 1:41328 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules) * 1:41338 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41339 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41340 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41341 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules) * 1:41343 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules) * 1:41350 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules) * 1:41351 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules) * 1:41370 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules) * 1:41371 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules) * 1:41391 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41392 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41393 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41394 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41395 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41396 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41397 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41398 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41399 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt (file-pdf.rules) * 1:41400 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt (file-pdf.rules) * 1:41407 <-> ENABLED <-> BROWSER-OTHER Cisco WebEx extension command execution attempt (browser-other.rules) * 1:41408 <-> ENABLED <-> BROWSER-OTHER Cisco WebEx extension command execution attempt (browser-other.rules) * 1:41411 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:41412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:41447 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules) * 1:41448 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules) * 1:41454 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess updateTemplate SQL injection attempt (server-webapp.rules) * 1:41455 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess updateTemplate SQL injection attempt (server-webapp.rules) * 1:41504 <-> DISABLED <-> SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt (server-webapp.rules) * 1:41505 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules) * 1:41506 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules) * 1:41508 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client Memcpy heap overflow attempt (server-other.rules) * 1:41509 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap buffer overflow attempt (server-other.rules) * 1:41510 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap buffer overflow attempt (server-other.rules) * 1:41511 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules) * 1:41512 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules) * 1:41536 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder file.php directory traversal attempt (server-webapp.rules) * 1:41543 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules) * 1:41544 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules) * 1:41545 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules) * 1:41546 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules) * 1:41553 <-> ENABLED <-> BROWSER-IE Microsoft Edge url forgery attempt (browser-ie.rules) * 1:41554 <-> ENABLED <-> BROWSER-IE Microsoft Edge url forgery attempt (browser-ie.rules) * 1:41557 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41558 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41559 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41560 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41565 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41566 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41567 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41568 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41569 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41570 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41571 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41572 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41573 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS animation style information disclosure attempt (browser-ie.rules) * 1:41574 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS animation style information disclosure attempt (browser-ie.rules) * 1:41577 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF footnote format use after free attempt (file-office.rules) * 1:41578 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF footnote format use after free attempt (file-office.rules) * 1:41579 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DirectComposition double free attempt (os-windows.rules) * 1:41580 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DirectComposition double free attempt (os-windows.rules) * 1:41581 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed CellXF memory corruption attempt (file-office.rules) * 1:41582 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed CellXF memory corruption attempt (file-office.rules) * 1:41583 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOMAttrModified event use after free attempt (browser-ie.rules) * 1:41584 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOMAttrModified event use after free attempt (browser-ie.rules) * 1:41585 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mutated scope with generator memory corruption attempt (browser-ie.rules) * 1:41586 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mutated scope with generator memory corruption attempt (browser-ie.rules) * 1:41587 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds memory corruption (browser-ie.rules) * 1:41588 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds memory corruption (browser-ie.rules) * 1:41589 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHtmlTab use after free attempt (browser-ie.rules) * 1:41590 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHtmlTab use after free attempt (browser-ie.rules) * 1:41591 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI privilege escalation attempt (os-windows.rules) * 1:41592 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI privilege escalation attempt (os-windows.rules) * 1:41595 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI invalid EMF cbBitsSrc memory disclosure attempt (os-windows.rules) * 1:41596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI invalid EMF cbBitsSrc memory disclosure attempt (os-windows.rules) * 1:41597 <-> DISABLED <-> FILE-OTHER Windows Uniscribe remote code execution vulnerability attempt (file-other.rules) * 1:41598 <-> DISABLED <-> FILE-OTHER Windows Uniscribe remote code execution vulnerability attempt (file-other.rules) * 1:41601 <-> ENABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41602 <-> ENABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41605 <-> DISABLED <-> BROWSER-IE Microsoft Edge AsmJs memory corruption attempt (browser-ie.rules) * 1:41606 <-> DISABLED <-> BROWSER-IE Microsoft Edge AsmJs memory corruption attempt (browser-ie.rules) * 1:41607 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41608 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41609 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41610 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41611 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41612 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41613 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41614 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41615 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41616 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41617 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41618 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41619 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41620 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41621 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41622 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41623 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41624 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41625 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41626 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41627 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41628 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41631 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41632 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41652 <-> DISABLED <-> SERVER-WEBAPP Geutebruck IP Camera testaction.cgi command injection attempt (server-webapp.rules) * 1:41653 <-> DISABLED <-> SERVER-WEBAPP Geutebruck IP Camera testaction.cgi command injection attempt (server-webapp.rules) * 1:41654 <-> DISABLED <-> SERVER-WEBAPP Geutebruck IP Camera testaction.cgi command injection attempt (server-webapp.rules) * 1:41673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules) * 1:41674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules) * 1:41679 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41680 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41698 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41699 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41700 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41703 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules) * 1:41704 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules) * 1:41726 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules) * 1:41727 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules) * 1:41745 <-> ENABLED <-> FILE-MULTIMEDIA Chrome Pepper Flash Player SampleCount heap overflow attempt (file-multimedia.rules) * 1:41746 <-> ENABLED <-> FILE-MULTIMEDIA Chrome Pepper Flash Player SampleCount heap overflow attempt (file-multimedia.rules) * 1:41748 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41749 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41750 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41751 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41753 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules) * 1:41754 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules) * 1:41759 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules) * 1:41760 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules) * 1:41763 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41764 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41765 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules) * 1:41766 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules) * 1:41767 <-> DISABLED <-> SERVER-WEBAPP WP_Query plugin SQL injection attempt (server-webapp.rules) * 1:41768 <-> DISABLED <-> SERVER-WEBAPP WP_Query plugin SQL injection attempt (server-webapp.rules) * 1:41769 <-> DISABLED <-> SERVER-WEBAPP WP_Query plugin SQL injection attempt (server-webapp.rules) * 1:41797 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:41798 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:41926 <-> ENABLED <-> OS-WINDOWS Microsoft Win32u NtUserThunkedMenuItemInfo use after free attempt (os-windows.rules) * 1:41927 <-> ENABLED <-> OS-WINDOWS Microsoft Win32u NtUserThunkedMenuItemInfo use after free attempt (os-windows.rules) * 1:41928 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41929 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41930 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41931 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41932 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41933 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41934 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41935 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41936 <-> ENABLED <-> BROWSER-IE Microsoft Edge TypedArray setter arbitrary write attempt (browser-ie.rules) * 1:41937 <-> ENABLED <-> BROWSER-IE Microsoft Edge TypedArray setter arbitrary write attempt (browser-ie.rules) * 1:41938 <-> ENABLED <-> BROWSER-IE Microsoft Edge reverse helper heap buffer overflow attempt (browser-ie.rules) * 1:41939 <-> ENABLED <-> BROWSER-IE Microsoft Edge reverse helper heap buffer overflow attempt (browser-ie.rules) * 1:41940 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41941 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41944 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:41945 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:41950 <-> ENABLED <-> BROWSER-IE Microsoft Edge WebAssembly memory corruption attempt (browser-ie.rules) * 1:41951 <-> ENABLED <-> BROWSER-IE Microsoft Edge WebAssembly memory corruption attempt (browser-ie.rules) * 1:41952 <-> ENABLED <-> BROWSER-IE Microsoft Edge local file read information leak attempt (browser-ie.rules) * 1:41953 <-> ENABLED <-> BROWSER-IE Microsoft Edge local file read information leak attempt (browser-ie.rules) * 1:41954 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules) * 1:41955 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules) * 1:41956 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules) * 1:41957 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules) * 1:41958 <-> ENABLED <-> BROWSER-IE Microsoft Edge malformed UTF-8 decode arbitrary read attempt (browser-ie.rules) * 1:41959 <-> ENABLED <-> BROWSER-IE Microsoft Edge malformed UTF-8 decode arbitrary read attempt (browser-ie.rules) * 1:41960 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font LookupTable out of bounds write attempt (os-windows.rules) * 1:41961 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font LookupTable out of bounds write attempt (os-windows.rules) * 1:41962 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word template remote code execution attempt (file-office.rules) * 1:41963 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word template remote code execution attempt (file-office.rules) * 1:41964 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word 2010 use-after-free memory corruption vulnerability attempt (file-office.rules) * 1:41965 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word 2010 use-after-free memory corruption vulnerability attempt (file-office.rules) * 1:41966 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont GSUB table out of bounds write attempt (os-windows.rules) * 1:41967 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont GSUB table out of bounds write attempt (os-windows.rules) * 1:41972 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41973 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41974 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41975 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41976 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41977 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41979 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41980 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41981 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word out of bounds read attempt (file-office.rules) * 1:41982 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word out of bounds read attempt (file-office.rules) * 1:41984 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMBv1 identical MID and FID type confusion attempt (os-windows.rules) * 1:41985 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41986 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41991 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF file out of bounds access attempt (file-other.rules) * 1:41992 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF file out of bounds access attempt (file-other.rules) * 1:41993 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI WMF out of bounds read attempt (os-windows.rules) * 1:41994 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI WMF out of bounds read attempt (os-windows.rules) * 1:41995 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DDI privilege escalation attempt (os-windows.rules) * 1:41996 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DDI privilege escalation attempt (os-windows.rules) * 1:41998 <-> DISABLED <-> OS-WINDOWS Microsoft GDI+ privilege escalation attempt (os-windows.rules) * 1:41999 <-> ENABLED <-> OS-OTHER Apple OSX and iOS x509 certificate name constraints parsing use after free attempt (os-other.rules) * 1:42010 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField use after free attempt (file-flash.rules) * 1:42011 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField use after free attempt (file-flash.rules) * 1:42012 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuditudeSettings stack overflow attempt (file-flash.rules) * 1:42013 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuditudeSettings stack overflow attempt (file-flash.rules) * 1:42044 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free attempt (file-flash.rules) * 1:42045 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free attempt (file-flash.rules) * 1:42046 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free (file-flash.rules) * 1:42047 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free (file-flash.rules) * 1:42048 <-> ENABLED <-> SERVER-WEBAPP dnaLIMS sysAdmin.cgi arbitrary command execution attempt (server-webapp.rules) * 1:42052 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime TVSDK memory corruption attempt (file-flash.rules) * 1:42053 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime TVSDK memory corruption attempt (file-flash.rules) * 1:42078 <-> DISABLED <-> SERVER-WEBAPP Foscam cgiproxy.fcgi stack buffer overflow attempt (server-webapp.rules) * 1:42088 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42089 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42090 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42091 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42096 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42097 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42105 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork ged_actions.php command injection attempt (server-webapp.rules) * 1:42106 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork ged_actions.php command injection attempt (server-webapp.rules) * 1:42107 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork module command injection attempt (server-webapp.rules) * 1:42108 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork module command injection attempt (server-webapp.rules) * 1:42137 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules) * 1:42138 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules) * 1:42148 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42149 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42150 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42151 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42152 <-> ENABLED <-> BROWSER-IE Microsoft Edge JavaScript string object type confusion attempt (browser-ie.rules) * 1:42153 <-> ENABLED <-> BROWSER-IE Microsoft Edge JavaScript string object type confusion attempt (browser-ie.rules) * 1:42154 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k information disclosure attempt (os-windows.rules) * 1:42155 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k information disclosure attempt (os-windows.rules) * 1:42156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer recordset use after free attempt (browser-ie.rules) * 1:42157 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer recordset use after free attempt (browser-ie.rules) * 1:42158 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k privilege escalation attempt (os-windows.rules) * 1:42159 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k privilege escalation attempt (os-windows.rules) * 1:42160 <-> ENABLED <-> SERVER-OTHER Microsoft LDAP MaxBuffSize buffer overflow attempt (server-other.rules) * 1:42161 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42162 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42165 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer type confusion vulnerability attempt (browser-ie.rules) * 1:42166 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer type confusion vulnerability attempt (browser-ie.rules) * 1:42167 <-> ENABLED <-> FILE-OFFICE Microsoft Office custom message class security bypass attempt (file-office.rules) * 1:42168 <-> ENABLED <-> FILE-OFFICE Microsoft Office custom message class security bypass attempt (file-office.rules) * 1:42173 <-> ENABLED <-> OS-WINDOWS Microsoft GDI PolyTextOutW out of bounds memory write attempt (os-windows.rules) * 1:42174 <-> ENABLED <-> OS-WINDOWS Microsoft GDI PolyTextOutW out of bounds memory write attempt (os-windows.rules) * 1:42175 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API documentToStream use after free attempt (file-pdf.rules) * 1:42176 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API documentToStream use after free attempt (file-pdf.rules) * 1:42177 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules) * 1:42178 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules) * 1:42183 <-> ENABLED <-> BROWSER-IE Microsoft Edge format rendering type confusion attempt (browser-ie.rules) * 1:42184 <-> ENABLED <-> BROWSER-IE Microsoft Edge format rendering type confusion attempt (browser-ie.rules) * 1:42185 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt (os-windows.rules) * 1:42186 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt (os-windows.rules) * 1:42187 <-> ENABLED <-> OS-WINDOWS Microsoft Windows IE ETW Collector Service privilege escalation attempt (os-windows.rules) * 1:42188 <-> ENABLED <-> OS-WINDOWS Microsoft Windows IE ETW Collector Service privilege escalation attempt (os-windows.rules) * 1:42189 <-> DISABLED <-> FILE-OFFICE RTF objautlink url moniker file download attempt (file-office.rules) * 1:42190 <-> DISABLED <-> FILE-OFFICE RTF objautlink url moniker file download attempt (file-office.rules) * 1:42195 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules) * 1:42196 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules) * 1:42199 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI null pointer dereference attempt (os-windows.rules) * 1:42200 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI null pointer dereference attempt (os-windows.rules) * 1:42202 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript string from stream memory corruption attempt (file-pdf.rules) * 1:42203 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript string from stream memory corruption attempt (file-pdf.rules) * 