Sourcefire VRT Rules Update
Date: 2010-03-04
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group, priority)
New rules: 16453 <-> SPECIFIC-THREATS SMB Negotiate Protocol response DoS attempt - empty SMB 1 (specific-threats.rules, Medium) 16454 <-> SPECIFIC-THREATS SMB Negotiate Protocol response DoS attempt - empty SMB 2 (specific-threats.rules, Medium) 16455 <-> SPYWARE-PUT Keylogger egyspy keylogger 1.13 runtime detection (spyware-put.rules, Medium) 16456 <-> SPYWARE-PUT Rogue-Software ang antivirus 09 runtime detection (spyware-put.rules, High) 16457 <-> BACKDOOR Trojan.Downloader.Win32.Cutwail.AI runtime detection (backdoor.rules, High) 16458 <-> WEB-CLIENT Autonomy KeyView SDK Excel file SST parsing integer overflow attempt (web-client.rules, High) 16459 <-> SPECIFIC-THREATS Trojan command and control communication attempt (specific-threats.rules, High) 16460 <-> WEB-MISC text/html content-type without HTML - possible malware C&C (web-misc.rules, Medium) Updated rules: 654 <-> SMTP RCPT TO overflow (smtp.rules, High) 1891 <-> RPC status GHBN format string attack (rpc.rules, Medium) 2487 <-> SMTP WinZip MIME content-type buffer overflow (smtp.rules, High) 2488 <-> SMTP WinZip MIME content-disposition buffer overflow (smtp.rules, High) 3083 <-> BACKDOOR Y3KRAT 1.5 Connection confirmation (backdoor.rules, Low) 3473 <-> WEB-CLIENT RealPlayer SMIL file overflow attempt (web-client.rules, High) 5760 <-> SPYWARE-PUT Hijacker marketscore runtime detection (spyware-put.rules, Low) 5764 <-> SPYWARE-PUT Hijacker begin2search runtime detection - fcgi query (spyware-put.rules, Low) 5765 <-> SPYWARE-PUT Hijacker begin2search runtime detection - ico query (spyware-put.rules, Low) 5766 <-> SPYWARE-PUT Hijacker begin2search runtime detection - install spyware trafficsector (spyware-put.rules, Low) 5767 <-> SPYWARE-PUT Hijacker begin2search runtime detection - download unauthorized code (spyware-put.rules, Low) 5768 <-> SPYWARE-PUT Hijacker begin2search runtime detection - pass information (spyware-put.rules, Low) 5769 <-> SPYWARE-PUT Hijacker begin2search runtime detection - play bingo ads (spyware-put.rules, Low) 5776 <-> SPYWARE-PUT Trickler grokster runtime detection (spyware-put.rules, Low) 5777 <-> SPYWARE-PUT Keylogger gurl watcher runtime detection (spyware-put.rules, Medium) 5785 <-> SPYWARE-PUT Adware hithopper runtime detection - get xml setting (spyware-put.rules, Low) 5786 <-> SPYWARE-PUT Adware hithopper runtime detection - redirect (spyware-put.rules, Low) 5787 <-> SPYWARE-PUT Adware hithopper runtime detection - search (spyware-put.rules, Low) 5788 <-> SPYWARE-PUT Adware hithopper runtime detection - click toolbar buttons (spyware-put.rules, Low) 5790 <-> SPYWARE-PUT Keylogger pc actmon pro runtime detection - smtp (spyware-put.rules, Medium) 5795 <-> SPYWARE-PUT Adware ist powerscan runtime detection (spyware-put.rules, Low) 5797 <-> POLICY kontiki runtime detection (policy.rules, Low) 5883 <-> SPYWARE-PUT Other-Technologies saria 1.0 runtime detection - send user information (spyware-put.rules, Low) 5911 <-> SPYWARE-PUT Adware smartpops runtime detection (spyware-put.rules, Low) 5913 <-> SPYWARE-PUT Trickler smasoft webdownloader runtime detection (spyware-put.rules, Low) 5981 <-> SPYWARE-PUT Hijacker seeqtoolbar runtime detection - autosearch hijack or search in toolbar (spyware-put.rules, Low) 5982 <-> SPYWARE-PUT Hijacker seeqtoolbar runtime detection - email login page (spyware-put.rules, Low) 6187 <-> SPYWARE-PUT Adware ISTBar runtime detection - scripts (spyware-put.rules, Low) 6188 <-> SPYWARE-PUT