Talos Rules 2021-11-18
This release adds and modifies rules in several categories.

In this release a number of rules have been added to the security policy as part of ongoing policy rebalancing efforts.

Talos has added and modified multiple rules in the browser-chrome, browser-firefox, browser-ie, browser-other, browser-plugins, browser-webkit, exploit-kit, file-flash, file-image, file-java, file-multimedia, file-office, file-other, file-pdf, malware-cnc, malware-tools, netbios, os-linux, os-mobile, os-windows, policy-other, protocol-dns, protocol-icmp, pua-other, server-apache, server-iis, server-mail, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2021-11-18 18:08:11 UTC

Snort Subscriber Rules Update

Date: 2021-11-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules)
 * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules)
 * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
 * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
 * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)

Modified Rules:


 * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules)
 * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules)
 * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules)
 * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:44877 <-> DISABLED <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules)
 * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules)
 * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules)
 * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules)
 * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules)
 * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules)
 * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules)
 * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules)
 * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules)
 * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules)
 * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules)
 * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules)
 * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules)
 * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules)
 * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules)
 * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules)
 * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules)
 * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules)
 * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow  (server-iis.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules)
 * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules)
 * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules)
 * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules)
 * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules)
 * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules)
 * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules)
 * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules)
 * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules)
 * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules)
 * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules)
 * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules)
 * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules)
 * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules)
 * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules)
 * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules)
 * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules)
 * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules)
 * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules)
 * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules)
 * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules)
 * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules)
 * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules)
 * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules)
 * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules)
 * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt  (protocol-icmp.rules)
 * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules)
 * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules)
 * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules)
 * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules)
 * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules)
 * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules)
 * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules)
 * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules)
 * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules)
 * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules)
 * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules)
 * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules)
 * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules)
 * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules)
 * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules)
 * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules)
 * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules)
 * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules)
 * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules)
 * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules)
 * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules)
 * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules)
 * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules)
 * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules)
 * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules)
 * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
 * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules)
 * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules)
 * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules)
 * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules)
 * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules)
 * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules)
 * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules)
 * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules)
 * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules)
 * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules)
 * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules)
 * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules)
 * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules)
 * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules)
 * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules)
 * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules)
 * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules)
 * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules)
 * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules)
 * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules)
 * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules)
 * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules)
 * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules)
 * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules)
 * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules)
 * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules)
 * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules)
 * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules)
 * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules)
 * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules)
 * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules)
 * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules)
 * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules)

2021-11-18 18:08:11 UTC

Snort Subscriber Rules Update

Date: 2021-11-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules)
 * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules)
 * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
 * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
 * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)

Modified Rules:


 * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules)
 * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules)
 * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules)
 * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules)
 * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules)
 * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:44877 <-> DISABLED <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules)
 * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules)
 * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules)
 * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules)
 * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules)
 * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules)
 * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules)
 * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules)
 * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules)
 * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules)
 * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules)
 * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules)
 * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules)
 * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules)
 * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules)
 * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules)
 * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules)
 * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules)
 * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules)
 * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow  (server-iis.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules)
 * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules)
 * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules)
 * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules)
 * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules)
 * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules)
 * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules)
 * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules)
 * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules)
 * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules)
 * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules)
 * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules)
 * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules)
 * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules)
 * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules)
 * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules)
 * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules)
 * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules)
 * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules)
 * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules)
 * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules)
 * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules)
 * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules)
 * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules)
 * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules)
 * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt  (protocol-icmp.rules)
 * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules)
 * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules)
 * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules)
 * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules)
 * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules)
 * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules)
 * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules)
 * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules)
 * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules)
 * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules)
 * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules)
 * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules)
 * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules)
 * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules)
 * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules)
 * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules)
 * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules)
 * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules)
 * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules)
 * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules)
 * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules)
 * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules)
 * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules)
 * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules)
 * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules)
 * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
 * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules)
 * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules)
 * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules)
 * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules)
 * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules)
 * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules)
 * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules)
 * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules)
 * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules)
 * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules)
 * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules)
 * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules)
 * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules)
 * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules)
 * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules)
 * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules)
 * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules)
 * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules)
 * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules)
 * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules)
 * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules)
 * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules)
 * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules)
 * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules)
 * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules)
 * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules)
 * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules)
 * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules)
 * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules)
 * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules)
 * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)

2021-11-18 18:08:11 UTC

Snort Subscriber Rules Update

Date: 2021-11-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules)
 * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules)
 * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
 * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)

Modified Rules:


 * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules)
 * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules)
 * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules)
 * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules)
 * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules)
 * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules)
 * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
 * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules)
 * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules)
 * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules)
 * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules)
 * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules)
 * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules)
 * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules)
 * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules)
 * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules)
 * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules)
 * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules)
 * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules)
 * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules)
 * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules)
 * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules)
 * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules)
 * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules)
 * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules)
 * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules)
 * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules)
 * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules)
 * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules)
 * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules)
 * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules)
 * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules)
 * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules)
 * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules)
 * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules)
 * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules)
 * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules)
 * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules)
 * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:44877 <-> DISABLED <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules)
 * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules)
 * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules)
 * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules)
 * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules)
 * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules)
 * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules)
 * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules)
 * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules)
 * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules)
 * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules)
 * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules)
 * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules)
 * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules)
 * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules)
 * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules)
 * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules)
 * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules)
 * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules)
 * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow  (server-iis.rules)
 * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules)
 * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules)
 * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules)
 * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules)
 * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules)
 * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules)
 * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules)
 * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules)
 * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules)
 * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules)
 * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules)
 * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules)
 * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules)
 * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules)
 * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules)
 * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules)
 * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules)
 * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules)
 * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules)
 * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules)
 * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules)
 * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules)
 * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules)
 * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules)
 * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt  (protocol-icmp.rules)
 * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules)
 * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules)
 * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules)
 * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules)
 * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules)
 * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules)
 * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules)
 * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules)
 * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules)
 * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules)
 * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules)
 * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules)
 * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules)
 * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules)
 * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules)
 * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules)
 * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules)
 * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules)
 * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules)
 * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules)
 * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules)
 * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)

2021-11-18 18:08:11 UTC

Snort Subscriber Rules Update

Date: 2021-11-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules)
 * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules)
 * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
 * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
 * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)

Modified Rules:


 * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules)
 * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules)
 * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules)
 * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules)
 * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules)
 * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules)
 * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules)
 * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules)
 * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules)
 * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules)
 * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules)
 * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules)
 * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules)
 * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules)
 * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules)
 * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules)
 * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow  (server-iis.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules)
 * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules)
 * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules)
 * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules)
 * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules)
 * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules)
 * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules)
 * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules)
 * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules)
 * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules)
 * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules)
 * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules)
 * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules)
 * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules)
 * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules)
 * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules)
 * 1:44877 <-> DISABLED <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules)
 * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules)
 * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules)
 * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules)
 * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules)
 * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules)
 * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules)
 * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules)
 * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules)
 * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules)
 * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules)
 * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules)
 * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules)
 * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt  (protocol-icmp.rules)
 * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules)
 * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules)
 * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules)
 * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules)
 * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules)
 * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules)
 * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules)
 * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules)
 * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules)
 * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules)
 * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules)
 * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules)
 * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules)
 * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules)
 * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules)
 * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules)
 * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules)
 * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules)
 * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules)
 * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules)
 * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules)
 * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules)
 * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules)
 * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules)
 * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules)
 * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules)
 * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules)
 * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
 * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules)
 * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules)
 * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules)
 * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules)
 * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules)
 * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules)
 * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules)
 * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules)
 * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules)
 * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules)
 * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules)
 * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules)
 * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules)
 * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules)
 * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules)
 * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules)
 * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules)
 * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules)
 * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules)
 * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules)
 * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules)
 * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules)
 * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules)
 * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules)
 * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules)
 * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules)
 * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules)
 * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules)
 * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules)
 * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules)
 * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)

2021-11-18 18:08:11 UTC

Snort Subscriber Rules Update

Date: 2021-11-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules)
 * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules)
 * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
 * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
 * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)

Modified Rules:


 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules)
 * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules)
 * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules)
 * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules)
 * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules)
 * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules)
 * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules)
 * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules)
 * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules)
 * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules)
 * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules)
 * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules)
 * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules)
 * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules)
 * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules)
 * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules)
 * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow  (server-iis.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules)
 * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules)
 * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules)
 * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules)
 * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules)
 * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules)
 * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules)
 * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules)
 * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules)
 * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules)
 * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules)
 * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules)
 * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules)
 * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules)
 * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules)
 * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules)
 * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules)
 * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:44877 <-> DISABLED <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules)
 * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules)
 * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules)
 * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules)
 * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules)
 * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules)
 * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules)
 * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules)
 * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules)
 * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules)
 * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules)
 * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules)
 * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules)
 * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules)
 * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules)
 * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules)
 * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt  (protocol-icmp.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules)
 * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules)
 * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules)
 * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules)
 * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules)
 * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules)
 * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules)
 * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules)
 * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules)
 * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules)
 * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules)
 * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules)
 * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules)
 * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules)
 * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules)
 * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules)
 * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules)
 * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules)
 * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules)
 * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules)
 * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules)
 * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules)
 * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules)
 * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules)
 * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules)
 * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
 * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules)
 * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules)
 * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules)
 * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules)
 * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules)
 * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules)
 * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules)
 * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules)
 * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules)
 * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules)
 * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules)
 * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules)
 * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules)
 * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules)
 * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules)
 * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules)
 * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules)
 * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules)
 * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules)
 * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules)
 * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules)
 * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules)
 * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules)
 * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules)
 * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules)
 * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules)
 * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules)
 * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules)
 * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules)
 * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules)
 * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules)
 * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)

