Talos has added and modified multiple rules in the browser-ie, browser-other, browser-plugins, file-other, file-pdf, malware-cnc, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49621 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (server-webapp.rules) * 1:49620 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (server-webapp.rules) * 1:49618 <-> ENABLED <-> FILE-OTHER Unix systemd-journald memory corruption attempt (file-other.rules) * 1:49617 <-> ENABLED <-> FILE-OTHER Unix systemd-journald memory corruption attempt (file-other.rules) * 1:49642 <-> DISABLED <-> SERVER-WEBAPP Softneta MedDream PACS Server Premium directory traversal attempt (server-webapp.rules) * 1:49641 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF use-after-free attempt (file-pdf.rules) * 1:49640 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF use-after-free attempt (file-pdf.rules) * 1:49639 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49638 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49637 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49636 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49635 <-> DISABLED <-> SERVER-WEBAPP CMS Made Simple Showtime2 Module arbitrary PHP file upload attempt (server-webapp.rules) * 1:49634 <-> DISABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (server-other.rules) * 1:49633 <-> ENABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (server-other.rules) * 1:49632 <-> ENABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (server-other.rules) * 1:49631 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49630 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49629 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49628 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49627 <-> ENABLED <-> BROWSER-IE Microsoft Edge resource entry same-origin-policy bypass attempt (browser-ie.rules) * 1:49626 <-> ENABLED <-> BROWSER-IE Microsoft Edge resource entry same-origin-policy bypass attempt (browser-ie.rules) * 1:49625 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (malware-cnc.rules) * 1:49624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (malware-cnc.rules) * 1:49623 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (malware-cnc.rules) * 1:49622 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (server-webapp.rules) * 1:49652 <-> DISABLED <-> SERVER-OTHER ipTime G104BE directory traversal attempt (server-other.rules) * 1:49651 <-> DISABLED <-> FILE-PDF Adobe Acrobat PDF printWithParams use-after-free attempt (file-pdf.rules) * 1:49650 <-> DISABLED <-> FILE-PDF Adobe Acrobat PDF printWithParams use-after-free attempt (file-pdf.rules) * 1:49647 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (server-webapp.rules) * 1:49646 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (server-webapp.rules) * 1:49645 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (server-webapp.rules) * 1:49644 <-> DISABLED <-> SERVER-WEBAPP Softneta MedDream PACS Server Premium directory traversal attempt (server-webapp.rules) * 1:49643 <-> DISABLED <-> SERVER-WEBAPP Softneta MedDream PACS Server Premium directory traversal attempt (server-webapp.rules) * 3:49619 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (server-webapp.rules) * 3:49648 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0793 attack attempt (file-pdf.rules) * 3:49649 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0793 attack attempt (file-pdf.rules)
* 1:49114 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer underflow attempt (browser-other.rules) * 1:49112 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer underflow attempt (browser-other.rules) * 1:49458 <-> ENABLED <-> SERVER-OTHER PHP webshell upload attempt (server-other.rules) * 3:48949 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (server-webapp.rules) * 3:48946 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:48948 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:48947 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49644 <-> DISABLED <-> SERVER-WEBAPP Softneta MedDream PACS Server Premium directory traversal attempt (server-webapp.rules) * 1:49645 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (server-webapp.rules) * 1:49620 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (server-webapp.rules) * 1:49618 <-> ENABLED <-> FILE-OTHER Unix systemd-journald memory corruption attempt (file-other.rules) * 1:49621 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (server-webapp.rules) * 1:49652 <-> DISABLED <-> SERVER-OTHER ipTime G104BE directory traversal attempt (server-other.rules) * 1:49617 <-> ENABLED <-> FILE-OTHER Unix systemd-journald memory corruption attempt (file-other.rules) * 1:49625 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (malware-cnc.rules) * 1:49626 <-> ENABLED <-> BROWSER-IE Microsoft Edge resource entry same-origin-policy bypass attempt (browser-ie.rules) * 1:49627 <-> ENABLED <-> BROWSER-IE Microsoft Edge resource entry same-origin-policy bypass attempt (browser-ie.rules) * 1:49628 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49629 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49630 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49631 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49632 <-> ENABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (server-other.rules) * 1:49633 <-> ENABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (server-other.rules) * 1:49634 <-> DISABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (server-other.rules) * 1:49635 <-> DISABLED <-> SERVER-WEBAPP CMS Made Simple Showtime2 Module arbitrary PHP file upload attempt (server-webapp.rules) * 1:49636 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49651 <-> DISABLED <-> FILE-PDF Adobe Acrobat PDF printWithParams use-after-free attempt (file-pdf.rules) * 1:49650 <-> DISABLED <-> FILE-PDF Adobe Acrobat PDF printWithParams use-after-free attempt (file-pdf.rules) * 1:49623 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (malware-cnc.rules) * 1:49646 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (server-webapp.rules) * 1:49647 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (server-webapp.rules) * 1:49622 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (server-webapp.rules) * 1:49637 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49638 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49639 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49640 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF use-after-free attempt (file-pdf.rules) * 1:49641 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF use-after-free attempt (file-pdf.rules) * 1:49642 <-> DISABLED <-> SERVER-WEBAPP Softneta MedDream PACS Server Premium directory traversal attempt (server-webapp.rules) * 1:49643 <-> DISABLED <-> SERVER-WEBAPP Softneta MedDream PACS Server Premium directory traversal attempt (server-webapp.rules) * 1:49624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (malware-cnc.rules) * 3:49619 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (server-webapp.rules) * 3:49648 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0793 attack attempt (file-pdf.rules) * 3:49649 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0793 attack attempt (file-pdf.rules)
* 1:49114 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer underflow attempt (browser-other.rules) * 1:49458 <-> ENABLED <-> SERVER-OTHER PHP webshell upload attempt (server-other.rules) * 1:49112 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer underflow attempt (browser-other.rules) * 3:48946 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:48949 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (server-webapp.rules) * 3:48947 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:48948 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49650 <-> DISABLED <-> FILE-PDF Adobe Acrobat PDF printWithParams use-after-free attempt (snort3-file-pdf.rules) * 1:49623 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (snort3-malware-cnc.rules) * 1:49617 <-> ENABLED <-> FILE-OTHER Unix systemd-journald memory corruption attempt (snort3-file-other.rules) * 1:49620 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (snort3-server-webapp.rules) * 1:49647 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (snort3-server-webapp.rules) * 1:49624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (snort3-malware-cnc.rules) * 1:49625 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (snort3-malware-cnc.rules) * 1:49651 <-> DISABLED <-> FILE-PDF Adobe Acrobat PDF printWithParams use-after-free attempt (snort3-file-pdf.rules) * 1:49652 <-> DISABLED <-> SERVER-OTHER ipTime G104BE directory traversal attempt (snort3-server-other.rules) * 1:49618 <-> ENABLED <-> FILE-OTHER Unix systemd-journald memory corruption attempt (snort3-file-other.rules) * 1:49637 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (snort3-browser-plugins.rules) * 1:49621 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (snort3-server-webapp.rules) * 1:49629 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (snort3-os-windows.rules) * 1:49630 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (snort3-os-windows.rules) * 1:49631 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (snort3-os-windows.rules) * 1:49632 <-> ENABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (snort3-server-other.rules) * 1:49633 <-> ENABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (snort3-server-other.rules) * 1:49634 <-> DISABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (snort3-server-other.rules) * 1:49635 <-> DISABLED <-> SERVER-WEBAPP CMS Made Simple Showtime2 Module arbitrary PHP file upload attempt (snort3-server-webapp.rules) * 1:49636 