Adware ISTBar runtime detection - bar (spyware-put.rules, Low) 7661 <-> BACKDOOR lan filtrator 1.1 runtime detection - initial connection request (backdoor.rules, High) 7876 <-> WEB-ACTIVEX Microsoft Office Data Source Control 10.0 ActiveX clsid access (web-activex.rules, High) 7877 <-> WEB-ACTIVEX Microsoft Office Data Source Control 10.0 ActiveX clsid unicode access (web-activex.rules, High) 8709 <-> DNS Windows NAT helper components tcp denial of service attempt (dns.rules, Medium) 11669 <-> SPECIFIC-THREATS Eudora 250 command response buffer overflow attempt (specific-threats.rules, High) 11670 <-> EXPLOIT Symantec Discovery logging buffer overflow (exploit.rules, High) 11679 <-> WEB-MISC Apache mod_rewrite buffer overflow attempt (web-misc.rules, High) 11681 <-> EXPLOIT Openview Omni II command bypass attempt (exploit.rules, High) 11682 <-> SPECIFIC-THREATS Metasploit niprint_lpd module attack attempt (specific-threats.rules, High) 11834 <-> WEB-MISC Internet Explorer navcancl.htm url spoofing attempt (web-misc.rules, Medium) 11837 <-> SMTP MS Windows Mail UNC navigation remote command execution (smtp.rules, High) 11838 <-> WEB-MISC Win32 API res buffer overflow attempt (web-misc.rules, High) 11947 <-> WEB-CLIENT Windows schannel security package (web-client.rules, High) 12014 <-> WEB-MISC Internet Explorer navcancl.htm url spoofing attempt (web-misc.rules, Medium) 12070 <-> EXPLOIT Microsoft Excel malformed version field (exploit.rules, High) 12216 <-> EXPLOIT Borland interbase Create Request opcode string length buffer overflow attempt (exploit.rules, High) 12217 <-> EXPLOIT Borland interbase string length buffer overflow attempt (exploit.rules, High) 12218 <-> EXPLOIT Borland interbase string length buffer overflow attempt (exploit.rules, High) 12277 <-> EXPLOIT Microsoft IE CSS memory corruption exploit (exploit.rules, High) 12278 <-> POLICY Microsoft Media Player compressed skin download (policy.rules, High) 12358 <-> EXPLOIT Helix DNA Server RTSP require tag heap overflow (exploit.rules, High) 12425 <-> POLICY Ruckus P2P client (policy.rules, High) 12436 <-> MULTIMEDIA Youtube video player file request (multimedia.rules, High) 12437 <-> MULTIMEDIA Google video player request (multimedia.rules, High) 12455 <-> POLICY Crystal reports download request (policy.rules, High) 12456 <-> POLICY Crystal reports download (policy.rules, High) 12591 <-> DOS Apache mod_cache denial of service attempt (dos.rules, Medium) 12620 <-> SPYWARE-PUT Adware drive cleaner 1.0.111 runtime detection (spyware-put.rules, Low) 12621 <-> SPYWARE-PUT Trackware extra toolbar 1.0 runtime detection (spyware-put.rules, Medium) 12622 <-> SPYWARE-PUT Trackware extra toolbar 1.0 runtime detection - file download (spyware-put.rules, Medium) 12623 <-> SPYWARE-PUT Hijacker onestepsearch 1.0.118 runtime detection (spyware-put.rules, Low) 12625 <-> SPYWARE-PUT Keylogger windows family safety 2.0 runtime detection (spyware-put.rules, Medium) 12643 <-> WEB-CLIENT URI External handler arbitrary command attempt (web-client.rules, High) 12652 <-> SPYWARE-PUT Hijacker new.net domain 7.2.2 runtime detection - hijack browser (spyware-put.rules, Low) 12653 <-> SPYWARE-PUT Hijacker new.net domain 7.2.2 runtime detection - download code (spyware-put.rules, Low) 12656 <-> SPYWARE-PUT Adware icoo loader 2.5 runtime detection 1 (spyware-put.rules, Low) 12657 <-> SPYWARE-PUT Adware icoo loader 2.5 runtime detection 2 (spyware-put.rules, Low) 12658 <-> SPYWARE-PUT Adware winantivirus pro 2007 runtime detection (spyware-put.rules, Low) 12659 <-> SPYWARE-PUT Trickler zlob media codec runtime detection - automatic updates (spyware-put.rules, Low) 12660 <-> SPYWARE-PUT Trickler zlob media codec runtime detection - download redirect domains (spyware-put.rules, Low) 12665 <-> EXPLOIT CA BrightStor LGSever username buffer overflow attempt (exploit.rules, High) 12667 <-> EXPLOIT CA BrightStor ARCServer malicious fileupload attempt (exploit.rules, High) 12673 <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - collect information (spyware-put.rules, Medium) 12674 <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - track activity (spyware-put.rules, Medium) 12676 <-> SPYWARE-PUT Conspy Update Checking Detected (spyware-put.rules, Low) 12677 <-> SPYWARE-PUT Adware ISTBar runtime detection - softwares (spyware-put.rules, Low) 12678 <-> SPYWARE-PUT SpyTech Realtime Spy Detection (spyware-put.rules, Low) 12679 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar user-agent detection (spyware-put.rules, Medium) 12694 <-> SPYWARE-PUT Adware avsystemcare runtime detection (spyware-put.rules, Low) 12697 <-> SPYWARE-PUT Trackware browser accelerator runtime detection - pass user information to server (spyware-put.rules, Medium) 12698 <-> SPYWARE-PUT Keylogger net vizo 5.2 runtime detection (spyware-put.rules, Medium) 12704 <-> SMTP Lotus Notes MIF viewer MIFFILE comment overflow (smtp.rules, High) 12705 <-> SMTP Lotus Notes MIF viewer statement overflow (smtp.rules, High) 12706 <-> SMTP Lotus Notes MIF viewer statement data overflow (smtp.rules, High) 12718 <-> SPYWARE-PUT Hijacker side find 1.0 runtime detection - initial connection (spyware-put.rules, Low) 12719 <-> SPYWARE-PUT Hijacker side find 1.0 runtime detection - hijacks search engine (spyware-put.rules, Low) 12721 <-> SPYWARE-PUT Adware pestbot runtime detection - purchase (spyware-put.rules, Low) 12722 <-> SPYWARE-PUT Hijacker sexyvideoscreensaver runtime detection (spyware-put.rules, Low) 12746 <-> EXPLOIT Apple QuickTime STSD atom overflow attempt (exploit.rules, High) 12784 <-> EXPLOIT CA ARCserve Backup for Laptops rsxGetBackupLog second argument overflow (exploit.rules, High) 12786 <-> EXPLOIT CA ARCserve Backup for Laptops rsxSetDataGrowthScheduleAndFilter overflow attempt (exploit.rules, High) 12789 <-> SPYWARE-PUT Adware sunshine spy 1.0 runtime detection - check update (spyware-put.rules, Low) 12790 <-> SPYWARE-PUT Trackware partypoker runtime detection (spyware-put.rules, Medium) 12796 <-> SPYWARE-PUT Trackware happytofind toolbar runtime detection (spyware-put.rules, Medium) 12797 <-> SPYWARE-PUT Adware x-con spyware destroyer eh 3.2.8 runtime detection (spyware-put.rules, Low) 12972 <-> WEB-CLIENT Microsoft Media Player .asf markers detected (web-client.rules, High) 13158 <-> WEB_CLIENT Microsoft Media Player asf streaming format interchange data integer overflow attempt (web-client.rules, High) 13159 <-> WEB_CLIENT Microsoft Media Player asf streaming format audio error masking integer overflow attempt (web-client.rules, High) 13160 <-> WEB-CLIENT Microsft Media Player asf streaming audio spread error correction data length integer overflow attempt (web-client.rules, High) 13239 <-> SPYWARE-PUT Hijacker blue wave adult links toolbar runtime detection (spyware-put.rules, Low) 13240 <-> SPYWARE-PUT Adware live protection 2.1 runtime detection - redirects to purchase page (spyware-put.rules, Low) 13241 <-> SPYWARE-PUT Adware live protection 2.1 runtime detection - application updates (spyware-put.rules, Low) 13282 <-> SPYWARE-PUT Adware jily ie toolbar runtime detection (spyware-put.rules, Low) 