1:42204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlFile ActiveX control universal XSS attempt (browser-ie.rules) * 1:42205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlFile ActiveX control universal XSS attempt (browser-ie.rules) * 1:42206 <-> ENABLED <-> FILE-FLASH Adobe Flash Player allocator use-after-free attempt (file-flash.rules) * 1:42207 <-> ENABLED <-> FILE-FLASH Adobe Flash Player allocator use-after-free attempt (file-flash.rules) * 1:42208 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Clipboard Broker privilege escalation vulnerability attempt (os-windows.rules) * 1:42209 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Clipboard Broker privilege escalation vulnerability attempt (os-windows.rules) * 1:42210 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules) * 1:42211 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules) * 1:42212 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules) * 1:42213 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules) * 1:42214 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetStream use after free attempt (file-flash.rules) * 1:42215 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetStream use after free attempt (file-flash.rules) * 1:42216 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader pcx planes memory corruption attempt (file-other.rules) * 1:42217 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader pcx planes memory corruption attempt (file-other.rules) * 1:42218 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed GIF memory corruption attempt (file-image.rules) * 1:42219 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF memory corruption attempt (file-image.rules) * 1:42221 <-> ENABLED <-> SERVER-WEBAPP Moxa private key disclosure attempt (server-webapp.rules) * 1:42222 <-> ENABLED <-> SERVER-WEBAPP Moxa MX Studio login page denial of service attempt (server-webapp.rules) * 1:42234 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS authLogin.cgi command injection attempt (server-webapp.rules) * 1:42235 <-> DISABLED <-> SERVER-OTHER NTP malformed config request denial of service attempt (server-other.rules) * 1:42236 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS userConfig.cgi command injection attempt (server-webapp.rules) * 1:42237 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS userConfig.cgi command injection attempt (server-webapp.rules) * 1:42238 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS userConfig.cgi command injection attempt (server-webapp.rules) * 1:42239 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS utilRequest.cgi command injection attempt (server-webapp.rules) * 1:42240 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS utilRequest.cgi command injection attempt (server-webapp.rules) * 1:42241 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS utilRequest.cgi command injection attempt (server-webapp.rules) * 1:42244 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42245 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42246 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42247 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42255 <-> DISABLED <-> OS-WINDOWS Microsoft Windows empty RDP cookie negotiation attempt (os-windows.rules) * 1:42273 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules) * 1:42274 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules) * 1:42275 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG2000 pclr tag out of bounds read attempt (file-pdf.rules) * 1:42276 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG2000 pclr tag out of bounds read attempt (file-pdf.rules) * 1:42285 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42286 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42290 <-> DISABLED <-> SERVER-WEBAPP Openfire userimportexport plugin XML external entity injection attempt (server-webapp.rules) * 1:42294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 WriteAndX and TransSecondaryRequest TotalDataCount out of bounds write attempt (os-windows.rules) * 1:42296 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed PRC file out of bounds read attempt (file-pdf.rules) * 1:42297 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed PRC file out of bounds read attempt (file-pdf.rules) * 1:42298 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:42299 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:42309 <-> ENABLED <-> FILE-PDF Adobe Acrobat embedded JPEG2000 invalid header out of bounds memory access attempt (file-pdf.rules) * 1:42310 <-> ENABLED <-> FILE-PDF Adobe Acrobat embedded JPEG2000 invalid header out of bounds memory access attempt (file-pdf.rules) * 1:42311 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42312 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42321 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules) * 1:42322 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules) * 1:42324 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader overly large segment size out of bounds read attempt (file-image.rules) * 1:42325 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader overly large segment size out of bounds read attempt (file-image.rules) * 1:42326 <-> ENABLED <-> SERVER-OTHER Zabbix Server Trapper code execution attempt (server-other.rules) * 1:42327 <-> DISABLED <-> SERVER-WEBAPP Cpanel cgiemail format string code execution attempt (server-webapp.rules) * 1:42328 <-> DISABLED <-> SERVER-WEBAPP Cpanel cgiemail format string code execution attempt (server-webapp.rules) * 1:42337 <-> DISABLED <-> INDICATOR-COMPROMISE Zabbix Proxy configuration containing script detected (indicator-compromise.rules) * 1:42339 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB possible leak of kernel heap memory (os-windows.rules) * 1:42345 <-> DISABLED <-> SERVER-WEBAPP Tenable Appliance simpleupload.py command injection attempt (server-webapp.rules) * 1:42346 <-> DISABLED <-> SERVER-WEBAPP Tenable Appliance simpleupload.py command injection attempt (server-webapp.rules) * 1:42347 <-> DISABLED <-> SERVER-WEBAPP Tenable Appliance simpleupload.py command injection attempt (server-webapp.rules) * 1:42354 <-> DISABLED <-> SERVER-WEBAPP Squirrelmail sendmail delivery parameter injection attempt (server-webapp.rules) * 1:42355 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42356 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42357 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42358 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42359 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42360 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42361 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42362 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42414 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules) * 1:42415 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules) * 1:42431 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Video Camera CGIProxy.fcgi query append buffer overflow attempt (server-webapp.rules) * 1:42432 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42433 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42434 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42435 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules) * 1:42436 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules) * 1:42437 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera multipart boundary stack buffer overflow attempt (server-webapp.rules) * 1:42455 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules) * 1:42456 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules) * 1:42457 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules) * 1:42461 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php PHP file injection attempt (server-webapp.rules) * 1:42462 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php directory traversal attempt (server-webapp.rules) * 1:42475 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42476 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42749 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine postMessage use after free attempt (browser-ie.rules) * 1:42750 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine postMessage use after free attempt (browser-ie.rules) * 1:42751 <-> ENABLED <-> OS-WINDOWS Microsoft Windows AFD.sys double fetch race condition attempt (os-windows.rules) * 1:42752 <-> ENABLED <-> OS-WINDOWS Microsoft Windows AFD.sys double fetch race condition attempt (os-windows.rules) * 1:42753 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:42754 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:42755 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2010 Sepx memory corruption attempt (file-office.rules) * 1:42756 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2010 Sepx memory corruption attempt (file-office.rules) * 1:42757 <-> ENABLED <-> OS-WINDOWS Microsoft Windows dxgkrnl CreateDriverAllocations null pointer dereference attempt (os-windows.rules) * 1:42758 <-> ENABLED <-> OS-WINDOWS Microsoft Windows dxgkrnl CreateDriverAllocations null pointer dereference attempt (os-windows.rules) * 1:42759 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42760 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42761 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra array unshift heap overflow attempt (browser-ie.rules) * 1:42762 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra array unshift heap overflow attempt (browser-ie.rules) * 1:42763 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (os-windows.rules) * 1:42764 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (os-windows.rules) * 1:42765 <-> DISABLED <-> OS-WINDOWS Microsoft win32k privilege escalation attempt (os-windows.rules) * 1:42766 <-> DISABLED <-> OS-WINDOWS Microsoft win32k privilege escalation attempt (os-windows.rules) * 1:42769 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k kernel memory leak attempt (os-windows.rules) * 1:42770 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k kernel memory leak attempt (os-windows.rules) * 1:42771 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GdiGradientFill null pointer dereference attempt (os-windows.rules) * 1:42772 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GdiGradientFill null pointer dereference attempt (os-windows.rules) * 1:42775 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra JIT memory corruption attempt (browser-ie.rules) * 1:42776 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra JIT memory corruption attempt (browser-ie.rules) * 1:42777 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:42778 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:42779 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS writing mode type confusion attempt (browser-ie.rules) * 1:42780 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS writing mode type confusion attempt (browser-ie.rules) * 1:42781 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge AudioContext use after free attempt (browser-ie.rules) * 1:42782 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge AudioContext use after free attempt (browser-ie.rules) * 1:42783 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl information disclosure attempt (os-windows.rules) * 1:42784 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl information disclosure attempt (os-windows.rules) * 1:42785 <-> DISABLED <-> INDICATOR-SCAN DNS version.bind string information disclosure attempt (indicator-scan.rules) * 1:42788 <-> DISABLED <-> FILE-PDF Adobe Reader malformed app13 tag information disclosure attempt (file-pdf.rules) * 1:42789 <-> DISABLED <-> FILE-PDF Adobe Reader malformed app13 tag information disclosure attempt (file-pdf.rules) * 1:42790 <-> ENABLED <-> FILE-PDF Adobe Reader invalid object reference use after free attempt (file-pdf.rules) * 1:42791 <-> ENABLED <-> FILE-PDF Adobe Reader invalid object reference use after free attempt (file-pdf.rules) * 1:42792 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid tag buffer overflow attempt (file-flash.rules) * 1:42793 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid tag buffer overflow attempt (file-flash.rules) * 1:42794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player beginGradientFill color array out of bounds read attempt (file-flash.rules) * 1:42795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player beginGradientFill color array out of bounds read attempt (file-flash.rules) * 1:42796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter memory corruption attempt (file-flash.rules) * 1:42797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter memory corruption attempt (file-flash.rules) * 1:42798 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds read attempt (browser-ie.rules) * 1:42799 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds read attempt (browser-ie.rules) * 1:42800 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush out of bounds read attempt (file-flash.rules) * 1:42801 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush out of bounds read attempt (file-flash.rules) * 1:42802 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed AES key memory corruption attempt (file-pdf.rules) * 1:42803 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed AES key memory corruption attempt (file-pdf.rules) * 1:42807 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player BlendMode memory corruption attempt (file-flash.rules) * 1:42808 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player BlendMode memory corruption attempt (file-flash.rules) * 1:42809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42810 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42811 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42812 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42813 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed URI information disclosure attempt (file-pdf.rules) * 1:42814 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed URI information disclosure attempt (file-pdf.rules) * 1:42815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42820 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:42821 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:42843 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance download-files command injection attempt (server-webapp.rules) * 1:42844 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42845 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42859 <-> ENABLED <-> FILE-PDF Adobe Reader PDF memory corruption attempt (file-pdf.rules) * 1:42860 <-> ENABLED <-> FILE-PDF Adobe Reader PDF memory corruption attempt (file-pdf.rules) * 1:42868 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA forms engine use after free attempt (file-pdf.rules) * 1:42869 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA forms engine use after free attempt (file-pdf.rules) * 1:42887 <-> ENABLED <-> SERVER-OTHER ntpq flagstr buffer overflow attempt (server-other.rules) * 1:42888 <-> DISABLED <-> FILE-PDF Adobe Acrobat JP2 parser information disclosure attempt (file-pdf.rules) * 1:42889 <-> DISABLED <-> FILE-PDF Adobe Acrobat JP2 parser information disclosure attempt (file-pdf.rules) * 1:42896 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CTJPEGWriter null pointer dereference attempt (file-pdf.rules) * 1:42897 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CTJPEGWriter null pointer dereference attempt (file-pdf.rules) * 1:42900 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42903 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42910 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42911 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42912 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42913 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42914 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42915 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42932 <-> DISABLED <-> FILE-FLASH Adobe Flash Player javascript decompressor use after free attempt (file-flash.rules) * 1:42933 <-> DISABLED <-> FILE-FLASH Adobe Flash Player javascript decompressor use after free attempt (file-flash.rules) * 1:42941 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP PER length integer underflow attempt (protocol-other.rules) * 1:42942 <-> ENABLED <-> FILE-PDF Adobe Reader XFA large array use after free attempt (file-pdf.rules) * 1:42943 <-> ENABLED <-> FILE-PDF Adobe Reader XFA large array use after free attempt (file-pdf.rules) * 1:42951 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer arbitrary JSP file upload attempt (server-webapp.rules) * 1:42952 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer directory traversal attempt (server-webapp.rules) * 1:42953 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer directory traversal attempt (server-webapp.rules) * 1:42954 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer directory traversal attempt (server-webapp.rules) * 1:42958 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:42959 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42973 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP RSA modulus length integer underflow attempt (protocol-other.rules) * 1:42974 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid cbCompanyName out of bounds read attempt (protocol-other.rules) * 1:42975 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid EncryptedPlatformChallenge null pointer dereference attempt (protocol-other.rules) * 1:42998 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid MCS serverRandomLen out of bounds read attempt (protocol-other.rules) * 1:43004 <-> ENABLED <-> SERVER-SAMBA Samba is_known_pipe arbitrary module load code execution attempt (server-samba.rules) * 1:43005 <-> DISABLED <-> SERVER-WEBAPP Foscam setWifiSetting command psk stack buffer overflow attempt (server-webapp.rules) * 1:43055 <-> DISABLED <-> SERVER-OTHER Veritas Netbackup bprd remote code execution attempt (server-other.rules) * 1:43056 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt (os-windows.rules) * 1:43057 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt (os-windows.rules) * 1:43058 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid DefinedEditText tag memory corruption attempt (file-flash.rules) * 1:43059 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid DefinedEditText tag memory corruption attempt (file-flash.rules) * 1:43061 <-> DISABLED <-> SERVER-WEBAPP Foscam changeUserName command passwd file injection attempt (server-webapp.rules) * 1:43064 <-> ENABLED <-> SERVER-OTHER NetBackup bprd remote file write attempt (server-other.rules) * 1:43147 <-> ENABLED <-> SERVER-WEBAPP IBM OpenAdmin Tool SOAP welcomeService.php PHP code injection attempt (server-webapp.rules) * 1:43155 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:43156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:43157 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:43158 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:43159 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2016 use after free attempt (file-office.rules) * 1:43160 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2016 use after free attempt (file-office.rules) * 1:43163 <-> ENABLED <-> BROWSER-IE Microsoft Edge object property type confusion attempt (browser-ie.rules) * 1:43164 <-> ENABLED <-> BROWSER-IE Microsoft Edge object property type confusion attempt (browser-ie.rules) * 1:43165 <-> ENABLED <-> BROWSER-IE Microsoft Edge cssText use after free attempt (browser-ie.rules) * 1:43166 <-> ENABLED <-> BROWSER-IE Microsoft Edge cssText use after free attempt (browser-ie.rules) * 1:43169 <-> ENABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43170 <-> ENABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43173 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 RS2 x64 linked cursor double free attempt (os-windows.rules) * 1:43174 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 RS2 x64 linked cursor double free attempt (os-windows.rules) * 1:43175 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Search Service out of bounds memory access attempt (os-windows.rules) * 1:43176 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Search Service out of bounds memory access attempt (os-windows.rules) * 1:43181 <-> ENABLED <-> FILE-OTHER Oniguruma expression parser out of bounds write attempt (file-other.rules) * 1:43182 <-> ENABLED <-> FILE-OTHER Oniguruma expression parser out of bounds write attempt (file-other.rules) * 1:43191 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway performBackupNow.do command injection attempt (server-webapp.rules) * 1:43212 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules) * 1:43213 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules) * 1:43249 <-> DISABLED <-> SERVER-WEBAPP Nuxeo CMS BatchUploadObject arbitrary JSP file upload attempt (server-webapp.rules) * 1:43250 <-> DISABLED <-> SERVER-WEBAPP Nuxeo CMS BatchUploadObject directory traversal attempt (server-webapp.rules) * 1:43284 <-> DISABLED <-> SERVER-WEBAPP HP Network Automation RedirectServlet SQL injection attempt (server-webapp.rules) * 1:43380 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (os-windows.rules) * 1:43381 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (os-windows.rules) * 1:43382 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43383 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43393 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPEG-4 AVC decoding out of bounds read attempt (file-flash.rules) * 1:43394 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPEG-4 AVC decoding out of bounds read attempt (file-flash.rules) * 1:43395 <-> ENABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules) * 1:43396 <-> ENABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules) * 1:43405 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:43406 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:43410 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43411 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43414 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43415 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43416 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43417 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43418 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43419 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43420 