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (snort3-browser-plugins.rules) * 1:49639 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (snort3-browser-plugins.rules) * 1:49638 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (snort3-browser-plugins.rules) * 1:49641 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF use-after-free attempt (snort3-file-pdf.rules) * 1:49642 <-> DISABLED <-> SERVER-WEBAPP Softneta MedDream PACS Server Premium directory traversal attempt (snort3-server-webapp.rules) * 1:49643 <-> DISABLED <-> SERVER-WEBAPP Softneta MedDream PACS Server Premium directory traversal attempt (snort3-server-webapp.rules) * 1:49644 <-> DISABLED <-> SERVER-WEBAPP Softneta MedDream PACS Server Premium directory traversal attempt (snort3-server-webapp.rules) * 1:49645 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (snort3-server-webapp.rules) * 1:49646 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (snort3-server-webapp.rules) * 1:49628 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (snort3-os-windows.rules) * 1:49626 <-> ENABLED <-> BROWSER-IE Microsoft Edge resource entry same-origin-policy bypass attempt (snort3-browser-ie.rules) * 1:49627 <-> ENABLED <-> BROWSER-IE Microsoft Edge resource entry same-origin-policy bypass attempt (snort3-browser-ie.rules) * 1:49622 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (snort3-server-webapp.rules) * 1:49640 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF use-after-free attempt (snort3-file-pdf.rules)
* 1:49112 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer underflow attempt (snort3-browser-other.rules) * 1:49114 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer underflow attempt (snort3-browser-other.rules) * 1:49458 <-> ENABLED <-> SERVER-OTHER PHP webshell upload attempt (snort3-server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49651 <-> DISABLED <-> FILE-PDF Adobe Acrobat PDF printWithParams use-after-free attempt (file-pdf.rules) * 1:49640 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF use-after-free attempt (file-pdf.rules) * 1:49652 <-> DISABLED <-> SERVER-OTHER ipTime G104BE directory traversal attempt (server-other.rules) * 1:49642 <-> DISABLED <-> SERVER-WEBAPP Softneta MedDream PACS Server Premium directory traversal attempt (server-webapp.rules) * 1:49643 <-> DISABLED <-> SERVER-WEBAPP Softneta MedDream PACS Server Premium directory traversal attempt (server-webapp.rules) * 1:49644 <-> DISABLED <-> SERVER-WEBAPP Softneta MedDream PACS Server Premium directory traversal attempt (server-webapp.rules) * 1:49638 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49617 <-> ENABLED <-> FILE-OTHER Unix systemd-journald memory corruption attempt (file-other.rules) * 1:49641 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF use-after-free attempt (file-pdf.rules) * 1:49647 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (server-webapp.rules) * 1:49646 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (server-webapp.rules) * 1:49637 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49621 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (server-webapp.rules) * 1:49622 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (server-webapp.rules) * 1:49623 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (malware-cnc.rules) * 1:49624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (malware-cnc.rules) * 1:49625 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (malware-cnc.rules) * 1:49626 <-> ENABLED <-> BROWSER-IE Microsoft Edge resource entry same-origin-policy bypass attempt (browser-ie.rules) * 1:49627 <-> ENABLED <-> BROWSER-IE Microsoft Edge resource entry same-origin-policy bypass attempt (browser-ie.rules) * 1:49628 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49618 <-> ENABLED <-> FILE-OTHER Unix systemd-journald memory corruption attempt (file-other.rules) * 1:49630 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49629 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49631 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49632 <-> ENABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (server-other.rules) * 1:49633 <-> ENABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (server-other.rules) * 1:49634 <-> DISABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (server-other.rules) * 1:49635 <-> DISABLED <-> SERVER-WEBAPP CMS Made Simple Showtime2 Module arbitrary PHP file upload attempt (server-webapp.rules) * 1:49639 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49636 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49645 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (server-webapp.rules) * 1:49620 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (server-webapp.rules) * 1:49650 <-> DISABLED <-> FILE-PDF Adobe Acrobat PDF printWithParams use-after-free attempt (file-pdf.rules) * 3:49619 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (server-webapp.rules) * 3:49648 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0793 attack attempt (file-pdf.rules) * 3:49649 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0793 attack attempt (file-pdf.rules)
