Talos has added and modified multiple rules in the browser-plugins, file-flash, malware-cnc, server-apache and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48494 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48491 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48492 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48495 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48493 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48470 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48471 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48472 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48473 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48474 <-> DISABLED <-> SERVER-APACHE Apache Hadoop YARN ResourceManager arbitrary command execution attempt (server-apache.rules) * 1:48496 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48490 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48475 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48477 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection attempt (malware-cnc.rules) * 1:48478 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection attempt (malware-cnc.rules) * 1:48479 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48480 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48481 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48482 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48483 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48484 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cmdsubsys.php command injection attempt (server-webapp.rules) * 1:48485 <-> DISABLED <-> SERVER-WEBAPP Loytec LWEB-900 directory traversal attempt (server-webapp.rules) * 1:48486 <-> DISABLED <-> SERVER-WEBAPP Wordpress Portable phpMyAdmin plugin authentication bypass attempt (server-webapp.rules) * 1:48487 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48488 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48489 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48490 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48471 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48493 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48494 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48492 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48496 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48474 <-> DISABLED <-> SERVER-APACHE Apache Hadoop YARN ResourceManager arbitrary command execution attempt (server-apache.rules) * 1:48491 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48495 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48470 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48472 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48486 <-> DISABLED <-> SERVER-WEBAPP Wordpress Portable phpMyAdmin plugin authentication bypass attempt (server-webapp.rules) * 1:48481 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48483 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48484 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cmdsubsys.php command injection attempt (server-webapp.rules) * 1:48477 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection attempt (malware-cnc.rules) * 1:48482 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48479 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48480 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48473 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48478 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection attempt (malware-cnc.rules) * 1:48475 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48489 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48485 <-> DISABLED <-> SERVER-WEBAPP Loytec LWEB-900 directory traversal attempt (server-webapp.rules) * 1:48487 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48488 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48494 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (snort3-file-flash.rules) * 1:48493 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (snort3-file-flash.rules) * 1:48492 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (snort3-file-flash.rules) * 1:48495 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (snort3-file-flash.rules) * 1:48491 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (snort3-file-flash.rules) * 1:48496 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (snort3-file-flash.rules) * 1:48470 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (snort3-malware-cnc.rules) * 1:48490 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (snort3-browser-plugins.rules) * 1:48471 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (snort3-malware-cnc.rules) * 1:48472 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (snort3-malware-cnc.rules) * 1:48473 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (snort3-malware-cnc.rules) * 1:48474 <-> DISABLED <-> SERVER-APACHE Apache Hadoop YARN ResourceManager arbitrary command execution attempt (snort3-server-apache.rules) * 1:48475 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (snort3-malware-cnc.rules) * 1:48476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (snort3-malware-cnc.rules) * 1:48477 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection attempt (snort3-malware-cnc.rules) * 1:48478 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection attempt (snort3-malware-cnc.rules) * 1:48479 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (snort3-malware-cnc.rules) * 1:48480 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (snort3-malware-cnc.rules) * 1:48481 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (snort3-server-other.rules) * 1:48482 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (snort3-server-other.rules) * 1:48483 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (snort3-server-other.rules) * 1:48484 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cmdsubsys.php command injection attempt (snort3-server-webapp.rules) * 1:48485 <-> DISABLED <-> SERVER-WEBAPP Loytec LWEB-900 directory traversal attempt (snort3-server-webapp.rules) * 1:48486 <-> DISABLED <-> SERVER-WEBAPP Wordpress Portable phpMyAdmin plugin authentication bypass attempt (snort3-server-webapp.rules) * 1:48487 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (snort3-browser-plugins.rules) * 1:48488 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (snort3-browser-plugins.rules) * 1:48489 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (snort3-browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48491 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48492 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48493 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48494 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48486 <-> DISABLED <-> SERVER-WEBAPP Wordpress Portable phpMyAdmin plugin authentication bypass attempt (server-webapp.rules) * 1:48496 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48495 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48479 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48480 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48477 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection attempt (malware-cnc.rules) * 1:48478 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection attempt (malware-cnc.rules) * 1:48475 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48473 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48474 <-> DISABLED <-> SERVER-APACHE Apache Hadoop YARN ResourceManager arbitrary command execution attempt (server-apache.rules) * 1:48472 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48471 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48470 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48485 <-> DISABLED <-> SERVER-WEBAPP Loytec LWEB-900 directory traversal attempt (server-webapp.rules) * 1:48483 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48484 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cmdsubsys.php command injection attempt (server-webapp.rules) * 1:48481 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48482 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48490 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48488 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48489 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48487 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48491 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48492 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48490 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48495 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48494 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48493 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48496 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48470 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48489 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48487 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48488 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48485 <-> DISABLED <-> SERVER-WEBAPP Loytec LWEB-900 directory traversal attempt (server-webapp.rules) * 1:48486 <-> DISABLED <-> SERVER-WEBAPP Wordpress Portable phpMyAdmin plugin authentication bypass attempt (server-webapp.rules) * 1:48483 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48484 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cmdsubsys.php command injection attempt (server-webapp.rules) * 1:48481 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48482 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48479 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48480 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48477 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection attempt (malware-cnc.rules) * 1:48478 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection attempt (malware-cnc.rules) * 1:48475 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48473 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48474 <-> DISABLED <-> SERVER-APACHE Apache Hadoop YARN ResourceManager arbitrary command execution attempt (server-apache.rules) * 1:48471 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48472 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:48482 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48481 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules) * 1:48480 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48479 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48478 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection attempt (malware-cnc.rules) * 1:48477 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Agent outbound connection attempt (malware-cnc.rules) * 1:48476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48475 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Carrotbat outbound connection attempt (malware-cnc.rules) * 1:48474 <-> DISABLED <-> SERVER-APACHE Apache Hadoop YARN ResourceManager arbitrary command execution attempt (server-apache.rules) * 1:48473 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48472 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48471 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48470 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Coinminer variant outbound connection (malware-cnc.rules) * 1:48496 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48495 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48494 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48493 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48492 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48491 <-> ENABLED <-> FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt (file-flash.rules) * 1:48490 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48489 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48488 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48487 <-> DISABLED <-> BROWSER-PLUGINS Accelrys BIOVIA DSVisualizerControlR22.SaveToFile ActiveX access attempt (browser-plugins.rules) * 1:48486 <-> DISABLED <-> SERVER-WEBAPP Wordpress Portable phpMyAdmin plugin authentication bypass attempt (server-webapp.rules) * 1:48485 <-> DISABLED <-> SERVER-WEBAPP Loytec LWEB-900 directory traversal attempt (server-webapp.rules) * 1:48484 <-> DISABLED <-> SERVER-WEBAPP Nagios XI cmdsubsys.php command injection attempt (server-webapp.rules) * 1:48483 <-> ENABLED <-> SERVER-OTHER Oracle WebLogic remote code execution attempt (server-other.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