2021-11-18 18:08:11 UTC

Snort Subscriber Rules Update

Date: 2021-11-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules)
 * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules)
 * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
 * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
 * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)

Modified Rules:


 * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules)
 * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules)
 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules)
 * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules)
 * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules)
 * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules)
 * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules)
 * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules)
 * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules)
 * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules)
 * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules)
 * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules)
 * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules)
 * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules)
 * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules)
 * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules)
 * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules)
 * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules)
 * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules)
 * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules)
 * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules)
 * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules)
 * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules)
 * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt  (protocol-icmp.rules)
 * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules)
 * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules)
 * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules)
 * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules)
 * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules)
 * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules)
 * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules)
 * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules)
 * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules)
 * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules)
 * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules)
 * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules)
 * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules)
 * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules)
 * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules)
 * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules)
 * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules)
 * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules)
 * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules)
 * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules)
 * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules)
 * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules)
 * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules)
 * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules)
 * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules)
 * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules)
 * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules)
 * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
 * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules)
 * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules)
 * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules)
 * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules)
 * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules)
 * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules)
 * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules)
 * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules)
 * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules)
 * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules)
 * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules)
 * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules)
 * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules)
 * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules)
 * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules)
 * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules)
 * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules)
 * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules)
 * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules)
 * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules)
 * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules)
 * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules)
 * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules)
 * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules)
 * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules)
 * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules)
 * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules)
 * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules)
 * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules)
 * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules)
 * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules)
 * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules)
 * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules)
 * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules)
 * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow  (server-iis.rules)
 * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules)
 * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules)
 * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules)
 * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules)
 * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules)
 * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules)
 * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules)
 * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules)
 * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules)
 * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules)
 * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules)
 * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules)
 * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules)
 * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules)
 * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:44877 <-> DISABLED <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules)
 * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules)
 * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)

2021-11-18 18:08:11 UTC

Snort Subscriber Rules Update

Date: 2021-11-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules)
 * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules)
 * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
 * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)

Modified Rules:


 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules)
 * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules)
 * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules)
 * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules)
 * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules)
 * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules)
 * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules)
 * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules)
 * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules)
 * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules)
 * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules)
 * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules)
 * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules)
 * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules)
 * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules)
 * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules)
 * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules)
 * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules)
 * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules)
 * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules)
 * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules)
 * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules)
 * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules)
 * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules)
 * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules)
 * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules)
 * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules)
 * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules)
 * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules)
 * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules)
 * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules)
 * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules)
 * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules)
 * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules)
 * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules)
 * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules)
 * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow  (server-iis.rules)
 * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules)
 * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules)
 * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules)
 * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules)
 * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules)
 * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules)
 * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules)
 * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules)
 * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules)
 * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules)
 * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules)
 * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules)
 * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules)
 * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules)
 * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules)
 * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules)
 * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules)
 * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules)
 * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules)
 * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules)
 * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules)
 * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules)
 * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules)
 * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules)
 * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules)
 * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules)
 * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules)
 * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt  (protocol-icmp.rules)
 * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules)
 * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules)
 * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules)
 * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules)
 * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules)
 * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules)
 * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules)
 * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules)
 * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules)
 * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules)
 * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules)
 * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules)
 * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules)
 * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules)
 * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules)
 * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules)
 * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules)
 * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules)
 * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules)
 * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules)
 * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules)
 * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules)
 * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules)
 * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules)
 * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules)
 * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules)
 * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules)
 * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules)
 * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules)
 * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
 * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules)
 * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules)
 * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules)
 * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules)
 * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules)
 * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules)
 * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules)
 * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules)
 * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules)
 * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules)
 * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:44877 <-> DISABLED <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules)
 * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)

2021-11-18 18:08:11 UTC

Snort Subscriber Rules Update

Date: 2021-11-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules)
 * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules)
 * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
 * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
 * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)

Modified Rules:


 * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules)
 * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules)
 * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules)
 * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules)
 * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules)
 * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules)
 * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:44877 <-> DISABLED <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules)
 * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules)
 * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules)
 * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules)
 * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules)
 * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules)
 * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules)
 * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules)
 * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules)
 * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules)
 * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules)
 * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules)
 * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules)
 * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules)
 * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules)
 * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules)
 * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules)
 * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules)
 * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules)
 * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules)
 * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules)
 * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules)
 * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules)
 * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules)
 * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules)
 * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules)
 * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules)
 * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules)
 * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules)
 * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules)
 * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules)
 * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules)
 * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules)
 * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules)
 * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules)
 * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules)
 * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules)
 * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow  (server-iis.rules)
 * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules)
 * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules)
 * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules)
 * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules)
 * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules)
 * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules)
 * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules)
 * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules)
 * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules)
 * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules)
 * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules)
 * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules)
 * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules)
 * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules)
 * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules)
 * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules)
 * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules)
 * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules)
 * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules)
 * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules)
 * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules)
 * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules)
 * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules)
 * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules)
 * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt  (protocol-icmp.rules)
 * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules)
 * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules)
 * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules)
 * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules)
 * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules)
 * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules)
 * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules)
 * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules)
 * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules)
 * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules)
 * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules)
 * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules)
 * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules)
 * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules)
 * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules)
 * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules)
 * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules)
 * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules)
 * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules)
 * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules)
 * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules)
 * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules)
 * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules)
 * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules)
 * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules)
 * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules)
 * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules)
 * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
 * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules)
 * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules)
 * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules)
 * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules)
 * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules)
 * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)

2021-11-18 18:08:11 UTC

Snort Subscriber Rules Update

Date: 2021-11-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules)
 * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules)
 * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
 * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)

Modified Rules:


 * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules)
 * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules)
 * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules)
 * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules)
 * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules)
 * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules)
 * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules)
 * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules)
 * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules)
 * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules)
 * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules)
 * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules)
 * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules)
 * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules)
 * 1:44877 <-> DISABLED <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules)
 * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules)
 * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules)
 * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules)
 * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules)
 * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules)
 * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt  (protocol-icmp.rules)
 * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules)
 * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules)
 * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules)
 * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules)
 * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules)
 * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules)
 * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules)
 * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules)
 * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules)
 * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules)
 * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules)
 * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules)
 * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules)
 * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules)
 * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules)
 * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules)
 * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules)
 * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules)
 * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules)
 * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules)
 * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules)
 * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules)
 * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules)
 * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules)
 * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules)
 * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules)
 * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules)
 * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules)
 * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules)
 * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules)
 * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules)
 * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules)
 * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules)
 * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules)
 * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules)
 * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules)
 * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules)
 * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules)
 * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules)
 * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules)
 * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules)
 * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules)
 * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules)
 * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules)
 * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules)
 * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules)
 * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules)
 * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules)
 * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules)
 * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules)
 * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules)
 * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules)
 * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules)
 * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules)
 * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules)
 * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules)
 * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules)
 * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules)
 * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules)
 * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules)
 * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules)
 * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules)
 * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules)
 * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules)
 * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules)
 * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow  (server-iis.rules)
 * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
 * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules)
 * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules)
 * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules)
 * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules)
 * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules)
 * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules)
 * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules)
 * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules)
 * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules)
 * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules)
 * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules)
 * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules)
 * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules)
 * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules)

2021-11-18 18:08:11 UTC

Snort Subscriber Rules Update

Date: 2021-11-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules)
 * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules)
 * 3:58574 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58597 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58575 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt (file-office.rules)
 * 3:58598 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt (file-other.rules)
 * 3:58573 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)
 * 3:58572 <-> ENABLED <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt (file-image.rules)

Modified Rules:


 * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules)
 * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules)
 * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules)
 * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules)
 * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules)
 * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules)
 * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt  (protocol-icmp.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules)
 * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules)
 * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules)
 * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules)
 * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules)
 * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules)
 * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:44877 <-> DISABLED <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules)
 * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules)
 * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules)
 * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules)
 * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules)
 * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules)
 * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules)
 * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules)
 * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules)
 * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules)
 * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules)
 * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules)
 * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules)
 * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules)
 * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules)
 * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules)
 * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules)
 * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules)
 * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules)
 * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules)
 * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules)
 * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules)
 * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules)
 * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules)
 * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules)
 * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules)
 * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules)
 * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules)
 * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules)
 * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules)
 * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules)
 * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules)
 * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules)
 * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules)
 * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
 * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules)
 * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules)
 * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules)
 * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules)
 * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules)
 * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules)
 * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules)
 * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules)
 * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules)
 * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules)
 * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules)
 * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules)
 * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules)
 * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules)
 * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules)
 * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules)
 * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules)
 * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules)
 * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules)
 * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules)
 * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules)
 * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules)
 * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules)
 * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules)
 * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules)
 * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules)
 * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules)
 * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules)
 * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules)
 * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules)
 * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules)
 * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules)
 * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules)
 * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules)
 * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules)
 * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules)
 * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules)
 * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules)
 * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow  (server-iis.rules)
 * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules)
 * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules)
 * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules)
 * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules)
 * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules)
 * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules)
 * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules)
 * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules)
 * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules)
 * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules)
 * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules)
 * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules)
 * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules)
 * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules)
 * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules)