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:43421 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:43433 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotations memory corruption attempt (file-pdf.rules) * 1:43434 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotations memory corruption attempt (file-pdf.rules) * 1:43460 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43461 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43462 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43463 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43465 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:43466 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:43469 <-> ENABLED <-> BROWSER-IE Microsoft Edge uninitialized memory attempt (browser-ie.rules) * 1:43470 <-> ENABLED <-> BROWSER-IE Microsoft Edge uninitialized memory attempt (browser-ie.rules) * 1:43471 <-> ENABLED <-> BROWSER-IE Microsoft Edge VBScript VarType out of bounds read attempt (browser-ie.rules) * 1:43472 <-> ENABLED <-> BROWSER-IE Microsoft Edge VBScript VarType out of bounds read attempt (browser-ie.rules) * 1:43473 <-> ENABLED <-> OS-WINDOWS Microsoft win32u PlgBlt out of bounds memory write attempt (os-windows.rules) * 1:43474 <-> ENABLED <-> OS-WINDOWS Microsoft win32u PlgBlt out of bounds memory write attempt (os-windows.rules) * 1:43479 <-> ENABLED <-> FILE-FLASH Adobe Flash Player applyFilter memory corruption attempt (file-flash.rules) * 1:43480 <-> ENABLED <-> FILE-FLASH Adobe Flash Player applyFilter memory corruption attempt (file-flash.rules) * 1:43490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows unsafe memory access privilege escalation attempt (os-windows.rules) * 1:43491 <-> DISABLED <-> OS-WINDOWS Microsoft Windows unsafe memory access privilege escalation attempt (os-windows.rules) * 1:43492 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge array out of bounds write (browser-ie.rules) * 1:43493 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge array out of bounds write (browser-ie.rules) * 1:43497 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EPM brokercreatefile file access bypass attempt (browser-ie.rules) * 1:43498 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EPM brokercreatefile file access bypass attempt (browser-ie.rules) * 1:43521 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 type confusion vulnerability attempt (browser-ie.rules) * 1:43522 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 type confusion vulnerability attempt (browser-ie.rules) * 1:43528 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43531 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43532 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43533 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43534 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43535 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43536 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43625 <-> ENABLED <-> SERVER-WEBAPP Axis M3004 remote code execution attempt (server-webapp.rules) * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:43694 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:43790 <-> ENABLED <-> SERVER-OTHER Apache mod_auth_digest out of bounds read attempt (server-other.rules) * 1:43809 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC cross site request forgery attempt (server-webapp.rules) * 1:43810 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt (server-webapp.rules) * 1:43811 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt (server-webapp.rules) * 1:43812 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt (server-webapp.rules) * 1:43819 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43820 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43821 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43847 <-> ENABLED <-> FILE-OFFICE Microsoft Office Access Jet Database Engine integer overflow attempt (file-office.rules) * 1:43848 <-> ENABLED <-> FILE-OFFICE Microsoft Office Access Jet Database Engine integer overflow attempt (file-office.rules) * 1:43851 <-> ENABLED <-> FILE-OTHER Microsoft Windows Device Guard bypass via compiled help file attempt (file-other.rules) * 1:43852 <-> ENABLED <-> FILE-OTHER Microsoft Windows Device Guard bypass via compiled help file attempt (file-other.rules) * 1:43865 <-> ENABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:43866 <-> ENABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:43867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43869 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43870 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43995 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:43996 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:44002 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44003 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44013 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules) * 1:44014 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules) * 1:44025 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44061 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44062 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44072 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44073 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44074 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44075 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44097 <-> DISABLED <-> FILE-PDF Foxit Reader launchURL Command Injection Remote Code Execution attempt (file-pdf.rules) * 1:44098 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript launchURL command injection and remote code execution attempt (file-pdf.rules) * 1:44116 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway localBackupFileSelection command injection attempt (server-webapp.rules) * 1:44117 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway localBackupFileSelection command injection attempt (server-webapp.rules) * 1:44118 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway localBackupFileSelection command injection attempt (server-webapp.rules) * 1:44160 <-> ENABLED <-> SERVER-OTHER tcpdump ISAKMP parser buffer overflow attempt (server-other.rules) * 1:44161 <-> ENABLED <-> SERVER-OTHER tcpdump ISAKMP parser buffer overflow attempt (server-other.rules) * 1:44315 <-> ENABLED <-> SERVER-WEBAPP Java XML deserialization remote code execution attempt (server-webapp.rules) * 1:44327 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44328 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44329 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44330 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44331 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge memory corruption attempt (browser-ie.rules) * 1:44332 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge memory corruption attempt (browser-ie.rules) * 1:44333 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:44334 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:44335 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys TrueType font out of bounds write attempt (os-windows.rules) * 1:44336 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys TrueType font out of bounds write attempt (os-windows.rules) * 1:44338 <-> ENABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:44339 <-> ENABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:44340 <-> ENABLED <-> BROWSER-IE Microsoft Edge setSelectionRange memory corruption attempt (browser-ie.rules) * 1:44341 <-> ENABLED <-> BROWSER-IE Microsoft Edge setSelectionRange memory corruption attempt (browser-ie.rules) * 1:44342 <-> ENABLED <-> BROWSER-IE Internet Explorer WeakMap Freeze memory corruption attempt (browser-ie.rules) * 1:44343 <-> ENABLED <-> BROWSER-IE Internet Explorer WeakMap Freeze memory corruption attempt (browser-ie.rules) * 1:44345 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44346 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44347 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44348 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44349 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object use after free attempt (browser-ie.rules) * 1:44350 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object use after free attempt (browser-ie.rules) * 1:44351 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44352 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44353 <-> DISABLED <-> FILE-OTHER WSDL soap endpoint location code injection attempt (file-other.rules) * 1:44354 <-> DISABLED <-> FILE-OTHER WSDL soap endpoint location code injection attempt (file-other.rules) * 1:44356 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS padding property memory corruption attempt (browser-ie.rules) * 1:44357 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS padding property memory corruption attempt (browser-ie.rules) * 1:44371 <-> DISABLED <-> FILE-OFFICE RTF WSDL file download attempt (file-office.rules) * 1:44372 <-> DISABLED <-> FILE-OFFICE RTF WSDL file download attempt (file-office.rules) * 1:44477 <-> DISABLED <-> SERVER-OTHER dnsmasq dhcp6_maybe_relay stack buffer overflow attempt (server-other.rules) * 1:44478 <-> DISABLED <-> PROTOCOL-DNS dnsmasq add_pseudoheader memory leak attempt (protocol-dns.rules) * 1:44480 <-> DISABLED <-> SERVER-OTHER dnsmasq Relay-forw information leak attempt (server-other.rules) * 1:44482 <-> DISABLED <-> PROTOCOL-DNS dnsmasq add_pseudoheader integer underflow attempt (protocol-dns.rules) * 1:44483 <-> DISABLED <-> SERVER-OTHER Supervisord remote code execution attempt (server-other.rules) * 1:44493 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ONVIF device_service SQL injection attempt (server-webapp.rules) * 1:44508 <-> ENABLED <-> BROWSER-IE scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:44509 <-> ENABLED <-> BROWSER-IE scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:44510 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:44511 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:44512 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44513 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32kfull.sys privilege escalation attempt (os-windows.rules) * 1:44515 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32kfull.sys privilege escalation attempt (os-windows.rules) * 1:44516 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateMenu use after free attempt (os-windows.rules) * 1:44517 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateMenu use after free attempt (os-windows.rules) * 1:44518 <-> DISABLED <-> FILE-OFFICE Microsoft Graphics remote code execution attempt (file-office.rules) * 1:44519 <-> DISABLED <-> FILE-OFFICE Microsoft Graphics remote code execution attempt (file-office.rules) * 1:44526 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44527 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44528 <-> DISABLED <-> FILE-OTHER Microsoft Graphics remote code execution attempt (file-other.rules) * 1:44529 <-> DISABLED <-> FILE-OTHER Microsoft Graphics remote code execution attempt (file-other.rules) * 1:44531 <-> ENABLED <-> SERVER-APACHE Apache Tomcat remote JSP file upload attempt (server-apache.rules) * 1:44532 <-> ENABLED <-> BROWSER-IE Microsoft Edge getOwnPropertyDescriptor memory corruption attempt (browser-ie.rules) * 1:44533 <-> ENABLED <-> BROWSER-IE Microsoft Edge getOwnPropertyDescriptor memory corruption attempt (browser-ie.rules) * 1:44578 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS HelpDesk App supportutils.php SQL injection attempt (server-webapp.rules) * 1:44583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44584 <-> ENABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44657 <-> ENABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup API SQL injection attempt (server-webapp.rules) * 1:44658 <-> ENABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup storage API command injection attempt (server-webapp.rules) * 1:44684 <-> DISABLED <-> SERVER-WEBAPP Kaltura userzone cookie PHP object injection attempt (server-webapp.rules) * 1:44700 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec Agent use after free attempt (server-other.rules) * 1:44701 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec Agent use after free attempt (server-other.rules) * 1:44731 <-> DISABLED <-> SERVER-WEBAPP Tuleap getRecentElements PHP object injection attempt (server-webapp.rules) * 1:44764 <-> DISABLED <-> SERVER-WEBAPP CMS Made Simple editusertag.php arbitrary PHP code execution attempt (server-webapp.rules) * 1:44767 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server cm_agent.php command injection attempt (server-webapp.rules) * 1:44809 <-> ENABLED <-> BROWSER-IE Microsoft Edge postMessage use after free attempt (browser-ie.rules) * 1:44810 <-> ENABLED <-> BROWSER-IE Microsoft Edge postMessage use after free attempt (browser-ie.rules) * 1:44811 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:44812 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:44816 <-> DISABLED <-> BROWSER-IE Microsoft Edge use after free attempt (browser-ie.rules) * 1:44818 <-> ENABLED <-> BROWSER-IE Microsoft Edge custom property memory corruption attempt (browser-ie.rules) * 1:44819 <-> ENABLED <-> BROWSER-IE Microsoft Edge array use after free attempt (browser-ie.rules) * 1:44820 <-> ENABLED <-> BROWSER-IE Microsoft Edge array use after free attempt (browser-ie.rules) * 1:44821 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free vulnerability exploit attempt (file-office.rules) * 1:44822 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free vulnerability exploit attempt (file-office.rules) * 1:44827 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:44828 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:44831 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption exploitation attempt (browser-ie.rules) * 1:44832 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption exploitation attempt (browser-ie.rules) * 1:44833 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use after free attempt (os-windows.rules) * 1:44834 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use after free attempt (os-windows.rules) * 1:44845 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules) * 1:44846 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules) * 1:44853 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF buffer over-read attempt (file-pdf.rules) * 1:44854 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF buffer over-read attempt (file-pdf.rules) * 1:44856 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XI JavaScript annotation use after free attempt (file-pdf.rules) * 1:44857 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XI JavaScript annotation use after free attempt (file-pdf.rules) * 1:44859 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro PNG file buffer over-read vulnerability attempt (file-other.rules) * 1:44860 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro PNG file buffer over-read vulnerability attempt (file-other.rules) * 1:44861 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CommentExtension attempt (file-image.rules) * 1:44862 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CommentExtension attempt (file-image.rules) * 1:44866 <-> DISABLED <-> SERVER-WEBAPP Xplico decoding manager daemon command injection attempt (server-webapp.rules) * 1:44871 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:44872 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:44873 <-> ENABLED <-> FILE-PDF Adobe Acrobat addAnnot object untrusted pointer dereference attempt (file-pdf.rules) * 1:44874 <-> ENABLED <-> FILE-PDF Adobe Acrobat addAnnot object untrusted pointer dereference attempt (file-pdf.rules) * 1:44880 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:44881 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:44882 <-> DISABLED <-> FILE-PDF Adobe Acrobat acrobat URI handler security bypass (file-pdf.rules) * 1:44883 <-> DISABLED <-> FILE-PDF Adobe Acrobat acrobat URI handler security bypass (file-pdf.rules) * 1:44884 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:44885 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:44887 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44888 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44890 <-> DISABLED <-> SERVER-OTHER CouchDB remote privilege escalation attempt (server-other.rules) * 1:44891 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44892 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44893 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF out of bounds read attempt (file-other.rules) * 1:44894 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF out of bounds read attempt (file-other.rules) * 1:44900 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded javascript events use after free attempt (file-pdf.rules) * 1:44901 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded javascript events use after free attempt (file-pdf.rules) * 1:44902 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44903 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44912 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro invalid APP13 marker size attempt (file-image.rules) * 1:44913 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro invalid APP13 marker size attempt (file-image.rules) * 1:44916 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44917 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44918 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44921 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager manageApplications.do SQL injection attempt (server-webapp.rules) * 1:44922 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager manageApplications.do SQL injection attempt (server-webapp.rules) * 1:44923 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF Bezier curve out of bounds read attempt (file-other.rules) * 1:44924 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF Bezier curve out of bounds read attempt (file-other.rules) * 1:44925 <-> ENABLED <-> FILE-PDF Adobe Acrobat thermometer object untrusted pointer dereference attempt (file-pdf.rules) * 1:44926 <-> ENABLED <-> FILE-PDF Adobe Acrobat thermometer object untrusted pointer dereference attempt (file-pdf.rules) * 1:44927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture out of bounds read attempt (file-other.rules) * 1:44928 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture out of bounds read attempt (file-other.rules) * 1:44929 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44930 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44933 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44934 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44937 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMFPlus out of bounds buffer overflow attempt (file-other.rules) * 1:44938 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMFPlus out of bounds buffer overflow attempt (file-other.rules) * 1:44939 <-> ENABLED <-> FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (file-pdf.rules) * 1:44940 <-> ENABLED <-> FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (file-pdf.rules) * 1:44949 <-> ENABLED <-> FILE-PDF Acrobat TrueTypeFont file out of bounds read attempt (file-pdf.rules) * 1:44950 <-> ENABLED <-> FILE-PDF Acrobat TrueTypeFont file out of bounds read attempt (file-pdf.