13283 <-> SPYWARE-PUT Hijacker dreambar runtime detection (spyware-put.rules, Low) 13284 <-> SPYWARE-PUT Adware netguarder web cleaner runtime detection (spyware-put.rules, Low) 13292 <-> EXPLOIT Skype skype4com URI handler memory corruption attempt (exploit.rules, High) 13300 <-> WEB-CLIENT Adobe Flash Player embedded JPG image height overflow attempt (web-client.rules, High) 13301 <-> WEB-CLIENT Adobe Flash Player embedded JPG image width overflow attempt (web-client.rules, High) 13316 <-> WEB-CLIENT 3ivx MP4 file parsing ART buffer overflow attempt (web-client.rules, High) 13317 <-> WEB-CLIENT 3ivx MP4 file parsing nam buffer overflow attempt (web-client.rules, High) 13318 <-> WEB-CLIENT 3ivx MP4 file parsing cmt buffer overflow attempt (web-client.rules, High) 13319 <-> WEB-CLIENT 3ivx MP4 file parsing des buffer overflow attempt (web-client.rules, High) 13320 <-> WEB-CLIENT 3ivx MP4 file parsing cpy buffer overflow attempt (web-client.rules, High) 13339 <-> SPYWARE-PUT Hijacker direct toolbar runtime detection (spyware-put.rules, Low) 13340 <-> SPYWARE-PUT Hijacker search4top runtime detection - hijack ie searches and error pages (spyware-put.rules, Low) 13341 <-> SPYWARE-PUT Hijacker search4top runtime detection - popup ads (spyware-put.rules, Low) 13342 <-> SPYWARE-PUT Hijacker ditto toolbar runtime detection (spyware-put.rules, Low) 13343 <-> SPYWARE-PUT Adware 2005-search loader runtime detection (spyware-put.rules, Low) 13345 <-> SPYWARE-PUT Adware yourprivacyguard runtime detection - update (spyware-put.rules, Low) 13361 <-> EXPLOIT ClamAV MEW PE file integer overflow attempt (exploit.rules, High) 13362 <-> EXPLOIT ClamAV MEW PE file integer overflow attempt (exploit.rules, High) 13465 <-> WEB-CLIENT Microsoft Works file download request (web-client.rules, Low) 13488 <-> SPYWARE-PUT Hijacker people pal toolbar runtime detection - automatic upgrade (spyware-put.rules, Low) 13490 <-> SPYWARE-PUT Adware spy shredder 2.1 runtime detection - presale request (spyware-put.rules, Low) 13491 <-> SPYWARE-PUT Adware spy shredder 2.1 runtime detection - update (spyware-put.rules, Low) 13494 <-> SPYWARE-PUT Keylogger smart pc Keylogger runtime detection (spyware-put.rules, Medium) 13497 <-> SPYWARE-PUT Hijacker ez-tracks toolbar runtime detection - tracking traffic (spyware-put.rules, Low) 13501 <-> SPYWARE-PUT Adware contravirus runtime detection - presale request (spyware-put.rules, Low) 13503 <-> SPYWARE-PUT Hijacker dealio toolbar runtime detection user-agent detected (spyware-put.rules, Low) 13504 <-> SPYWARE-PUT Adware iedefender runtime detection - presale request (spyware-put.rules, Low) 13505 <-> SPYWARE-PUT Adware iedefender runtime detection - update (spyware-put.rules, Low) 13515 <-> WEB-CLIENT Quicktime user agent (web-client.rules, Low) 13516 <-> WEB-CLIENT Quicktime HTTP error response buffer overflow (web-client.rules, High) 13519 <-> EXPLOIT Citrix MetaFrame IMA buffer overflow attempt (exploit.rules, High) 13553 <-> EXPLOIT Sybase SQL Anywhere Mobilink username string buffer overflow (exploit.rules, High) 13554 <-> EXPLOIT Sybase SQL Anywhere Mobilink version string buffer overflow (exploit.rules, High) 13555 <-> EXPLOIT Sybase SQL Anywhere Mobilink remoteID string buffer overflow (exploit.rules, High) 13557 <-> SPYWARE-PUT Hijacker kword interkey runtime detection - search traffic 2 (spyware-put.rules, Low) 13559 <-> SPYWARE-PUT Hijacker kompass toolbar runtime detection - initial connection (spyware-put.rules, Low) 13561 <-> SPYWARE-PUT Adware malware alarm runtime detection - presale