In this release a number of rules have been added to the security policy as part of ongoing policy rebalancing efforts.
Talos has added and modified multiple rules in the browser-chrome, browser-firefox, browser-ie, browser-other, browser-plugins, browser-webkit, exploit-kit, file-flash, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, malware-cnc, malware-tools, netbios, os-linux, os-mobile, os-windows, policy-other, protocol-dns, protocol-icmp, pua-other, server-apache, server-iis, server-mail, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules) * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules) * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules) * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules) * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
* 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules) * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules) * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules) * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules) * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules) * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules) * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules) * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules) * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules) * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules) * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules) * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules) * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules) * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules) * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules) * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules) * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules) * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules) * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules) * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules) * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules) * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules) * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules) * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules) * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules) * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules) * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules) * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules) * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules) * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules) * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
* 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules) * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules) * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules) * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules) * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules) * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules) * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules) * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules) * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules) * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules) * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules) * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules) * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules) * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules) * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules) * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules) * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules) * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules) * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules) * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules) * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules) * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules) * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules) * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules) * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules) * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules) * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules) * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules) * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules) * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules) * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules) * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
* 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules) * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules) * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules) * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules) * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules) * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules) * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules) * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules) * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules) * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules) * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules) * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules) * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules) * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules) * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules) * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules) * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules) * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules) * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules) * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules) * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules) * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules) * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules) * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
* 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules) * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules) * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules) * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules) * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules) * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules) * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules) * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules) * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules) * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules) * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules) * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules) * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules) * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules) * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules) * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules) * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules) * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules) * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules) * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules) * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules) * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules) * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules) * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules) * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules) * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules) * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules) * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules) * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules) * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules) * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules) * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules) * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules) * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules) * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules) * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules) * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
* 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules) * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules) * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules) * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules) * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules) * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules) * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules) * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules) * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules) * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules) * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules) * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules) * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules) * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules) * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules) * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules) * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules) * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules) * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules) * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules) * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules) * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules) * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules) * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules) * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules) * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules) * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules) * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules) * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules) * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules) * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules) * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules) * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
* 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules) * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules) * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules) * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules) * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules) * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules) * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules) * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules) * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules) * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules) * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules) * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules) * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules) * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules) * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules) * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules) * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules) * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules) * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules) * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules) * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules) * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules) * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules) * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules) * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules) * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules) * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules) * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules) * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules) * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
* 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules) * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules) * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules) * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules) * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules) * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules) * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules) * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules) * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules) * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules) * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules) * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules) * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules) * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules) * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules) * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules) * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules) * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules) * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules) * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules) * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules) * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules) * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules) * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules) * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules) * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules) * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules) * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules) * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules) * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules) * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules) * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules) * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
* 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules) * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules) * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules) * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules) * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules) * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules) * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules) * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules) * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules) * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules) * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules) * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules) * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules) * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules) * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules) * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules) * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules) * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules) * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules) * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules) * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules) * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules) * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules) * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules) * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules) * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules) * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules) * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules) * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules) * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules) * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules) * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules) * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules) * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
* 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules) * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules) * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules) * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules) * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules) * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules) * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules) * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules) * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules) * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules) * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules) * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules) * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules) * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules) * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules) * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules) * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules) * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules) * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules) * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules) * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules) * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules) * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules) * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules) * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules) * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules) * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules) * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules) * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules) * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules) * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules) * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules) * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules) * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules) * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules) * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules) * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
* 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules) * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules) * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules) * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules) * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules) * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules) * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules) * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules) * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules) * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules) * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules) * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules) * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules) * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules) * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules) * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules) * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules) * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules) * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules) * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules) * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules) * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules) * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules) * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules) * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules) * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules) * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules) * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules) * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules) * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules) * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules) * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules) * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (snort3-browser-chrome.rules) * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (snort3-server-other.rules) * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (snort3-server-webapp.rules) * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (snort3-policy-other.rules) * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (snort3-file-other.rules) * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (snort3-os-windows.rules) * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (snort3-server-webapp.rules) * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (snort3-server-webapp.rules) * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (snort3-malware-tools.rules) * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules) * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (snort3-server-webapp.rules) * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (snort3-server-webapp.rules) * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (snort3-file-other.rules) * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (snort3-policy-other.rules) * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (snort3-browser-chrome.rules) * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules) * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (snort3-policy-other.rules) * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (snort3-server-webapp.rules) * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (snort3-server-other.rules) * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (snort3-policy-other.rules) * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (snort3-os-windows.rules) * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (snort3-malware-tools.rules) * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (snort3-server-webapp.rules) * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules)