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44953 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds buffer overflow attempt (file-other.rules) * 1:44954 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds buffer overflow attempt (file-other.rules) * 1:44955 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript infinite recursion heap overflow attempt (file-pdf.rules) * 1:44956 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript infinite recursion heap overflow attempt (file-pdf.rules) * 1:44959 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values memory corruption attempt (file-image.rules) * 1:44960 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values memory corruption attempt (file-image.rules) * 1:44961 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44962 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44963 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44964 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44965 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro security bypass attempt (file-other.rules) * 1:44966 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro security bypass attempt (file-other.rules) * 1:44967 <-> ENABLED <-> FILE-PDF Acrobat malformed html tag out of bounds read attempt (file-pdf.rules) * 1:44968 <-> ENABLED <-> FILE-PDF Acrobat malformed html tag out of bounds read attempt (file-pdf.rules) * 1:44969 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:44970 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:44976 <-> DISABLED <-> FILE-PDF Adobe Reader ActualText attribute type confusion attempt (file-pdf.rules) * 1:44977 <-> DISABLED <-> FILE-PDF Adobe Reader ActualText attribute type confusion attempt (file-pdf.rules) * 1:44983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:44984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:44987 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF font character encoding out of bounds write attempt (file-pdf.rules) * 1:44988 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF font character encoding out of bounds write attempt (file-pdf.rules) * 1:44989 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object with automatic execution embedded in RTF attempt (file-office.rules) * 1:44990 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object with automatic execution embedded in RTF attempt (file-office.rules) * 1:45002 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45003 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45004 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45005 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45006 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45007 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45008 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45009 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45010 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45011 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45012 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45013 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45014 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45015 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45016 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45031 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules) * 1:45032 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules) * 1:45035 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45036 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45037 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules) * 1:45038 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules) * 1:45039 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules) * 1:45040 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45041 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45044 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules) * 1:45045 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules) * 1:45046 <-> ENABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules) * 1:45052 <-> DISABLED <-> SERVER-WEBAPP Wordpress wpdb prepare sprintf placeholder SQL injection attempt (server-webapp.rules) * 1:45066 <-> DISABLED <-> SERVER-WEBAPP WordPress Duplicator cross site scripting attempt (server-webapp.rules) * 1:45067 <-> DISABLED <-> SERVER-WEBAPP WordPress Duplicator cross site scripting attempt (server-webapp.rules) * 1:45073 <-> DISABLED <-> SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt (server-webapp.rules) * 1:45074 <-> ENABLED <-> SERVER-SAMBA Samba unsigned connections attempt (server-samba.rules) * 1:45075 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules) * 1:45076 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules) * 1:45077 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules) * 1:45081 <-> DISABLED <-> SERVER-OTHER Geutebrueck GCore web server buffer overflow attempt (server-other.rules) * 1:45083 <-> DISABLED <-> SERVER-APACHE Apache Solr RunExecutableListener arbitrary command execution attempt (server-apache.rules) * 1:45084 <-> DISABLED <-> SERVER-APACHE Apache Solr xmlparser external doctype or entity expansion attempt (server-apache.rules) * 1:45094 <-> DISABLED <-> SERVER-WEBAPP MediaWiki arbitrary file write attempt (server-webapp.rules) * 1:45109 <-> DISABLED <-> SERVER-WEBAPP OrientDB remote code execution attempt (server-webapp.rules) * 1:45110 <-> DISABLED <-> SERVER-WEBAPP OrientDB privilege escalation attempt (server-webapp.rules) * 1:45112 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt (server-webapp.rules) * 1:45113 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt (server-webapp.rules) * 1:45115 <-> DISABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45116 <-> DISABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45117 <-> ENABLED <-> SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt (server-webapp.rules) * 1:45118 <-> ENABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45119 <-> ENABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:45122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:45123 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed spreadsheet use-after-free attempt (file-office.rules) * 1:45124 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed spreadsheet use-after-free attempt (file-office.rules) * 1:45128 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules) * 1:45129 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules) * 1:45130 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:45131 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:45132 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45133 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45134 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45135 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45138 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45139 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45140 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra RegExp engine memory corruption attempt (browser-ie.rules) * 1:45141 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra RegExp engine memory corruption attempt (browser-ie.rules) * 1:45142 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array type confusion attempt (browser-ie.rules) * 1:45143 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array type confusion attempt (browser-ie.rules) * 1:45144 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45145 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45146 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45147 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45148 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45150 <-> ENABLED <-> BROWSER-IE Microsoft Edge JsSetCurrentContext out of bounds read attempt (browser-ie.rules) * 1:45151 <-> ENABLED <-> BROWSER-IE Microsoft Edge JsSetCurrentContext out of bounds read attempt (browser-ie.rules) * 1:45155 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds read attempt (browser-ie.rules) * 1:45156 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds read attempt (browser-ie.rules) * 1:45160 <-> DISABLED <-> BROWSER-IE Microsoft Edge null pointer dereference attempt (browser-ie.rules) * 1:45161 <-> DISABLED <-> BROWSER-IE Microsoft Edge null pointer dereference attempt (browser-ie.rules) * 1:45162 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45163 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45167 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45168 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45169 <-> ENABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:45170 <-> ENABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:45189 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules) * 1:45190 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules) * 1:45192 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules) * 1:45193 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules) * 1:45198 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess dcerpc service opcode 80061 stack buffer overflow attempt (server-other.rules) * 1:45199 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules) * 1:45200 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules) * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules) * 1:45218 <-> ENABLED <-> SERVER-WEBAPP Embedthis GoAhead CGI information disclosure attempt (server-webapp.rules) * 1:45219 <-> ENABLED <-> SERVER-WEBAPP Embedthis GoAhead LD_preload code execution attempt (server-webapp.rules) * 1:45235 <-> ENABLED <-> SERVER-WEBAPP Palo Alto Networks Firewall router.php XML attribute injection attempt (server-webapp.rules) * 1:45236 <-> ENABLED <-> SERVER-WEBAPP Palo Alto Networks Firewall cms_changeDeviceContext.esp session injection attempt (server-webapp.rules) * 1:45255 <-> ENABLED <-> SERVER-SAMBA Samba tree connect andx memory corruption attempt (server-samba.rules) * 1:45260 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules) * 1:45269 <-> DISABLED <-> SERVER-OTHER Apache CouchDB remote code execution attempt (server-other.rules) * 1:45304 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:45314 <-> ENABLED <-> SERVER-WEBAPP Beijing Hanbang Hanbanggaoke IP camera admin password change attempt (server-webapp.rules) * 1:45318 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler SD-WAN command injection attempt (server-webapp.rules) * 1:45319 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler SD-WAN command injection attempt (server-webapp.rules) * 1:45357 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45358 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45359 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45360 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45361 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45362 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45363 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45364 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45365 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45366 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45367 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45368 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45374 <-> ENABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:45375 <-> ENABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:45376 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:45377 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:45378 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:45379 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:45383 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine integer overflow attempt (browser-ie.rules) * 1:45384 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine integer overflow attempt (browser-ie.rules) * 1:45387 <-> ENABLED <-> BROWSER-IE Microsoft Edge anonymous function type confusion attempt (browser-ie.rules) * 1:45388 <-> ENABLED <-> BROWSER-IE Microsoft Edge anonymous function type confusion attempt (browser-ie.rules) * 1:45389 <-> ENABLED <-> BROWSER-IE Microsoft IE array type confusion attempt (browser-ie.rules) * 1:45390 <-> ENABLED <-> BROWSER-IE Microsoft IE array type confusion attempt (browser-ie.rules) * 1:45391 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:45392 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:45393 <-> DISABLED <-> SERVER-OTHER Quest Privilege Manager pmmasterd buffer overflow attempt (server-other.rules) * 1:45395 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine toString use after free attempt (browser-ie.rules) * 1:45396 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine toString use after free attempt (browser-ie.rules) * 1:45401 <-> ENABLED <-> SERVER-WEBAPP Fortinet FortiOS redir parameter cross site scripting attempt (server-webapp.rules) * 1:45404 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45405 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45412 <-> DISABLED <-> SERVER-WEBAPP Asus RT-AC88U deleteOfflineClients memory corruption attempt (server-webapp.rules) * 1:45413 <-> DISABLED <-> SERVER-WEBAPP Hikvision IP camera admin authentication attempt (server-webapp.rules) * 1:45414 <-> DISABLED <-> SERVER-WEBAPP DotNetNuke DNNPersonalization remote code execution attempt (server-webapp.rules) * 1:45415 <-> ENABLED <-> FILE-OFFICE RTF Composite Moniker object creation attempt (file-office.rules) * 1:45416 <-> ENABLED <-> FILE-OFFICE RTF Composite Moniker object creation attempt (file-office.rules) * 1:45421 <-> DISABLED <-> SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:45442 <-> DISABLED <-> SERVER-OTHER Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet information disclosure attempt (server-other.rules) * 1:45443 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45444 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45445 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45446 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45447 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45448 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45449 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45450 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45451 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45452 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45453 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:6431 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules) * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules) * 1:44813 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Closure use after free attempt (browser-ie.rules) * 3:32212 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32213 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32214 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32215 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32216 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32218 <-> ENABLED <-> PROTOCOL-VOIP out of range port specification exploit attempt (protocol-voip.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:45467 <-> ENABLED <-> FILE-OFFICE Microsoft Office None type objclass RTF evasion attempt (file-office.rules) * 1:45466 <-> ENABLED <-> FILE-OFFICE Microsoft Office None type objclass RTF evasion attempt (file-office.rules) * 1:45463 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:45462 <-> DISABLED <-> BROWSER-IE Microsoft ChakraCore scripting engine memory corruption attempt (browser-ie.rules) * 1:45461 <-> DISABLED <-> PROTOCOL-FTP Ayukov NFTP FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45460 <-> DISABLED <-> PROTOCOL-FTP Ayukov NFTP FTP Client buffer overflow attempt (protocol-ftp.rules) * 1:45459 <-> ENABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip attachbitmap use-after-free attempt (file-flash.rules) * 1:45457 <-> DISABLED <-> SERVER-WEBAPP Samsung SRN-1670D cslog_export.php arbitrary file read attempt (server-webapp.rules) * 1:45456 <-> DISABLED <-> SERVER-WEBAPP Samsung SRN-1670D network_ssl_upload.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:45455 <-> DISABLED <-> EXPLOIT-KIT Rig Exploit Kit URI redirect attempt (exploit-kit.rules) * 1:45478 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45477 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45476 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox HTTP index format out of bounds read attempt (browser-firefox.rules) * 1:45475 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine uninitialized pointers memory corruption attempt (browser-ie.rules) * 1:45474 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine uninitialized pointers memory corruption attempt (browser-ie.rules) * 1:45473 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45472 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45471 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45470 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45469 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45468 <-> ENABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 3:45464 <-> ENABLED <-> PROTOCOL-VOIP Cisco Unified Customer Voice Portal denial of service attempt (protocol-voip.rules) * 3:45465 <-> ENABLED <-> SERVER-WEBAPP Splunk daemon default admin credentials login attempt (server-webapp.rules)
* 1:42762 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra array unshift heap overflow attempt (browser-ie.rules) * 1:18703 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18702 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:18680 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF malformed pfragments field (file-office.rules) * 1:15513 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:15512 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP rpcss2_RemoteGetClassObject attempt (os-windows.rules) * 1:19200 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:21445 <-> DISABLED <-> SERVER-OTHER vsFTPd denial of service attempt (server-other.rules) * 1:21902 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:32872 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel ObjBiff exploit attempt (file-office.rules) * 1:32863 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:31302 <-> DISABLED <-> APP-DETECT Oracle Java debug wire protocol remote debugging attempt (app-detect.rules) * 1:31030 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31029 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31028 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:31027 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF conversion heap buffer overflow attempt (file-other.rules) * 1:26391 <-> DISABLED <-> PROTOCOL-POP libcurl MD5 digest buffer overflow attempt (protocol-pop.rules) * 1:26301 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multipolygon object integer overflow attempt (server-mysql.rules) * 1:26300 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query multistring object integer overflow attempt (server-mysql.rules) * 1:26299 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query polygon object integer overflow attempt (server-mysql.rules) * 1:24500 <-> DISABLED <-> FILE-OTHER Microsoft LNK shortcut arbitrary dll load attempt (file-other.rules) * 1:23305 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21937 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21906 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21905 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21904 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:21903 <-> ENABLED <-> FILE-OFFICE Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-office.rules) * 1:38226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules) * 1:38225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid FLV header out of bounds write attempt (file-flash.rules) * 1:36040 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:36039 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:36038 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:36037 <-> DISABLED <-> SERVER-WEBAPP Novell Zenworks Mobile Management cross site scripting attempt (server-webapp.rules) * 1:35833 <-> ENABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules) * 1:35832 <-> DISABLED <-> FILE-OTHER Hangul Word Processor malicious tab count memory corruption attempt (file-other.rules) * 1:35093 <-> DISABLED <-> SERVER-OTHER PHP core compressed file temp_len buffer overflow attempt (server-other.rules) * 1:33637 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query object integer overflow attempt (server-mysql.rules) * 1:38835 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules) * 1:38836 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap heap overflow attempt (file-flash.rules) * 1:39607 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:39309 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt (file-flash.rules) * 1:39308 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt (file-flash.rules) * 1:39274 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:39273 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:39615 <-> DISABLED <-> FILE-IMAGE Apple OSX and iOS TIFF tile size buffer overflow attempt (file-image.rules) * 1:40365 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:40364 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:40133 <-> ENABLED <-> BROWSER-IE VBScript ADODB.Connection object use after free attempt (browser-ie.rules) * 1:40132 <-> ENABLED <-> BROWSER-IE VBScript ADODB.Connection object use after free attempt (browser-ie.rules) * 1:39844 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:39843 <-> ENABLED <-> OS-WINDOWS Microsoft Windows gdiplus EMF EmrText out of bounds write attempt (os-windows.rules) * 1:40573 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules) * 1:40491 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules) * 1:40490 <-> DISABLED <-> FILE-OFFICE JustSystems Ichitaro Word Processor malformed PersistDirectory memory corruption attempt (file-office.rules) * 1:40395 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Ntoskrnl integer overflow privilege escalation attempt (os-windows.rules) * 1:40394 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Ntoskrnl integer overflow privilege escalation attempt (os-windows.rules) * 1:41139 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display list structure memory corruption attempt (file-flash.rules) * 1:41138 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display list structure memory corruption attempt (file-flash.rules) * 1:41111 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules) * 1:41110 <-> ENABLED <-> FILE-OFFICE Ichitaro Office JTD Figure handling code execution attempt (file-office.rules) * 1:40889 <-> DISABLED <-> SERVER-WEBAPP Barracuda WAF UPDATE_scan_information_in_use command injection attempt (server-webapp.rules) * 1:40574 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA resolveNode memory corruption attempt (file-pdf.rules) * 1:41144 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41143 <-> ENABLED <-> FILE-PDF Adobe Acrobat animateSyncButton use after free attempt (file-pdf.rules) * 1:41142 <-> ENABLED <-> FILE-PDF Adobe Acrobat animateSyncButton use after free attempt (file-pdf.rules) * 1:41141 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Out-of-Bounds Write attempt (file-office.rules) * 1:41140 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word Out-of-Bounds Write attempt (file-office.rules) * 1:41145 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41151 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript navigation pane use after free attempt (file-pdf.rules) * 1:41150 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript navigation pane use after free attempt (file-pdf.rules) * 1:41149 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41148 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41147 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41146 <-> DISABLED <-> FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt (file-image.rules) * 1:41152 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules) * 1:41153 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Forms Data Format embedded javascript attempt (file-pdf.rules) * 1:41154 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed CFF global subroutine memory corruption attempt (file-pdf.rules) * 1:41339 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41338 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41328 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules) * 1:41327 <-> DISABLED <-> FILE-PDF Iceni Argus ipStringCreate integer overflow attempt (file-pdf.rules) * 1:41326 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA Engine use after free attempt (file-pdf.rules) * 1:41325 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA Engine use after free attempt (file-pdf.rules) * 1:41215 <-> DISABLED <-> FILE-FLASH Adobe Flash Player onSetFocus movie clip use after free attempt (file-flash.rules) * 1:41214 <-> DISABLED <-> FILE-FLASH Adobe Flash Player onSetFocus movieclip use after free attempt (file-flash.rules) * 1:41201 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41200 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41199 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41198 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF Software tag heap buffer overflow attempt (file-image.rules) * 1:41194 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine stack buffer