Sourcefire VRT Rules Update

Date: 2012-06-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.2.1.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:23167 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file download request (file-identify.rules)
 * 1:23169 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23166 <-> DISABLED <-> FILE-PDF Adobe PDF XDF encoded download attempt (file-pdf.rules)
 * 1:23164 <-> DISABLED <-> WEB-CLIENT Microsoft Lync Online ncrypt.dll dll-load exploit attempt (web-client.rules)
 * 1:23162 <-> DISABLED <-> NETBIOS Microsoft Lync Online ncrypt.dll dll-load exploit attempt (netbios.rules)
 * 1:23165 <-> DISABLED <-> WEB-CLIENT Microsoft Lync Online wlanapi.dll dll-load exploit attempt (web-client.rules)
 * 1:23168 <-> ENABLED <-> FILE-IDENTIFY MPG video stream file attachment detected (file-identify.rules)
 * 1:23171 <-> ENABLED <-> SPECIFIC-THREATS Wordpress Request for html file in fgallery directory (specific-threats.rules)
 * 1:23172 <-> DISABLED <-> WEB-IIS .NET improper comment handling XSS attempt (web-iis.rules)
 * 1:23163 <-> DISABLED <-> NETBIOS Microsoft Lync Online wlanapi.dll dll-load exploit attempt (netbios.rules)
 * 1:23170 <-> DISABLED <-> FILE-OTHER Apple Quicktime MPEG stream padding buffer overflow attempt (file-other.rules)

Modified Rules:


 * 1:8526 <-> DISABLED <-> SQL xp_SetSQLSecurity unicode vulnerable function attempt (sql.rules)
 * 1:8527 <-> DISABLED <-> SQL xp_SetSQLSecurity unicode vulnerable function attempt (sql.rules)
 * 1:8528 <-> DISABLED <-> SQL xp_SetSQLSecurity vulnerable function attempt (sql.rules)
 * 1:8529 <-> DISABLED <-> SQL xp_showcolv unicode vulnerable function attempt (sql.rules)
 * 1:8530 <-> DISABLED <-> SQL xp_showcolv unicode vulnerable function attempt (sql.rules)
 * 1:8531 <-> DISABLED <-> SQL xp_showcolv vulnerable function attempt (sql.rules)
 * 1:8532 <-> DISABLED <-> SQL xp_sqlagent_monitor unicode vulnerable function attempt (sql.rules)
 * 1:8533 <-> DISABLED <-> SQL xp_sqlagent_monitor vulnerable function attempt (sql.rules)
 * 1:8534 <-> DISABLED <-> SQL xp_sqlagent_monitor unicode vulnerable function attempt (sql.rules)
 * 1:8535 <-> DISABLED <-> SQL xp_sqlinventory unicode vulnerable function attempt (sql.rules)
 * 1:8536 <-> DISABLED <-> SQL xp_sqlinventory vulnerable function attempt (sql.rules)
 * 1:8537 <-> DISABLED <-> SQL xp_sqlinventory unicode vulnerable function attempt (sql.rules)
 * 1:8538 <-> DISABLED <-> SQL xp_updatecolvbm unicode vulnerable function attempt (sql.rules)
 * 1:8539 <-> DISABLED <-> SQL xp_updatecolvbm unicode vulnerable function attempt (sql.rules)
 * 1:8540 <-> DISABLED <-> SQL xp_updatecolvbm vulnerable function attempt (sql.rules)
 * 1:8711 <-> DISABLED <-> WEB-MISC Novell eDirectory HTTP redirection buffer overflow attempt (web-misc.rules)
 * 1:8734 <-> DISABLED <-> WEB-PHP Pajax arbitrary command execution attempt (web-php.rules)
 * 1:10172 <-> DISABLED <-> WEB-MISC uTorrent announce buffer overflow attempt (web-misc.rules)