* 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (snort3-browser-firefox.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (snort3-pua-other.rules) * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (snort3-browser-ie.rules) * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (snort3-browser-plugins.rules) * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (snort3-file-other.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (snort3-file-other.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (snort3-protocol-dns.rules) * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (snort3-browser-firefox.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (snort3-policy-other.rules) * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (snort3-file-pdf.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (snort3-policy-other.rules) * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (snort3-browser-firefox.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (snort3-browser-firefox.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (snort3-file-flash.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (snort3-browser-firefox.rules) * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (snort3-browser-plugins.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (snort3-policy-other.rules) * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (snort3-file-other.rules) * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (snort3-file-pdf.rules) * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (snort3-server-mail.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (snort3-file-java.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (snort3-file-java.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (snort3-browser-webkit.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (snort3-browser-plugins.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (snort3-os-mobile.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (snort3-file-flash.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (snort3-browser-firefox.rules) * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (snort3-browser-firefox.rules) * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (snort3-browser-firefox.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (snort3-file-flash.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (snort3-policy-other.rules) * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (snort3-browser-plugins.rules) * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (snort3-file-flash.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (snort3-browser-firefox.rules) * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (snort3-file-pdf.rules) * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (snort3-browser-ie.rules) * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (snort3-file-image.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (snort3-browser-plugins.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (snort3-server-other.rules) * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (snort3-server-other.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules) * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (snort3-netbios.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (snort3-policy-other.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (snort3-file-other.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (snort3-browser-firefox.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (snort3-file-flash.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (snort3-file-other.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (snort3-browser-firefox.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (snort3-file-flash.rules) * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (snort3-os-linux.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (snort3-exploit-kit.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (snort3-file-other.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (snort3-exploit-kit.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (snort3-exploit-kit.rules) * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (snort3-browser-plugins.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (snort3-exploit-kit.rules) * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (snort3-browser-plugins.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (snort3-exploit-kit.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (snort3-exploit-kit.rules) * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (snort3-exploit-kit.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (snort3-exploit-kit.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (snort3-file-flash.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (snort3-browser-firefox.rules) * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (snort3-browser-plugins.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (snort3-browser-firefox.rules) * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (snort3-file-office.rules) * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (snort3-server-other.rules) * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (snort3-server-webapp.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (snort3-server-oracle.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (snort3-server-oracle.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (snort3-exploit-kit.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (snort3-policy-other.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (snort3-exploit-kit.rules) * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (snort3-browser-plugins.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (snort3-file-flash.rules) * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (snort3-browser-firefox.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (snort3-browser-plugins.rules) * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (snort3-file-other.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (snort3-browser-ie.rules) * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (snort3-exploit-kit.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (snort3-exploit-kit.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (snort3-file-java.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (snort3-file-flash.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (snort3-exploit-kit.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (snort3-exploit-kit.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (snort3-os-windows.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (snort3-file-java.rules) * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (snort3-server-webapp.rules) * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (snort3-exploit-kit.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (snort3-exploit-kit.rules) * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (snort3-browser-plugins.rules) * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (snort3-file-flash.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (snort3-browser-plugins.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (snort3-file-multimedia.rules) * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (snort3-browser-firefox.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (snort3-browser-firefox.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (snort3-os-windows.rules) * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (snort3-browser-plugins.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (snort3-server-apache.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (snort3-file-other.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (snort3-server-other.rules) * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (snort3-browser-plugins.rules) * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (snort3-browser-ie.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (snort3-netbios.rules) * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (snort3-browser-ie.rules) * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (snort3-browser-chrome.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (snort3-browser-chrome.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (snort3-file-other.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (snort3-file-flash.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (snort3-protocol-icmp.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (snort3-browser-firefox.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (snort3-file-flash.rules) * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (snort3-browser-chrome.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (snort3-browser-chrome.rules) * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (snort3-browser-ie.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (snort3-browser-firefox.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (snort3-browser-firefox.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (snort3-file-flash.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (snort3-browser-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (snort3-server-other.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (snort3-file-flash.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (snort3-file-flash.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (snort3-browser-firefox.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (snort3-server-oracle.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (snort3-browser-firefox.rules) * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (snort3-browser-firefox.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (snort3-browser-ie.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (snort3-browser-firefox.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (snort3-file-other.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (snort3-browser-firefox.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (snort3-file-other.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (snort3-os-windows.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (snort3-file-image.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (snort3-browser-firefox.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (snort3-file-other.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (snort3-browser-plugins.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (snort3-server-oracle.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (snort3-server-other.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (snort3-browser-firefox.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (snort3-browser-plugins.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (snort3-browser-plugins.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (snort3-server-other.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (snort3-file-other.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (snort3-browser-firefox.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (snort3-browser-firefox.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (snort3-browser-firefox.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (snort3-browser-plugins.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (snort3-file-java.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (snort3-browser-firefox.rules) * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (snort3-server-other.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (snort3-server-other.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (snort3-server-oracle.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (snort3-file-java.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (snort3-browser-firefox.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (snort3-browser-plugins.rules) * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (snort3-browser-firefox.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (snort3-exploit-kit.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (snort3-server-iis.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (snort3-file-java.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (snort3-exploit-kit.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (snort3-server-other.rules) * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (snort3-server-other.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (snort3-file-flash.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (snort3-file-other.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (snort3-file-flash.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (snort3-server-other.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (snort3-malware-cnc.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (snort3-policy-other.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (snort3-server-oracle.rules) * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (snort3-browser-plugins.rules) * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (snort3-server-other.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (snort3-exploit-kit.rules) * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (snort3-browser-plugins.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (snort3-browser-plugins.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (snort3-server-other.rules) * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (snort3-browser-plugins.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (snort3-browser-plugins.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (snort3-server-apache.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (snort3-server-other.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (snort3-server-iis.rules) * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (snort3-browser-plugins.rules) * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (snort3-browser-plugins.rules) * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (snort3-browser-plugins.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (snort3-browser-firefox.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (snort3-file-java.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (snort3-file-flash.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (snort3-browser-webkit.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (snort3-exploit-kit.rules) * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (snort3-browser-plugins.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (snort3-browser-firefox.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (snort3-browser-firefox.rules) * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (snort3-browser-plugins.rules) * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (snort3-exploit-kit.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (snort3-exploit-kit.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (snort3-exploit-kit.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (snort3-browser-plugins.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (snort3-server-oracle.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (snort3-browser-plugins.rules) * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (snort3-browser-plugins.rules) * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (snort3-server-other.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (snort3-os-windows.rules) * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (snort3-exploit-kit.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (snort3-file-java.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (snort3-exploit-kit.rules) * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (snort3-browser-plugins.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (snort3-browser-firefox.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (snort3-file-office.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (snort3-exploit-kit.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (snort3-exploit-kit.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (snort3-server-other.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (snort3-exploit-kit.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (snort3-exploit-kit.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (snort3-exploit-kit.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (snort3-server-other.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (snort3-file-java.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (snort3-server-apache.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (snort3-os-linux.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (snort3-server-other.rules) * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (snort3-server-other.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules) * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (snort3-browser-plugins.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (snort3-browser-other.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (snort3-exploit-kit.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (snort3-exploit-kit.rules) * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (snort3-exploit-kit.rules) * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (snort3-server-iis.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (snort3-browser-firefox.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (snort3-browser-plugins.rules) * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (snort3-exploit-kit.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (snort3-browser-plugins.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (snort3-browser-plugins.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (snort3-server-apache.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (snort3-browser-plugins.rules) * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (snort3-file-other.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (snort3-browser-firefox.rules) * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (snort3-server-other.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (snort3-file-pdf.rules) * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (snort3-browser-plugins.rules) * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (snort3-server-other.rules) * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (snort3-browser-ie.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (snort3-server-webapp.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (snort3-server-webapp.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (snort3-file-office.rules) * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (snort3-file-other.rules) * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (snort3-browser-plugins.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (snort3-file-flash.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (snort3-server-webapp.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (snort3-file-multimedia.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (snort3-browser-plugins.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (snort3-exploit-kit.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (snort3-exploit-kit.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (snort3-exploit-kit.rules) * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (snort3-file-other.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (snort3-file-pdf.rules) * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (snort3-browser-ie.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (snort3-file-flash.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (snort3-exploit-kit.rules) * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (snort3-file-other.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (snort3-protocol-icmp.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (snort3-file-other.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (snort3-exploit-kit.rules) * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (snort3-browser-plugins.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (snort3-exploit-kit.rules) * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (snort3-exploit-kit.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (snort3-browser-plugins.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (snort3-server-other.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (snort3-exploit-kit.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (snort3-browser-ie.rules) * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (snort3-os-windows.rules) * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (snort3-exploit-kit.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (snort3-file-flash.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (snort3-exploit-kit.rules) * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (snort3-browser-plugins.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (snort3-browser-plugins.rules) * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (snort3-server-other.rules) * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (snort3-malware-cnc.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (snort3-file-java.rules) * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules) * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (snort3-file-java.rules) * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (snort3-browser-firefox.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (snort3-exploit-kit.rules) * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (snort3-browser-plugins.rules) * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (snort3-browser-plugins.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (snort3-server-other.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules) * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (snort3-browser-plugins.rules) * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (snort3-browser-plugins.rules) * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (snort3-browser-firefox.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules) * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules) * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules) * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules) * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules) * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules) * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules) * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules) * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules) * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules) * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules) * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules) * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