request (spyware-put.rules, Low) 13562 <-> SPYWARE-PUT Adware malware alarm runtime detection - update request (spyware-put.rules, Low) 13563 <-> SPYWARE-PUT Adware system doctor runtime detection - presale request (spyware-put.rules, Low) 13565 <-> SPYWARE-PUT Trickler iecodec runtime detection - initial traffic (spyware-put.rules, Low) 13566 <-> SPYWARE-PUT Trickler iecodec runtime detection - message dialog (spyware-put.rules, Low) 13567 <-> SPYWARE-PUT Keylogger msn spy monitor runtime detection (spyware-put.rules, Medium) 13568 <-> SPYWARE-PUT Keylogger sys keylog 1.3 advanced runtime detection (spyware-put.rules, Medium) 13583 <-> WEB-CLIENT Microsoft SYmbolic LinK file download request (web-client.rules, Low) 13584 <-> WEB-CLIENT csv file download request (web-client.rules, Low) 13611 <-> EXPLOIT RealVNC client response (exploit.rules, Low) 13614 <-> EXPLOIT CVS Argument overflow attempt (exploit.rules, High) 13615 <-> EXPLOIT CVS Argument overflow attempt (exploit.rules, High) 13616 <-> SPECIFIC-THREATS CVS Argument overflow (specific-threats.rules, High) 13620 <-> SPECIFIC-THREATS CA Brightstor discovery service alternate buffer overflow attempt (specific-threats.rules, High) 13627 <-> WEB-CLIENT Microsoft Access file download request (web-client.rules, Low) 13628 <-> WEB-CLIENT Microsoft Access file download request (web-client.rules, Low) 13632 <-> WEB-CLIENT Zango adware installation request (web-client.rules, High) 13651 <-> SPYWARE-PUT Keylogger family cyber alert runtime detection - smtp traffic for recorded activities (spyware-put.rules, Medium) 13652 <-> SPYWARE-PUT Keylogger all in one Keylogger runtime detection (spyware-put.rules, Medium) 13656 <-> WEB-MISC Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (web-misc.rules, High) 13711 <-> MYSQL yaSSL SSLv2 Client Hello Message Cipher Length Buffer Overflow attempt (mysql.rules, High) 13712 <-> MYSQL yaSSL SSLv2 Client Hello Message Session ID Buffer Overflow attempt (mysql.rules, High) 13713 <-> MYSQL yaSSL SSLv2 Client Hello Message Challenge Buffer Overflow attempt (mysql.rules, High) 13714 <-> MYSQL yaSSL SSLv3 Client Hello Message Cipher Specs Buffer Overflow attempt (mysql.rules, High) 13778 <-> SPYWARE-PUT Keylogger kgb employee monitor runtime detection (spyware-put.rules, Medium) 13800 <-> EXPLOIT ARCServe LGServer service data overflow attempt (exploit.rules, High) 13812 <-> SPYWARE-PUT Keylogger refog Keylogger runtime detection (spyware-put.rules, Medium) 13816 <-> SPECIFIC THREAT Metasploit Framework xmlrpc.php command injection attempt (specific-threats.rules, High) 13817 <-> SPECIFIC-THREATS xmlrpc.php command injection attempt (specific-threats.rules, High) 13818 <-> SPECIFIC-THREATS alternate xmlrpc.php command injection attempt (specific-threats.rules, High) 13840 <-> EXPLOIT Borland Interbase service attach operation buffer overflow (exploit.rules, High) 13841 <-> EXPLOIT Borland Interbase create operation buffer overflow (exploit.rules, High) 13842 <-> EXPLOIT Borland Interbase operation buffer overflow (exploit.rules, High) 13844 <-> SPECIFIC-THREATS BDAT size longer than contents exploit attempt (specific-threats.rules, Medium) 13845 <-> SPECIFIC-THREATS BDAT size public exploit attempt (specific-threats.rules, Medium) 13864 <-> POLICY Microsoft Watson error reporting attempt (policy.rules, High) 13865 <-> WEB-CLIENT Adobe BMP image handler buffer overflow attempt (web-client.rules, High) 13876 <-> BACKDOOR zlob.acc runtime detection (backdoor.rules, High) 13881 <-> POLICY RealVNC Server configured to allow NULL