2021-11-18 18:08:11 UTC

Snort Subscriber Rules Update

Date: 2021-11-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules)
 * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (snort3-browser-chrome.rules)
 * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (snort3-server-other.rules)
 * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (snort3-server-webapp.rules)
 * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (snort3-policy-other.rules)
 * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (snort3-file-other.rules)
 * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (snort3-os-windows.rules)
 * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (snort3-server-webapp.rules)
 * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (snort3-server-webapp.rules)
 * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (snort3-malware-tools.rules)
 * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules)
 * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (snort3-server-webapp.rules)
 * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (snort3-server-webapp.rules)
 * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (snort3-file-other.rules)
 * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (snort3-policy-other.rules)
 * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (snort3-browser-chrome.rules)
 * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules)
 * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (snort3-policy-other.rules)
 * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (snort3-server-webapp.rules)
 * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (snort3-server-other.rules)
 * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (snort3-policy-other.rules)
 * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (snort3-os-windows.rules)
 * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (snort3-malware-tools.rules)
 * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (snort3-server-webapp.rules)
 * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (snort3-server-webapp.rules)

Modified Rules:


 * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (snort3-browser-firefox.rules)
 * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (snort3-pua-other.rules)
 * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (snort3-browser-ie.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (snort3-file-other.rules)
 * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (snort3-file-other.rules)
 * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (snort3-protocol-dns.rules)
 * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (snort3-browser-firefox.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (snort3-policy-other.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (snort3-file-pdf.rules)
 * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (snort3-policy-other.rules)
 * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (snort3-browser-firefox.rules)
 * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (snort3-browser-firefox.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (snort3-file-flash.rules)
 * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (snort3-browser-firefox.rules)
 * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (snort3-browser-plugins.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (snort3-policy-other.rules)
 * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (snort3-file-other.rules)
 * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (snort3-file-pdf.rules)
 * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (snort3-server-mail.rules)
 * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (snort3-file-java.rules)
 * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (snort3-file-java.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (snort3-browser-webkit.rules)
 * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (snort3-os-mobile.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (snort3-file-flash.rules)
 * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (snort3-browser-firefox.rules)
 * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (snort3-browser-firefox.rules)
 * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (snort3-browser-firefox.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (snort3-file-flash.rules)
 * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules)
 * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (snort3-file-java.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (snort3-policy-other.rules)
 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (snort3-file-flash.rules)
 * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (snort3-browser-firefox.rules)
 * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (snort3-file-pdf.rules)
 * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (snort3-browser-ie.rules)
 * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (snort3-file-image.rules)
 * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (snort3-server-other.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (snort3-server-other.rules)
 * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules)
 * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (snort3-netbios.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (snort3-policy-other.rules)
 * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (snort3-file-other.rules)
 * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (snort3-browser-firefox.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (snort3-file-flash.rules)
 * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (snort3-file-other.rules)
 * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (snort3-browser-firefox.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (snort3-file-flash.rules)
 * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (snort3-os-linux.rules)
 * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (snort3-exploit-kit.rules)
 * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (snort3-file-other.rules)
 * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (snort3-exploit-kit.rules)
 * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (snort3-exploit-kit.rules)
 * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (snort3-browser-plugins.rules)
 * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (snort3-exploit-kit.rules)
 * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (snort3-browser-plugins.rules)
 * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (snort3-exploit-kit.rules)
 * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (snort3-exploit-kit.rules)
 * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (snort3-exploit-kit.rules)
 * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (snort3-exploit-kit.rules)
 * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (snort3-file-flash.rules)
 * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (snort3-browser-firefox.rules)
 * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (snort3-browser-plugins.rules)
 * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (snort3-browser-firefox.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (snort3-file-office.rules)
 * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (snort3-server-other.rules)
 * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (snort3-server-webapp.rules)
 * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (snort3-server-oracle.rules)
 * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (snort3-server-oracle.rules)
 * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (snort3-exploit-kit.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (snort3-policy-other.rules)
 * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (snort3-exploit-kit.rules)
 * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (snort3-browser-plugins.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (snort3-file-flash.rules)
 * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (snort3-browser-firefox.rules)
 * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (snort3-file-other.rules)
 * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (snort3-browser-ie.rules)
 * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (snort3-exploit-kit.rules)
 * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (snort3-exploit-kit.rules)
 * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (snort3-file-java.rules)
 * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (snort3-file-flash.rules)
 * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (snort3-exploit-kit.rules)
 * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (snort3-exploit-kit.rules)
 * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (snort3-os-windows.rules)
 * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (snort3-file-java.rules)
 * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (snort3-server-webapp.rules)
 * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (snort3-exploit-kit.rules)
 * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (snort3-exploit-kit.rules)
 * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (snort3-file-flash.rules)
 * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (snort3-browser-plugins.rules)
 * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (snort3-file-multimedia.rules)
 * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (snort3-browser-firefox.rules)
 * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (snort3-browser-firefox.rules)
 * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (snort3-os-windows.rules)
 * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (snort3-browser-plugins.rules)
 * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (snort3-server-apache.rules)
 * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (snort3-file-other.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (snort3-server-other.rules)
 * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (snort3-browser-plugins.rules)
 * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (snort3-browser-ie.rules)
 * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (snort3-netbios.rules)
 * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (snort3-browser-ie.rules)
 * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (snort3-browser-chrome.rules)
 * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (snort3-browser-chrome.rules)
 * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (snort3-file-other.rules)
 * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (snort3-file-flash.rules)
 * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt  (snort3-protocol-icmp.rules)
 * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (snort3-browser-firefox.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (snort3-file-flash.rules)
 * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (snort3-browser-chrome.rules)
 * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (snort3-browser-chrome.rules)
 * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (snort3-browser-ie.rules)
 * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (snort3-browser-firefox.rules)
 * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (snort3-browser-firefox.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (snort3-file-flash.rules)
 * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (snort3-browser-other.rules)
 * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (snort3-server-other.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (snort3-file-flash.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (snort3-file-flash.rules)
 * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (snort3-browser-firefox.rules)
 * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (snort3-server-oracle.rules)
 * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (snort3-browser-firefox.rules)
 * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (snort3-browser-firefox.rules)
 * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (snort3-browser-ie.rules)
 * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (snort3-browser-firefox.rules)
 * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (snort3-file-other.rules)
 * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (snort3-browser-firefox.rules)
 * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (snort3-file-other.rules)
 * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (snort3-os-windows.rules)
 * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (snort3-file-image.rules)
 * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (snort3-browser-firefox.rules)
 * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (snort3-file-other.rules)
 * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (snort3-server-oracle.rules)
 * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (snort3-server-other.rules)
 * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (snort3-browser-firefox.rules)
 * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (snort3-browser-plugins.rules)
 * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (snort3-server-other.rules)
 * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (snort3-file-other.rules)
 * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (snort3-browser-firefox.rules)
 * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (snort3-browser-firefox.rules)
 * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (snort3-browser-firefox.rules)
 * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (snort3-browser-plugins.rules)
 * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (snort3-file-java.rules)
 * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (snort3-browser-firefox.rules)
 * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (snort3-server-other.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (snort3-server-other.rules)
 * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (snort3-server-oracle.rules)
 * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (snort3-file-java.rules)
 * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (snort3-browser-firefox.rules)
 * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (snort3-browser-firefox.rules)
 * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (snort3-exploit-kit.rules)
 * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (snort3-server-iis.rules)
 * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (snort3-file-java.rules)
 * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (snort3-exploit-kit.rules)
 * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (snort3-server-other.rules)
 * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (snort3-server-other.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (snort3-file-flash.rules)
 * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (snort3-file-other.rules)
 * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (snort3-file-flash.rules)
 * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (snort3-server-other.rules)
 * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (snort3-malware-cnc.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (snort3-policy-other.rules)
 * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (snort3-server-oracle.rules)
 * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (snort3-browser-plugins.rules)
 * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (snort3-server-other.rules)
 * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (snort3-exploit-kit.rules)
 * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (snort3-server-other.rules)
 * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (snort3-server-apache.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (snort3-server-other.rules)
 * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow  (snort3-server-iis.rules)
 * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (snort3-browser-plugins.rules)
 * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (snort3-browser-firefox.rules)
 * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (snort3-file-java.rules)
 * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (snort3-file-flash.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (snort3-browser-webkit.rules)
 * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (snort3-exploit-kit.rules)
 * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (snort3-browser-firefox.rules)
 * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (snort3-browser-firefox.rules)
 * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (snort3-exploit-kit.rules)
 * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (snort3-exploit-kit.rules)
 * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (snort3-exploit-kit.rules)
 * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (snort3-browser-plugins.rules)
 * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (snort3-server-oracle.rules)
 * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (snort3-browser-plugins.rules)
 * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (snort3-browser-plugins.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (snort3-server-other.rules)
 * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (snort3-os-windows.rules)
 * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (snort3-exploit-kit.rules)
 * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (snort3-file-java.rules)
 * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (snort3-exploit-kit.rules)
 * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (snort3-browser-firefox.rules)
 * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (snort3-file-office.rules)
 * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (snort3-exploit-kit.rules)
 * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (snort3-exploit-kit.rules)
 * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (snort3-server-other.rules)
 * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (snort3-exploit-kit.rules)
 * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (snort3-exploit-kit.rules)
 * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (snort3-exploit-kit.rules)
 * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (snort3-server-other.rules)
 * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (snort3-file-java.rules)
 * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (snort3-server-apache.rules)
 * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (snort3-os-linux.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (snort3-server-other.rules)
 * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (snort3-server-other.rules)
 * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules)
 * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (snort3-browser-plugins.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (snort3-browser-other.rules)
 * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (snort3-exploit-kit.rules)
 * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (snort3-exploit-kit.rules)
 * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (snort3-exploit-kit.rules)
 * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (snort3-server-iis.rules)
 * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (snort3-browser-firefox.rules)
 * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (snort3-exploit-kit.rules)
 * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (snort3-browser-plugins.rules)
 * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (snort3-server-apache.rules)
 * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (snort3-browser-plugins.rules)
 * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (snort3-file-other.rules)
 * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (snort3-browser-firefox.rules)
 * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (snort3-server-other.rules)
 * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules)
 * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (snort3-file-pdf.rules)
 * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (snort3-browser-plugins.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:44877 <-> DISABLED <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt (snort3-server-other.rules)
 * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (snort3-browser-ie.rules)
 * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules)
 * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (snort3-server-webapp.rules)
 * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (snort3-server-webapp.rules)
 * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (snort3-file-office.rules)
 * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (snort3-file-other.rules)
 * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (snort3-browser-plugins.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (snort3-file-flash.rules)
 * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (snort3-server-webapp.rules)
 * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (snort3-file-multimedia.rules)
 * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (snort3-exploit-kit.rules)
 * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (snort3-exploit-kit.rules)
 * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (snort3-exploit-kit.rules)
 * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (snort3-file-other.rules)
 * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (snort3-file-pdf.rules)
 * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (snort3-browser-ie.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (snort3-file-flash.rules)
 * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (snort3-exploit-kit.rules)
 * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (snort3-file-other.rules)
 * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (snort3-protocol-icmp.rules)
 * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (snort3-file-other.rules)
 * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (snort3-exploit-kit.rules)
 * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (snort3-browser-plugins.rules)
 * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (snort3-exploit-kit.rules)
 * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (snort3-exploit-kit.rules)
 * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (snort3-browser-plugins.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (snort3-server-other.rules)
 * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (snort3-exploit-kit.rules)
 * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (snort3-browser-ie.rules)
 * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (snort3-os-windows.rules)
 * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (snort3-exploit-kit.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (snort3-file-flash.rules)
 * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (snort3-exploit-kit.rules)
 * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (snort3-browser-plugins.rules)
 * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (snort3-browser-plugins.rules)
 * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (snort3-server-other.rules)
 * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (snort3-malware-cnc.rules)
 * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (snort3-file-java.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (snort3-file-java.rules)
 * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (snort3-browser-firefox.rules)
 * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (snort3-exploit-kit.rules)
 * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (snort3-browser-plugins.rules)
 * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (snort3-server-other.rules)
 * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules)
 * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (snort3-browser-plugins.rules)
 * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (snort3-browser-firefox.rules)