overflow attempt (file-pdf.rules) * 1:41193 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA engine stack buffer overflow attempt (file-pdf.rules) * 1:41164 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XSL stylesheet heap overflow attempt (file-pdf.rules) * 1:41163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader XSL stylesheet heap overflow attempt (file-pdf.rules) * 1:41159 <-> ENABLED <-> FILE-FLASH Adobe Flash Player visual blend out of bounds read attempt (file-flash.rules) * 1:41158 <-> ENABLED <-> FILE-FLASH Adobe Flash Player visual blend out of bounds read attempt (file-flash.rules) * 1:41157 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length heap overflow attempt (file-flash.rules) * 1:41156 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF file length heap overflow attempt (file-flash.rules) * 1:41155 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed CFF global subroutine memory corruption attempt (file-pdf.rules) * 1:41398 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41397 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41396 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41395 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41394 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41393 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41392 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41391 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF ICC tag heap buffer overflow attempt (file-image.rules) * 1:41371 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules) * 1:41370 <-> ENABLED <-> FILE-OTHER National Instruments LabVIEW LvVarientUnflatten remote code execution attempt (file-other.rules) * 1:41351 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules) * 1:41350 <-> DISABLED <-> FILE-OTHER Apple Garageband .band file out of bounds write attempt (file-other.rules) * 1:41343 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules) * 1:41342 <-> ENABLED <-> FILE-MULTIMEDIA Adobe Flash Player MP4 stsz atom memory corruption attempt (file-multimedia.rules) * 1:41341 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41340 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed JPEG APP1 segment out of bounds memory access attempt (file-image.rules) * 1:41399 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt (file-pdf.rules) * 1:41400 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader xfa subform use after free attempt (file-pdf.rules) * 1:41546 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules) * 1:41545 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter iBldDirInfo heap buffer overflow attempt (file-office.rules) * 1:41544 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules) * 1:41543 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter UnCompressUnicode out of bounds write attempt (file-office.rules) * 1:41536 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder file.php directory traversal attempt (server-webapp.rules) * 1:41512 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules) * 1:41511 <-> DISABLED <-> FILE-OFFICE AntennaHouse HTMLFilter FillRowFormat remote code execution attempt (file-office.rules) * 1:41510 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap buffer overflow attempt (server-other.rules) * 1:41509 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeBinary heap buffer overflow attempt (server-other.rules) * 1:41508 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client Memcpy heap overflow attempt (server-other.rules) * 1:41506 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules) * 1:41505 <-> DISABLED <-> SERVER-OTHER Pharos PopUp Printer Client DecodeString heap overflow attempt (server-other.rules) * 1:41504 <-> DISABLED <-> SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt (server-webapp.rules) * 1:41455 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess updateTemplate SQL injection attempt (server-webapp.rules) * 1:41454 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess updateTemplate SQL injection attempt (server-webapp.rules) * 1:41448 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules) * 1:41447 <-> ENABLED <-> FILE-OTHER Apple GarageBand out of bounds write attempt (file-other.rules) * 1:41412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:41411 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:41408 <-> ENABLED <-> BROWSER-OTHER Cisco WebEx extension command execution attempt (browser-other.rules) * 1:41407 <-> ENABLED <-> BROWSER-OTHER Cisco WebEx extension command execution attempt (browser-other.rules) * 1:41574 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS animation style information disclosure attempt (browser-ie.rules) * 1:41573 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS animation style information disclosure attempt (browser-ie.rules) * 1:41572 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41571 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41570 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41569 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41568 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41567 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:41566 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41565 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel xlsb use-after-free attempt (file-office.rules) * 1:41560 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41559 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41558 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41557 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array out of bounds memory corruption attempt (browser-ie.rules) * 1:41554 <-> ENABLED <-> BROWSER-IE Microsoft Edge url forgery attempt (browser-ie.rules) * 1:41553 <-> ENABLED <-> BROWSER-IE Microsoft Edge url forgery attempt (browser-ie.rules) * 1:41582 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed CellXF memory corruption attempt (file-office.rules) * 1:41581 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel malformed CellXF memory corruption attempt (file-office.rules) * 1:41580 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DirectComposition double free attempt (os-windows.rules) * 1:41579 <-> ENABLED <-> OS-WINDOWS Microsoft Windows DirectComposition double free attempt (os-windows.rules) * 1:41578 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF footnote format use after free attempt (file-office.rules) * 1:41577 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF footnote format use after free attempt (file-office.rules) * 1:41583 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOMAttrModified event use after free attempt (browser-ie.rules) * 1:41585 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mutated scope with generator memory corruption attempt (browser-ie.rules) * 1:41584 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer DOMAttrModified event use after free attempt (browser-ie.rules) * 1:41612 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41611 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder luminance adjustment out of bounds memory access attempt (file-other.rules) * 1:41610 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41609 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41608 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41607 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Kernel NtCreateProfile privilege escalation attempt (os-windows.rules) * 1:41606 <-> DISABLED <-> BROWSER-IE Microsoft Edge AsmJs memory corruption attempt (browser-ie.rules) * 1:41605 <-> DISABLED <-> BROWSER-IE Microsoft Edge AsmJs memory corruption attempt (browser-ie.rules) * 1:41602 <-> ENABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41601 <-> ENABLED <-> FILE-PDF Microsoft Edge PDF Builder out of bounds read attempt (file-pdf.rules) * 1:41598 <-> DISABLED <-> FILE-OTHER Windows Uniscribe remote code execution vulnerability attempt (file-other.rules) * 1:41597 <-> DISABLED <-> FILE-OTHER Windows Uniscribe remote code execution vulnerability attempt (file-other.rules) * 1:41596 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI invalid EMF cbBitsSrc memory disclosure attempt (os-windows.rules) * 1:41595 <-> DISABLED <-> OS-WINDOWS Microsoft Windows GDI invalid EMF cbBitsSrc memory disclosure attempt (os-windows.rules) * 1:41592 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI privilege escalation attempt (os-windows.rules) * 1:41591 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI privilege escalation attempt (os-windows.rules) * 1:41590 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHtmlTab use after free attempt (browser-ie.rules) * 1:41589 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CHtmlTab use after free attempt (browser-ie.rules) * 1:41588 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds memory corruption (browser-ie.rules) * 1:41587 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds memory corruption (browser-ie.rules) * 1:41586 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer mutated scope with generator memory corruption attempt (browser-ie.rules) * 1:41628 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41627 <-> ENABLED <-> FILE-FLASH Adobe Flash Player garbage collection use after free attempt (file-flash.rules) * 1:41626 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41625 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41624 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41623 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MessageChannel type confusion attempt (file-flash.rules) * 1:41622 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41621 <-> DISABLED <-> FILE-FLASH Adobe Flash malformed FLV heap overflow attempt (file-flash.rules) * 1:41620 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41619 <-> DISABLED <-> FILE-FLASH Adobe Flash Player addEventListener use after free attempt (file-flash.rules) * 1:41618 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41617 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41616 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41615 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41614 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41613 <-> ENABLED <-> FILE-OTHER Adobe Flash Player h264 decoder heap overflow attempt (file-other.rules) * 1:41748 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41746 <-> ENABLED <-> FILE-MULTIMEDIA Chrome Pepper Flash Player SampleCount heap overflow attempt (file-multimedia.rules) * 1:41745 <-> ENABLED <-> FILE-MULTIMEDIA Chrome Pepper Flash Player SampleCount heap overflow attempt (file-multimedia.rules) * 1:41727 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules) * 1:41726 <-> ENABLED <-> FILE-OFFICE AntennaHouse DMC HTMLFilter AddSst heap overflow attempt (file-office.rules) * 1:41704 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules) * 1:41703 <-> DISABLED <-> FILE-OFFICE Ichitaro Office Excel TxO record heap buffer overflow attempt (file-office.rules) * 1:41700 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41699 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41698 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 ping.cgi command injection attempt (server-webapp.rules) * 1:41680 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41679 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ShimContentResolver out of bounds memory access attempt (file-flash.rules) * 1:41674 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules) * 1:41673 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField object event handler use after free attempt (file-flash.rules) * 1:41654 <-> DISABLED <-> SERVER-WEBAPP Geutebruck IP Camera testaction.cgi command injection attempt (server-webapp.rules) * 1:41653 <-> DISABLED <-> SERVER-WEBAPP Geutebruck IP Camera testaction.cgi command injection attempt (server-webapp.rules) * 1:41652 <-> DISABLED <-> SERVER-WEBAPP Geutebruck IP Camera testaction.cgi command injection attempt (server-webapp.rules) * 1:41632 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41631 <-> ENABLED <-> FILE-OTHER Adobe Flash Player mp4 h264 decompression routine out of bounds read attempt (file-other.rules) * 1:41630 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41629 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK EventDispatch removeEventListener use after free attempt (file-flash.rules) * 1:41926 <-> ENABLED <-> OS-WINDOWS Microsoft Win32u NtUserThunkedMenuItemInfo use after free attempt (os-windows.rules) * 1:41798 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:41797 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer loadXML parseError.errorCode information disclosure attempt (browser-ie.rules) * 1:41769 <-> DISABLED <-> SERVER-WEBAPP WP_Query plugin SQL injection attempt (server-webapp.rules) * 1:41768 <-> DISABLED <-> SERVER-WEBAPP WP_Query plugin SQL injection attempt (server-webapp.rules) * 1:41767 <-> DISABLED <-> SERVER-WEBAPP WP_Query plugin SQL injection attempt (server-webapp.rules) * 1:41766 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules) * 1:41765 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC DHFSummary stack buffer overflow attempt (file-office.rules) * 1:41764 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41763 <-> ENABLED <-> BROWSER-IE Microsoft Edge HandleColumnBreakOnColumnSpanningElement type confusion attempt (browser-ie.rules) * 1:41760 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules) * 1:41759 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC ParseEnvironment heap buffer overflow attempt (file-office.rules) * 1:41754 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules) * 1:41753 <-> DISABLED <-> FILE-OFFICE AntennaHouse DMC GetIndexArray out of bounds write attempt (file-office.rules) * 1:41751 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41750 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41749 <-> DISABLED <-> SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt (server-webapp.rules) * 1:41927 <-> ENABLED <-> OS-WINDOWS Microsoft Win32u NtUserThunkedMenuItemInfo use after free attempt (os-windows.rules) * 1:41954 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules) * 1:41953 <-> ENABLED <-> BROWSER-IE Microsoft Edge local file read information leak attempt (browser-ie.rules) * 1:41952 <-> ENABLED <-> BROWSER-IE Microsoft Edge local file read information leak attempt (browser-ie.rules) * 1:41951 <-> ENABLED <-> BROWSER-IE Microsoft Edge WebAssembly memory corruption attempt (browser-ie.rules) * 1:41950 <-> ENABLED <-> BROWSER-IE Microsoft Edge WebAssembly memory corruption attempt (browser-ie.rules) * 1:41945 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:41944 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:41941 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41940 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41939 <-> ENABLED <-> BROWSER-IE Microsoft Edge reverse helper heap buffer overflow attempt (browser-ie.rules) * 1:41938 <-> ENABLED <-> BROWSER-IE Microsoft Edge reverse helper heap buffer overflow attempt (browser-ie.rules) * 1:41937 <-> ENABLED <-> BROWSER-IE Microsoft Edge TypedArray setter arbitrary write attempt (browser-ie.rules) * 1:41936 <-> ENABLED <-> BROWSER-IE Microsoft Edge TypedArray setter arbitrary write attempt (browser-ie.rules) * 1:41935 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41934 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41933 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41932 <-> ENABLED <-> FILE-OTHER Microsoft Windows Uniscribe privilege escalation attempt (file-other.rules) * 1:41931 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41930 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41929 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41928 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k DDI use after free attempt (os-windows.rules) * 1:41975 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41974 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41973 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41972 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font out of bounds write attempt (os-windows.rules) * 1:41967 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont GSUB table out of bounds write attempt (os-windows.rules) * 1:41966 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont GSUB table out of bounds write attempt (os-windows.rules) * 1:41965 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word 2010 use-after-free memory corruption vulnerability attempt (file-office.rules) * 1:41964 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word 2010 use-after-free memory corruption vulnerability attempt (file-office.rules) * 1:41963 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word template remote code execution attempt (file-office.rules) * 1:41962 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word template remote code execution attempt (file-office.rules) * 1:41961 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font LookupTable out of bounds write attempt (os-windows.rules) * 1:41960 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueType Font LookupTable out of bounds write attempt (os-windows.rules) * 1:41959 <-> ENABLED <-> BROWSER-IE Microsoft Edge malformed UTF-8 decode arbitrary read attempt (browser-ie.rules) * 1:41958 <-> ENABLED <-> BROWSER-IE Microsoft Edge malformed UTF-8 decode arbitrary read attempt (browser-ie.rules) * 1:41957 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules) * 1:41956 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer arguments type confusion attempt (browser-ie.rules) * 1:41955 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer textarea type confusion attempt (browser-ie.rules) * 1:42013 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuditudeSettings stack overflow attempt (file-flash.rules) * 1:42012 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AuditudeSettings stack overflow attempt (file-flash.rules) * 1:42011 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField use after free attempt (file-flash.rules) * 1:42010 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TextField use after free attempt (file-flash.rules) * 1:41999 <-> ENABLED <-> OS-OTHER Apple OSX and iOS x509 certificate name constraints parsing use after free attempt (os-other.rules) * 1:41998 <-> DISABLED <-> OS-WINDOWS Microsoft GDI+ privilege escalation attempt (os-windows.rules) * 1:41996 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DDI privilege escalation attempt (os-windows.rules) * 1:41995 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DDI privilege escalation attempt (os-windows.rules) * 1:41994 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI WMF out of bounds read attempt (os-windows.rules) * 1:41993 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI WMF out of bounds read attempt (os-windows.rules) * 1:41992 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF file out of bounds access attempt (file-other.rules) * 1:41991 <-> ENABLED <-> FILE-OTHER Microsoft Windows TTF file out of bounds access attempt (file-other.rules) * 1:41986 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41985 <-> ENABLED <-> OS-WINDOWS Microsoft Windows TrueTypeFont post table out of bounds write attempt (os-windows.rules) * 1:41984 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMBv1 identical MID and FID type confusion attempt (os-windows.rules) * 1:41982 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word out of bounds read attempt (file-office.rules) * 1:41981 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word out of bounds read attempt (file-office.rules) * 1:41980 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41979 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41977 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:41976 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel shared strings memory corruption attempt (file-office.rules) * 1:42107 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork module command injection attempt (server-webapp.rules) * 1:42106 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork ged_actions.php command injection attempt (server-webapp.rules) * 1:42105 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork ged_actions.php command injection attempt (server-webapp.rules) * 1:42097 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42096 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Resolution Opportunity parameter memory corruption attempt (file-flash.rules) * 1:42091 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42090 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42089 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42088 <-> DISABLED <-> FILE-IMAGE Corel Photo Paint invalid ImageLength memory corruption attempt (file-image.rules) * 1:42078 <-> DISABLED <-> SERVER-WEBAPP Foscam cgiproxy.fcgi stack buffer overflow attempt (server-webapp.rules) * 1:42053 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime TVSDK memory corruption attempt (file-flash.rules) * 1:42052 <-> ENABLED <-> FILE-FLASH Adobe Flash Player Primetime TVSDK memory corruption attempt (file-flash.rules) * 1:42048 <-> ENABLED <-> SERVER-WEBAPP dnaLIMS sysAdmin.cgi arbitrary command execution attempt (server-webapp.rules) * 1:42047 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free (file-flash.rules) * 1:42046 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free (file-flash.rules) * 1:42045 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free attempt (file-flash.rules) * 1:42044 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom object garbage collection use after free attempt (file-flash.rules) * 1:42167 <-> ENABLED <-> FILE-OFFICE Microsoft Office custom message class security bypass attempt (file-office.rules) * 1:42166 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer type confusion vulnerability attempt (browser-ie.rules) * 1:42165 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer type confusion vulnerability attempt (browser-ie.rules) * 1:42162 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42161 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel out of bounds memory attempt (file-office.rules) * 1:42160 <-> ENABLED <-> SERVER-OTHER Microsoft LDAP MaxBuffSize buffer overflow attempt (server-other.rules) * 1:42159 