Talos Rules 2021-12-07
This release adds and modifies rules in several categories.

In this release a number of rules have been added to the security policy as part of ongoing policy rebalancing efforts.

Talos has added and modified multiple rules in the app-detect, browser-firefox, browser-ie, browser-plugins, browser-webkit, exploit-kit, file-flash, file-image, file-multimedia, file-office, file-other, file-pdf, malware-cnc, malware-other, netbios, os-mobile, os-other, os-solaris, os-windows, policy-other, protocol-dns, protocol-rpc, protocol-scada, protocol-snmp, protocol-telnet, protocol-tftp, server-apache, server-mail, server-mysql, server-oracle, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)

Modified Rules:


 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)

Modified Rules:


 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)

Modified Rules:


 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (snort3-server-webapp.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (snort3-os-other.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (snort3-server-webapp.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (snort3-file-other.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (snort3-server-webapp.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (snort3-server-webapp.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (snort3-server-webapp.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (snort3-server-webapp.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (snort3-file-other.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (snort3-server-webapp.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (snort3-server-webapp.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (snort3-server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (snort3-malware-other.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (snort3-server-webapp.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (snort3-server-webapp.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (snort3-malware-cnc.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (snort3-os-windows.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (snort3-server-webapp.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (snort3-file-flash.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (snort3-os-windows.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (snort3-server-other.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (snort3-os-windows.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (snort3-file-pdf.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (snort3-os-solaris.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (snort3-os-solaris.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (snort3-os-windows.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (snort3-file-other.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (snort3-browser-plugins.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (snort3-browser-firefox.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (snort3-file-flash.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (snort3-server-webapp.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (snort3-browser-firefox.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (snort3-netbios.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (snort3-file-other.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (snort3-protocol-scada.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (snort3-server-webapp.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (snort3-netbios.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (snort3-file-other.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (snort3-server-webapp.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (snort3-server-mail.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (snort3-protocol-dns.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (snort3-file-flash.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (snort3-os-windows.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (snort3-server-webapp.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (snort3-file-image.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (snort3-os-windows.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (snort3-os-windows.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (snort3-netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (snort3-netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (snort3-netbios.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (snort3-server-mail.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (snort3-file-flash.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (snort3-exploit-kit.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (snort3-server-mail.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (snort3-os-mobile.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (snort3-server-other.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (snort3-server-webapp.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (snort3-server-oracle.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (snort3-server-other.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (snort3-os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (snort3-os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (snort3-os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (snort3-os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (snort3-os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (snort3-os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (snort3-os-windows.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (snort3-server-oracle.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (snort3-server-oracle.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (snort3-os-windows.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (snort3-server-oracle.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (snort3-os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (snort3-os-windows.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (snort3-server-other.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (snort3-server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (snort3-server-other.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (snort3-protocol-rpc.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (snort3-netbios.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (snort3-server-other.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (snort3-server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (snort3-protocol-rpc.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (snort3-os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (snort3-server-other.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (snort3-server-other.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (snort3-os-windows.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (snort3-os-windows.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (snort3-server-other.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (snort3-exploit-kit.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (snort3-server-other.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (snort3-os-windows.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (snort3-netbios.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (snort3-file-other.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (snort3-file-flash.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (snort3-exploit-kit.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (snort3-server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (snort3-server-other.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (snort3-server-webapp.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (snort3-server-apache.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (snort3-exploit-kit.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (snort3-os-windows.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (snort3-os-windows.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (snort3-protocol-rpc.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (snort3-exploit-kit.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (snort3-exploit-kit.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (snort3-exploit-kit.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (snort3-file-other.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (snort3-exploit-kit.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (snort3-exploit-kit.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (snort3-file-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (snort3-exploit-kit.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (snort3-server-other.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (snort3-exploit-kit.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (snort3-server-webapp.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (snort3-exploit-kit.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (snort3-exploit-kit.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (snort3-exploit-kit.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (snort3-exploit-kit.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (snort3-exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (snort3-exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (snort3-browser-ie.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (snort3-server-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (snort3-exploit-kit.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (snort3-exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (snort3-file-other.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (snort3-exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (snort3-exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (snort3-exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (snort3-server-other.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (snort3-file-flash.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (snort3-os-windows.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (snort3-server-other.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (snort3-file-flash.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (snort3-exploit-kit.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (snort3-browser-ie.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (snort3-exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (snort3-file-flash.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (snort3-exploit-kit.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (snort3-exploit-kit.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (snort3-file-multimedia.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (snort3-os-windows.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (snort3-server-webapp.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (snort3-file-flash.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (snort3-file-pdf.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (snort3-netbios.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (snort3-server-other.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (snort3-os-windows.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (snort3-server-other.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (snort3-server-other.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (snort3-os-windows.