2021-11-18 18:08:11 UTC

Snort Subscriber Rules Update

Date: 2021-11-18

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58580 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58586 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58576 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58588 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58584 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58570 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt (file-other.rules)
 * 1:58590 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)
 * 1:58585 <-> DISABLED <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt (policy-other.rules)
 * 1:58587 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt (os-windows.rules)
 * 1:58594 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58579 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58582 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58577 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58581 <-> DISABLED <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt (malware-tools.rules)
 * 1:58592 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58596 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58578 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt (server-webapp.rules)
 * 1:58589 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt (server-webapp.rules)
 * 1:58595 <-> DISABLED <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt (server-webapp.rules)
 * 1:58583 <-> DISABLED <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt (policy-other.rules)
 * 1:58600 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58593 <-> DISABLED <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt (server-webapp.rules)
 * 1:58571 <-> DISABLED <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt (file-other.rules)
 * 1:58599 <-> DISABLED <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt (browser-chrome.rules)
 * 1:58591 <-> DISABLED <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt (server-other.rules)

Modified Rules:


 * 1:35468 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:37802 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:49846 <-> DISABLED <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt (file-java.rules)
 * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules)
 * 1:51163 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:52079 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:41422 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:55824 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:29625 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:44734 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:32149 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:51865 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:31846 <-> DISABLED <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt (policy-other.rules)
 * 1:43779 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt (browser-firefox.rules)
 * 1:34024 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:40281 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:32369 <-> DISABLED <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt (protocol-icmp.rules)
 * 1:32815 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:36154 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:35467 <-> DISABLED <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt (file-java.rules)
 * 1:51025 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:55823 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules)
 * 1:10142 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access (browser-plugins.rules)
 * 1:36155 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:52288 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:41718 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:10144 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access (browser-plugins.rules)
 * 1:42422 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:40818 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:49583 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:10145 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access (browser-plugins.rules)
 * 1:46637 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:10147 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access (browser-plugins.rules)
 * 1:10148 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access (browser-plugins.rules)
 * 1:10150 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access (browser-plugins.rules)
 * 1:10151 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access (browser-plugins.rules)
 * 1:10153 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access (browser-plugins.rules)
 * 1:10154 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access (browser-plugins.rules)
 * 1:10390 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10392 <-> DISABLED <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:10393 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access (browser-plugins.rules)
 * 1:10395 <-> DISABLED <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access (browser-plugins.rules)
 * 1:12472 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access (browser-plugins.rules)
 * 1:12474 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access (browser-plugins.rules)
 * 1:12612 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access (browser-plugins.rules)
 * 1:12614 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access (browser-plugins.rules)
 * 1:12685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow (server-other.rules)
 * 1:13457 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access (browser-plugins.rules)
 * 1:13459 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access (browser-plugins.rules)
 * 1:13470 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt (file-office.rules)
 * 1:13474 <-> DISABLED <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt (os-windows.rules)
 * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow  (server-iis.rules)
 * 1:13520 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13521 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt (server-other.rules)
 * 1:13523 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:13525 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:13926 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt (server-other.rules)
 * 1:13950 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt (file-java.rules)
 * 1:13965 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access (browser-plugins.rules)
 * 1:13967 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:14033 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access (browser-plugins.rules)
 * 1:14035 <-> DISABLED <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access (browser-plugins.rules)
 * 1:14611 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access (browser-plugins.rules)
 * 1:14613 <-> DISABLED <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access (browser-plugins.rules)
 * 1:14771 <-> DISABLED <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt (server-apache.rules)
 * 1:15147 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:15191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow (browser-firefox.rules)
 * 1:15257 <-> DISABLED <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt (server-oracle.rules)
 * 1:15258 <-> DISABLED <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt (server-oracle.rules)
 * 1:15428 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt (browser-firefox.rules)
 * 1:15462 <-> DISABLED <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt (browser-other.rules)
 * 1:15489 <-> DISABLED <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt (pua-other.rules)
 * 1:15490 <-> DISABLED <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt (os-linux.rules)
 * 1:15510 <-> DISABLED <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt (server-other.rules)
 * 1:15511 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:15638 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access (browser-plugins.rules)
 * 1:15733 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules)
 * 1:15872 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:15901 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt (file-multimedia.rules)
 * 1:15965 <-> DISABLED <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt (os-windows.rules)
 * 1:15966 <-> DISABLED <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt (file-other.rules)
 * 1:16001 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:16030 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt (os-windows.rules)
 * 1:16032 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt (browser-ie.rules)
 * 1:16191 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET (server-oracle.rules)
 * 1:51858 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:36661 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:37527 <-> DISABLED <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt (server-other.rules)
 * 1:16192 <-> DISABLED <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt (server-oracle.rules)
 * 1:33986 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt (policy-other.rules)
 * 1:16204 <-> DISABLED <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt (server-other.rules)
 * 1:16213 <-> DISABLED <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt (server-other.rules)
 * 1:16295 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields (file-other.rules)
 * 1:16296 <-> DISABLED <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields (file-other.rules)
 * 1:16344 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt (browser-firefox.rules)
 * 1:16347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:16371 <-> DISABLED <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access (browser-plugins.rules)
 * 1:16405 <-> DISABLED <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt  (protocol-icmp.rules)
 * 1:16418 <-> DISABLED <-> NETBIOS SMB client NULL deref race condition attempt  (netbios.rules)
 * 1:16481 <-> DISABLED <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt (browser-other.rules)
 * 1:16514 <-> DISABLED <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt (server-other.rules)
 * 1:16601 <-> DISABLED <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt (file-other.rules)
 * 1:16667 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16668 <-> DISABLED <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt (browser-chrome.rules)
 * 1:16798 <-> DISABLED <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt (file-other.rules)
 * 1:17153 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1 (browser-firefox.rules)
 * 1:17154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2 (browser-firefox.rules)
 * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:17236 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt (browser-firefox.rules)
 * 1:17305 <-> DISABLED <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt (file-other.rules)
 * 1:17367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt (browser-ie.rules)
 * 1:17378 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17379 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt (browser-firefox.rules)
 * 1:17397 <-> DISABLED <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt (server-other.rules)
 * 1:17398 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17399 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt (browser-firefox.rules)
 * 1:17410 <-> DISABLED <-> OS-WINDOWS Generic HyperLink buffer overflow attempt (os-windows.rules)
 * 1:17422 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt (browser-firefox.rules)
 * 1:17519 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow (browser-firefox.rules)
 * 1:30217 <-> DISABLED <-> FILE-JAVA Oracle Java font rendering remote code execution attempt (file-java.rules)
 * 1:3085 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:17557 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow (browser-plugins.rules)
 * 1:17588 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access (browser-plugins.rules)
 * 1:17631 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:17638 <-> DISABLED <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt (server-oracle.rules)
 * 1:17642 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt (browser-firefox.rules)
 * 1:18097 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:18187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt (browser-firefox.rules)
 * 1:18244 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:18245 <-> DISABLED <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt (browser-plugins.rules)
 * 1:18283 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:18527 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:37627 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:18679 <-> DISABLED <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution (server-other.rules)
 * 1:18904 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19102 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access (browser-plugins.rules)
 * 1:19103 <-> DISABLED <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access (browser-plugins.rules)
 * 1:19216 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:19217 <-> DISABLED <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution (browser-chrome.rules)
 * 1:19257 <-> DISABLED <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt (file-flash.rules)
 * 1:19262 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:44877 <-> DISABLED <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt (server-other.rules)
 * 1:19263 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19264 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:19713 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:52100 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:32959 <-> DISABLED <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt (protocol-dns.rules)
 * 1:19714 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:19812 <-> DISABLED <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt (server-other.rules)
 * 1:19814 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt (browser-ie.rules)
 * 1:20031 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20072 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:20110 <-> DISABLED <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata (server-other.rules)
 * 1:20444 <-> DISABLED <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt (file-java.rules)
 * 1:20600 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:20607 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:20608 <-> DISABLED <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt (server-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:20767 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:20777 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:41719 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:20820 <-> DISABLED <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt (file-java.rules)
 * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:21006 <-> DISABLED <-> MALWARE-CNC Yang Pack yg.htm landing page (malware-cnc.rules)
 * 1:21044 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:21045 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:45177 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:21057 <-> DISABLED <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt (file-other.rules)
 * 1:21161 <-> DISABLED <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (server-iis.rules)
 * 1:32855 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:21247 <-> DISABLED <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt (server-other.rules)
 * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules)
 * 1:21248 <-> DISABLED <-> SERVER-OTHER multiple vendors host buffer overflow attempt (server-other.rules)
 * 1:21259 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit response (exploit-kit.rules)
 * 1:21344 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf download (exploit-kit.rules)
 * 1:21346 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download (exploit-kit.rules)
 * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules)
 * 1:21438 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet (exploit-kit.rules)
 * 1:33571 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:21457 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:55825 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt (server-webapp.rules)
 * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:21492 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21539 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21549 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header (exploit-kit.rules)
 * 1:21640 <-> DISABLED <-> EXPLOIT-KIT Phoenix exploit kit landing page (exploit-kit.rules)
 * 1:21646 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:21657 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:21658 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:32967 <-> DISABLED <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt (policy-other.rules)
 * 1:51860 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:21661 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch (exploit-kit.rules)
 * 1:46913 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:45855 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:21668 <-> DISABLED <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt (exploit-kit.rules)
 * 1:45500 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:21764 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt (file-office.rules)
 * 1:21876 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading (exploit-kit.rules)
 * 1:21915 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21916 <-> ENABLED <-> SERVER-OTHER Novell Groupwise HTTP login request (server-other.rules)
 * 1:21917 <-> DISABLED <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow (server-other.rules)
 * 1:49902 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules)
 * 1:22039 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:22040 <-> DISABLED <-> EXPLOIT-KIT Blackhole suspected landing page (exploit-kit.rules)
 * 1:22041 <-> DISABLED <-> EXPLOIT-KIT Blackhole landing redirection page (exploit-kit.rules)
 * 1:23008 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:43346 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:23158 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch (exploit-kit.rules)
 * 1:23159 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:51864 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:23395 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:23396 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:23489 <-> DISABLED <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt (file-other.rules)
 * 1:23797 <-> DISABLED <-> EXPLOIT-KIT Blackhole redirection page (exploit-kit.rules)
 * 1:23940 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23996 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24054 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure (exploit-kit.rules)
 * 1:24187 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:50643 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:24188 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow (browser-firefox.rules)
 * 1:49900 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt (browser-plugins.rules)
 * 1:24226 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received (exploit-kit.rules)
 * 1:24228 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received (exploit-kit.rules)
 * 1:24543 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page inbound access attempt (exploit-kit.rules)
 * 1:24546 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:51857 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:24547 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:44978 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:41720 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:49947 <-> DISABLED <-> POLICY-OTHER HP OpenView Operations Agent request attempt (policy-other.rules)
 * 1:46912 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:45181 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:51081 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:24548 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24593 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure (exploit-kit.rules)
 * 1:24637 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24675 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt (browser-plugins.rules)
 * 1:34447 <-> DISABLED <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt (policy-other.rules)
 * 1:24676 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt (browser-plugins.rules)
 * 1:24702 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:35857 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:24761 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24860 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:49585 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:24862 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:24864 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure (exploit-kit.rules)
 * 1:24904 <-> DISABLED <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt (file-java.rules)
 * 1:24907 <-> DISABLED <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:7007 <-> DISABLED <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access (browser-plugins.rules)
 * 1:24994 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt (browser-firefox.rules)
 * 1:29891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection (malware-cnc.rules)
 * 1:25312 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25392 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:25569 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:25590 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:25591 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:41045 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:25808 <-> DISABLED <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure (exploit-kit.rules)
 * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules)
 * 1:26031 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page (exploit-kit.rules)
 * 1:26033 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt (exploit-kit.rules)
 * 1:26230 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt (server-webapp.rules)
 * 1:26253 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page (exploit-kit.rules)
 * 1:26337 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:26421 <-> DISABLED <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt (browser-plugins.rules)
 * 1:26434 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded (exploit-kit.rules)
 * 1:26495 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:27067 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure (exploit-kit.rules)
 * 1:27656 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules)
 * 1:3087 <-> DISABLED <-> SERVER-IIS w3who.dll buffer overflow attempt (server-iis.rules)
 * 1:32151 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:45309 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:35434 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:27706 <-> DISABLED <-> EXPLOIT-KIT Gong Da exploit kit possible jar download (exploit-kit.rules)
 * 1:28703 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28791 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28902 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28972 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28973 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:45178 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:29503 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt (browser-firefox.rules)
 * 1:29512 <-> DISABLED <-> BROWSER-PLUGINS KingView ActiveX clsid access (browser-plugins.rules)
 * 1:29520 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29523 <-> DISABLED <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt (server-apache.rules)
 * 1:29524 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29526 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:42412 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:29535 <-> DISABLED <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt (file-java.rules)
 * 1:29538 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access (browser-plugins.rules)
 * 1:29578 <-> DISABLED <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt (browser-plugins.rules)
 * 1:45183 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:29579 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt (browser-firefox.rules)
 * 1:29580 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt (browser-firefox.rules)
 * 1:29594 <-> DISABLED <-> SERVER-WEBAPP Airlive IP Camera information leak attempt (server-webapp.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:29624 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt (browser-firefox.rules)
 * 1:45171 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)