 * 1:10195 <-> DISABLED <-> WEB-MISC Content-Length buffer overflow attempt (web-misc.rules)
 * 1:10408 <-> DISABLED <-> RPC portmap HP-UX Single Logical Screen SLSD tcp request (rpc.rules)
 * 1:10410 <-> DISABLED <-> RPC portmap HP-UX Single Logical Screen SLSD tcp request (rpc.rules)
 * 1:10482 <-> DISABLED <-> RPC portmap CA BrightStor ARCserve tcp request (rpc.rules)
 * 1:10484 <-> DISABLED <-> RPC portmap CA BrightStor ARCserve tcp procedure 191 attempt (rpc.rules)
 * 1:11288 <-> DISABLED <-> RPC portmap mountd tcp request (rpc.rules)
 * 1:11289 <-> DISABLED <-> RPC portmap mountd tcp zero-length payload denial of service attempt (rpc.rules)
 * 1:11616 <-> DISABLED <-> WEB-MISC Symantec Sygate Policy Manager SQL injection (web-misc.rules)
 * 1:11679 <-> DISABLED <-> WEB-MISC Apache mod_rewrite buffer overflow attempt (web-misc.rules)
 * 1:11834 <-> ENABLED <-> WEB-MISC Microsoft Internet Explorer navcancl.htm url spoofing attempt (web-misc.rules)
 * 1:11838 <-> DISABLED <-> WEB-MISC Microsoft Windows API res buffer overflow attempt (web-misc.rules)
 * 1:12014 <-> DISABLED <-> WEB-MISC Microsoft Internet Explorer navcancl.htm url spoofing attempt (web-misc.rules)
 * 1:12064 <-> DISABLED <-> WEB-IIS w3svc _vti_bin null pointer dereference attempt (web-iis.rules)
 * 1:12185 <-> DISABLED <-> RPC portmap 2112 tcp request (rpc.rules)
 * 1:12187 <-> ENABLED <-> RPC portmap 2112 tcp rename_principal attempt (rpc.rules)
 * 1:12360 <-> DISABLED <-> WEB-PHP PHP function CRLF injection attempt (web-php.rules)
 * 1:12362 <-> DISABLED <-> WEB-MISC Squid HTTP Proxy-Authorization overflow (web-misc.rules)
 * 1:12458 <-> DISABLED <-> RPC portmap Solaris sadmin port query tcp request (rpc.rules)
 * 1:12595 <-> DISABLED <-> WEB-IIS malicious ASP file upload attempt (web-iis.rules)
 * 1:12610 <-> DISABLED <-> WEB-PHP phpBB viewtopic double URL encoding attempt (web-php.rules)
 * 1:12627 <-> DISABLED <-> RPC portmap Solaris sadmin port query tcp portmapper sadmin port query attempt (rpc.rules)
 * 1:12708 <-> DISABLED <-> RPC MIT Kerberos kadmind auth buffer overflow attempt (rpc.rules)
 * 1:12711 <-> DISABLED <-> WEB-MISC Apache Tomcat WebDAV system tag remote file disclosure attempt (web-misc.rules)
 * 1:12807 <-> DISABLED <-> FILE-IDENTIFY Lotus 123 file attachment (file-identify.rules)
 * 1:13250 <-> ENABLED <-> RPC portmap 390113 tcp request (rpc.rules)
 * 1:13252 <-> ENABLED <-> RPC portmap 390113 tcp procedure 4 attempt (rpc.rules)
 * 1:13256 <-> ENABLED <-> RPC portmap 390113 tcp procedure 5 attempt (rpc.rules)
 * 1:13356 <-> ENABLED <-> SQL SAP MaxDB shell command injection attempt (sql.rules)
 * 1:13512 <-> DISABLED <-> SQL generic sql exec injection attempt - GET parameter (sql.rules)
 * 1:13513 <-> DISABLED <-> SQL generic sql insert injection atttempt - GET parameter (sql.rules)
 * 1:13514 <-> DISABLED <-> SQL generic sql update injection attempt - GET parameter (sql.rules)