* 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules) * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules) * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules) * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules) * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules) * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules) * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules) * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules) * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules) * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules) * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules) * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules) * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules) * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules) * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules) * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules) * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules) * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules) * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules) * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules) * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules) * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules) * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules) * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules) * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules) * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules) * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules) * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules) * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules) * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules) * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules) * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules) * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules) * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules) * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules) * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules) * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow (server-iis.rules) * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules) * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules) * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules) * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules) * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules) * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules) * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules) * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules) * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules) * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules) * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules) * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules) * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules) * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules) * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules) * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules) * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules) * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules) * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules) * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules) * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules) * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules) * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules) * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules) * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules) * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules) * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules) * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules) * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules) * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules) * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules) * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules) * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules) * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules) * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules) * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules) * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules) * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt (protocol-icmp.rules) * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt (netbios.rules) * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules) * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules) * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules) * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules) * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules) * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules) * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules) * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules) * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules) * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules) * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules) * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules) * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules) * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules) * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules) * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules) * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules) * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules) * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules) * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules) * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules) * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules) * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules) * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules) * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules) * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules) * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules) * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules) * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules) * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules) * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules) * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:44877 <-> DISABLED <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules) * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules) * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules) * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules) * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules) * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules) * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules) * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules) * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules) * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules) * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules) * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules) * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules) * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules) * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules) * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules) * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules) * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules) * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules) * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules) * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules) * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules) * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules) * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules) * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules) * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules) * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules) * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules) * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules) * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules) * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules) * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules) * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules) * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules) * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules) * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules) * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules) * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules) * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules) * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules) * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules) * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules) * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules) * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules) * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules) * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules) * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules) * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules) * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules) * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules) * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules) * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules) * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules) * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules) * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules) * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules) * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules) * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules) * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules) * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules) * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules) * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules) * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules) * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules) * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules) * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules) * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules) * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules) * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules) * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules) * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules) * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules) * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules) * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules) * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules) * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules) * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules) * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules) * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules) * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules) * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules) * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules) * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules) * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules) * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules) * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules) * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules) * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules) * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules) * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules) * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules) * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules) * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules) * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules) * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules) * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules) * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules) * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules) * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules) * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules) * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules) * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules) * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules) * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules) * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules) * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt * 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt * 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt * 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access * 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access * 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access * 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access * 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access * 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access * 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access * 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access * 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access * 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access * 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access * 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access * 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access * 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access * 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access * 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access * 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access * 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow * 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access * 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access * 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt * 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow * 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access * 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access * 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt * 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt * 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access * 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access * 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access * 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access * 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access * 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt * 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow * 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt * 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt * 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt * 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt * 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt * 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt * 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt * 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access * 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt * 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt * 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt * 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt * 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt * 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt * 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt * 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET * 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt * 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt * 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt * 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields * 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields * 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt * 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access * 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt * 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt * 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt * 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt * 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt * 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt * 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 * 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 * 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt * 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt * 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt * 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt * 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt * 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow * 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow * 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access * 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt * 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt * 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt * 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt * 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt * 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution * 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access * 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access * 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt * 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt * 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt * 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata * 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt * 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt * 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page * 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt * 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt * 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt * 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response * 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download * 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download * 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt * 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet * 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:21484 <-> FILE-OTHER ZIP file name overflow attempt * 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page * 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch * 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt * 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt * 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading * 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow * 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt * 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page * 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt * 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt * 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt * 1:23797 <-> EXPLOIT-KIT Blackhole redirection page * 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt * 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure * 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received * 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received * 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt * 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt * 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure * 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure * 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt * 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt * 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt * 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt * 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt * 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt * 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt * 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt * 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded * 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt * 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download * 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt * 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt * 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt * 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt * 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection * 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt * 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt * 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt * 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt * 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt * 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt * 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt * 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt * 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt * 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt * 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt * 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt * 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt * 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt * 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt * 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt * 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt * 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt * 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt * 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt * 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt * 1:44877 <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt * 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt * 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt * 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt * 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt * 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt * 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt * 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt * 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt * 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt * 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt * 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt * 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt * 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt * 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt * 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt * 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt * 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt * 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt * 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt * 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt * 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt * 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt * 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access * 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access * 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access * 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access * 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access * 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access * 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access * 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access * 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access * 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access * 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access * 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access * 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access * 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access * 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access * 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access * 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access * 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow * 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access * 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access * 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt * 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow * 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access * 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access * 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt * 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt * 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access * 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access * 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access * 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access * 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access * 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt * 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow * 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt * 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt * 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt * 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt * 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt * 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt * 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt * 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access * 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt * 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt * 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt * 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt * 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt * 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt * 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt * 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET * 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt * 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt * 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt * 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields * 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields * 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt * 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access * 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt * 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt * 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt * 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt * 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt * 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt * 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 * 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 * 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt * 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt * 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt * 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt * 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt * 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow * 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow * 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access * 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt * 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt * 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt * 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt * 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt * 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution * 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access * 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access * 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt * 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt * 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt * 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata * 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt * 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt * 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page * 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt * 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt * 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt * 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response * 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download * 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download * 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt * 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet * 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:21484 <-> FILE-OTHER ZIP file name overflow attempt * 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page * 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch * 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt * 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt * 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading * 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow * 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt * 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page * 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt * 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt * 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt * 1:23797 <-> EXPLOIT-KIT Blackhole redirection page * 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt * 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure * 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received * 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received * 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt * 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt * 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure * 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure * 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt * 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt * 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt * 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt * 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt * 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt * 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt * 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt * 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded * 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt * 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download * 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt * 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt * 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt * 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt * 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection * 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt * 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt * 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt * 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt * 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt * 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt * 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt * 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt * 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt * 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt * 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt * 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt * 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt * 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt * 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt * 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt * 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt * 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt * 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt * 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt * 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt * 1:44877 <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt * 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt * 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt * 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt * 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt * 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt * 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt * 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt * 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt * 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt * 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt * 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt * 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt * 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt * 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt * 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt * 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt * 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt * 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt * 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt * 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt * 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt * 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt * 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access * 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access * 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access * 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access * 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access * 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access * 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access * 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access * 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access * 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access * 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access * 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access * 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access * 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access * 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access * 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access * 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access * 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow * 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access * 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access * 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt * 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow * 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access * 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access * 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt * 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt * 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access * 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access * 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access * 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access * 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access * 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt * 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow * 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt * 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt * 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt * 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt * 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt * 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt * 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt * 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access * 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt * 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt * 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt * 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt * 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt * 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt * 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt * 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET * 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt * 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt * 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt * 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields * 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields * 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt * 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access * 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt * 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt * 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt * 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt * 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt * 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt * 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 * 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 * 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt * 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt * 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt * 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt * 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt * 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow * 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow * 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access * 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt * 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt * 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt * 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt * 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt * 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution * 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access * 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access * 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt * 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt * 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt * 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata * 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt * 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt * 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page * 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt * 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt * 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt * 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response * 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download * 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download * 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt * 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet * 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:21484 <-> FILE-OTHER ZIP file name overflow attempt * 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page * 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch * 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt * 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt * 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading * 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow * 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt * 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page * 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt * 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt * 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt * 1:23797 <-> EXPLOIT-KIT Blackhole redirection page * 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt * 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure * 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received * 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received * 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt * 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt * 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure * 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure * 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt * 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt * 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt * 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt * 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt * 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt * 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt * 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt * 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded * 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt * 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download * 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt * 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt * 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt * 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt * 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection * 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt * 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt * 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt * 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt * 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt * 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt * 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt * 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt * 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt * 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt * 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt * 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt * 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt * 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt * 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt * 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt * 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt * 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt * 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt * 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt * 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt * 1:44877 <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt * 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt * 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt * 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt * 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt * 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt * 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt * 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt * 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt * 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt * 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt * 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt * 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt * 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt * 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt * 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt * 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt * 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt * 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt * 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt * 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt * 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt * 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt * 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access * 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access * 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access * 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access * 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access * 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access * 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access * 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access * 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access * 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access * 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access * 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access * 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access * 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access * 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access * 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access * 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access * 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow * 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access * 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access * 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt * 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow * 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access * 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access * 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt * 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt * 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access * 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access * 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access * 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access * 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access * 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt * 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow * 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt * 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt * 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt * 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt * 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt * 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt * 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt * 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access * 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt * 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt * 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt * 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt * 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt * 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt * 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt * 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET * 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt * 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt * 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt * 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields * 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields * 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt * 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access * 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt * 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt * 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt * 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt * 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt * 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt * 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 * 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 * 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt * 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt * 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt * 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt * 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt * 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow * 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow * 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access * 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt * 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt * 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt * 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt * 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt * 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution * 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access * 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access * 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt * 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt * 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt * 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata * 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt * 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt * 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page * 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt * 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt * 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt * 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response * 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download * 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download * 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt * 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet * 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:21484 <-> FILE-OTHER ZIP file name overflow attempt * 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page * 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch * 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt * 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt * 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading * 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow * 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt * 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page * 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt * 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt * 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt * 1:23797 <-> EXPLOIT-KIT Blackhole redirection page * 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt * 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure * 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received * 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received * 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt * 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt * 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure * 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure * 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt * 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt * 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt * 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt * 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt * 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt * 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt * 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt * 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded * 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt * 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download * 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt * 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt * 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt * 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt * 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection * 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt * 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt * 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt * 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt * 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt * 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt * 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt * 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt * 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt * 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt * 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt * 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt * 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt * 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt * 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt * 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt * 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt * 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt * 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt * 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt * 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt * 1:44877 <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt * 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt * 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt * 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt * 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt * 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt * 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt * 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt * 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt * 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt * 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt * 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt * 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt * 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt * 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt * 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt * 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt * 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt * 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt * 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt * 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt * 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt * 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt * 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access * 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access * 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access * 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access * 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access * 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access * 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access * 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access * 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access * 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access * 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access * 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access * 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access * 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access * 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access * 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access * 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access * 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow * 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access * 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access * 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt * 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow * 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access * 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access * 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt * 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt * 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access * 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access * 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access * 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access * 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access * 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt * 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow * 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt * 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt * 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt * 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt * 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt * 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt * 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt * 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access * 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt * 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt * 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt * 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt * 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt * 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt * 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt * 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET * 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt * 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt * 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt * 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields * 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields * 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt * 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access * 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt * 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt * 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt * 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt * 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt * 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt * 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 * 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 * 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt * 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt * 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt * 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt * 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt * 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow * 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow * 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access * 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt * 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt * 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt * 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt * 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt * 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution * 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access * 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access * 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt * 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt * 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt * 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata * 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt * 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt * 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page * 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt * 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt * 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt * 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response * 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download * 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download * 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt * 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet * 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:21484 <-> FILE-OTHER ZIP file name overflow attempt * 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page * 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch * 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt * 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt * 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading * 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow * 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt * 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page * 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt * 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt * 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt * 1:23797 <-> EXPLOIT-KIT Blackhole redirection page * 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt * 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure * 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received * 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received * 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt * 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt * 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure * 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure * 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt * 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt * 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt * 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt * 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt * 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt * 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt * 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt * 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded * 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt * 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download * 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt * 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt * 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt * 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt * 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection * 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt * 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt * 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt * 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt * 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt * 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt * 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt * 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt * 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt * 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt * 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt * 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt * 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt * 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt * 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt * 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt * 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt * 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt * 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt * 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt * 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt * 1:44877 <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt * 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt * 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt * 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt * 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt * 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt * 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt * 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt * 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt * 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt * 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt * 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt * 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt * 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt * 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt * 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt * 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt * 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt * 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt * 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt * 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt * 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt * 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt * 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access * 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access * 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access * 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access * 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access * 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access * 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access * 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access * 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access * 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access * 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access * 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access * 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access * 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access * 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access * 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access * 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access * 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow * 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access * 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access * 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt * 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow * 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access * 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access * 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt * 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt * 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access * 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access * 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access * 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access * 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access * 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt * 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow * 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt * 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt * 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt * 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt * 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt * 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt * 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt * 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access * 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt * 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt * 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt * 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt * 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt * 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt * 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt * 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET * 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt * 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt * 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt * 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields * 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields * 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt * 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access * 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt * 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt * 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt * 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt * 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt * 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt * 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 * 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 * 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt * 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt * 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt * 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt * 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt * 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow * 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow * 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access * 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt * 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt * 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt * 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt * 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt * 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution * 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access * 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access * 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt * 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt * 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt * 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata * 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt * 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt * 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page * 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt * 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt * 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt * 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response * 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download * 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download * 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt * 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet * 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:21484 <-> FILE-OTHER ZIP file name overflow attempt * 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page * 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch * 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt * 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt * 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading * 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow * 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt * 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page * 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt * 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt * 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt * 1:23797 <-> EXPLOIT-KIT Blackhole redirection page * 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt * 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure * 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received * 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received * 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt * 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt * 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure * 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure * 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt * 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt * 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt * 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt * 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt * 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt * 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt * 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt * 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded * 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt * 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download * 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt * 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt * 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt * 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt * 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection * 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt * 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt * 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt * 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt * 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt * 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt * 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt * 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt * 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt * 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt * 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt * 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt * 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt * 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt * 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt * 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt * 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt * 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt * 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt * 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt * 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt * 1:44877 <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt * 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt * 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt * 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt * 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt * 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt * 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt * 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt * 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt * 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt * 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt * 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt * 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt * 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt * 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt * 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt * 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt * 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt * 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt * 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt * 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt * 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt * 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt * 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access * 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access * 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access * 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access * 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access * 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access * 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access * 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access * 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access * 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access * 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access * 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access * 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access * 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access * 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access * 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access * 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access * 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow * 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access * 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access * 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt * 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow * 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access * 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access * 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt * 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt * 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access * 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access * 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access * 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access * 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access * 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt * 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow * 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt * 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt * 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt * 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt * 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt * 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt * 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt * 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access * 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt * 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt * 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt * 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt * 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt * 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt * 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt * 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET * 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt * 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt * 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt * 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields * 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields * 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt * 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access * 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt * 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt * 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt * 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt * 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt * 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt * 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 * 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 * 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt * 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt * 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt * 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt * 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt * 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow * 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow * 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access * 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt * 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt * 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt * 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt * 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt * 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution * 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access * 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access * 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt * 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt * 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt * 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata * 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt * 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt * 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page * 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt * 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt * 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt * 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response * 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download * 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download * 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt * 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet * 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:21484 <-> FILE-OTHER ZIP file name overflow attempt * 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page * 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch * 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt * 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt * 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading * 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow * 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt * 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page * 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt * 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt * 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt * 1:23797 <-> EXPLOIT-KIT Blackhole redirection page * 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt * 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure * 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received * 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received * 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt * 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt * 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure * 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure * 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt * 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt * 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt * 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt * 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt * 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt * 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt * 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt * 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded * 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt * 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download * 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt * 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt * 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt * 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt * 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection * 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt * 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt * 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt * 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt * 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt * 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt * 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt * 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt * 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt * 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt * 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt * 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt * 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt * 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt * 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt * 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt * 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt * 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt * 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt * 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt * 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt * 1:44877 <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt * 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt * 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt * 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt * 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt * 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt * 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt * 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt * 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt * 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt * 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt * 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt * 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt * 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt * 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt * 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt * 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt * 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt * 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt * 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt * 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt * 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt * 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt * 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access * 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access * 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access * 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access * 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access * 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access * 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access * 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access * 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access * 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access * 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access * 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access * 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access * 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access * 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access * 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access * 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access * 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow * 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access * 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access * 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt * 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow * 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access * 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access * 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt * 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt * 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access * 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access * 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access * 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access * 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access * 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt * 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow * 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt * 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt * 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt * 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt * 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt * 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt * 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt * 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access * 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt * 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt * 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt * 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt * 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt * 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt * 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt * 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET * 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt * 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt * 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt * 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields * 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields * 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt * 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access * 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt * 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt * 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt * 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt * 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt * 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt * 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 * 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 * 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt * 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt * 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt * 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt * 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt * 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow * 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow * 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access * 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt * 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt * 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt * 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt * 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt * 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution * 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access * 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access * 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt * 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt * 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt * 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata * 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt * 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt * 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page * 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt * 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt * 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt * 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response * 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download * 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download * 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt * 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet * 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:21484 <-> FILE-OTHER ZIP file name overflow attempt * 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page * 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch * 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt * 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt * 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading * 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow * 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt * 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page * 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt * 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt * 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt * 1:23797 <-> EXPLOIT-KIT Blackhole redirection page * 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt * 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure * 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received * 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received * 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt * 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt * 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure * 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure * 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt * 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt * 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt * 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt * 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt * 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt * 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt * 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt * 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded * 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt * 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download * 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt * 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt * 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt * 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt * 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection * 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt * 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt * 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt * 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt * 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt * 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt * 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt * 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt * 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt * 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt * 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt * 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt * 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt * 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt * 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt * 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt * 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt * 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt * 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt * 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt * 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt * 1:44877 <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt * 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt * 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt * 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt * 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt * 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt * 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt * 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt * 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt * 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt * 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt * 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt * 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt * 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt * 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt * 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt * 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt * 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt * 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt * 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt * 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt * 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt * 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt * 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access * 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access * 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access * 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access * 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access * 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access * 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access * 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access * 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access * 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access * 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access * 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access * 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access * 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access * 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access * 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access * 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access * 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow * 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access * 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access * 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt * 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow * 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access * 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access * 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt * 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt * 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access * 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access * 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access * 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access * 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access * 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt * 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow * 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt * 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt * 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt * 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt * 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt * 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt * 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt * 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access * 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt * 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt * 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt * 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt * 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt * 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt * 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt * 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET * 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt * 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt * 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt * 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields * 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields * 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt * 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access * 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt * 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt * 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt * 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt * 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt * 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt * 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 * 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 * 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt * 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt * 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt * 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt * 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt * 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow * 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow * 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access * 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt * 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt * 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt * 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt * 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt * 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution * 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access * 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access * 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt * 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt * 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt * 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata * 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt * 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt * 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page * 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt * 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt * 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt * 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response * 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download * 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download * 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt * 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet * 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:21484 <-> FILE-OTHER ZIP file name overflow attempt * 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page * 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch * 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt * 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt * 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading * 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow * 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt * 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page * 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt * 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt * 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt * 1:23797 <-> EXPLOIT-KIT Blackhole redirection page * 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt * 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure * 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received * 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received * 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt * 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt * 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure * 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure * 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt * 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt * 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt * 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt * 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt * 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt * 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt * 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt * 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded * 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt * 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download * 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt * 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt * 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt * 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt * 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection * 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt * 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt * 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt * 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt * 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt * 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt * 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt * 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt * 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt * 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt * 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt * 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt * 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt * 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt * 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt * 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt * 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt * 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt * 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt * 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt * 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt * 1:44877 <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt * 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt * 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt * 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt * 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt * 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt * 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt * 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt * 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt * 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt * 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt * 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt * 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt * 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt * 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt * 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt * 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt * 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt * 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt * 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt * 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt * 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt * 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt * 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access * 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access * 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access * 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access * 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access * 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access * 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access * 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access * 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access * 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access * 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access * 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access * 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access * 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access * 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access * 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access * 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access * 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow * 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access * 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access * 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt * 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow * 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access * 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access * 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt * 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt * 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access * 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access * 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access * 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access * 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access * 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt * 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow * 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt * 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt * 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt * 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt * 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt * 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt * 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt * 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access * 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt * 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt * 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt * 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt * 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt * 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt * 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt * 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET * 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt * 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt * 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt * 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields * 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields * 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt * 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access * 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt * 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt * 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt * 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt * 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt * 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt * 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 * 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 * 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt * 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt * 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt * 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt * 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt * 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow * 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow * 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access * 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt * 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt * 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt * 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt * 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt * 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution * 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access * 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access * 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt * 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt * 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt * 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata * 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt * 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt * 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page * 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt * 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt * 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt * 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response * 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download * 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download * 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt * 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet * 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:21484 <-> FILE-OTHER ZIP file name overflow attempt * 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page * 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch * 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt * 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt * 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading * 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow * 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt * 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page * 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt * 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt * 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt * 1:23797 <-> EXPLOIT-KIT Blackhole redirection page * 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt * 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure * 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received * 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received * 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt * 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt * 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure * 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure * 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt * 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt * 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt * 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt * 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt * 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt * 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt * 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt * 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded * 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt * 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download * 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt * 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt * 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt * 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt * 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection * 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt * 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt * 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt * 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt * 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt * 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt * 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt * 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt * 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt * 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt * 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt * 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt * 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt * 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt * 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt * 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt * 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt * 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt * 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt * 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt * 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt * 1:44877 <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt * 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt * 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt * 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt * 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt * 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt * 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt * 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt * 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt * 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt * 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt * 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt * 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt * 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt * 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt * 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt * 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt * 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt * 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt * 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt * 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt * 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt * 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt * 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access * 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access * 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access * 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access * 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access * 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access * 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access * 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access * 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access * 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access * 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access * 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access * 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access * 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access * 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access * 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access * 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access * 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow * 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access * 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access * 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt * 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow * 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access * 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access * 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt * 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt * 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access * 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access * 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access * 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access * 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access * 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt * 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow * 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt * 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt * 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt * 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt * 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt * 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt * 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt * 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access * 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt * 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt * 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt * 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt * 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt * 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt * 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt * 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET * 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt * 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt * 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt * 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields * 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields * 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt * 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access * 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt * 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt * 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt * 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt * 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt * 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt * 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 * 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 * 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt * 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt * 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt * 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt * 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt * 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow * 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow * 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access * 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt * 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt * 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt * 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt * 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt * 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution * 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access * 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access * 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt * 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt * 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt * 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata * 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt * 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt * 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page * 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt * 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt * 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt * 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response * 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download * 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download * 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt * 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet * 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:21484 <-> FILE-OTHER ZIP file name overflow attempt * 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page * 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch * 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt * 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt * 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading * 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow * 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt * 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page * 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt * 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt * 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt * 1:23797 <-> EXPLOIT-KIT Blackhole redirection page * 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt * 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure * 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received * 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received * 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt * 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt * 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure * 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure * 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt * 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt * 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt * 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt * 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt * 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt * 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt * 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt * 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded * 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt * 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download * 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt * 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt * 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt * 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt * 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection * 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt * 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt * 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt * 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt * 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt * 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt * 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt * 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt * 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt * 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt * 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt * 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt * 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt * 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt * 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt * 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt * 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt * 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt * 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt * 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt * 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt * 1:44877 <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt * 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt * 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt * 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt * 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt * 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt * 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt * 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt * 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt * 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt * 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt * 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt * 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt * 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt * 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt * 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt * 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt * 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt * 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt * 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt * 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.
The format of the file is:
gid:sid <-> Message
* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt * 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt * 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt * 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt * 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt * 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt * 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt * 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt * 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt * 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt * 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt * 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt * 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt * 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt * 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt * 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access * 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access * 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access * 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access * 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access * 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access * 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access * 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access * 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access * 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access * 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access * 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access * 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access * 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access * 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access * 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access * 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access * 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow * 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access * 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access * 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt * 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow * 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt * 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access * 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access * 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt * 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt * 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access * 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access * 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access * 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access * 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access * 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt * 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow * 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt * 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt * 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt * 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt * 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt * 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt * 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt * 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access * 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt * 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt * 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt * 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt * 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt * 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt * 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt * 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET * 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt * 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt * 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt * 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields * 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields * 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt * 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access * 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt * 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt * 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt * 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt * 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt * 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt * 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt * 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 * 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 * 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt * 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt * 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt * 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt * 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt * 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt * 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt * 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt * 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow * 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow * 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access * 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt * 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt * 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt * 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt * 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt * 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution * 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access * 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access * 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution * 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt * 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt * 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt * 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt * 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata * 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt * 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt * 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt * 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt * 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page * 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt * 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt * 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt * 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt * 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response * 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download * 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download * 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt * 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet * 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption * 1:21484 <-> FILE-OTHER ZIP file name overflow attempt * 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header * 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page * 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch * 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt * 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt * 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading * 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request * 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow * 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt * 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page * 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page * 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch * 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt * 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt * 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt * 1:23797 <-> EXPLOIT-KIT Blackhole redirection page * 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt * 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure * 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow * 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received * 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received * 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt * 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt * 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt * 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure * 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure * 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt * 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt * 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure * 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt * 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt * 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt * 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt * 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page * 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt * 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt * 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page * 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure * 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt * 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded * 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt * 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure * 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download * 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt * 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt * 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt * 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access * 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt * 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt * 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt * 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt * 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access * 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt * 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt * 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt * 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt * 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt * 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection * 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt * 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt * 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt * 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt * 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt * 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt * 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt * 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt * 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt * 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt * 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt * 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt * 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt * 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt * 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt * 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt * 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt * 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt * 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt * 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt * 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt * 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt * 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt * 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt * 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt * 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt * 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt * 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt * 1:44877 <-> SERVER-OTHER Citrix XenApp and XenDesktop XML service memory corruption attempt * 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt * 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt * 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt * 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt * 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt * 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt * 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt * 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt * 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt * 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt * 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt * 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt * 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt * 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt * 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt * 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt * 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt * 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt * 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt * 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt * 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt * 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt * 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt * 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt * 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