* 1:49114 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer underflow attempt (browser-other.rules) * 1:49112 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer underflow attempt (browser-other.rules) * 1:49458 <-> ENABLED <-> SERVER-OTHER PHP webshell upload attempt (server-other.rules) * 3:48946 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:48949 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (server-webapp.rules) * 3:48947 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:48948 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:49622 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (server-webapp.rules) * 1:49647 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (server-webapp.rules) * 1:49620 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (server-webapp.rules) * 1:49621 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Dashboard directory traversal attempt (server-webapp.rules) * 1:49644 <-> DISABLED <-> SERVER-WEBAPP Softneta MedDream PACS Server Premium directory traversal attempt (server-webapp.rules) * 1:49646 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (server-webapp.rules) * 1:49617 <-> ENABLED <-> FILE-OTHER Unix systemd-journald memory corruption attempt (file-other.rules) * 1:49623 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (malware-cnc.rules) * 1:49625 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (malware-cnc.rules) * 1:49626 <-> ENABLED <-> BROWSER-IE Microsoft Edge resource entry same-origin-policy bypass attempt (browser-ie.rules) * 1:49627 <-> ENABLED <-> BROWSER-IE Microsoft Edge resource entry same-origin-policy bypass attempt (browser-ie.rules) * 1:49628 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49629 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49630 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49631 <-> DISABLED <-> OS-WINDOWS Huawei PCManager device driver privilege escalation attempt (os-windows.rules) * 1:49632 <-> ENABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (server-other.rules) * 1:49633 <-> ENABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (server-other.rules) * 1:49645 <-> DISABLED <-> SERVER-WEBAPP Wordpress image edit directory traversal attempt (server-webapp.rules) * 1:49634 <-> DISABLED <-> SERVER-OTHER Atvise SCADA arbitrary file disclosure attempt (server-other.rules) * 1:49635 <-> DISABLED <-> SERVER-WEBAPP CMS Made Simple Showtime2 Module arbitrary PHP file upload attempt (server-webapp.rules) * 1:49636 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49637 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49638 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49639 <-> DISABLED <-> BROWSER-PLUGINS Foscam IPCWebComponents ActiveX clsid access attempt (browser-plugins.rules) * 1:49652 <-> DISABLED <-> SERVER-OTHER ipTime G104BE directory traversal attempt (server-other.rules) * 1:49624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Redaman outbound connection (malware-cnc.rules) * 1:49640 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF use-after-free attempt (file-pdf.rules) * 1:49618 <-> ENABLED <-> FILE-OTHER Unix systemd-journald memory corruption attempt (file-other.rules) * 1:49650 <-> DISABLED <-> FILE-PDF Adobe Acrobat PDF printWithParams use-after-free attempt (file-pdf.rules) * 1:49643 <-> DISABLED <-> SERVER-WEBAPP Softneta MedDream PACS Server Premium directory traversal attempt (server-webapp.rules) * 1:49651 <-> DISABLED <-> FILE-PDF Adobe Acrobat PDF printWithParams use-after-free attempt (file-pdf.rules) * 1:49641 <-> ENABLED <-> FILE-PDF Adobe Acrobat PDF use-after-free attempt (file-pdf.rules) * 1:49642 <-> DISABLED <-> SERVER-WEBAPP Softneta MedDream PACS Server Premium directory traversal attempt (server-webapp.rules) * 3:49619 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (server-webapp.rules) * 3:49648 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0793 attack attempt (file-pdf.rules) * 3:49649 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2019-0793 attack attempt (file-pdf.rules)
* 1:49114 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer underflow attempt (browser-other.rules) * 1:49112 <-> DISABLED <-> BROWSER-OTHER Opera GIF parsing buffer underflow attempt (browser-other.rules) * 1:49458 <-> ENABLED <-> SERVER-OTHER PHP webshell upload attempt (server-other.rules) * 3:48948 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:48946 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:48947 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers command injection attempt (server-webapp.rules) * 3:48949 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