 * 1:13716 <-> DISABLED <-> RPC portmap CA BrightStor ARCserve tcp procedure 232 attempt (rpc.rules)
 * 1:13805 <-> DISABLED <-> RPC portmap CA BrightStor ARCserve tcp procedure 234 attempt (rpc.rules)
 * 1:13929 <-> ENABLED <-> WEB-MISC Adobe RoboHelp rx SQL injection attempt (web-misc.rules)
 * 1:13951 <-> ENABLED <-> WEB-MISC Oracle Database Server buffer overflow attempt (web-misc.rules)
 * 1:13990 <-> DISABLED <-> SQL union select - possible sql injection attempt - GET parameter (sql.rules)
 * 1:14265 <-> DISABLED <-> SCADA CitectSCADA ODBC buffer overflow attempt (scada.rules)
 * 1:14610 <-> ENABLED <-> WEB-PHP Joomla invalid token administrative password reset attempt (web-php.rules)
 * 1:14771 <-> DISABLED <-> WEB-MISC BEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow (web-misc.rules)
 * 1:15074 <-> DISABLED <-> SCADA Modbus user-defined function code - 65 to 72 (scada.rules)
 * 1:15075 <-> DISABLED <-> SCADA Modbus user-defined function code - 100 to 110 (scada.rules)
 * 1:15076 <-> DISABLED <-> SCADA Modbus write multiple coils - too many outputs (scada.rules)
 * 1:15077 <-> DISABLED <-> SCADA Modbus read multiple coils - too many inputs (scada.rules)
 * 1:15143 <-> DISABLED <-> SQL sp_replwritetovarbin unicode vulnerable function attempt (sql.rules)
 * 1:15144 <-> DISABLED <-> SQL sp_replwritetovarbin vulnerable function attempt (sql.rules)
 * 1:15358 <-> ENABLED <-> SMTP Adobe PDF JBIG2 remote code execution attempt (smtp.rules)
 * 1:15424 <-> DISABLED <-> WEB-PHP phpBB mod shoutbox sql injection attempt (web-php.rules)
 * 1:15425 <-> DISABLED <-> WEB-PHP phpBB mod tag board sql injection attempt (web-php.rules)
 * 1:15432 <-> DISABLED <-> WEB-PHP wordpress cat parameter arbitrary file execution attempt (web-php.rules)
 * 1:15584 <-> DISABLED <-> SQL char and sysobjects - possible sql injection recon attempt (sql.rules)
 * 1:15868 <-> DISABLED <-> SQL Borland InterBase username buffer overflow (sql.rules)
 * 1:15874 <-> DISABLED <-> SQL union select - possible sql injection attempt - POST parameter (sql.rules)
 * 1:15875 <-> DISABLED <-> SQL generic sql insert injection atttempt - POST parameter (sql.rules)
 * 1:15876 <-> DISABLED <-> SQL generic sql update injection attempt - POST parameter (sql.rules)
 * 1:15877 <-> DISABLED <-> SQL generic sql exec injection attempt - POST parameter (sql.rules)
 * 1:16079 <-> DISABLED <-> WEB-CGI uselang code injection (web-cgi.rules)
 * 1:16081 <-> DISABLED <-> RPC portmap 395650 tcp XDR SString buffer overflow attempt (rpc.rules)
 * 1:16083 <-> DISABLED <-> RPC portmap 395650 tcp request (rpc.rules)
 * 1:16085 <-> DISABLED <-> RPC portmap 395650 tcp xml buffer overflow attempt (rpc.rules)
 * 1:16218 <-> DISABLED <-> WEB-MISC Content-Length request offset smuggling attempt (web-misc.rules)
 * 1:16283 <-> DISABLED <-> WEB-MISC Borland StarTeam Multicast Service buffer overflow attempt (web-misc.rules)
 * 1:16356 <-> ENABLED <-> WEB-IIS multiple extension code execution attempt (web-iis.rules)