2021-11-18 18:09:48 UTC

Snort Subscriber Rules Update

Date: 2021-11-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt
* 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt
* 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt

Modified Rules:

* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt
* 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access
* 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access
* 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access
* 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access
* 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access
* 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access
* 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access
* 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access
* 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access
* 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access
* 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access
* 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access
* 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access
* 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access
* 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access
* 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access
* 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access
* 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow
* 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access
* 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access
* 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt
* 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt
* 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow 
* 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt
* 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt
* 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access
* 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access
* 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access
* 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access
* 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access
* 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
* 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow
* 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt
* 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt
* 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt
* 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt
* 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt
* 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt
* 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt
* 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access
* 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt
* 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt
* 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt
* 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt
* 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt
* 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt
* 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET
* 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt
* 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt
* 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt
* 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields
* 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields
* 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt
* 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access
* 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt 
* 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt
* 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt
* 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt
* 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt
* 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1
* 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2
* 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt
* 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt
* 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt
* 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt
* 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow
* 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow
* 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access
* 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt
* 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt
* 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt
* 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt
* 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution
* 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access
* 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access
* 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt
* 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt
* 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata
* 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt
* 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt
* 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page
* 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt
* 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt
* 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt
* 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response
* 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download
* 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download
* 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt
* 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet
* 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21484 <-> FILE-OTHER ZIP file name overflow attempt
* 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page
* 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch
* 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt
* 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt
* 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading
* 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow
* 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt
* 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page
* 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt
* 1:23797 <-> EXPLOIT-KIT Blackhole redirection page
* 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure
* 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received
* 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received
* 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt
* 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure
* 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt
* 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt
* 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt
* 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt
* 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure
* 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt
* 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt
* 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt
* 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt
* 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded
* 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download
* 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt
* 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt
* 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt
* 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection
* 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt
* 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt
* 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt
* 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt
* 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
* 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt
* 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt
* 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt
* 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt
* 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt
* 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt
* 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:44877 <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt
* 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt
* 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt
* 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt
* 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access


2021-11-18 18:09:48 UTC

Snort Subscriber Rules Update

Date: 2021-11-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt
* 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt
* 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt

Modified Rules:

* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt
* 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access
* 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access
* 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access
* 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access
* 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access
* 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access
* 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access
* 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access
* 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access
* 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access
* 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access
* 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access
* 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access
* 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access
* 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access
* 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access
* 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access
* 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow
* 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access
* 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access
* 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt
* 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt
* 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow 
* 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt
* 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt
* 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access
* 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access
* 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access
* 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access
* 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access
* 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
* 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow
* 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt
* 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt
* 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt
* 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt
* 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt
* 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt
* 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt
* 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access
* 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt
* 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt
* 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt
* 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt
* 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt
* 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt
* 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET
* 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt
* 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt
* 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt
* 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields
* 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields
* 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt
* 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access
* 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt 
* 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt
* 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt
* 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt
* 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt
* 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1
* 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2
* 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt
* 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt
* 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt
* 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt
* 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow
* 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow
* 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access
* 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt
* 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt
* 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt
* 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt
* 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution
* 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access
* 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access
* 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt
* 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt
* 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata
* 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt
* 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt
* 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page
* 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt
* 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt
* 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt
* 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response
* 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download
* 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download
* 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt
* 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet
* 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21484 <-> FILE-OTHER ZIP file name overflow attempt
* 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page
* 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch
* 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt
* 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt
* 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading
* 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow
* 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt
* 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page
* 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt
* 1:23797 <-> EXPLOIT-KIT Blackhole redirection page
* 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure
* 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received
* 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received
* 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt
* 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure
* 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt
* 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt
* 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt
* 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt
* 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure
* 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt
* 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt
* 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt
* 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt
* 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded
* 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download
* 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt
* 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt
* 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt
* 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection
* 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt
* 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt
* 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt
* 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt
* 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
* 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt
* 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt
* 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt
* 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt
* 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt
* 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt
* 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:44877 <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt
* 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt
* 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt
* 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt
* 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access


2021-11-18 18:09:48 UTC

Snort Subscriber Rules Update

Date: 2021-11-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt
* 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt
* 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt

Modified Rules:

* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt
* 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access
* 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access
* 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access
* 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access
* 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access
* 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access
* 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access
* 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access
* 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access
* 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access
* 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access
* 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access
* 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access
* 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access
* 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access
* 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access
* 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access
* 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow
* 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access
* 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access
* 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt
* 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt
* 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow 
* 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt
* 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt
* 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access
* 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access
* 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access
* 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access
* 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access
* 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
* 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow
* 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt
* 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt
* 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt
* 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt
* 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt
* 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt
* 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt
* 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access
* 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt
* 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt
* 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt
* 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt
* 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt
* 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt
* 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET
* 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt
* 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt
* 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt
* 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields
* 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields
* 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt
* 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access
* 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt 
* 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt
* 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt
* 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt
* 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt
* 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1
* 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2
* 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt
* 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt
* 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt
* 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt
* 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow
* 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow
* 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access
* 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt
* 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt
* 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt
* 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt
* 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution
* 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access
* 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access
* 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt
* 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt
* 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata
* 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt
* 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt
* 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page
* 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt
* 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt
* 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt
* 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response
* 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download
* 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download
* 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt
* 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet
* 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21484 <-> FILE-OTHER ZIP file name overflow attempt
* 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page
* 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch
* 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt
* 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt
* 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading
* 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow
* 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt
* 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page
* 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt
* 1:23797 <-> EXPLOIT-KIT Blackhole redirection page
* 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure
* 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received
* 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received
* 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt
* 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure
* 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt
* 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt
* 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt
* 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt
* 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure
* 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt
* 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt
* 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt
* 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt
* 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded
* 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download
* 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt
* 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt
* 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt
* 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection
* 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt
* 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt
* 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt
* 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt
* 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
* 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt
* 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt
* 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt
* 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt
* 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt
* 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt
* 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:44877 <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt
* 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt
* 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt
* 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt
* 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access


2021-11-18 18:09:48 UTC

Snort Subscriber Rules Update

Date: 2021-11-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt
* 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt
* 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt

Modified Rules:

* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt
* 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access
* 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access
* 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access
* 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access
* 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access
* 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access
* 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access
* 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access
* 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access
* 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access
* 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access
* 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access
* 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access
* 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access
* 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access
* 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access
* 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access
* 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow
* 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access
* 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access
* 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt
* 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt
* 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow 
* 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt
* 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt
* 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access
* 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access
* 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access
* 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access
* 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access
* 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
* 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow
* 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt
* 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt
* 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt
* 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt
* 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt
* 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt
* 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt
* 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access
* 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt
* 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt
* 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt
* 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt
* 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt
* 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt
* 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET
* 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt
* 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt
* 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt
* 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields
* 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields
* 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt
* 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access
* 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt 
* 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt
* 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt
* 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt
* 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt
* 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1
* 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2
* 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt
* 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt
* 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt
* 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt
* 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow
* 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow
* 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access
* 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt
* 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt
* 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt
* 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt
* 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution
* 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access
* 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access
* 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt
* 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt
* 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata
* 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt
* 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt
* 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page
* 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt
* 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt
* 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt
* 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response
* 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download
* 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download
* 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt
* 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet
* 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21484 <-> FILE-OTHER ZIP file name overflow attempt
* 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page
* 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch
* 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt
* 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt
* 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading
* 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow
* 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt
* 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page
* 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt
* 1:23797 <-> EXPLOIT-KIT Blackhole redirection page
* 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure
* 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received
* 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received
* 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt
* 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure
* 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt
* 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt
* 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt
* 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt
* 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure
* 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt
* 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt
* 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt
* 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt
* 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded
* 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download
* 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt
* 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt
* 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt
* 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection
* 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt
* 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt
* 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt
* 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt
* 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
* 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt
* 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt
* 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt
* 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt
* 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt
* 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt
* 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:44877 <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt
* 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt
* 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt
* 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt
* 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access