authentication (policy.rules, Low) 13882 <-> POLICY RealVNC Server configured not to require authentication (policy.rules, Low) 13898 <-> POLICY iTunes client request for server info (policy.rules, Low) 13899 <-> POLICY iTunes client login attempt (policy.rules, Low) 13901 <-> NETBIOS SMB server response heap overflow attempt (netbios.rules, High) 13902 <-> EXPLOIT IBM Lotus Sametime multiplexer stack buffer overflow attempt (exploit.rules, High) 13916 <-> EXPLOIT Alt-N SecurityGateway username buffer overflow attempt (exploit.rules, High) 13925 <-> FTP Computer Associates eTrust Secure Content Manager PASV stack overflow attempt (ftp.rules, High) 13926 <-> EXPLOIT Novell Groupwise HTTP response message parsing overflow (exploit.rules, High) 13928 <-> WEB-MISC Adobe RoboHelp r0 SQL injection attempt (web-misc.rules, High) 13929 <-> WEB-MISC Adobe RoboHelp rx SQL injection attempt (web-misc.rules, High) 13932 <-> SPYWARE-PUT Trackware rightonadz.biz adrotator runtime detection - post user info to remote server (spyware-put.rules, Medium) 13942 <-> BACKDOOR trojan agent.nac runtime detection - call home (backdoor.rules, High) 13950 <-> WEB-CLIENT Sun Java Web Start JNLP attribute buffer overflow attempt (web-client.rules, High) 13951 <-> WEB-MISC Oracle Database Server buffer overflow attempt (web-misc.rules, Medium) 13983 <-> WEB-CLIENT Microsoft Office eps file download (web-client.rules, Low) 14017 <-> WEB-CLIENT MPEG Layer 3 playlist file request (web-client.rules, Low) 14018 <-> WEB-CLIENT PLS multimedia playlist file request (web-client.rules, Low) 14019 <-> WEB-CLIENT CyberLink PowerDVD playlist file handling stack overflow attempt (web-client.rules, High) 14020 <-> WEB-CLIENT CyberLink PowerDVD playlist file handling stack overflow attempt (web-client.rules, High) 14039 <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt (exploit.rules, High) 14040 <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt (exploit.rules, High) 14041 <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt (exploit.rules, High) 14057 <-> SPYWARE-PUT Trackware murzilka2 runtime detection (spyware-put.rules, Medium) 14074 <-> SPYWARE-PUT Keylogger spybosspro 4.2 runtime detection (spyware-put.rules, Medium) 14075 <-> SPYWARE-PUT Keylogger ultimate Keylogger pro runtime detection (spyware-put.rules, Medium) 14230 <-> EXPLOIT SAP DB web server stack overflow attempt (exploit.rules, High) 14600 <-> EXPLOIT SAP Message Server Heap buffer overflow attempt (exploit.rules, High) 14601 <-> EXPLOIT Subversion 1.0.2 get-dated-rev buffer overflow attempt (exploit.rules, High) 14602 <-> EXPLOIT Borland Interbase open_marker_file overflow attempt (exploit.rules, High) 14607 <-> EXPLOIT CA Brightstor SUN RPC malformed string buffer overflow attempt (exploit.rules, High) 14741 <-> EXPLOIT Symantec Veritas Foundation Service NULL service authentication attempt (exploit.rules, High) 14774 <-> EXPLOIT HP OpenView Network Node Manger connectedNodes command injection attempt (exploit.rules, High) 14775 <-> EXPLOIT HP OpenView Network Node Manger cdpnode command injection attempt (exploit.rules, High) 14776 <-> EXPLOIT HP OpenView Network Node Manager freeIPaddrs command injection attempt (exploit.rules, High) 15078 <-> EXPLOIT HP Openview Network Node Manager OValarmsrv buffer overflow attempt (exploit.rules, High) 15123 <-> WEB-CLIENT Rich Text Format file request (web-client.rules, Low) 15145 <-> EXPLOIT Apple CUPS TrueColor PNG filter overly large image height integer overflow attempt (exploit.rules, High) 15146 <-> EXPLOIT Apple CUPS