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k privilege escalation attempt (os-windows.rules) * 1:42158 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k privilege escalation attempt (os-windows.rules) * 1:42157 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer recordset use after free attempt (browser-ie.rules) * 1:42156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer recordset use after free attempt (browser-ie.rules) * 1:42155 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k information disclosure attempt (os-windows.rules) * 1:42154 <-> DISABLED <-> OS-WINDOWS Microsoft Windows win32k information disclosure attempt (os-windows.rules) * 1:42153 <-> ENABLED <-> BROWSER-IE Microsoft Edge JavaScript string object type confusion attempt (browser-ie.rules) * 1:42152 <-> ENABLED <-> BROWSER-IE Microsoft Edge JavaScript string object type confusion attempt (browser-ie.rules) * 1:42151 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42150 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42149 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42148 <-> ENABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver malformed OTF file out-of-bounds memory access attempt (file-other.rules) * 1:42138 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules) * 1:42137 <-> DISABLED <-> FILE-OFFICE Lexmark Perceptive Document Filters malformed XLS information disclosure attempt (file-office.rules) * 1:42108 <-> DISABLED <-> SERVER-WEBAPP EyesOfNetwork module command injection attempt (server-webapp.rules) * 1:42196 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules) * 1:42195 <-> ENABLED <-> FILE-OTHER Tablib yaml.load code execution attempt (file-other.rules) * 1:42190 <-> DISABLED <-> FILE-OFFICE RTF objautlink url moniker file download attempt (file-office.rules) * 1:42189 <-> DISABLED <-> FILE-OFFICE RTF objautlink url moniker file download attempt (file-office.rules) * 1:42188 <-> ENABLED <-> OS-WINDOWS Microsoft Windows IE ETW Collector Service privilege escalation attempt (os-windows.rules) * 1:42187 <-> ENABLED <-> OS-WINDOWS Microsoft Windows IE ETW Collector Service privilege escalation attempt (os-windows.rules) * 1:42186 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt (os-windows.rules) * 1:42185 <-> ENABLED <-> OS-WINDOWS Microsoft Windows WMI DCOM arbitrary .NET serialization code execution attempt (os-windows.rules) * 1:42184 <-> ENABLED <-> BROWSER-IE Microsoft Edge format rendering type confusion attempt (browser-ie.rules) * 1:42183 <-> ENABLED <-> BROWSER-IE Microsoft Edge format rendering type confusion attempt (browser-ie.rules) * 1:42178 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules) * 1:42177 <-> ENABLED <-> FILE-OTHER IrfanView JPEG2000 reference tile width value buffer overflow attempt (file-other.rules) * 1:42176 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API documentToStream use after free attempt (file-pdf.rules) * 1:42175 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript API documentToStream use after free attempt (file-pdf.rules) * 1:42174 <-> ENABLED <-> OS-WINDOWS Microsoft GDI PolyTextOutW out of bounds memory write attempt (os-windows.rules) * 1:42173 <-> ENABLED <-> OS-WINDOWS Microsoft GDI PolyTextOutW out of bounds memory write attempt (os-windows.rules) * 1:42168 <-> ENABLED <-> FILE-OFFICE Microsoft Office custom message class security bypass attempt (file-office.rules) * 1:42199 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI null pointer dereference attempt (os-windows.rules) * 1:42202 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript string from stream memory corruption attempt (file-pdf.rules) * 1:42200 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GDI null pointer dereference attempt (os-windows.rules) * 1:42203 <-> ENABLED <-> FILE-PDF Adobe Reader JavaScript string from stream memory corruption attempt (file-pdf.rules) * 1:42204 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlFile ActiveX control universal XSS attempt (browser-ie.rules) * 1:42205 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer htmlFile ActiveX control universal XSS attempt (browser-ie.rules) * 1:42206 <-> ENABLED <-> FILE-FLASH Adobe Flash Player allocator use-after-free attempt (file-flash.rules) * 1:42207 <-> ENABLED <-> FILE-FLASH Adobe Flash Player allocator use-after-free attempt (file-flash.rules) * 1:42208 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Clipboard Broker privilege escalation vulnerability attempt (os-windows.rules) * 1:42209 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Clipboard Broker privilege escalation vulnerability attempt (os-windows.rules) * 1:42210 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules) * 1:42211 <-> ENABLED <-> BROWSER-IE Microsoft Edge xlink type confusion memory corruption attempt (browser-ie.rules) * 1:42212 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules) * 1:42213 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader embedded JPEG 2000 flst heap overflow attempt (file-pdf.rules) * 1:42214 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetStream use after free attempt (file-flash.rules) * 1:42215 <-> ENABLED <-> FILE-FLASH Adobe Flash Player NetStream use after free attempt (file-flash.rules) * 1:42216 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader pcx planes memory corruption attempt (file-other.rules) * 1:42217 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Reader pcx planes memory corruption attempt (file-other.rules) * 1:42218 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed GIF memory corruption attempt (file-image.rules) * 1:42219 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF memory corruption attempt (file-image.rules) * 1:42221 <-> ENABLED <-> SERVER-WEBAPP Moxa private key disclosure attempt (server-webapp.rules) * 1:42222 <-> ENABLED <-> SERVER-WEBAPP Moxa MX Studio login page denial of service attempt (server-webapp.rules) * 1:42234 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS authLogin.cgi command injection attempt (server-webapp.rules) * 1:42235 <-> DISABLED <-> SERVER-OTHER NTP malformed config request denial of service attempt (server-other.rules) * 1:42236 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS userConfig.cgi command injection attempt (server-webapp.rules) * 1:42237 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS userConfig.cgi command injection attempt (server-webapp.rules) * 1:42238 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS userConfig.cgi command injection attempt (server-webapp.rules) * 1:42239 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS utilRequest.cgi command injection attempt (server-webapp.rules) * 1:42240 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS utilRequest.cgi command injection attempt (server-webapp.rules) * 1:42241 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS utilRequest.cgi command injection attempt (server-webapp.rules) * 1:42244 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42245 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42246 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42247 <-> DISABLED <-> SERVER-WEBAPP Information Builders WebFOCUS Business Intelligence Portal command injection attempt (server-webapp.rules) * 1:42273 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules) * 1:42255 <-> DISABLED <-> OS-WINDOWS Microsoft Windows empty RDP cookie negotiation attempt (os-windows.rules) * 1:42274 <-> DISABLED <-> FILE-PDF Poppler DCTStream readScan heap buffer overflow attempt (file-pdf.rules) * 1:42275 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG2000 pclr tag out of bounds read attempt (file-pdf.rules) * 1:42276 <-> ENABLED <-> FILE-PDF Adobe Reader JPEG2000 pclr tag out of bounds read attempt (file-pdf.rules) * 1:42285 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42286 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42290 <-> DISABLED <-> SERVER-WEBAPP Openfire userimportexport plugin XML external entity injection attempt (server-webapp.rules) * 1:42294 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMBv1 WriteAndX and TransSecondaryRequest TotalDataCount out of bounds write attempt (os-windows.rules) * 1:42296 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed PRC file out of bounds read attempt (file-pdf.rules) * 1:42297 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed PRC file out of bounds read attempt (file-pdf.rules) * 1:42298 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:42299 <-> DISABLED <-> FILE-PDF Adobe PDF PPKLite security handler memory corruption vulnerability attempt (file-pdf.rules) * 1:42309 <-> ENABLED <-> FILE-PDF Adobe Acrobat embedded JPEG2000 invalid header out of bounds memory access attempt (file-pdf.rules) * 1:42310 <-> ENABLED <-> FILE-PDF Adobe Acrobat embedded JPEG2000 invalid header out of bounds memory access attempt (file-pdf.rules) * 1:42311 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42312 <-> DISABLED <-> FILE-PDF Multiple Products malformed JP2K codestream out of bounds read attempt (file-pdf.rules) * 1:42321 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules) * 1:42322 <-> DISABLED <-> FILE-OTHER Power Software PowerISO invalid primary volume descriptor header use after free attempt (file-other.rules) * 1:42324 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader overly large segment size out of bounds read attempt (file-image.rules) * 1:42325 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Reader overly large segment size out of bounds read attempt (file-image.rules) * 1:42326 <-> ENABLED <-> SERVER-OTHER Zabbix Server Trapper code execution attempt (server-other.rules) * 1:42327 <-> DISABLED <-> SERVER-WEBAPP Cpanel cgiemail format string code execution attempt (server-webapp.rules) * 1:42328 <-> DISABLED <-> SERVER-WEBAPP Cpanel cgiemail format string code execution attempt (server-webapp.rules) * 1:42337 <-> DISABLED <-> INDICATOR-COMPROMISE Zabbix Proxy configuration containing script detected (indicator-compromise.rules) * 1:42339 <-> ENABLED <-> OS-WINDOWS Microsoft Windows SMB possible leak of kernel heap memory (os-windows.rules) * 1:42345 <-> DISABLED <-> SERVER-WEBAPP Tenable Appliance simpleupload.py command injection attempt (server-webapp.rules) * 1:42346 <-> DISABLED <-> SERVER-WEBAPP Tenable Appliance simpleupload.py command injection attempt (server-webapp.rules) * 1:42347 <-> DISABLED <-> SERVER-WEBAPP Tenable Appliance simpleupload.py command injection attempt (server-webapp.rules) * 1:42761 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra array unshift heap overflow attempt (browser-ie.rules) * 1:42354 <-> DISABLED <-> SERVER-WEBAPP Squirrelmail sendmail delivery parameter injection attempt (server-webapp.rules) * 1:42355 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42356 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42357 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42358 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42359 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42360 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42361 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42362 <-> DISABLED <-> SERVER-OTHER 389-ds-base bind code execution attempt (server-other.rules) * 1:42369 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42370 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42371 <-> ENABLED <-> FILE-IDENTIFY gzip compressed file detected (file-identify.rules) * 1:42414 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules) * 1:42415 <-> DISABLED <-> FILE-PDF Adobe PDF JavaScript engine use after free memory corruption attempt (file-pdf.rules) * 1:42431 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Video Camera CGIProxy.fcgi query append buffer overflow attempt (server-webapp.rules) * 1:42432 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42433 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42434 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera command injection attempt (server-webapp.rules) * 1:42435 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules) * 1:42436 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera callbackJson directory traversal attempt (server-webapp.rules) * 1:42437 <-> DISABLED <-> SERVER-WEBAPP Foscam IP Camera multipart boundary stack buffer overflow attempt (server-webapp.rules) * 1:42455 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules) * 1:42456 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules) * 1:42457 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance password.php command injection attempt (server-webapp.rules) * 1:42461 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php PHP file injection attempt (server-webapp.rules) * 1:42462 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance reports.php directory traversal attempt (server-webapp.rules) * 1:42475 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42476 <-> DISABLED <-> FILE-PDF malformed embedded JPEG2000 image information disclosure attempt (file-pdf.rules) * 1:42749 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine postMessage use after free attempt (browser-ie.rules) * 1:42750 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine postMessage use after free attempt (browser-ie.rules) * 1:42751 <-> ENABLED <-> OS-WINDOWS Microsoft Windows AFD.sys double fetch race condition attempt (os-windows.rules) * 1:42752 <-> ENABLED <-> OS-WINDOWS Microsoft Windows AFD.sys double fetch race condition attempt (os-windows.rules) * 1:42753 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:42754 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:42755 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2010 Sepx memory corruption attempt (file-office.rules) * 1:42756 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2010 Sepx memory corruption attempt (file-office.rules) * 1:42757 <-> ENABLED <-> OS-WINDOWS Microsoft Windows dxgkrnl CreateDriverAllocations null pointer dereference attempt (os-windows.rules) * 1:42758 <-> ENABLED <-> OS-WINDOWS Microsoft Windows dxgkrnl CreateDriverAllocations null pointer dereference attempt (os-windows.rules) * 1:42759 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42760 <-> DISABLED <-> OS-WINDOWS Microsoft Windows COM privilege escalation attempt (os-windows.rules) * 1:42763 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (os-windows.rules) * 1:42764 <-> ENABLED <-> OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt (os-windows.rules) * 1:42765 <-> DISABLED <-> OS-WINDOWS Microsoft win32k privilege escalation attempt (os-windows.rules) * 1:42766 <-> DISABLED <-> OS-WINDOWS Microsoft win32k privilege escalation attempt (os-windows.rules) * 1:42769 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k kernel memory leak attempt (os-windows.rules) * 1:42770 <-> ENABLED <-> OS-WINDOWS Microsoft Win32k kernel memory leak attempt (os-windows.rules) * 1:42771 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GdiGradientFill null pointer dereference attempt (os-windows.rules) * 1:42772 <-> ENABLED <-> OS-WINDOWS Microsoft Windows GdiGradientFill null pointer dereference attempt (os-windows.rules) * 1:42775 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra JIT memory corruption attempt (browser-ie.rules) * 1:42776 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra JIT memory corruption attempt (browser-ie.rules) * 1:42777 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:42778 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine security bypass css attempt (browser-ie.rules) * 1:42779 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS writing mode type confusion attempt (browser-ie.rules) * 1:42780 <-> ENABLED <-> BROWSER-IE Microsoft Edge CSS writing mode type confusion attempt (browser-ie.rules) * 1:42781 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge AudioContext use after free attempt (browser-ie.rules) * 1:42782 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge AudioContext use after free attempt (browser-ie.rules) * 1:42783 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl information disclosure attempt (os-windows.rules) * 1:42784 <-> DISABLED <-> OS-WINDOWS Microsoft Windows ntoskrnl information disclosure attempt (os-windows.rules) * 1:42785 <-> DISABLED <-> INDICATOR-SCAN DNS version.bind string information disclosure attempt (indicator-scan.rules) * 1:42788 <-> DISABLED <-> FILE-PDF Adobe Reader malformed app13 tag information disclosure attempt (file-pdf.rules) * 1:42789 <-> DISABLED <-> FILE-PDF Adobe Reader malformed app13 tag information disclosure attempt (file-pdf.rules) * 1:42790 <-> ENABLED <-> FILE-PDF Adobe Reader invalid object reference use after free attempt (file-pdf.rules) * 1:42791 <-> ENABLED <-> FILE-PDF Adobe Reader invalid object reference use after free attempt (file-pdf.rules) * 1:42792 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid tag buffer overflow attempt (file-flash.rules) * 1:42793 <-> ENABLED <-> FILE-FLASH Adobe Flash Player FLV invalid tag buffer overflow attempt (file-flash.rules) * 1:42794 <-> ENABLED <-> FILE-FLASH Adobe Flash Player beginGradientFill color array out of bounds read attempt (file-flash.rules) * 1:42795 <-> ENABLED <-> FILE-FLASH Adobe Flash Player beginGradientFill color array out of bounds read attempt (file-flash.rules) * 1:42796 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter memory corruption attempt (file-flash.rules) * 1:42797 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter memory corruption attempt (file-flash.rules) * 1:42798 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds read attempt (browser-ie.rules) * 1:42799 <-> DISABLED <-> BROWSER-IE Microsoft Edge out of bounds read attempt (browser-ie.rules) * 1:42800 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush out of bounds read attempt (file-flash.rules) * 1:42801 <-> ENABLED <-> FILE-FLASH Adobe Flash Player ActionPush out of bounds read attempt (file-flash.rules) * 1:42802 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed AES key memory corruption attempt (file-pdf.rules) * 1:42803 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed AES key memory corruption attempt (file-pdf.rules) * 1:42807 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player BlendMode memory corruption attempt (file-flash.rules) * 1:42808 <-> ENABLED <-> FILE-FLASH Adobe Standalone Flash Player BlendMode memory corruption attempt (file-flash.rules) * 1:42809 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42810 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData out of bounds memory access attempt (file-flash.rules) * 1:42811 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42812 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Engine use-after-free attempt (browser-ie.rules) * 1:42813 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed URI information disclosure attempt (file-pdf.rules) * 1:42814 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader malformed URI information disclosure attempt (file-pdf.rules) * 1:42815 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42816 <-> ENABLED <-> FILE-FLASH Adobe Flash Player display object mask use after free attempt (file-flash.rules) * 1:42820 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:42821 <-> ENABLED <-> OS-WINDOWS Microsoft Malware Protection Engine type confusion attempt (os-windows.rules) * 1:42843 <-> DISABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup Appliance download-files command injection attempt (server-webapp.rules) * 1:42844 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42845 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIF heap overflow attempt (file-image.rules) * 1:42859 <-> ENABLED <-> FILE-PDF Adobe Reader PDF memory corruption attempt (file-pdf.rules) * 1:42860 <-> ENABLED <-> FILE-PDF Adobe Reader PDF memory corruption attempt (file-pdf.rules) * 1:42868 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA forms engine use after free attempt (file-pdf.rules) * 1:42869 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XFA forms engine use after free attempt (file-pdf.rules) * 1:42887 <-> ENABLED <-> SERVER-OTHER ntpq flagstr buffer overflow attempt (server-other.rules) * 1:42888 <-> DISABLED <-> FILE-PDF Adobe Acrobat JP2 parser information disclosure attempt (file-pdf.rules) * 1:42889 <-> DISABLED <-> FILE-PDF Adobe Acrobat JP2 parser information disclosure attempt (file-pdf.rules) * 1:42896 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CTJPEGWriter null pointer dereference attempt (file-pdf.rules) * 1:42897 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader CTJPEGWriter null pointer dereference attempt (file-pdf.rules) * 1:42900 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42903 <-> ENABLED <-> FILE-OFFICE Microsoft Office EPS restore command use after free attempt (file-office.rules) * 1:42910 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42911 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42912 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42913 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42914 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42915 <-> ENABLED <-> FILE-PDF Acrobat Reader TIFF malformed IFD tag heap overflow attempt (file-pdf.rules) * 1:42932 <-> DISABLED <-> FILE-FLASH Adobe Flash Player javascript decompressor use after free attempt (file-flash.rules) * 1:42933 <-> DISABLED <-> FILE-FLASH Adobe Flash Player javascript decompressor use after free attempt (file-flash.rules) * 1:42941 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP PER length integer underflow attempt (protocol-other.rules) * 1:42942 <-> ENABLED <-> FILE-PDF Adobe Reader XFA large array use after free attempt (file-pdf.rules) * 1:42943 <-> ENABLED <-> FILE-PDF Adobe Reader XFA large array use after free attempt (file-pdf.rules) * 1:42951 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer arbitrary JSP file upload attempt (server-webapp.rules) * 1:42952 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer directory traversal attempt (server-webapp.rules) * 1:42953 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer directory traversal attempt (server-webapp.rules) * 1:42954 <-> ENABLED <-> SERVER-WEBAPP Oracle Fusion Middleware MapViewer directory traversal attempt (server-webapp.rules) * 1:42958 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:42959 <-> DISABLED <-> SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (server-webapp.rules) * 