Talos Rules 2019-08-27
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-flash, file-image, file-office, file-other, indicator-compromise, os-linux, os-mobile, os-other, os-windows, policy-other, protocol-imap, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-08-27 12:53:26 UTC

Snort Subscriber Rules Update

Date: 2019-08-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51219 <-> DISABLED <-> OS-OTHER OpenBSD TCP Timestamp handling denial of service attempt (os-other.rules)
 * 1:51218 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules)
 * 1:51217 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules)
 * 1:51222 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules)
 * 1:51221 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules)
 * 1:51220 <-> DISABLED <-> OS-LINUX Rdesktop process_redirect_pdu BSS overflow attempt (os-linux.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51224 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules)
 * 1:51223 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51236 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules)
 * 1:51235 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules)
 * 1:51234 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess Viewdll1 buffer overflow attempt (server-other.rules)
 * 1:51239 <-> DISABLED <-> SERVER-OTHER PHP-Proxy local file include attempt (server-other.rules)
 * 1:51238 <-> DISABLED <-> SERVER-OTHER Rockwell Automation RSLinux heap buffer overflow attempt (server-other.rules)
 * 1:51237 <-> DISABLED <-> SERVER-OTHER BlackIce ISS ICQ parser buffer overflow attempt (server-other.rules)
 * 1:51240 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51261 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules)
 * 1:51260 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules)
 * 1:51259 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51258 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51257 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51256 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51255 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51254 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51253 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51252 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51251 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51250 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51249 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51245 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51244 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51243 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51242 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51241 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51277 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51276 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51275 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51274 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules)
 * 1:51273 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules)
 * 1:51272 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51271 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51270 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules)
 * 1:51269 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules)
 * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules)
 * 1:51267 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules)
 * 1:51266 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules)
 * 1:51265 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules)
 * 1:51264 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules)
 * 1:51263 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules)
 * 1:51262 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules)
 * 1:51304 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdCreator ActiveX function call access (browser-plugins.rules)
 * 1:51303 <-> DISABLED <-> BROWSER-PLUGINS Mmedia.RadioServer ActiveX function call access (browser-plugins.rules)
 * 1:51302 <-> DISABLED <-> BROWSER-PLUGINS MSWC.MyInfo ActiveX function call access (browser-plugins.rules)
 * 1:51301 <-> DISABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules)
 * 1:51297 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules)
 * 1:51296 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules)
 * 1:51292 <-> DISABLED <-> SERVER-WEBAPP Axway SecureTransport XML external entity injection attempt (server-webapp.rules)
 * 1:51291 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules)
 * 1:51290 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules)
 * 1:51289 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules)
 * 1:51288 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules)
 * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules)
 * 1:51286 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules)
 * 1:51285 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules)
 * 1:51284 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules)
 * 1:51283 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 1:51282 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 1:51281 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 1:51280 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51279 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51278 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51305 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdDevice ActiveX function call access (browser-plugins.rules)
 * 3:51298 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51293 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51294 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51295 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51299 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51300 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51306 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
 * 3:51307 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
 * 3:51308 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:50891 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules)
 * 1:51096 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:51097 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:8066 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX clsid access (browser-plugins.rules)
 * 1:15880 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup window object tag code execution attempt (browser-ie.rules)
 * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules)
 * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules)
 * 1:50097 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules)
 * 1:50986 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules)
 * 1:51094 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules)
 * 1:7013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.ISCatAdm ActiveX function call access (browser-plugins.rules)
 * 1:50985 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules)
 * 1:51095 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)

