Documents

The following setup guides have been contributed by members of the Snort Community for your use. Comments and questions on these documents should be submitted directly to the author by clicking on their names below.


Latest rule documents - Search
1-60945
This rule looks for a file sent over FTP, HTTP, IMAP, and POP3 for specific JavaScript code used in the Metasploit module that exploits this vulnerability.
1-60944
This rule looks for a file sent over SMTP for specific JavaScript code used in the Metasploit module that exploits this vulnerability.
1-60943
Triggers on out bound communication from Gamaredon malware containing target machine information.
1-60942
This rule looks for crafted requests to the VMware vCenter Client "vropspluginui" HTTP endpoint that can lead a directory traversal and remote code execution.
1-8063
The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object. Impact: CVSS base score 10.0 CVSS impact score 10.0 CVSS exploitability score 10.0 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE Details: Ease of Attack:
1-60918
Rule alerts on malicious JavaScript which can cause a use-after-free in Google Chrome.