1:42967 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42968 <-> DISABLED <-> POLICY-OTHER Adobe Acrobat cloud file undocumented function use (policy-other.rules) * 1:42973 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP RSA modulus length integer underflow attempt (protocol-other.rules) * 1:42974 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid cbCompanyName out of bounds read attempt (protocol-other.rules) * 1:42975 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid EncryptedPlatformChallenge null pointer dereference attempt (protocol-other.rules) * 1:42998 <-> DISABLED <-> PROTOCOL-OTHER FreeRDP invalid MCS serverRandomLen out of bounds read attempt (protocol-other.rules) * 1:43004 <-> ENABLED <-> SERVER-SAMBA Samba is_known_pipe arbitrary module load code execution attempt (server-samba.rules) * 1:43005 <-> DISABLED <-> SERVER-WEBAPP Foscam setWifiSetting command psk stack buffer overflow attempt (server-webapp.rules) * 1:43055 <-> DISABLED <-> SERVER-OTHER Veritas Netbackup bprd remote code execution attempt (server-other.rules) * 1:43056 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt (os-windows.rules) * 1:43057 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt (os-windows.rules) * 1:43058 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid DefinedEditText tag memory corruption attempt (file-flash.rules) * 1:43059 <-> DISABLED <-> FILE-FLASH Adobe Flash Player invalid DefinedEditText tag memory corruption attempt (file-flash.rules) * 1:43061 <-> DISABLED <-> SERVER-WEBAPP Foscam changeUserName command passwd file injection attempt (server-webapp.rules) * 1:43064 <-> ENABLED <-> SERVER-OTHER NetBackup bprd remote file write attempt (server-other.rules) * 1:43147 <-> ENABLED <-> SERVER-WEBAPP IBM OpenAdmin Tool SOAP welcomeService.php PHP code injection attempt (server-webapp.rules) * 1:43155 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:43156 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:43157 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:43158 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Device Guard code execution attempt (os-windows.rules) * 1:43159 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2016 use after free attempt (file-office.rules) * 1:43160 <-> ENABLED <-> FILE-OFFICE Microsoft Office Word 2016 use after free attempt (file-office.rules) * 1:43163 <-> ENABLED <-> BROWSER-IE Microsoft Edge object property type confusion attempt (browser-ie.rules) * 1:43164 <-> ENABLED <-> BROWSER-IE Microsoft Edge object property type confusion attempt (browser-ie.rules) * 1:43165 <-> ENABLED <-> BROWSER-IE Microsoft Edge cssText use after free attempt (browser-ie.rules) * 1:43166 <-> ENABLED <-> BROWSER-IE Microsoft Edge cssText use after free attempt (browser-ie.rules) * 1:43169 <-> ENABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43170 <-> ENABLED <-> BROWSER-IE Microsoft Edge textContent use after free attempt (browser-ie.rules) * 1:43173 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 RS2 x64 linked cursor double free attempt (os-windows.rules) * 1:43174 <-> ENABLED <-> OS-WINDOWS Microsoft Windows 10 RS2 x64 linked cursor double free attempt (os-windows.rules) * 1:43175 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Search Service out of bounds memory access attempt (os-windows.rules) * 1:43176 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Search Service out of bounds memory access attempt (os-windows.rules) * 1:43181 <-> ENABLED <-> FILE-OTHER Oniguruma expression parser out of bounds write attempt (file-other.rules) * 1:43182 <-> ENABLED <-> FILE-OTHER Oniguruma expression parser out of bounds write attempt (file-other.rules) * 1:43191 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway performBackupNow.do command injection attempt (server-webapp.rules) * 1:43212 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules) * 1:43213 <-> DISABLED <-> FILE-PDF Iceni Infix PDF parsing out of bounds write attempt (file-pdf.rules) * 1:43249 <-> DISABLED <-> SERVER-WEBAPP Nuxeo CMS BatchUploadObject arbitrary JSP file upload attempt (server-webapp.rules) * 1:43250 <-> DISABLED <-> SERVER-WEBAPP Nuxeo CMS BatchUploadObject directory traversal attempt (server-webapp.rules) * 1:43284 <-> DISABLED <-> SERVER-WEBAPP HP Network Automation RedirectServlet SQL injection attempt (server-webapp.rules) * 1:43380 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (os-windows.rules) * 1:43381 <-> ENABLED <-> OS-WINDOWS Microsoft Windows MsMpEng custom apicall instruction use detected (os-windows.rules) * 1:43382 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43383 <-> ENABLED <-> FILE-FLASH Adobe Flash Player AdvertisingMetadata use after free attempt (file-flash.rules) * 1:43393 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPEG-4 AVC decoding out of bounds read attempt (file-flash.rules) * 1:43394 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MPEG-4 AVC decoding out of bounds read attempt (file-flash.rules) * 1:43395 <-> ENABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules) * 1:43396 <-> ENABLED <-> FILE-FLASH Adobe Acrobat Reader profile use after free attempt (file-flash.rules) * 1:43405 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:43406 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales out of bounds memory read attempt (file-flash.rules) * 1:43410 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43411 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43412 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43413 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43414 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43415 <-> ENABLED <-> FILE-FLASH Adobe Flash Player DisplayObject use after free attempt (file-flash.rules) * 1:43416 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43417 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43418 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43419 <-> ENABLED <-> FILE-FLASH Adobe Flash Player BitmapData object out of bounds access attempt (file-flash.rules) * 1:43420 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:43421 <-> ENABLED <-> FILE-FLASH Adobe Flash Player custom toString function attempt (file-flash.rules) * 1:43433 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotations memory corruption attempt (file-pdf.rules) * 1:43434 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotations memory corruption attempt (file-pdf.rules) * 1:43460 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43461 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43462 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43463 <-> DISABLED <-> BROWSER-IE Microsoft Edge use-after-free attempt (browser-ie.rules) * 1:43465 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:43466 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:43469 <-> ENABLED <-> BROWSER-IE Microsoft Edge uninitialized memory attempt (browser-ie.rules) * 1:43470 <-> ENABLED <-> BROWSER-IE Microsoft Edge uninitialized memory attempt (browser-ie.rules) * 1:43471 <-> ENABLED <-> BROWSER-IE Microsoft Edge VBScript VarType out of bounds read attempt (browser-ie.rules) * 1:43472 <-> ENABLED <-> BROWSER-IE Microsoft Edge VBScript VarType out of bounds read attempt (browser-ie.rules) * 1:43473 <-> ENABLED <-> OS-WINDOWS Microsoft win32u PlgBlt out of bounds memory write attempt (os-windows.rules) * 1:43474 <-> ENABLED <-> OS-WINDOWS Microsoft win32u PlgBlt out of bounds memory write attempt (os-windows.rules) * 1:43479 <-> ENABLED <-> FILE-FLASH Adobe Flash Player applyFilter memory corruption attempt (file-flash.rules) * 1:43480 <-> ENABLED <-> FILE-FLASH Adobe Flash Player applyFilter memory corruption attempt (file-flash.rules) * 1:43490 <-> DISABLED <-> OS-WINDOWS Microsoft Windows unsafe memory access privilege escalation attempt (os-windows.rules) * 1:43491 <-> DISABLED <-> OS-WINDOWS Microsoft Windows unsafe memory access privilege escalation attempt (os-windows.rules) * 1:43492 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge array out of bounds write (browser-ie.rules) * 1:43493 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge array out of bounds write (browser-ie.rules) * 1:43497 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EPM brokercreatefile file access bypass attempt (browser-ie.rules) * 1:43498 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer EPM brokercreatefile file access bypass attempt (browser-ie.rules) * 1:43521 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 type confusion vulnerability attempt (browser-ie.rules) * 1:43522 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer 11 type confusion vulnerability attempt (browser-ie.rules) * 1:43528 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43529 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43530 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43531 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43532 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43533 <-> ENABLED <-> FILE-FLASH Adobe Flash Player memory corruption attempt (file-flash.rules) * 1:43534 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43535 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43536 <-> ENABLED <-> SERVER-WEBAPP AlienVault OSSIM nfsen.php command injection attempt (server-webapp.rules) * 1:43625 <-> ENABLED <-> SERVER-WEBAPP Axis M3004 remote code execution attempt (server-webapp.rules) * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:43694 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules) * 1:43790 <-> ENABLED <-> SERVER-OTHER Apache mod_auth_digest out of bounds read attempt (server-other.rules) * 1:43809 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC cross site request forgery attempt (server-webapp.rules) * 1:43810 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt (server-webapp.rules) * 1:43811 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt (server-webapp.rules) * 1:43812 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Linux File Server WMC directory traversal attempt (server-webapp.rules) * 1:43819 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43820 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43821 <-> DISABLED <-> SERVER-WEBAPP Kaspersky Anti-Virus directory traversal attempt (server-webapp.rules) * 1:43847 <-> ENABLED <-> FILE-OFFICE Microsoft Office Access Jet Database Engine integer overflow attempt (file-office.rules) * 1:43848 <-> ENABLED <-> FILE-OFFICE Microsoft Office Access Jet Database Engine integer overflow attempt (file-office.rules) * 1:43851 <-> ENABLED <-> FILE-OTHER Microsoft Windows Device Guard bypass via compiled help file attempt (file-other.rules) * 1:43852 <-> ENABLED <-> FILE-OTHER Microsoft Windows Device Guard bypass via compiled help file attempt (file-other.rules) * 1:43865 <-> ENABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:43866 <-> ENABLED <-> FILE-IMAGE Adobe Reader EMF EMR_MOVETOEX memory corruption attempt (file-image.rules) * 1:43867 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43868 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43869 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43870 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF memory corruption attempt (file-pdf.rules) * 1:43995 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:43996 <-> ENABLED <-> FILE-FLASH Adobe Flash Player overly large cpool index out of bounds read attempt (file-flash.rules) * 1:44002 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44003 <-> ENABLED <-> FILE-FLASH Adobe Flash Player SMB sandbox bypass attempt (file-flash.rules) * 1:44013 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules) * 1:44014 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader exportAsXFAStr use after free attempt (file-pdf.rules) * 1:44025 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44059 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44060 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44061 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44062 <-> DISABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed TIFF memory corruption attempt (file-image.rules) * 1:44072 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44073 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44074 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44075 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader SubmitForm URL spoofing attempt (file-pdf.rules) * 1:44097 <-> DISABLED <-> FILE-PDF Foxit Reader launchURL Command Injection Remote Code Execution attempt (file-pdf.rules) * 1:44098 <-> DISABLED <-> FILE-PDF Multiple products PDF JavaScript launchURL command injection and remote code execution attempt (file-pdf.rules) * 1:44116 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway localBackupFileSelection command injection attempt (server-webapp.rules) * 1:44117 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway localBackupFileSelection command injection attempt (server-webapp.rules) * 1:44118 <-> DISABLED <-> SERVER-WEBAPP Symantec Messaging Gateway localBackupFileSelection command injection attempt (server-webapp.rules) * 1:44160 <-> ENABLED <-> SERVER-OTHER tcpdump ISAKMP parser buffer overflow attempt (server-other.rules) * 1:44161 <-> ENABLED <-> SERVER-OTHER tcpdump ISAKMP parser buffer overflow attempt (server-other.rules) * 1:44315 <-> ENABLED <-> SERVER-WEBAPP Java XML deserialization remote code execution attempt (server-webapp.rules) * 1:44327 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44328 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44329 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44330 <-> DISABLED <-> SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (server-apache.rules) * 1:44331 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge memory corruption attempt (browser-ie.rules) * 1:44332 <-> ENABLED <-> BROWSER-IE Microsoft Windows Edge memory corruption attempt (browser-ie.rules) * 1:44333 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:44334 <-> DISABLED <-> BROWSER-IE Microsoft Edge Chakra Core type confusion attempt (browser-ie.rules) * 1:44335 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys TrueType font out of bounds write attempt (os-windows.rules) * 1:44336 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32k.sys TrueType font out of bounds write attempt (os-windows.rules) * 1:44338 <-> ENABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:44339 <-> ENABLED <-> BROWSER-IE Microsoft Edge denial of service attempt (browser-ie.rules) * 1:44340 <-> ENABLED <-> BROWSER-IE Microsoft Edge setSelectionRange memory corruption attempt (browser-ie.rules) * 1:44341 <-> ENABLED <-> BROWSER-IE Microsoft Edge setSelectionRange memory corruption attempt (browser-ie.rules) * 1:44342 <-> ENABLED <-> BROWSER-IE Internet Explorer WeakMap Freeze memory corruption attempt (browser-ie.rules) * 1:44343 <-> ENABLED <-> BROWSER-IE Internet Explorer WeakMap Freeze memory corruption attempt (browser-ie.rules) * 1:44345 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44346 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44347 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44348 <-> ENABLED <-> FILE-FLASH Adobe Flash Player MP4 atom parser memory corruption attempt (file-flash.rules) * 1:44349 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object use after free attempt (browser-ie.rules) * 1:44350 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer object use after free attempt (browser-ie.rules) * 1:44351 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44352 <-> ENABLED <-> FILE-FLASH Adobe Flash Player text handling memory corruption attempt (file-flash.rules) * 1:44353 <-> DISABLED <-> FILE-OTHER WSDL soap endpoint location code injection attempt (file-other.rules) * 1:44354 <-> DISABLED <-> FILE-OTHER WSDL soap endpoint location code injection attempt (file-other.rules) * 1:44356 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS padding property memory corruption attempt (browser-ie.rules) * 1:44357 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CSS padding property memory corruption attempt (browser-ie.rules) * 1:44371 <-> DISABLED <-> FILE-OFFICE RTF WSDL file download attempt (file-office.rules) * 1:44372 <-> DISABLED <-> FILE-OFFICE RTF WSDL file download attempt (file-office.rules) * 1:44477 <-> DISABLED <-> SERVER-OTHER dnsmasq dhcp6_maybe_relay stack buffer overflow attempt (server-other.rules) * 1:44478 <-> DISABLED <-> PROTOCOL-DNS dnsmasq add_pseudoheader memory leak attempt (protocol-dns.rules) * 1:44480 <-> DISABLED <-> SERVER-OTHER dnsmasq Relay-forw information leak attempt (server-other.rules) * 1:44482 <-> DISABLED <-> PROTOCOL-DNS dnsmasq add_pseudoheader integer underflow attempt (protocol-dns.rules) * 1:44483 <-> DISABLED <-> SERVER-OTHER Supervisord remote code execution attempt (server-other.rules) * 1:44493 <-> DISABLED <-> SERVER-WEBAPP Faleemi IP Cameras ONVIF device_service SQL injection attempt (server-webapp.rules) * 1:44508 <-> ENABLED <-> BROWSER-IE scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:44509 <-> ENABLED <-> BROWSER-IE scripting engine memory corruption vulnerability attempt (browser-ie.rules) * 1:44510 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:44511 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:44512 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44513 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44514 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32kfull.sys privilege escalation attempt (os-windows.rules) * 1:44515 <-> ENABLED <-> OS-WINDOWS Microsoft Windows Win32kfull.sys privilege escalation attempt (os-windows.rules) * 1:44516 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateMenu use after free attempt (os-windows.rules) * 1:44517 <-> DISABLED <-> OS-WINDOWS Microsoft Windows CreateMenu use after free attempt (os-windows.rules) * 1:44518 <-> DISABLED <-> FILE-OFFICE Microsoft Graphics remote code execution attempt (file-office.rules) * 1:44519 <-> DISABLED <-> FILE-OFFICE Microsoft Graphics remote code execution attempt (file-office.rules) * 1:44526 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44527 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer memory corruption attempt (browser-ie.rules) * 1:44528 <-> DISABLED <-> FILE-OTHER Microsoft Graphics remote code execution attempt (file-other.rules) * 1:44529 <-> DISABLED <-> FILE-OTHER Microsoft Graphics remote code execution attempt (file-other.rules) * 1:44531 <-> ENABLED <-> SERVER-APACHE Apache Tomcat remote JSP file upload attempt (server-apache.rules) * 1:44532 <-> ENABLED <-> BROWSER-IE Microsoft Edge getOwnPropertyDescriptor memory corruption attempt (browser-ie.rules) * 1:44533 <-> ENABLED <-> BROWSER-IE Microsoft Edge getOwnPropertyDescriptor memory corruption attempt (browser-ie.rules) * 1:44578 <-> DISABLED <-> SERVER-WEBAPP QNAP NAS HelpDesk App supportutils.php SQL injection attempt (server-webapp.rules) * 1:44583 <-> ENABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44584 <-> ENABLED <-> FILE-FLASH Adobe Flash Player array type confusion attempt (file-flash.rules) * 1:44657 <-> ENABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup API SQL injection attempt (server-webapp.rules) * 1:44658 <-> ENABLED <-> SERVER-WEBAPP Unitrends Enterprise Backup storage API command injection attempt (server-webapp.rules) * 1:44684 <-> DISABLED <-> SERVER-WEBAPP Kaltura userzone cookie PHP object injection attempt (server-webapp.rules) * 1:44700 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec Agent use after free attempt (server-other.rules) * 1:44701 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec Agent use after free attempt (server-other.rules) * 1:44731 <-> DISABLED <-> SERVER-WEBAPP Tuleap getRecentElements PHP object injection attempt (server-webapp.rules) * 1:44764 <-> DISABLED <-> SERVER-WEBAPP CMS Made Simple editusertag.php arbitrary PHP code execution attempt (server-webapp.rules) * 1:44767 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server cm_agent.php command injection attempt (server-webapp.rules) * 1:44809 <-> ENABLED <-> BROWSER-IE Microsoft Edge postMessage use after free attempt (browser-ie.rules) * 1:44810 <-> ENABLED <-> BROWSER-IE Microsoft Edge postMessage use after free attempt (browser-ie.rules) * 1:44811 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:44812 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:44813 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Closure use after free attempt (browser-ie.rules) * 1:44814 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra Closure use after free attempt (browser-ie.rules) * 1:44815 <-> DISABLED <-> BROWSER-IE Microsoft Edge use after free attempt (browser-ie.rules) * 1:44816 <-> DISABLED <-> BROWSER-IE Microsoft Edge use after free attempt (browser-ie.rules) * 1:44817 <-> ENABLED <-> BROWSER-IE Microsoft Edge custom property memory corruption attempt (browser-ie.rules) * 1:44818 <-> ENABLED <-> BROWSER-IE Microsoft Edge custom property memory corruption attempt (browser-ie.rules) * 1:44819 <-> ENABLED <-> BROWSER-IE Microsoft Edge array use after free attempt (browser-ie.rules) * 1:44820 <-> ENABLED <-> BROWSER-IE Microsoft Edge array use after free attempt (browser-ie.rules) * 1:44821 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free vulnerability exploit attempt (file-office.rules) * 1:44822 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel use after free vulnerability exploit attempt (file-office.rules) * 1:44827 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:44828 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:44831 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption exploitation attempt (browser-ie.rules) * 1:44832 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption exploitation attempt (browser-ie.rules) * 1:44833 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use after free attempt (os-windows.rules) * 1:44834 <-> ENABLED <-> OS-WINDOWS Microsoft Windows win32k.sys use after free attempt (os-windows.rules) * 1:44845 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules) * 1:44846 <-> ENABLED <-> BROWSER-IE Microsoft Edge heap overflow attempt (browser-ie.rules) * 1:44853 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF buffer over-read attempt (file-pdf.rules) * 1:44854 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader malformed TTF buffer