2019-08-27 12:53:26 UTC

Snort Subscriber Rules Update

Date: 2019-08-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51282 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 1:51238 <-> DISABLED <-> SERVER-OTHER Rockwell Automation RSLinux heap buffer overflow attempt (server-other.rules)
 * 1:51224 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51218 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules)
 * 1:51234 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess Viewdll1 buffer overflow attempt (server-other.rules)
 * 1:51235 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules)
 * 1:51236 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules)
 * 1:51237 <-> DISABLED <-> SERVER-OTHER BlackIce ISS ICQ parser buffer overflow attempt (server-other.rules)
 * 1:51221 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules)
 * 1:51220 <-> DISABLED <-> OS-LINUX Rdesktop process_redirect_pdu BSS overflow attempt (os-linux.rules)
 * 1:51219 <-> DISABLED <-> OS-OTHER OpenBSD TCP Timestamp handling denial of service attempt (os-other.rules)
 * 1:51239 <-> DISABLED <-> SERVER-OTHER PHP-Proxy local file include attempt (server-other.rules)
 * 1:51240 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51241 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51242 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51243 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51223 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules)
 * 1:51244 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51245 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51249 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51250 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51251 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51252 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51253 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51254 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51255 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51256 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51257 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51258 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51259 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51301 <-> DISABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules)
 * 1:51260 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules)
 * 1:51261 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules)
 * 1:51262 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules)
 * 1:51263 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules)
 * 1:51264 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules)
 * 1:51265 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules)
 * 1:51266 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules)
 * 1:51267 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules)
 * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules)
 * 1:51269 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules)
 * 1:51270 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules)
 * 1:51271 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51272 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51273 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules)
 * 1:51274 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules)
 * 1:51275 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51276 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51277 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51278 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51279 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51280 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51297 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules)
 * 1:51296 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules)
 * 1:51292 <-> DISABLED <-> SERVER-WEBAPP Axway SecureTransport XML external entity injection attempt (server-webapp.rules)
 * 1:51291 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules)
 * 1:51290 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules)
 * 1:51289 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules)
 * 1:51288 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules)
 * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules)
 * 1:51286 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules)
 * 1:51217 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules)
 * 1:51283 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 1:51285 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules)
 * 1:51284 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules)
 * 1:51302 <-> DISABLED <-> BROWSER-PLUGINS MSWC.MyInfo ActiveX function call access (browser-plugins.rules)
 * 1:51303 <-> DISABLED <-> BROWSER-PLUGINS Mmedia.RadioServer ActiveX function call access (browser-plugins.rules)
 * 1:51305 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdDevice ActiveX function call access (browser-plugins.rules)
 * 1:51304 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdCreator ActiveX function call access (browser-plugins.rules)
 * 1:51222 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51281 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 3:51299 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51300 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51298 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51295 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51293 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51306 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
 * 3:51307 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
 * 3:51294 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51308 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:51097 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:15880 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup window object tag code execution attempt (browser-ie.rules)
 * 1:50097 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules)
 * 1:8066 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX clsid access (browser-plugins.rules)
 * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules)
 * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules)
 * 1:50986 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules)
 * 1:51094 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules)
 * 1:50891 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules)
 * 1:50985 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules)
 * 1:51095 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:7013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.ISCatAdm ActiveX function call access (browser-plugins.rules)
 * 1:51096 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)

2019-08-27 12:53:26 UTC

Snort Subscriber Rules Update

Date: 2019-08-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51278 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51282 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 1:51218 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules)
 * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules)
 * 1:51285 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules)
 * 1:51284 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51305 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdDevice ActiveX function call access (browser-plugins.rules)
 * 1:51304 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdCreator ActiveX function call access (browser-plugins.rules)
 * 1:51303 <-> DISABLED <-> BROWSER-PLUGINS Mmedia.RadioServer ActiveX function call access (browser-plugins.rules)
 * 1:51302 <-> DISABLED <-> BROWSER-PLUGINS MSWC.MyInfo ActiveX function call access (browser-plugins.rules)
 * 1:51301 <-> DISABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules)
 * 1:51297 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules)
 * 1:51296 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules)
 * 1:51292 <-> DISABLED <-> SERVER-WEBAPP Axway SecureTransport XML external entity injection attempt (server-webapp.rules)
 * 1:51291 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules)
 * 1:51290 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules)
 * 1:51289 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules)
 * 1:51288 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules)
 * 1:51286 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules)
 * 1:51281 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51237 <-> DISABLED <-> SERVER-OTHER BlackIce ISS ICQ parser buffer overflow attempt (server-other.rules)
 * 1:51238 <-> DISABLED <-> SERVER-OTHER Rockwell Automation RSLinux heap buffer overflow attempt (server-other.rules)
 * 1:51263 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules)
 * 1:51264 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules)
 * 1:51265 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules)
 * 1:51266 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules)
 * 1:51267 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules)
 * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules)
 * 1:51269 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules)
 * 1:51270 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules)
 * 1:51271 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51274 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules)
 * 1:51275 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51273 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules)
 * 1:51276 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51279 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51277 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51283 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 1:51219 <-> DISABLED <-> OS-OTHER OpenBSD TCP Timestamp handling denial of service attempt (os-other.rules)
 * 1:51221 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules)
 * 1:51220 <-> DISABLED <-> OS-LINUX Rdesktop process_redirect_pdu BSS overflow attempt (os-linux.rules)
 * 1:51222 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules)
 * 1:51217 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules)
 * 1:51247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51245 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51244 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51236 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules)
 * 1:51234 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess Viewdll1 buffer overflow attempt (server-other.rules)
 * 1:51235 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules)
 * 1:51259 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51260 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules)
 * 1:51257 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51258 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51255 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51256 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51254 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51253 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51251 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51252 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51249 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51250 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51243 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51223 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules)
 * 1:51241 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51242 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51239 <-> DISABLED <-> SERVER-OTHER PHP-Proxy local file include attempt (server-other.rules)
 * 1:51240 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51224 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules)
 * 1:51280 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51272 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51261 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules)
 * 1:51262 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules)
 * 3:51294 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51295 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51299 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51300 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51306 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
 * 3:51307 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
 * 3:51308 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
 * 3:51293 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51298 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)

