Snort Search


1-381 - This event is generated when an ICMP echo request is made from a Solaris host running SING software.

Rule

1-38365 - TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Rule

1-2486 - Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Rule

1-41032 - hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.

Rule

Rule

Rule

Rule

1-47934 - This rule indicates an outbound communication attempt from a variant of Win.Trojan.MSDownloader.

Rule

1-47935 - This event is generated when an attempt is made to download Win.Trojan.MSDownloader.

Rule

1-47936 - This event is generated when an attempt is made to download Win.Trojan.MSDownloader.

Rule

1-28391 - Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.

Rule

1-28390 - Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.

Rule

1-50260 - This event is generated when Win.Downloader.TeamBot attempts to download an extra payload.

Rule

1-24591 - This event is generated when activity relating to malware is detected.

Rule

1-24592 - This event is generated when activity relating to malware is detected.

Rule

1-21198 - This event is generated when activity relating to malware is detected.

Rule

1-21199 - This event is generated when activity relating to malware is detected.

Rule

1-19433 - This event is generated when activity relating to malware is detected.

Rule

1-31036 - This event is generated when activity relating to malware is detected.

Rule

1-17317 - sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

Rule

1-46802 - This event is generated when an attacker attempts to exploit CVE-2017-9097.

Rule

1-46803 - This event is generated when an attacker attempts to exploit CVE-2017-9097.

Rule

1-46804 - This event is generated when an attacker attempts to exploit CVE-2017-9097.

Rule

1-15992 - Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure.

Rule

1-33654 - The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.

Rule

1-40253 - Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Rule

1-40254 - Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Rule

1-7854 - This event is generated when activity relating to the spyware application "web-nexus" is detected.

Rule

1-7853 - This event is generated when activity relating to the spyware application "web-nexus" is detected.

Rule

1-7855 - This event is generated when activity relating to the spyware application "web-nexus" is detected.

Rule