over-read attempt (file-pdf.rules) * 1:44856 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XI JavaScript annotation use after free attempt (file-pdf.rules) * 1:44857 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader XI JavaScript annotation use after free attempt (file-pdf.rules) * 1:44859 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro PNG file buffer over-read vulnerability attempt (file-other.rules) * 1:44860 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro PNG file buffer over-read vulnerability attempt (file-other.rules) * 1:44861 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CommentExtension attempt (file-image.rules) * 1:44862 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro malformed CommentExtension attempt (file-image.rules) * 1:44866 <-> DISABLED <-> SERVER-WEBAPP Xplico decoding manager daemon command injection attempt (server-webapp.rules) * 1:44871 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:44872 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader out of bounds read attempt (file-pdf.rules) * 1:44873 <-> ENABLED <-> FILE-PDF Adobe Acrobat addAnnot object untrusted pointer dereference attempt (file-pdf.rules) * 1:44874 <-> ENABLED <-> FILE-PDF Adobe Acrobat addAnnot object untrusted pointer dereference attempt (file-pdf.rules) * 1:44880 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:44881 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EMR_STRETCHDIBITS memory corruption attempt (file-image.rules) * 1:44882 <-> DISABLED <-> FILE-PDF Adobe Acrobat acrobat URI handler security bypass (file-pdf.rules) * 1:44883 <-> DISABLED <-> FILE-PDF Adobe Acrobat acrobat URI handler security bypass (file-pdf.rules) * 1:44884 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:44885 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat XPS unicode glyph pointer out of bounds (file-image.rules) * 1:44887 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44888 <-> ENABLED <-> FILE-FLASH Adobe Flash Player bitmap hitTest integer overflow attempt (file-flash.rules) * 1:44890 <-> DISABLED <-> SERVER-OTHER CouchDB remote privilege escalation attempt (server-other.rules) * 1:44891 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44892 <-> ENABLED <-> FILE-FLASH Adobe Flash Player determinePreferredLocales memory corruption attempt (file-flash.rules) * 1:44893 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF out of bounds read attempt (file-other.rules) * 1:44894 <-> DISABLED <-> FILE-OTHER Adobe Professional EMF out of bounds read attempt (file-other.rules) * 1:44900 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded javascript events use after free attempt (file-pdf.rules) * 1:44901 <-> ENABLED <-> FILE-PDF Adobe Reader PDF embedded javascript events use after free attempt (file-pdf.rules) * 1:44902 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44903 <-> ENABLED <-> FILE-FLASH Adobe Flash Player PSDK Metadata memory corruption attempt (file-flash.rules) * 1:44912 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro invalid APP13 marker size attempt (file-image.rules) * 1:44913 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro invalid APP13 marker size attempt (file-image.rules) * 1:44916 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44917 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44918 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager GraphicalView.do SQL injection attempt (server-webapp.rules) * 1:44921 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager manageApplications.do SQL injection attempt (server-webapp.rules) * 1:44922 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager manageApplications.do SQL injection attempt (server-webapp.rules) * 1:44923 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF Bezier curve out of bounds read attempt (file-other.rules) * 1:44924 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF Bezier curve out of bounds read attempt (file-other.rules) * 1:44925 <-> ENABLED <-> FILE-PDF Adobe Acrobat thermometer object untrusted pointer dereference attempt (file-pdf.rules) * 1:44926 <-> ENABLED <-> FILE-PDF Adobe Acrobat thermometer object untrusted pointer dereference attempt (file-pdf.rules) * 1:44927 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture out of bounds read attempt (file-other.rules) * 1:44928 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture out of bounds read attempt (file-other.rules) * 1:44929 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44930 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF out of bounds write attempt (file-image.rules) * 1:44933 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44934 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44937 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMFPlus out of bounds buffer overflow attempt (file-other.rules) * 1:44938 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMFPlus out of bounds buffer overflow attempt (file-other.rules) * 1:44939 <-> ENABLED <-> FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (file-pdf.rules) * 1:44940 <-> ENABLED <-> FILE-PDF Adobe Acrobat field dictionary value Unicode buffer overflow attempt (file-pdf.rules) * 1:44949 <-> ENABLED <-> FILE-PDF Acrobat TrueTypeFont file out of bounds read attempt (file-pdf.rules) * 1:44950 <-> ENABLED <-> FILE-PDF Acrobat TrueTypeFont file out of bounds read attempt (file-pdf.rules) * 1:44951 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44952 <-> DISABLED <-> FILE-FLASH Adobe Flash Player Primetime SDK use after free attempt (file-flash.rules) * 1:44953 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds buffer overflow attempt (file-other.rules) * 1:44954 <-> DISABLED <-> FILE-OTHER Adobe Acrobat EMF out of bounds buffer overflow attempt (file-other.rules) * 1:44955 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript infinite recursion heap overflow attempt (file-pdf.rules) * 1:44956 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader JavaScript infinite recursion heap overflow attempt (file-pdf.rules) * 1:44959 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values memory corruption attempt (file-image.rules) * 1:44960 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat TIFF malformed YCbCrCoefficients values memory corruption attempt (file-image.rules) * 1:44961 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44962 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader untrusted pointer dereference attempt (file-pdf.rules) * 1:44963 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44964 <-> ENABLED <-> FILE-FLASH Adobe Flash Player tvsdk object use after free attempt (file-flash.rules) * 1:44965 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro security bypass attempt (file-other.rules) * 1:44966 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro security bypass attempt (file-other.rules) * 1:44967 <-> ENABLED <-> FILE-PDF Acrobat malformed html tag out of bounds read attempt (file-pdf.rules) * 1:44968 <-> ENABLED <-> FILE-PDF Acrobat malformed html tag out of bounds read attempt (file-pdf.rules) * 1:44969 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:44970 <-> ENABLED <-> FILE-IMAGE Adobe Acrobat Pro EMF EmfPlusFont memory corruption attempt (file-image.rules) * 1:44976 <-> DISABLED <-> FILE-PDF Adobe Reader ActualText attribute type confusion attempt (file-pdf.rules) * 1:44977 <-> DISABLED <-> FILE-PDF Adobe Reader ActualText attribute type confusion attempt (file-pdf.rules) * 1:44983 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:44984 <-> ENABLED <-> FILE-OTHER Adobe Acrobat Pro TIFF embedded XPS file out of bounds read attempt (file-other.rules) * 1:44987 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF font character encoding out of bounds write attempt (file-pdf.rules) * 1:44988 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF font character encoding out of bounds write attempt (file-pdf.rules) * 1:44989 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object with automatic execution embedded in RTF attempt (file-office.rules) * 1:44990 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object with automatic execution embedded in RTF attempt (file-office.rules) * 1:45002 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45003 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45004 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45005 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45006 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45007 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45008 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45009 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45010 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45011 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45012 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45013 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45014 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45015 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45016 <-> DISABLED <-> FILE-OTHER Jackson databind deserialization remote code execution attempt (file-other.rules) * 1:45031 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules) * 1:45032 <-> DISABLED <-> FILE-OTHER Adobe Acrobat JPEG2000 out of bounds buffer overflow attempt (file-other.rules) * 1:45035 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45036 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45037 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules) * 1:45038 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules) * 1:45039 <-> DISABLED <-> SERVER-WEBAPP Joomla LDAP authentication plugin information disclosure exploitation attempt (server-webapp.rules) * 1:45040 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45041 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader Annotation use after free attempt (file-pdf.rules) * 1:45044 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules) * 1:45045 <-> DISABLED <-> FILE-PDF Adobe Reader out of bounds memory access violation attempt (file-pdf.rules) * 1:45046 <-> ENABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules) * 1:45052 <-> DISABLED <-> SERVER-WEBAPP Wordpress wpdb prepare sprintf placeholder SQL injection attempt (server-webapp.rules) * 1:45066 <-> DISABLED <-> SERVER-WEBAPP WordPress Duplicator cross site scripting attempt (server-webapp.rules) * 1:45067 <-> DISABLED <-> SERVER-WEBAPP WordPress Duplicator cross site scripting attempt (server-webapp.rules) * 1:45073 <-> DISABLED <-> SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt (server-webapp.rules) * 1:45074 <-> ENABLED <-> SERVER-SAMBA Samba unsigned connections attempt (server-samba.rules) * 1:45075 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules) * 1:45076 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules) * 1:45077 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules) * 1:45081 <-> DISABLED <-> SERVER-OTHER Geutebrueck GCore web server buffer overflow attempt (server-other.rules) * 1:45083 <-> DISABLED <-> SERVER-APACHE Apache Solr RunExecutableListener arbitrary command execution attempt (server-apache.rules) * 1:45084 <-> DISABLED <-> SERVER-APACHE Apache Solr xmlparser external doctype or entity expansion attempt (server-apache.rules) * 1:45094 <-> DISABLED <-> SERVER-WEBAPP MediaWiki arbitrary file write attempt (server-webapp.rules) * 1:45109 <-> DISABLED <-> SERVER-WEBAPP OrientDB remote code execution attempt (server-webapp.rules) * 1:45110 <-> DISABLED <-> SERVER-WEBAPP OrientDB privilege escalation attempt (server-webapp.rules) * 1:45112 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt (server-webapp.rules) * 1:45113 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showresource.do SQL injection attempt (server-webapp.rules) * 1:45115 <-> DISABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45116 <-> DISABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45117 <-> ENABLED <-> SERVER-WEBAPP Huawei DeviceUpgrade command injection attempt (server-webapp.rules) * 1:45118 <-> ENABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45119 <-> ENABLED <-> SERVER-MAIL Multiple products non-ascii sender address spoofing attempt (server-mail.rules) * 1:45121 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:45122 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules) * 1:45123 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed spreadsheet use-after-free attempt (file-office.rules) * 1:45124 <-> ENABLED <-> FILE-OFFICE Microsoft Office Excel malformed spreadsheet use-after-free attempt (file-office.rules) * 1:45128 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules) * 1:45129 <-> ENABLED <-> BROWSER-IE Microsoft Edge defineGetter type confusion attempt (browser-ie.rules) * 1:45130 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:45131 <-> ENABLED <-> OS-WINDOWS Microsoft Windows RRAS service arbitrary pointer dereference attempt (os-windows.rules) * 1:45132 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45133 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45134 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45135 <-> ENABLED <-> FILE-OFFICE Microsoft Office Equation Editor object stack buffer overflow attempt (file-office.rules) * 1:45138 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45139 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45140 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra RegExp engine memory corruption attempt (browser-ie.rules) * 1:45141 <-> ENABLED <-> BROWSER-IE Microsoft Edge Chakra RegExp engine memory corruption attempt (browser-ie.rules) * 1:45142 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array type confusion attempt (browser-ie.rules) * 1:45143 <-> ENABLED <-> BROWSER-IE Microsoft Edge Array type confusion attempt (browser-ie.rules) * 1:45144 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45145 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45146 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45147 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer scripting engine memory corruption attempt (browser-ie.rules) * 1:45148 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45149 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer Array out of bounds write attempt (browser-ie.rules) * 1:45150 <-> ENABLED <-> BROWSER-IE Microsoft Edge JsSetCurrentContext out of bounds read attempt (browser-ie.rules) * 1:45151 <-> ENABLED <-> BROWSER-IE Microsoft Edge JsSetCurrentContext out of bounds read attempt (browser-ie.rules) * 1:45155 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds read attempt (browser-ie.rules) * 1:45156 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer out of bounds read attempt (browser-ie.rules) * 1:45160 <-> DISABLED <-> BROWSER-IE Microsoft Edge null pointer dereference attempt (browser-ie.rules) * 1:45161 <-> DISABLED <-> BROWSER-IE Microsoft Edge null pointer dereference attempt (browser-ie.rules) * 1:45162 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45163 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45167 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45168 <-> ENABLED <-> BROWSER-IE Microsoft Edge memory corruption attempt (browser-ie.rules) * 1:45169 <-> ENABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:45170 <-> ENABLED <-> BROWSER-IE Microsoft Edge array type confusion attempt (browser-ie.rules) * 1:45189 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules) * 1:45190 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager mypage.do SQL injection attempt (server-webapp.rules) * 1:45192 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules) * 1:45193 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Applications Manager showActionProfiles.do SQL injection attempt (server-webapp.rules) * 1:45198 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess dcerpc service opcode 80061 stack buffer overflow attempt (server-other.rules) * 1:45199 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules) * 1:45200 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules) * 1:45201 <-> DISABLED <-> SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (server-other.rules) * 1:45218 <-> ENABLED <-> SERVER-WEBAPP Embedthis GoAhead CGI information disclosure attempt (server-webapp.rules) * 1:45219 <-> ENABLED <-> SERVER-WEBAPP Embedthis GoAhead LD_preload code execution attempt (server-webapp.rules) * 1:45235 <-> ENABLED <-> SERVER-WEBAPP Palo Alto Networks Firewall router.php XML attribute injection attempt (server-webapp.rules) * 1:45236 <-> ENABLED <-> SERVER-WEBAPP Palo Alto Networks Firewall cms_changeDeviceContext.esp session injection attempt (server-webapp.rules) * 1:45255 <-> ENABLED <-> SERVER-SAMBA Samba tree connect andx memory corruption attempt (server-samba.rules) * 1:45260 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules) * 1:45269 <-> DISABLED <-> SERVER-OTHER Apache CouchDB remote code execution attempt (server-other.rules) * 1:45304 <-> ENABLED <-> SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (server-oracle.rules) * 1:45314 <-> ENABLED <-> SERVER-WEBAPP Beijing Hanbang Hanbanggaoke IP camera admin password change attempt (server-webapp.rules) * 1:45318 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler SD-WAN command injection attempt (server-webapp.rules) * 1:45319 <-> DISABLED <-> SERVER-WEBAPP Citrix NetScaler SD-WAN command injection attempt (server-webapp.rules) * 1:45357 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45358 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45359 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45360 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45361 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45362 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45363 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45364 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45365 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45366 <-> ENABLED <-> OS-OTHER Intel x86 side-channel analysis information leak attempt (os-other.rules) * 1:45367 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45368 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45374 <-> ENABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:45375 <-> ENABLED <-> BROWSER-IE Microsoft Edge out of bounds write attempt (browser-ie.rules) * 1:45376 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:45377 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine memory corruption attempt (browser-ie.rules) * 1:45378 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:45379 <-> ENABLED <-> BROWSER-IE Microsoft Edge type confusion attempt (browser-ie.rules) * 1:45383 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine integer overflow attempt (browser-ie.rules) * 1:45384 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine integer overflow attempt (browser-ie.rules) * 1:45387 <-> ENABLED <-> BROWSER-IE Microsoft Edge anonymous function type confusion attempt (browser-ie.rules) * 1:45388 <-> ENABLED <-> BROWSER-IE Microsoft Edge anonymous function type confusion attempt (browser-ie.rules) * 1:45389 <-> ENABLED <-> BROWSER-IE Microsoft IE array type confusion attempt (browser-ie.rules) * 1:45390 <-> ENABLED <-> BROWSER-IE Microsoft IE array type confusion attempt (browser-ie.rules) * 1:45391 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:45392 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine type confusion attempt (browser-ie.rules) * 1:45393 <-> DISABLED <-> SERVER-OTHER Quest Privilege Manager pmmasterd buffer overflow attempt (server-other.rules) * 1:45395 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine toString use after free attempt (browser-ie.rules) * 1:45396 <-> DISABLED <-> BROWSER-IE Microsoft Edge scripting engine toString use after free attempt (browser-ie.rules) * 1:45401 <-> ENABLED <-> SERVER-WEBAPP Fortinet FortiOS redir parameter cross site scripting attempt (server-webapp.rules) * 1:45404 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45405 <-> ENABLED <-> FILE-FLASH Adobe Flash Player malformed ATF buffer overflow attempt (file-flash.rules) * 1:45412 <-> DISABLED <-> SERVER-WEBAPP Asus RT-AC88U deleteOfflineClients memory corruption attempt (server-webapp.rules) * 1:45413 <-> DISABLED <-> SERVER-WEBAPP Hikvision IP camera admin authentication attempt (server-webapp.rules) * 1:45414 <-> DISABLED <-> SERVER-WEBAPP DotNetNuke DNNPersonalization remote code execution attempt (server-webapp.rules) * 1:45415 <-> ENABLED <-> FILE-OFFICE RTF Composite Moniker object creation attempt (file-office.rules) * 1:45416 <-> ENABLED <-> FILE-OFFICE RTF Composite Moniker object creation attempt (file-office.rules) * 1:45421 <-> DISABLED <-> SERVER-WEBAPP PhpCollab editclient.php arbitrary PHP file upload attempt (server-webapp.rules) * 1:45442 <-> DISABLED <-> SERVER-OTHER Hewlett Packard Enterprise Intelligent Management Center FileDownloadServlet information disclosure attempt (server-other.rules) * 1:45443 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45444 <-> ENABLED <-> OS-OTHER Intel x64 side-channel analysis information leak attempt (os-other.rules) * 1:45445 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45446 <-> ENABLED <-> BROWSER-IE Microsoft Edge scripting engine ArrayBuffer memory corruption attempt (browser-ie.rules) * 1:45447 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45448 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45449 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45450 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45451 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45452 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:45453 <-> DISABLED <-> SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt (server-webapp.rules) * 1:6431 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules) * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules) * 3:32212 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32213 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32214 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32215 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32216 <-> ENABLED <-> PROTOCOL-VOIP missing media application format parameter denial-of-service attempt (protocol-voip.rules) * 3:32218 <-> ENABLED <-> PROTOCOL-VOIP out of range port specification exploit attempt (protocol-voip.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
