Snort - Network Intrusion Detection & Prevention System

Talos Rules 2019-02-28

This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-flash, file-office, file-other, file-pdf, netbios and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2983

2019-02-28 17:52:36 UTC

Snort Subscriber Rules Update

Date: 2019-02-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49298 <-> DISABLED <-> SERVER-WEBAPP NoneCms V1.3 PHP code execution attempt (server-webapp.rules)
 * 1:49322 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49294 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49319 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49321 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49295 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49320 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49303 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49323 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:49297 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow attempt (file-other.rules)
 * 1:49325 <-> DISABLED <-> FILE-OTHER Microsoft Windows Avast Anti-Virus local credentials disclosure attempt (file-other.rules)
 * 1:49301 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49302 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49305 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules)
 * 1:49300 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules)
 * 1:49306 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules)
 * 1:49299 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules)
 * 1:49307 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules)
 * 1:49308 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules)
 * 1:49309 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules)
 * 1:49310 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules)
 * 1:49311 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49312 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49313 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules)
 * 1:49314 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules)
 * 1:49315 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49316 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49317 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49324 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:49318 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49304 <-> DISABLED <-> SERVER-OTHER Google Golang GET command injection attempt (server-other.rules)
 * 3:49293 <-> ENABLED <-> NETBIOS Cisco WebEx WebExService.exe remote code execution attempt (netbios.rules)
 * 3:49296 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)

Modified Rules:


 * 1:45075 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:45077 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:45076 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)

2990

2019-02-28 17:52:36 UTC

Snort Subscriber Rules Update

Date: 2019-02-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49322 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49318 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49319 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49323 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:49299 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules)
 * 1:49294 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49295 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49324 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:49303 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49304 <-> DISABLED <-> SERVER-OTHER Google Golang GET command injection attempt (server-other.rules)
 * 1:49305 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules)
 * 1:49306 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules)
 * 1:49307 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules)
 * 1:49308 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules)
 * 1:49309 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules)
 * 1:49321 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49325 <-> DISABLED <-> FILE-OTHER Microsoft Windows Avast Anti-Virus local credentials disclosure attempt (file-other.rules)
 * 1:49297 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow attempt (file-other.rules)
 * 1:49298 <-> DISABLED <-> SERVER-WEBAPP NoneCms V1.3 PHP code execution attempt (server-webapp.rules)
 * 1:49301 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49302 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49320 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49310 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules)
 * 1:49311 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49312 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49313 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules)
 * 1:49314 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules)
 * 1:49315 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49316 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49317 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49300 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules)
 * 3:49296 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:49293 <-> ENABLED <-> NETBIOS Cisco WebEx WebExService.exe remote code execution attempt (netbios.rules)

Modified Rules:


 * 1:45075 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:45077 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:45076 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)

3000

2019-02-28 17:52:36 UTC

Snort Subscriber Rules Update

Date: 2019-02-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49322 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (snort3-server-webapp.rules)
 * 1:49321 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (snort3-server-webapp.rules)
 * 1:49308 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49320 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (snort3-server-webapp.rules)
 * 1:49314 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49325 <-> DISABLED <-> FILE-OTHER Microsoft Windows Avast Anti-Virus local credentials disclosure attempt (snort3-file-other.rules)
 * 1:49323 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (snort3-file-office.rules)
 * 1:49324 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (snort3-file-office.rules)
 * 1:49294 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49319 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (snort3-server-webapp.rules)
 * 1:49317 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49318 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49315 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49295 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49305 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49306 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49309 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (snort3-file-pdf.rules)
 * 1:49310 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (snort3-file-pdf.rules)
 * 1:49316 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49312 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (snort3-file-flash.rules)
 * 1:49311 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (snort3-file-flash.rules)
 * 1:49307 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49298 <-> DISABLED <-> SERVER-WEBAPP NoneCms V1.3 PHP code execution attempt (snort3-server-webapp.rules)
 * 1:49300 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (snort3-file-office.rules)
 * 1:49299 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (snort3-file-office.rules)
 * 1:49303 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (snort3-server-webapp.rules)
 * 1:49304 <-> DISABLED <-> SERVER-OTHER Google Golang GET command injection attempt (snort3-server-other.rules)
 * 1:49301 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (snort3-server-webapp.rules)
 * 1:49302 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (snort3-server-webapp.rules)
 * 1:49297 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow attempt (snort3-file-other.rules)
 * 1:49313 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (snort3-file-pdf.rules)

Modified Rules:


 * 1:45075 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (snort3-server-webapp.rules)
 * 1:45076 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (snort3-server-webapp.rules)
 * 1:45077 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (snort3-server-webapp.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (snort3-file-other.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (snort3-file-other.rules)

29111

2019-02-28 17:52:36 UTC

Snort Subscriber Rules Update

Date: 2019-02-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49318 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49319 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49320 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49303 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49304 <-> DISABLED <-> SERVER-OTHER Google Golang GET command injection attempt (server-other.rules)
 * 1:49305 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules)
 * 1:49306 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules)
 * 1:49307 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules)
 * 1:49308 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules)
 * 1:49309 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules)
 * 1:49310 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules)
 * 1:49311 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49312 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49313 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules)
 * 1:49314 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules)
 * 1:49315 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49316 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49325 <-> DISABLED <-> FILE-OTHER Microsoft Windows Avast Anti-Virus local credentials disclosure attempt (file-other.rules)
 * 1:49324 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:49323 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:49321 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49322 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49317 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49295 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49298 <-> DISABLED <-> SERVER-WEBAPP NoneCms V1.3 PHP code execution attempt (server-webapp.rules)
 * 1:49297 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow attempt (file-other.rules)
 * 1:49301 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49302 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49300 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules)
 * 1:49299 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules)
 * 1:49294 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 3:49293 <-> ENABLED <-> NETBIOS Cisco WebEx WebExService.exe remote code execution attempt (netbios.rules)
 * 3:49296 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)

Modified Rules:


 * 1:45075 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:45077 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:45076 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)

29120

2019-02-28 17:52:36 UTC

Snort Subscriber Rules Update

Date: 2019-02-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49301 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49300 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules)
 * 1:49299 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules)
 * 1:49298 <-> DISABLED <-> SERVER-WEBAPP NoneCms V1.3 PHP code execution attempt (server-webapp.rules)
 * 1:49297 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow attempt (file-other.rules)
 * 1:49295 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49294 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49322 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49321 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49320 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49319 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49318 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49317 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49316 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49315 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49314 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules)
 * 1:49313 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules)
 * 1:49312 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49311 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49310 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules)
 * 1:49309 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules)
 * 1:49308 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules)
 * 1:49307 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules)
 * 1:49306 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules)
 * 1:49305 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules)
 * 1:49304 <-> DISABLED <-> SERVER-OTHER Google Golang GET command injection attempt (server-other.rules)
 * 1:49303 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49302 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49325 <-> DISABLED <-> FILE-OTHER Microsoft Windows Avast Anti-Virus local credentials disclosure attempt (file-other.rules)
 * 1:49324 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:49323 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 3:49293 <-> ENABLED <-> NETBIOS Cisco WebEx WebExService.exe remote code execution attempt (netbios.rules)
 * 3:49296 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)

Modified Rules:


 * 1:45075 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:45077 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:45076 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)