Modified Rules:


 * 1:51096 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:50097 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules)
 * 1:8066 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX clsid access (browser-plugins.rules)
 * 1:15880 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup window object tag code execution attempt (browser-ie.rules)
 * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules)
 * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules)
 * 1:50986 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules)
 * 1:51094 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:51097 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules)
 * 1:50891 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules)
 * 1:7013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.ISCatAdm ActiveX function call access (browser-plugins.rules)
 * 1:51095 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:50985 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules)

2019-08-27 12:53:26 UTC

Snort Subscriber Rules Update

Date: 2019-08-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51218 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules)
 * 1:51286 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules)
 * 1:51273 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules)
 * 1:51284 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules)
 * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules)
 * 1:51285 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules)
 * 1:51282 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 1:51289 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules)
 * 1:51304 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdCreator ActiveX function call access (browser-plugins.rules)
 * 1:51288 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules)
 * 1:51305 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdDevice ActiveX function call access (browser-plugins.rules)
 * 1:51290 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules)
 * 1:51279 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51303 <-> DISABLED <-> BROWSER-PLUGINS Mmedia.RadioServer ActiveX function call access (browser-plugins.rules)
 * 1:51251 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51257 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51296 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules)
 * 1:51292 <-> DISABLED <-> SERVER-WEBAPP Axway SecureTransport XML external entity injection attempt (server-webapp.rules)
 * 1:51291 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules)
 * 1:51302 <-> DISABLED <-> BROWSER-PLUGINS MSWC.MyInfo ActiveX function call access (browser-plugins.rules)
 * 1:51301 <-> DISABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51237 <-> DISABLED <-> SERVER-OTHER BlackIce ISS ICQ parser buffer overflow attempt (server-other.rules)
 * 1:51276 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51277 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51274 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules)
 * 1:51275 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51250 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51252 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51271 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51269 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules)
 * 1:51270 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules)
 * 1:51267 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules)
 * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules)
 * 1:51266 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules)
 * 1:51265 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules)
 * 1:51263 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules)
 * 1:51264 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules)
 * 1:51261 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules)
 * 1:51262 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules)
 * 1:51259 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51260 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules)
 * 1:51281 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 1:51238 <-> DISABLED <-> SERVER-OTHER Rockwell Automation RSLinux heap buffer overflow attempt (server-other.rules)
 * 1:51224 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules)
 * 1:51239 <-> DISABLED <-> SERVER-OTHER PHP-Proxy local file include attempt (server-other.rules)
 * 1:51240 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51241 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51242 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51243 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51223 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules)
 * 1:51280 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51255 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51244 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51245 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51235 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules)
 * 1:51236 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules)
 * 1:51234 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess Viewdll1 buffer overflow attempt (server-other.rules)
 * 1:51217 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules)
 * 1:51220 <-> DISABLED <-> OS-LINUX Rdesktop process_redirect_pdu BSS overflow attempt (os-linux.rules)
 * 1:51222 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules)
 * 1:51221 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules)
 * 1:51219 <-> DISABLED <-> OS-OTHER OpenBSD TCP Timestamp handling denial of service attempt (os-other.rules)
 * 1:51278 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51258 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51256 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51254 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51272 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51253 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51297 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules)
 * 1:51249 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51283 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 3:51306 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
 * 3:51298 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51293 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51295 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51294 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51300 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51307 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
 * 3:51299 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51308 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:51096 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:15880 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup window object tag code execution attempt (browser-ie.rules)
 * 1:8066 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX clsid access (browser-plugins.rules)
 * 1:50891 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules)
 * 1:50097 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules)
 * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules)
 * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules)
 * 1:51094 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:51097 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules)
 * 1:7013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.ISCatAdm ActiveX function call access (browser-plugins.rules)
 * 1:51095 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:50985 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules)
 * 1:50986 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules)