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (snort3-protocol-rpc.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (snort3-server-webapp.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (snort3-server-other.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (snort3-netbios.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (snort3-browser-ie.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (snort3-file-pdf.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (snort3-os-windows.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (snort3-browser-firefox.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (snort3-protocol-rpc.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (snort3-server-webapp.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (snort3-os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (snort3-os-windows.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (snort3-netbios.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (snort3-os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (snort3-os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (snort3-netbios.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (snort3-netbios.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (snort3-os-solaris.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (snort3-os-windows.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (snort3-server-other.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (snort3-netbios.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (snort3-protocol-rpc.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (snort3-os-windows.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (snort3-server-other.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (snort3-netbios.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (snort3-os-windows.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (snort3-browser-plugins.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (snort3-netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (snort3-netbios.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (snort3-protocol-snmp.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (snort3-os-windows.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (snort3-os-windows.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (snort3-server-other.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (snort3-server-webapp.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (snort3-protocol-snmp.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (snort3-netbios.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (snort3-os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (snort3-netbios.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (snort3-os-windows.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (snort3-protocol-tftp.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (snort3-os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (snort3-os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (snort3-os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (snort3-os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (snort3-os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (snort3-os-windows.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (snort3-os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (snort3-os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (snort3-os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (snort3-os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (snort3-netbios.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (snort3-os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (snort3-os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (snort3-file-image.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (snort3-server-samba.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (snort3-server-other.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (snort3-server-other.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (snort3-server-mail.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (snort3-protocol-rpc.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (snort3-server-other.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (snort3-os-windows.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (snort3-protocol-tftp.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (snort3-server-webapp.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (snort3-file-flash.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (snort3-browser-plugins.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (snort3-os-windows.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (snort3-os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (snort3-netbios.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (snort3-server-mysql.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (snort3-server-webapp.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (snort3-browser-webkit.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (snort3-protocol-telnet.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (snort3-server-samba.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (snort3-server-other.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (snort3-os-windows.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (snort3-netbios.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (snort3-file-other.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (snort3-server-other.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (snort3-netbios.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (snort3-server-webapp.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (snort3-protocol-rpc.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (snort3-os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (snort3-server-webapp.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (snort3-server-other.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (snort3-os-solaris.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (snort3-server-webapp.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (snort3-server-mail.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (snort3-file-flash.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (snort3-protocol-scada.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (snort3-file-pdf.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (snort3-protocol-rpc.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (snort3-protocol-rpc.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (snort3-protocol-tftp.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (snort3-exploit-kit.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (snort3-protocol-rpc.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (snort3-policy-other.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (snort3-server-mysql.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (snort3-server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (snort3-protocol-telnet.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (snort3-server-other.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (snort3-browser-firefox.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (snort3-server-other.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (snort3-server-webapp.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (snort3-exploit-kit.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (snort3-os-windows.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (snort3-os-windows.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (snort3-server-other.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (snort3-exploit-kit.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (snort3-file-flash.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (snort3-protocol-tftp.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (snort3-netbios.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (snort3-file-flash.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (snort3-protocol-rpc.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (snort3-file-pdf.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (snort3-os-windows.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (snort3-server-mysql.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (snort3-server-mysql.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (snort3-server-mysql.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (snort3-browser-plugins.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (snort3-browser-firefox.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (snort3-server-other.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (snort3-file-other.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (snort3-file-office.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (snort3-file-flash.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (snort3-file-flash.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (snort3-server-oracle.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (snort3-server-other.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (snort3-protocol-tftp.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (snort3-browser-firefox.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (snort3-file-other.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (snort3-server-mail.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (snort3-file-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (snort3-browser-firefox.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (snort3-server-mysql.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (snort3-protocol-rpc.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (snort3-server-mail.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (snort3-os-windows.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (snort3-server-other.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (snort3-server-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (snort3-server-webapp.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (snort3-netbios.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (snort3-server-mysql.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (snort3-server-mail.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (snort3-app-detect.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (snort3-server-other.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (snort3-server-webapp.rules)

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)

Modified Rules:


 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)

2021-12-07 17:39:18 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt


2021-12-07 17:39:18 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt


2021-12-07 17:39:18 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt


2021-12-07 17:39:18 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt


2021-12-07 17:39:18 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt


2021-12-07 17:39:19 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt


2021-12-07 17:39:19 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt


2021-12-07 17:39:19 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt


2021-12-07 17:39:19 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt


2021-12-07 17:39:19 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt


2021-12-07 17:39:19 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt


2021-12-07 17:39:19 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> O