 * 1:16446 <-> DISABLED <-> RPC portmap Solaris sadmin tcp request (rpc.rules)
 * 1:16448 <-> DISABLED <-> RPC portmap Solaris sadmin tcp adm_build_path overflow attempt (rpc.rules)
 * 1:16609 <-> DISABLED <-> SPECIFIC-THREATS RealNetworks RealPlayer ActiveX Import playlist name buffer overflow attempt (specific-threats.rules)
 * 1:16611 <-> DISABLED <-> WEB-MISC Apache 413 error HTTP request method cross-site scripting attack (web-misc.rules)
 * 1:17103 <-> DISABLED <-> WEB-IIS IIS 5.1 alternate data stream authentication bypass attempt (web-iis.rules)
 * 1:17391 <-> ENABLED <-> WEB-MISC Apache Tomcat UNIX platform directory traversal (web-misc.rules)
 * 1:17486 <-> DISABLED <-> WEB-MISC Trend Micro Control Manager Chunked overflow attempt (web-misc.rules)
 * 1:17498 <-> ENABLED <-> WEB-MISC Apache Tomcat UNIX platform directory traversal (web-misc.rules)
 * 1:17499 <-> ENABLED <-> WEB-MISC Apache Tomcat UNIX platform directory traversal (web-misc.rules)
 * 1:17500 <-> ENABLED <-> WEB-MISC Apache Tomcat UNIX platform directory traversal (web-misc.rules)
 * 1:17501 <-> ENABLED <-> WEB-MISC Apache Tomcat UNIX platform directory traversal (web-misc.rules)
 * 1:17502 <-> ENABLED <-> WEB-MISC Apache Tomcat UNIX platform directory traversal (web-misc.rules)
 * 1:17533 <-> ENABLED <-> WEB-MISC Apache Struts Information Disclosure Attempt (web-misc.rules)
 * 1:17536 <-> DISABLED <-> WEB-MISC Free Download Manager Remote Control Server HTTP Auth Header buffer overflow attempt (web-misc.rules)
 * 1:17597 <-> ENABLED <-> WEB-PHP TikiWiki jhot.php script file upload attempt (web-php.rules)
 * 1:17782 <-> DISABLED <-> SCADA Modbus write multiple registers from external source (scada.rules)
 * 1:17783 <-> DISABLED <-> SCADA Modbus write single register from external source (scada.rules)
 * 1:17784 <-> DISABLED <-> SCADA Modbus write single coil from external source (scada.rules)
 * 1:17785 <-> DISABLED <-> SCADA Modbus write multiple coils from external source (scada.rules)
 * 1:17786 <-> DISABLED <-> SCADA Modbus write file record from external source (scada.rules)
 * 1:17787 <-> DISABLED <-> SCADA Modbus read discrete inputs from external source (scada.rules)
 * 1:17788 <-> DISABLED <-> SCADA Modbus read coils from external source (scada.rules)
 * 1:17789 <-> DISABLED <-> SCADA Modbus read input register from external source (scada.rules)
 * 1:17790 <-> DISABLED <-> SCADA Modbus read holding registers from external source (scada.rules)
 * 1:17791 <-> DISABLED <-> SCADA Modbus read/write multiple registers from external source (scada.rules)
 * 1:17792 <-> DISABLED <-> SCADA Modbus read fifo queue from external source (scada.rules)
 * 1:17793 <-> DISABLED <-> SCADA Modbus read file record from external source (scada.rules)
 * 1:17794 <-> DISABLED <-> SCADA Modbus read exception status from external source (scada.rules)
 * 1:17795 <-> DISABLED <-> SCADA Modbus initiate diagnostic from external source (scada.rules)