2019-08-27 12:53:26 UTC

Snort Subscriber Rules Update

Date: 2019-08-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51291 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (snort3-os-mobile.rules)
 * 1:51243 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (snort3-server-webapp.rules)
 * 1:51290 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (snort3-os-mobile.rules)
 * 1:51288 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (snort3-server-webapp.rules)
 * 1:51292 <-> DISABLED <-> SERVER-WEBAPP Axway SecureTransport XML external entity injection attempt (snort3-server-webapp.rules)
 * 1:51289 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (snort3-server-webapp.rules)
 * 1:51222 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (snort3-file-flash.rules)
 * 1:51236 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (snort3-file-other.rules)
 * 1:51239 <-> DISABLED <-> SERVER-OTHER PHP-Proxy local file include attempt (snort3-server-other.rules)
 * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (snort3-server-webapp.rules)
 * 1:51240 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (snort3-server-webapp.rules)
 * 1:51221 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (snort3-file-flash.rules)
 * 1:51297 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (snort3-protocol-other.rules)
 * 1:51238 <-> DISABLED <-> SERVER-OTHER Rockwell Automation RSLinux heap buffer overflow attempt (snort3-server-other.rules)
 * 1:51296 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (snort3-protocol-other.rules)
 * 1:51242 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (snort3-server-webapp.rules)
 * 1:51224 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (snort3-file-other.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (snort3-file-flash.rules)
 * 1:51303 <-> DISABLED <-> BROWSER-PLUGINS Mmedia.RadioServer ActiveX function call access (snort3-browser-plugins.rules)
 * 1:51302 <-> DISABLED <-> BROWSER-PLUGINS MSWC.MyInfo ActiveX function call access (snort3-browser-plugins.rules)
 * 1:51244 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (snort3-browser-plugins.rules)
 * 1:51245 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (snort3-browser-plugins.rules)
 * 1:51246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules)
 * 1:51247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules)
 * 1:51248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules)
 * 1:51235 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (snort3-file-other.rules)
 * 1:51252 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules)
 * 1:51253 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules)
 * 1:51217 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (snort3-file-other.rules)
 * 1:51254 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules)
 * 1:51255 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules)
 * 1:51256 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules)
 * 1:51241 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (snort3-server-webapp.rules)
 * 1:51257 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules)
 * 1:51258 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (snort3-browser-plugins.rules)
 * 1:51259 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (snort3-browser-plugins.rules)
 * 1:51260 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (snort3-server-webapp.rules)
 * 1:51218 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (snort3-file-other.rules)
 * 1:51261 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (snort3-server-webapp.rules)
 * 1:51262 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51223 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (snort3-file-other.rules)
 * 1:51263 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51286 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (snort3-server-other.rules)
 * 1:51234 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess Viewdll1 buffer overflow attempt (snort3-server-other.rules)
 * 1:51219 <-> DISABLED <-> OS-OTHER OpenBSD TCP Timestamp handling denial of service attempt (snort3-os-other.rules)
 * 1:51237 <-> DISABLED <-> SERVER-OTHER BlackIce ISS ICQ parser buffer overflow attempt (snort3-server-other.rules)
 * 1:51264 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51265 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51266 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (snort3-file-office.rules)
 * 1:51267 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (snort3-file-office.rules)
 * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (snort3-file-other.rules)
 * 1:51269 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (snort3-file-other.rules)
 * 1:51270 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (snort3-file-other.rules)
 * 1:51271 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (snort3-browser-plugins.rules)
 * 1:51272 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (snort3-browser-plugins.rules)
 * 1:51273 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (snort3-server-webapp.rules)
 * 1:51274 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (snort3-server-webapp.rules)
 * 1:51275 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (snort3-server-webapp.rules)
 * 1:51276 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (snort3-server-webapp.rules)
 * 1:51277 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (snort3-server-webapp.rules)
 * 1:51305 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdDevice ActiveX function call access (snort3-browser-plugins.rules)
 * 1:51301 <-> DISABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (snort3-server-other.rules)
 * 1:51278 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (snort3-server-webapp.rules)
 * 1:51279 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (snort3-server-webapp.rules)
 * 1:51220 <-> DISABLED <-> OS-LINUX Rdesktop process_redirect_pdu BSS overflow attempt (snort3-os-linux.rules)
 * 1:51251 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules)
 * 1:51250 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules)
 * 1:51249 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules)
 * 1:51304 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdCreator ActiveX function call access (snort3-browser-plugins.rules)
 * 1:51280 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (snort3-server-webapp.rules)
 * 1:51281 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51282 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (snort3-file-flash.rules)
 * 1:51283 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (snort3-server-webapp.rules)
 * 1:51284 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (snort3-file-image.rules)
 * 1:51285 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (snort3-file-image.rules)