RGB+Alpha PNG filter overly large image height integer overflow attempt (exploit.rules, High) 15257 <-> ORACLE Secure Backup common.php variable based command injection attempt (oracle.rules, High) 15258 <-> ORACLE Secure Backup login.php variable based command injection attempt (oracle.rules, High) 15294 <-> WEB-CLIENT Microsoft Visio file download request (web-client.rules, Low) 15357 <-> WEB-CLIENT Adobe PDF JBIG2 remote code execution attempt (web-client.rules, High) 15358 <-> SMTP Adobe PDF JBIG2 remote code execution attempt (smtp.rules, High) 15388 <-> EXPLOIT Subversion 1.0.2 get-dated-rev buffer overflow over http attempt (exploit.rules, High) 15422 <-> SPECIFIC-THREATS Sun One web proxy server overflow attempt (specific-threats.rules, High) 15445 <-> ORACLE Oracle Application Server BPEL module cross site scripting attempt (oracle.rules, High) 15477 <-> EXPLOIT Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (exploit.rules, Medium) 15482 <-> EXPLOIT Sun Java System sockd authentication buffer overflow attempt (exploit.rules, High) 15509 <-> DOS IBM DB2 database server CONNECT denial of service attempt (dos.rules, Medium) 15518 <-> WEB-MISC Embedded Open Type Font download request (web-misc.rules, Low) 15585 <-> WEB-CLIENT Excel file download request (web-client.rules, Low) 15586 <-> WEB-CLIENT Powerpoint file download request (web-client.rules, Low) 15587 <-> WEB-CLIENT Word file download request (web-client.rules, Low) 15727 <-> POLICY Attempted download of a PDF with embedded Flash (policy.rules, High) 15728 <-> EXPLOIT Possible Adobe PDF ActionScript byte_array heap spray attempt (exploit.rules, High) 15729 <-> EXPLOIT Possible Adobe Flash ActionScript byte_array heap spray attempt (exploit.rules, High) 15869 <-> WEB-CLIENT Adobe Flash Player ASnative command execution attempet (web-client.rules, High) 15894 <-> SPECIFIC-THREATS Microsoft Color Management Module remote code execution attempt (specific-threats.rules, High) 15910 <-> SPECIFIC-THREATS Microsoft IE objects handling memory corruption attempt (specific-threats.rules, High) 15921 <-> WEB-CLIENT Microsoft media format file download request (web-client.rules, Low) 15922 <-> WEB-CLIENT mp3 file download request (web-client.rules, Low) 15930 <-> NETBIOS Microsoft Windows SMB malformed process ID high field remote code execution attempt (netbios.rules, Medium) 16035 <-> SPECIFIC-THREATS Microsoft Internet Explorer createTextRange code execution attempt (specific-threats.rules, High) 16040 <-> EXPLOIT SpamAssassin spamd vpopmail and paranoid options code execution attempt (exploit.rules, High) 16116 <-> SPYWARE-PUT Trackware rightonadz.biz adrotator runtime detection - pass user info to remote server (spyware-put.rules, Medium) 16143 <-> WEB-CLIENT Microsoft asf file download (web-client.rules, Low) 16287 <-> SPECIFIC-THREATS SMB Negotiate Protocol response DoS attempt (specific-threats.rules, Medium) 16336 <-> WEB-CLIENT Blackberry Server PDF JBIG2 numnewsyms remote code execution attempt (web-client.rules, High) 16364 <-> DOS IBM DB2 database server SQLSTT denial of service attempt (dos.rules, Medium) 16383 <-> ORACLE MDSYS drop table trigger injection attempt (oracle.rules, High) 16390 <-> POLICY Adobe PDF alternate file magic obfuscation (policy.rules, Low) 16450 <-> SQL Jive Software Openfire Jabber Server SQL injection attempt (sql.rules, High) 16451 <-> DELETED Palm WebOS 1.2.0 floating point exception denial of service attempt (deleted.rules, Medium) 16452 <-> WEB-CLIENT IE .hlp samba share download attempt (web-client.rules, High)