2021-11-18 18:09:48 UTC

Snort Subscriber Rules Update

Date: 2021-11-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt
* 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt
* 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt

Modified Rules:

* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt
* 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access
* 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access
* 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access
* 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access
* 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access
* 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access
* 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access
* 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access
* 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access
* 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access
* 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access
* 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access
* 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access
* 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access
* 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access
* 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access
* 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access
* 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow
* 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access
* 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access
* 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt
* 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt
* 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow 
* 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt
* 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt
* 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access
* 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access
* 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access
* 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access
* 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access
* 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
* 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow
* 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt
* 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt
* 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt
* 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt
* 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt
* 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt
* 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt
* 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access
* 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt
* 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt
* 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt
* 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt
* 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt
* 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt
* 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET
* 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt
* 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt
* 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt
* 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields
* 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields
* 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt
* 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access
* 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt 
* 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt
* 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt
* 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt
* 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt
* 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1
* 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2
* 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt
* 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt
* 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt
* 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt
* 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow
* 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow
* 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access
* 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt
* 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt
* 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt
* 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt
* 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution
* 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access
* 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access
* 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt
* 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt
* 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata
* 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt
* 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt
* 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page
* 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt
* 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt
* 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt
* 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response
* 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download
* 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download
* 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt
* 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet
* 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21484 <-> FILE-OTHER ZIP file name overflow attempt
* 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page
* 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch
* 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt
* 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt
* 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading
* 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow
* 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt
* 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page
* 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt
* 1:23797 <-> EXPLOIT-KIT Blackhole redirection page
* 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure
* 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received
* 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received
* 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt
* 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure
* 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt
* 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt
* 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt
* 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt
* 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure
* 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt
* 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt
* 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt
* 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt
* 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded
* 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download
* 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt
* 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt
* 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt
* 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection
* 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt
* 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt
* 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt
* 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt
* 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
* 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt
* 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt
* 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt
* 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt
* 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt
* 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt
* 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:44877 <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt
* 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt
* 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt
* 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt
* 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access


2021-11-18 18:09:49 UTC

Snort Subscriber Rules Update

Date: 2021-11-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt
* 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt
* 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt

Modified Rules:

* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt
* 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access
* 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access
* 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access
* 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access
* 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access
* 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access
* 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access
* 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access
* 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access
* 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access
* 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access
* 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access
* 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access
* 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access
* 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access
* 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access
* 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access
* 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow
* 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access
* 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access
* 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt
* 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt
* 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow 
* 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt
* 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt
* 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access
* 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access
* 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access
* 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access
* 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access
* 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
* 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow
* 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt
* 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt
* 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt
* 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt
* 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt
* 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt
* 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt
* 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access
* 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt
* 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt
* 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt
* 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt
* 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt
* 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt
* 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET
* 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt
* 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt
* 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt
* 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields
* 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields
* 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt
* 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access
* 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt 
* 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt
* 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt
* 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt
* 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt
* 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1
* 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2
* 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt
* 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt
* 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt
* 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt
* 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow
* 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow
* 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access
* 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt
* 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt
* 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt
* 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt
* 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution
* 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access
* 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access
* 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt
* 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt
* 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata
* 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt
* 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt
* 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page
* 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt
* 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt
* 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt
* 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response
* 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download
* 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download
* 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt
* 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet
* 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21484 <-> FILE-OTHER ZIP file name overflow attempt
* 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page
* 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch
* 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt
* 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt
* 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading
* 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow
* 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt
* 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page
* 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt
* 1:23797 <-> EXPLOIT-KIT Blackhole redirection page
* 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure
* 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received
* 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received
* 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt
* 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure
* 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt
* 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt
* 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt
* 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt
* 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure
* 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt
* 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt
* 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt
* 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt
* 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded
* 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download
* 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt
* 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt
* 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt
* 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection
* 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt
* 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt
* 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt
* 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt
* 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
* 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt
* 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt
* 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt
* 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt
* 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt
* 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt
* 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:44877 <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt
* 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt
* 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt
* 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt
* 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access


2021-11-18 18:09:49 UTC

Snort Subscriber Rules Update

Date: 2021-11-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt
* 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt
* 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt

Modified Rules:

* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt
* 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access
* 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access
* 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access
* 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access
* 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access
* 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access
* 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access
* 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access
* 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access
* 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access
* 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access
* 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access
* 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access
* 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access
* 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access
* 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access
* 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access
* 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow
* 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access
* 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access
* 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt
* 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt
* 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow 
* 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt
* 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt
* 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access
* 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access
* 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access
* 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access
* 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access
* 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
* 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow
* 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt
* 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt
* 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt
* 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt
* 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt
* 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt
* 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt
* 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access
* 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt
* 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt
* 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt
* 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt
* 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt
* 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt
* 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET
* 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt
* 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt
* 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt
* 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields
* 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields
* 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt
* 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access
* 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt 
* 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt
* 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt
* 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt
* 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt
* 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1
* 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2
* 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt
* 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt
* 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt
* 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt
* 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow
* 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow
* 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access
* 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt
* 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt
* 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt
* 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt
* 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution
* 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access
* 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access
* 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt
* 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt
* 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata
* 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt
* 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt
* 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page
* 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt
* 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt
* 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt
* 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response
* 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download
* 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download
* 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt
* 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet
* 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21484 <-> FILE-OTHER ZIP file name overflow attempt
* 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page
* 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch
* 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt
* 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt
* 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading
* 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow
* 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt
* 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page
* 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt
* 1:23797 <-> EXPLOIT-KIT Blackhole redirection page
* 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure
* 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received
* 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received
* 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt
* 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure
* 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt
* 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt
* 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt
* 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt
* 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure
* 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt
* 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt
* 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt
* 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt
* 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded
* 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download
* 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt
* 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt
* 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt
* 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection
* 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt
* 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt
* 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt
* 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt
* 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
* 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt
* 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt
* 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt
* 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt
* 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt
* 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt
* 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:44877 <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt
* 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt
* 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt
* 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt
* 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access


2021-11-18 18:09:49 UTC

Snort Subscriber Rules Update

Date: 2021-11-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt
* 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt
* 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt

Modified Rules:

* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt
* 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access
* 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access
* 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access
* 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access
* 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access
* 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access
* 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access
* 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access
* 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access
* 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access
* 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access
* 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access
* 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access
* 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access
* 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access
* 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access
* 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access
* 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow
* 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access
* 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access
* 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt
* 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt
* 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow 
* 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt
* 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt
* 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access
* 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access
* 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access
* 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access
* 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access
* 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
* 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow
* 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt
* 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt
* 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt
* 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt
* 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt
* 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt
* 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt
* 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access
* 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt
* 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt
* 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt
* 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt
* 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt
* 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt
* 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET
* 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt
* 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt
* 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt
* 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields
* 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields
* 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt
* 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access
* 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt 
* 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt
* 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt
* 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt
* 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt
* 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1
* 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2
* 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt
* 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt
* 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt
* 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt
* 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow
* 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow
* 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access
* 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt
* 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt
* 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt
* 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt
* 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution
* 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access
* 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access
* 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt
* 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt
* 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata
* 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt
* 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt
* 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page
* 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt
* 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt
* 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt
* 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response
* 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download
* 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download
* 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt
* 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet
* 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21484 <-> FILE-OTHER ZIP file name overflow attempt
* 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page
* 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch
* 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt
* 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt
* 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading
* 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow
* 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt
* 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page
* 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt
* 1:23797 <-> EXPLOIT-KIT Blackhole redirection page
* 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure
* 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received
* 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received
* 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt
* 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure
* 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt
* 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt
* 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt
* 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt
* 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure
* 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt
* 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt
* 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt
* 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt
* 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded
* 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download
* 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt
* 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt
* 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt
* 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection
* 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt
* 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt
* 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt
* 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt
* 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
* 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt
* 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt
* 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt
* 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt
* 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt
* 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt
* 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:44877 <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt
* 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt
* 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt
* 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt
* 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access


2021-11-18 18:09:49 UTC

Snort Subscriber Rules Update

Date: 2021-11-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt
* 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt
* 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt

Modified Rules:

* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt
* 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access
* 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access
* 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access
* 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access
* 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access
* 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access
* 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access
* 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access
* 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access
* 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access
* 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access
* 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access
* 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access
* 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access
* 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access
* 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access
* 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access
* 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow
* 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access
* 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access
* 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt
* 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt
* 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow 
* 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt
* 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt
* 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access
* 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access
* 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access
* 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access
* 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access
* 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
* 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow
* 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt
* 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt
* 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt
* 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt
* 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt
* 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt
* 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt
* 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access
* 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt
* 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt
* 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt
* 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt
* 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt
* 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt
* 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET
* 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt
* 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt
* 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt
* 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields
* 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields
* 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt
* 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access
* 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt 
* 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt
* 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt
* 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt
* 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt
* 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1
* 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2
* 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt
* 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt
* 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt
* 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt
* 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow
* 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow
* 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access
* 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt
* 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt
* 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt
* 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt
* 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution
* 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access
* 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access
* 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt
* 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt
* 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata
* 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt
* 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt
* 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page
* 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt
* 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt
* 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt
* 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response
* 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download
* 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download
* 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt
* 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet
* 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21484 <-> FILE-OTHER ZIP file name overflow attempt
* 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page
* 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch
* 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt
* 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt
* 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading
* 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow
* 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt
* 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page
* 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt
* 1:23797 <-> EXPLOIT-KIT Blackhole redirection page
* 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure
* 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received
* 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received
* 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt
* 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure
* 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt
* 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt
* 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt
* 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt
* 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure
* 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt
* 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt
* 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt
* 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt
* 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded
* 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download
* 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt
* 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt
* 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt
* 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection
* 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt
* 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt
* 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt
* 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt
* 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
* 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt
* 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt
* 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt
* 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt
* 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt
* 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt
* 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:44877 <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt
* 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt
* 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt
* 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt
* 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access


2021-11-18 18:09:49 UTC

Snort Subscriber Rules Update

Date: 2021-11-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt
* 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt
* 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt

Modified Rules:

* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt
* 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access
* 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access
* 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access
* 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access
* 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access
* 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access
* 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access
* 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access
* 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access
* 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access
* 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access
* 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access
* 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access
* 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access
* 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access
* 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access
* 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access
* 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow
* 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access
* 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access
* 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt
* 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt
* 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow 
* 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt
* 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt
* 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access
* 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access
* 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access
* 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access
* 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access
* 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
* 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow
* 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt
* 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt
* 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt
* 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt
* 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt
* 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt
* 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt
* 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access
* 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt
* 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt
* 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt
* 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt
* 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt
* 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt
* 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET
* 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt
* 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt
* 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt
* 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields
* 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields
* 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt
* 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access
* 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt 
* 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt
* 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt
* 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt
* 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt
* 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1
* 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2
* 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt
* 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt
* 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt
* 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt
* 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow
* 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow
* 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access
* 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt
* 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt
* 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt
* 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt
* 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution
* 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access
* 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access
* 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt
* 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt
* 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata
* 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt
* 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt
* 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page
* 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt
* 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt
* 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt
* 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response
* 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download
* 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download
* 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt
* 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet
* 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21484 <-> FILE-OTHER ZIP file name overflow attempt
* 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page
* 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch
* 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt
* 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt
* 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading
* 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow
* 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt
* 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page
* 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt
* 1:23797 <-> EXPLOIT-KIT Blackhole redirection page
* 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure
* 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received
* 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received
* 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt
* 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure
* 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt
* 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt
* 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt
* 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt
* 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure
* 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt
* 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt
* 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt
* 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt
* 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded
* 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download
* 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt
* 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt
* 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt
* 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection
* 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt
* 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt
* 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt
* 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt
* 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
* 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt
* 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt
* 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt
* 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt
* 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt
* 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt
* 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:44877 <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt
* 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt
* 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt
* 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt
* 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access


2021-11-18 18:09:49 UTC

Snort Subscriber Rules Update

Date: 2021-11-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt
* 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt
* 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt

Modified Rules:

* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt
* 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access
* 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access
* 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access
* 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access
* 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access
* 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access
* 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access
* 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access
* 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access
* 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access
* 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access
* 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access
* 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access
* 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access
* 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access
* 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access
* 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access
* 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow
* 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access
* 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access
* 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt
* 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt
* 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow 
* 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt
* 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt
* 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access
* 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access
* 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access
* 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access
* 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access
* 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
* 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow
* 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt
* 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt
* 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt
* 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt
* 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt
* 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt
* 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt
* 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access
* 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt
* 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt
* 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt
* 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt
* 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt
* 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt
* 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET
* 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt
* 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt
* 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt
* 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields
* 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields
* 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt
* 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access
* 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt 
* 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt
* 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt
* 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt
* 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt
* 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1
* 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2
* 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt
* 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt
* 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt
* 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt
* 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow
* 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow
* 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access
* 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt
* 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt
* 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt
* 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt
* 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution
* 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access
* 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access
* 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt
* 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt
* 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata
* 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt
* 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt
* 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page
* 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt
* 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt
* 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt
* 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response
* 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download
* 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download
* 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt
* 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet
* 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21484 <-> FILE-OTHER ZIP file name overflow attempt
* 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page
* 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch
* 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt
* 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt
* 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading
* 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow
* 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt
* 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page
* 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt
* 1:23797 <-> EXPLOIT-KIT Blackhole redirection page
* 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure
* 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received
* 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received
* 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt
* 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure
* 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt
* 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt
* 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt
* 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt
* 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure
* 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt
* 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt
* 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt
* 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt
* 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded
* 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download
* 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt
* 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt
* 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt
* 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection
* 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt
* 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt
* 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt
* 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt
* 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
* 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt
* 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt
* 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt
* 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt
* 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt
* 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt
* 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:44877 <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt
* 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt
* 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt
* 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt
* 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access


2021-11-18 18:09:49 UTC

Snort Subscriber Rules Update

Date: 2021-11-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58570 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit upload attempt
* 1:58571 <-> FILE-OTHER MacOS TTC bypass vulnerability exploit download attempt
* 3:58572 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58573 <-> FILE-IMAGE TRUFFLEHUNTER TALOS-2021-1411 attack attempt
* 3:58574 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 3:58575 <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2021-1412 attack attempt
* 1:58576 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58577 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58578 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58579 <-> SERVER-WEBAPP Trend Micro InterScan Web Security Virtual Appliance command injection attempt
* 1:58580 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58581 <-> MALWARE-TOOLS TeamViewer shared AES key decryption tool download attempt
* 1:58582 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58583 <-> POLICY-OTHER Dahua Console NetKeyboard potential authentication bypass attempt
* 1:58584 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58585 <-> POLICY-OTHER Dahua Console Loopback potential authentication bypass attempt
* 1:58586 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58587 <-> OS-WINDOWS Microsoft Windows Installer elevation of privilege attempt
* 1:58588 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58589 <-> SERVER-WEBAPP SolarWinds Network Configuration Manager remote file include attempt
* 1:58590 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58591 <-> SERVER-OTHER OpenLDAP Slapd CancelRequest infinite loop denial of service attempt
* 1:58592 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58593 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58594 <-> SERVER-WEBAPP SaltStack pillar_roots directory traversal attempt
* 1:58595 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 1:58596 <-> SERVER-WEBAPP OpenEMR backup.php command injection attempt
* 3:58597 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 3:58598 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1413 attack attempt
* 1:58599 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt
* 1:58600 <-> BROWSER-CHROME Google Chrome V8 kConstantType type confusion attempt

Modified Rules:

* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt
* 1:10142 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access
* 1:10144 <-> BROWSER-PLUGINS Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call access
* 1:10145 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access
* 1:10147 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call access
* 1:10148 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access
* 1:10150 <-> BROWSER-PLUGINS Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call access
* 1:10151 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access
* 1:10153 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access
* 1:10154 <-> BROWSER-PLUGINS Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access
* 1:10390 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX clsid access
* 1:10392 <-> BROWSER-PLUGINS Symantec Support Controls SmartIssue ActiveX function call access
* 1:10393 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX clsid access
* 1:10395 <-> BROWSER-PLUGINS Symantec SupportSoft SmartIssue ActiveX function call access
* 1:12472 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX clsid access
* 1:12474 <-> BROWSER-PLUGINS Oracle Java Web Start ActiveX function call access
* 1:12612 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX clsid access
* 1:12614 <-> BROWSER-PLUGINS Microsoft Windows MFC Library ActiveX function call access
* 1:12685 <-> SERVER-OTHER IBM Tivoli Storage Manager Express CAD Host buffer overflow
* 1:13457 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX clsid access
* 1:13459 <-> BROWSER-PLUGINS Microsoft Windows Forms 2.0 ActiveX function call access
* 1:13470 <-> FILE-OFFICE Microsoft Office Publisher memory corruption attempt
* 1:13474 <-> OS-WINDOWS Microsoft WebDAV MiniRedir remote code execution attempt
* 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow 
* 1:13520 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13521 <-> SERVER-OTHER Nullsoft Winamp Ultravox buffer overflow attempt
* 1:13523 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:13525 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:13926 <-> SERVER-OTHER Novell Groupwise HTTP response parsing overflow attempt
* 1:13950 <-> FILE-JAVA Oracle Java Web Start JNLP attribute buffer overflow attempt
* 1:13965 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX clsid access
* 1:13967 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:14033 <-> BROWSER-PLUGINS Orbit Downloader ActiveX clsid access
* 1:14035 <-> BROWSER-PLUGINS Orbit Downloader ActiveX function call access
* 1:14611 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX clsid access
* 1:14613 <-> BROWSER-PLUGINS VMWare VMCtl Class ActiveX function call access
* 1:14771 <-> SERVER-APACHE BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
* 1:15147 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:15191 <-> BROWSER-FIREFOX Mozilla Firefox animated PNG processing integer overflow
* 1:15257 <-> SERVER-ORACLE Secure Backup common.php variable based command injection attempt
* 1:15258 <-> SERVER-ORACLE Secure Backup login.php variable based command injection attempt
* 1:15428 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing memory corruption attempt
* 1:15462 <-> BROWSER-OTHER Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt
* 1:15489 <-> PUA-OTHER Cerulean Studios Trillian image filename handling XML tag overflow attempt
* 1:15490 <-> OS-LINUX Linux SCTP malformed forward-tsn chunk arbitrary code execution attempt
* 1:15510 <-> SERVER-OTHER Trend Micro OfficeScan Server cgiRecvFile overflow attempt
* 1:15511 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:15638 <-> BROWSER-PLUGINS Microsoft Video 32 ActiveX clsid access
* 1:15733 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:15866 <-> FILE-OTHER libxml2 file processing long entity overflow attempt
* 1:15872 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:15901 <-> FILE-MULTIMEDIA Nullsoft Winamp AIFF parsing heap buffer overflow attempt
* 1:15965 <-> OS-WINDOWS Microsoft Explorer long share name buffer overflow attempt
* 1:15966 <-> FILE-OTHER F-Secure Anti-Virus LHA processing buffer overflow attempt
* 1:16001 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:16030 <-> OS-WINDOWS Microsoft Windows DNS client TXT buffer overrun attempt
* 1:16032 <-> BROWSER-IE Microsoft Internet Explorer HTML Decoding memory corruption attempt
* 1:16191 <-> SERVER-ORACLE Oracle Secure Backup Administration server authentication bypass attempt - via GET
* 1:16192 <-> SERVER-ORACLE Secure Backup Administration server authentication bypass attempt
* 1:16204 <-> SERVER-OTHER HP OpenView Network Node Manager ovlaunch host field overflow attempt
* 1:16213 <-> SERVER-OTHER Red Hat Directory Server Accept-Language HTTP header parsing buffer overflow attempt
* 1:16295 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - without optional fields
* 1:16296 <-> FILE-OTHER Kaspersky antivirus library heap buffer overflow - with optional fields
* 1:16344 <-> BROWSER-FIREFOX Mozilla Firefox top-level script object offset calculation memory corruption attempt
* 1:16347 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:16371 <-> BROWSER-PLUGINS NOS Microsystems Adobe atl_getcom ActiveX clsid access
* 1:16405 <-> PROTOCOL-ICMP Microsoft Windows Ipv6pHandleRouterAdvertisement Prefix Information stack buffer overflow attempt 
* 1:16418 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:16481 <-> BROWSER-OTHER Opera Content-Length header integer overflow attempt
* 1:16514 <-> SERVER-OTHER Trillian AIM XML tag handling heap buffer overflow attempt
* 1:16601 <-> FILE-OTHER Amaya web editor XML and HTML Parser Buffer overflow attempt
* 1:16667 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16668 <-> BROWSER-CHROME Google Chrome GURL cross origin bypass attempt
* 1:16798 <-> FILE-OTHER Orbit Downloader long URL buffer overflow attempt
* 1:17153 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 1
* 1:17154 <-> BROWSER-FIREFOX Mozilla Firefox plugin parameter array dangling pointer exploit attempt - 2
* 1:17166 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:17236 <-> BROWSER-FIREFOX Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt
* 1:17305 <-> FILE-OTHER ClamAV libclamav PE file handling integer overflow attempt
* 1:17367 <-> BROWSER-IE Microsoft Internet Explorer FTP response parsing memory corruption attempt
* 1:17378 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17379 <-> BROWSER-FIREFOX Mozilla Firefox Animated PNG Processing integer overflow attempt
* 1:17397 <-> SERVER-OTHER VNCViewer Authenticate buffer overflow attempt
* 1:17398 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17399 <-> BROWSER-FIREFOX Mozilla Firefox Javascript array.splice memory corruption attempt
* 1:17410 <-> OS-WINDOWS Generic HyperLink buffer overflow attempt
* 1:17422 <-> BROWSER-FIREFOX Mozilla Firefox defineSetter function pointer memory corruption attempt
* 1:17519 <-> BROWSER-FIREFOX Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow
* 1:17557 <-> BROWSER-PLUGINS Novell iPrint ActiveX operation parameter overflow
* 1:17588 <-> BROWSER-PLUGINS Microsoft Internet Explorer Install Engine ActiveX clsid access
* 1:17631 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:17638 <-> SERVER-ORACLE Secure Backup administration server login.php cookies command injection attempt
* 1:17642 <-> BROWSER-FIREFOX Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt
* 1:18097 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:18187 <-> BROWSER-FIREFOX Mozilla Firefox InstallTrigger.install memory corruption attempt
* 1:18244 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:18245 <-> BROWSER-PLUGINS Oracle Java browser plugin docbase overflow attempt
* 1:18283 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:18527 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18679 <-> SERVER-OTHER Oracle Java Applet2ClassLoader Remote Code Execution
* 1:18904 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:18957 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:19102 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX clsid access
* 1:19103 <-> BROWSER-PLUGINS Symantec CLIProxy.dll ActiveX function call access
* 1:19216 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19217 <-> BROWSER-CHROME Google Chrome Uninitialized bug_report Pointer Code Execution
* 1:19257 <-> FILE-FLASH Adobe ActionScript float index memory corruption attempt
* 1:19262 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19263 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19264 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:19713 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19714 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:19812 <-> SERVER-OTHER CA Total Defense Suite UNCWS getDBConfigSettings credential information disclosure attempt
* 1:19814 <-> BROWSER-IE Microsoft Internet Explorer empty table tag memory corruption attempt
* 1:20031 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20072 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:20110 <-> SERVER-OTHER Nullsoft Winamp Ultravox streaming malicious metadata
* 1:20444 <-> FILE-JAVA Oracle Java browser plugin docbase overflow attempt
* 1:20600 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:20607 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20608 <-> SERVER-OTHER Novell Groupwise internet agent http uri buffer overflow attempt
* 1:20692 <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt
* 1:20767 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:20777 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:20820 <-> FILE-JAVA Oracle Java JNLP parameter argument injection attempt
* 1:20842 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:20843 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:21006 <-> MALWARE-CNC Yang Pack yg.htm landing page
* 1:21044 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21045 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21057 <-> FILE-OTHER Java Applet Rhino script engine remote code execution attempt
* 1:21161 <-> SERVER-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt
* 1:21247 <-> SERVER-OTHER IBM Lotusnotes s_viewname buffer overflow attempt
* 1:21248 <-> SERVER-OTHER multiple vendors host buffer overflow attempt
* 1:21259 <-> EXPLOIT-KIT Blackhole exploit kit response
* 1:21344 <-> EXPLOIT-KIT Blackhole exploit kit pdf download
* 1:21346 <-> EXPLOIT-KIT Blackhole exploit kit malicious jar download
* 1:21420 <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt
* 1:21438 <-> EXPLOIT-KIT Blackhole exploit kit JavaScript carat string splitting with hostile applet
* 1:21457 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21484 <-> FILE-OTHER ZIP file name overflow attempt
* 1:21492 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21539 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21549 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific header
* 1:21640 <-> EXPLOIT-KIT Phoenix exploit kit landing page
* 1:21646 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:21657 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:21658 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:21661 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - catch
* 1:21668 <-> EXPLOIT-KIT Java exploit kit iframe drive by attempt
* 1:21764 <-> FILE-OFFICE Microsoft Office Word unicode parsing buffer overflow attempt
* 1:21876 <-> EXPLOIT-KIT Blackhole exploit landing page with specific structure - Loading
* 1:21915 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21916 <-> SERVER-OTHER Novell Groupwise HTTP login request
* 1:21917 <-> SERVER-OTHER Novell Groupwise HTTP response message parsing overflow
* 1:21953 <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt
* 1:22039 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22040 <-> EXPLOIT-KIT Blackhole suspected landing page
* 1:22041 <-> EXPLOIT-KIT Blackhole landing redirection page
* 1:23008 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:23158 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure - prototype catch
* 1:23159 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:23395 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:23396 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:23489 <-> FILE-OTHER Microsoft Windows Task Scheduler buffer overflow attempt
* 1:23797 <-> EXPLOIT-KIT Blackhole redirection page
* 1:23940 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23996 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24054 <-> EXPLOIT-KIT Blackhole exploit kit landing page with specific structure
* 1:24187 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24188 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow
* 1:24226 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received
* 1:24228 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page Received
* 1:24543 <-> EXPLOIT-KIT Blackhole admin page inbound access attempt
* 1:24546 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24547 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24548 <-> EXPLOIT-KIT Blackhole exploit kit landing page download attempt
* 1:24593 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page received - specific structure
* 1:24637 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24675 <-> BROWSER-PLUGINS Novell iPrint ActiveX realm parameter overflow attempt
* 1:24676 <-> BROWSER-PLUGINS Novell iPrint ActiveX real parameter overflow attempt
* 1:24702 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24761 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24860 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24862 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24864 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific-structure
* 1:24904 <-> FILE-JAVA Oracle Java Web Start JNLP j2se key value buffer overflow attempt
* 1:24907 <-> SERVER-ORACLE Oracle Secure Backup exec_qr command injection attempt
* 1:24994 <-> BROWSER-FIREFOX Mozilla Firefox onChannelRedirect method attempt
* 1:25312 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25392 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:25569 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:25590 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:25591 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:25808 <-> EXPLOIT-KIT Fiesta exploit kit landing page detection - specific-structure
* 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt
* 1:26031 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page
* 1:26033 <-> EXPLOIT-KIT Blackholev2 exploit kit iframe redirection attempt
* 1:26230 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX arbitrary command execution attempt
* 1:26253 <-> EXPLOIT-KIT Blackhole exploit kit landing page
* 1:26337 <-> EXPLOIT-KIT Blackhole exploit kit landing page - specific structure
* 1:26421 <-> BROWSER-PLUGINS Metalink file download parameter buffer overflow attempt
* 1:26434 <-> EXPLOIT-KIT Blackholev2 exploit kit jar file downloaded
* 1:26495 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:27067 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page - specific structure
* 1:27656 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt
* 1:27706 <-> EXPLOIT-KIT Gong Da exploit kit possible jar download
* 1:28703 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28791 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28902 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28972 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28973 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29503 <-> BROWSER-FIREFOX Mozilla Products SVG text content element getCharNumAtPosition use after free attempt
* 1:29512 <-> BROWSER-PLUGINS KingView ActiveX clsid access
* 1:29520 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29523 <-> SERVER-APACHE Oracle WebLogic Apache Connector buffer overflow attempt
* 1:29524 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29526 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29535 <-> FILE-JAVA Oracle Java Rhino script engine remote code execution attempt
* 1:29538 <-> BROWSER-PLUGINS Microsoft Windows Message System ActiveX function call access
* 1:29578 <-> BROWSER-PLUGINS Sun Microsystems JRE isInstalled.dnsResolve function memory exception attempt
* 1:29579 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:29580 <-> BROWSER-FIREFOX Mozilla Firefox SVG data processing obfuscated memory corruption attempt
* 1:29594 <-> SERVER-WEBAPP Airlive IP Camera information leak attempt
* 1:29623 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:29624 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29625 <-> BROWSER-FIREFOX Mozilla Array.reduceRight integer overflow attempt
* 1:29891 <-> MALWARE-CNC Win.Trojan.Pushdo variant outbound connection
* 1:30217 <-> FILE-JAVA Oracle Java font rendering remote code execution attempt
* 1:3085 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:3087 <-> SERVER-IIS w3who.dll buffer overflow attempt
* 1:31846 <-> POLICY-OTHER HP Universal CMDB default credentials authentication attempt
* 1:32149 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32151 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32369 <-> PROTOCOL-ICMP FreeBSD rtsold dname_labeldec stack buffer overflow attempt
* 1:32815 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32855 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:32959 <-> PROTOCOL-DNS Microsoft SMTP excessive answer records buffer overflow attempt
* 1:32967 <-> POLICY-OTHER ManageEngine Desktop Central DCPlugin insecure admin account creation attempt
* 1:33571 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33986 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34024 <-> POLICY-OTHER ManageEngine Desktop Central insecure admin password reset attempt
* 1:34447 <-> POLICY-OTHER ProFTPD mod_copy unauthenticated file copy attempt
* 1:35434 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35467 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:35468 <-> FILE-JAVA Oracle Java VersionHelper loadClass sandbox bypass attempt
* 1:36154 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36155 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:3632 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:36661 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37527 <-> SERVER-OTHER IBM WebSphere InvokerTransformer serialized Java object remote code execution attempt
* 1:37627 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37802 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt
* 1:40281 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40818 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41045 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41422 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:41718 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41719 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:41720 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:42412 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42422 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43346 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:43692 <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt
* 1:43779 <-> BROWSER-FIREFOX Mozilla multiple products SharedWorker MessagePort memory corruption attempt
* 1:44734 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:44877 <-> SERVER-OTHER  Citrix XenApp and XenDesktop XML service memory corruption attempt
* 1:44978 <-> BROWSER-FIREFOX Mozilla Firefox browser engine memory corruption attempt
* 1:45171 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45177 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45178 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45181 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45183 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45309 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45500 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45855 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:46637 <-> NETBIOS SMB client NULL deref race condition attempt 
* 1:46912 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:46913 <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt
* 1:49583 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49585 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49846 <-> FILE-JAVA Oracle Java privileged protection domain exploitation attempt
* 1:49900 <-> BROWSER-PLUGINS HP OPOS driver stack buffer overflow attempt
* 1:49902 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49947 <-> POLICY-OTHER HP OpenView Operations Agent request attempt
* 1:50643 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:51025 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51081 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51163 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51225 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51857 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51858 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51860 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51864 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51865 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52079 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52100 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52288 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:55823 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55824 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:55825 <-> SERVER-WEBAPP Trend Micro Control Manager CCGIServlet SQL injection attempt
* 1:7007 <-> BROWSER-PLUGINS AxDebugger.Document.1 ActiveX function call access