Modified Rules:


 * 1:51097 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (snort3-file-image.rules)
 * 1:7013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.ISCatAdm ActiveX function call access (snort3-browser-plugins.rules)
 * 1:50985 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (snort3-file-image.rules)
 * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (snort3-protocol-imap.rules)
 * 1:15880 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup window object tag code execution attempt (snort3-browser-ie.rules)
 * 1:51094 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (snort3-file-image.rules)
 * 1:51096 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (snort3-file-image.rules)
 * 1:50891 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (snort3-server-other.rules)
 * 1:50986 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (snort3-file-image.rules)
 * 1:8066 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:50097 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (snort3-indicator-compromise.rules)
 * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (snort3-server-webapp.rules)
 * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (snort3-os-windows.rules)
 * 1:51095 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (snort3-file-image.rules)

2019-08-27 12:53:26 UTC

Snort Subscriber Rules Update

Date: 2019-08-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51285 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules)
 * 1:51280 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51302 <-> DISABLED <-> BROWSER-PLUGINS MSWC.MyInfo ActiveX function call access (browser-plugins.rules)
 * 1:51288 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules)
 * 1:51303 <-> DISABLED <-> BROWSER-PLUGINS Mmedia.RadioServer ActiveX function call access (browser-plugins.rules)
 * 1:51283 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 1:51286 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules)
 * 1:51278 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules)
 * 1:51289 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules)
 * 1:51292 <-> DISABLED <-> SERVER-WEBAPP Axway SecureTransport XML external entity injection attempt (server-webapp.rules)
 * 1:51284 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules)
 * 1:51290 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules)
 * 1:51291 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules)
 * 1:51282 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 1:51304 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdCreator ActiveX function call access (browser-plugins.rules)
 * 1:51296 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules)
 * 1:51220 <-> DISABLED <-> OS-LINUX Rdesktop process_redirect_pdu BSS overflow attempt (os-linux.rules)
 * 1:51217 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules)
 * 1:51279 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51223 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules)
 * 1:51224 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51222 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules)
 * 1:51221 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51234 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess Viewdll1 buffer overflow attempt (server-other.rules)
 * 1:51235 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules)
 * 1:51236 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules)
 * 1:51237 <-> DISABLED <-> SERVER-OTHER BlackIce ISS ICQ parser buffer overflow attempt (server-other.rules)
 * 1:51238 <-> DISABLED <-> SERVER-OTHER Rockwell Automation RSLinux heap buffer overflow attempt (server-other.rules)
 * 1:51239 <-> DISABLED <-> SERVER-OTHER PHP-Proxy local file include attempt (server-other.rules)
 * 1:51219 <-> DISABLED <-> OS-OTHER OpenBSD TCP Timestamp handling denial of service attempt (os-other.rules)
 * 1:51240 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51241 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51242 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51243 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51218 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules)
 * 1:51277 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51297 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules)
 * 1:51244 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51245 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51249 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51250 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51251 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51252 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51253 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51254 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51255 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51256 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51257 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51258 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51259 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51281 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 1:51260 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules)
 * 1:51261 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules)
 * 1:51262 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules)
 * 1:51263 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules)
 * 1:51301 <-> DISABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules)
 * 1:51264 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules)
 * 1:51265 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules)
 * 1:51266 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules)
 * 1:51267 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules)
 * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules)
 * 1:51269 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules)
 * 1:51270 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules)
 * 1:51271 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51272 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51273 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules)
 * 1:51274 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules)
 * 1:51275 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51276 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51305 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdDevice ActiveX function call access (browser-plugins.rules)
 * 3:51293 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51308 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
 * 3:51294 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51299 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51300 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51298 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51295 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51306 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
 * 3:51307 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:50985 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules)
 * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules)
 * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules)
 * 1:8066 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX clsid access (browser-plugins.rules)
 * 1:15880 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup window object tag code execution attempt (browser-ie.rules)
 * 1:50891 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules)
 * 1:51097 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:50097 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules)
 * 1:51094 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:51095 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:51096 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:50986 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules)
 * 1:7013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.ISCatAdm ActiveX function call access (browser-plugins.rules)
 * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules)

2019-08-27 12:53:26 UTC

Snort Subscriber Rules Update

Date: 2019-08-27

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:51282 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 1:51301 <-> DISABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules)
 * 1:51285 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules)
 * 1:51286 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules)
 * 1:51292 <-> DISABLED <-> SERVER-WEBAPP Axway SecureTransport XML external entity injection attempt (server-webapp.rules)
 * 1:51218 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules)
 * 1:51297 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules)
 * 1:51296 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules)
 * 1:51236 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules)
 * 1:51284 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules)
 * 1:51234 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess Viewdll1 buffer overflow attempt (server-other.rules)
 * 1:51235 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules)
 * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules)
 * 1:51305 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdDevice ActiveX function call access (browser-plugins.rules)
 * 1:51289 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules)
 * 1:51291 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules)
 * 1:51244 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51263 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules)
 * 1:51247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51245 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51290 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules)
 * 1:51219 <-> DISABLED <-> OS-OTHER OpenBSD TCP Timestamp handling denial of service attempt (os-other.rules)
 * 1:51304 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdCreator ActiveX function call access (browser-plugins.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51237 <-> DISABLED <-> SERVER-OTHER BlackIce ISS ICQ parser buffer overflow attempt (server-other.rules)
 * 1:51238 <-> DISABLED <-> SERVER-OTHER Rockwell Automation RSLinux heap buffer overflow attempt (server-other.rules)
 * 1:51223 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules)
 * 1:51222 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules)
 * 1:51220 <-> DISABLED <-> OS-LINUX Rdesktop process_redirect_pdu BSS overflow attempt (os-linux.rules)
 * 1:51243 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51302 <-> DISABLED <-> BROWSER-PLUGINS MSWC.MyInfo ActiveX function call access (browser-plugins.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51221 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules)
 * 1:51264 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules)
 * 1:51240 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51242 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51224 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules)
 * 1:51241 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules)
 * 1:51239 <-> DISABLED <-> SERVER-OTHER PHP-Proxy local file include attempt (server-other.rules)
 * 1:51254 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51256 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51261 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules)
 * 1:51250 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51259 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51252 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51257 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51255 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51253 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51251 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51249 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules)
 * 1:51266 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules)
 * 1:51269 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules)
 * 1:51260 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules)
 * 1:51258 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51280 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51276 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51278 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51303 <-> DISABLED <-> BROWSER-PLUGINS Mmedia.RadioServer ActiveX function call access (browser-plugins.rules)
 * 1:51272 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51281 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 1:51274 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules)
 * 1:51279 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules)
 * 1:51267 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules)
 * 1:51277 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51270 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules)
 * 1:51275 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules)
 * 1:51262 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules)
 * 1:51273 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules)
 * 1:51265 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules)
 * 1:51271 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51283 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules)
 * 1:51288 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules)
 * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules)
 * 1:51217 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules)
 * 3:51295 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51293 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
 * 3:51306 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
 * 3:51299 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51300 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51298 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
 * 3:51308 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
 * 3:51307 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
 * 3:51294 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)

Modified Rules:


 * 1:51097 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:50891 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules)
 * 1:50985 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules)
 * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules)
 * 1:51095 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:15880 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup window object tag code execution attempt (browser-ie.rules)
 * 1:50097 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules)
 * 1:7013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.ISCatAdm ActiveX function call access (browser-plugins.rules)
 * 1:8066 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX clsid access (browser-plugins.rules)
 * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules)
 * 1:51094 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
 * 1:50986 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules)
 * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules)
 * 1:51096 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)