 * 1:17796 <-> DISABLED <-> SCADA Modbus get com event counter from external source (scada.rules)
 * 1:17797 <-> DISABLED <-> SCADA Modbus get com event log from external source (scada.rules)
 * 1:17798 <-> DISABLED <-> SCADA Modbus report slave id from external source (scada.rules)
 * 1:17799 <-> DISABLED <-> SCADA Modbus read device identification from external source (scada.rules)
 * 1:17800 <-> DISABLED <-> SCADA Modbus mask write register from external source (scada.rules)
 * 1:1808 <-> DISABLED <-> WEB-MISC apache chunked encoding memory corruption exploit attempt (web-misc.rules)
 * 1:18096 <-> DISABLED <-> WEB-MISC Apache Tomcat username enumeration attempt (web-misc.rules)
 * 1:1820 <-> DISABLED <-> WEB-MISC IBM Net.Commerce orderdspc.d2w access (web-misc.rules)
 * 1:1822 <-> DISABLED <-> WEB-CGI alienform.cgi directory traversal attempt (web-cgi.rules)
 * 1:1823 <-> DISABLED <-> WEB-CGI AlienForm af.cgi directory traversal attempt (web-cgi.rules)
 * 1:1824 <-> DISABLED <-> WEB-CGI alienform.cgi access (web-cgi.rules)
 * 1:1825 <-> DISABLED <-> WEB-CGI AlienForm af.cgi access (web-cgi.rules)
 * 1:1826 <-> DISABLED <-> WEB-MISC WEB-INF access (web-misc.rules)
 * 1:1827 <-> DISABLED <-> WEB-MISC Apache Tomcat servlet mapping cross site scripting attempt (web-misc.rules)
 * 1:1828 <-> DISABLED <-> WEB-MISC iPlanet Search directory traversal attempt (web-misc.rules)
 * 1:1829 <-> DISABLED <-> WEB-MISC Apache Tomcat TroubleShooter servlet access (web-misc.rules)
 * 1:1830 <-> DISABLED <-> WEB-MISC Apache Tomcat SnoopServlet servlet access (web-misc.rules)
 * 1:1831 <-> DISABLED <-> WEB-MISC jigsaw dos attempt (web-misc.rules)
 * 1:18327 <-> DISABLED <-> SCADA Kingview HMI heap overflow attempt (scada.rules)
 * 1:1834 <-> DISABLED <-> WEB-PHP PHP-Wiki cross site scripting attempt (web-php.rules)
 * 1:1835 <-> DISABLED <-> WEB-MISC Macromedia SiteSpring cross site scripting attempt (web-misc.rules)
 * 1:1839 <-> DISABLED <-> WEB-MISC mailman cross site scripting attempt (web-misc.rules)
 * 1:18464 <-> ENABLED <-> WEB-CGI Adobe ColdFusion locale directory traversal attempt (web-cgi.rules)
 * 1:1847 <-> DISABLED <-> WEB-MISC webalizer access (web-misc.rules)
 * 1:18470 <-> DISABLED <-> WEB-MISC Java floating point number denial of service - via URI (web-misc.rules)
 * 1:18471 <-> DISABLED <-> WEB-MISC Java floating point number denial of service - via POST (web-misc.rules)
 * 1:18478 <-> DISABLED <-> WEB-PHP miniBB rss.php premodDir remote file include attempt (web-php.rules)
 * 1:18479 <-> DISABLED <-> WEB-PHP miniBB rss.php pathToFiles remote file include attempt (web-php.rules)
 * 1:18605 <-> DISABLED <-> SCADA Tecnomatix FactoryLink CSService path overflow attempt (scada.rules)
 * 1:18606 <-> DISABLED <-> SCADA Tecnomatix FactoryLink CSService file access attempt (scada.rules)
 * 1:18607 <-> DISABLED <-> SCADA Tecnomatix FactoryLink CSService file information access attempt (scada.rules)
 * 1:18610 <-> DISABLED <-> SCADA Tecnomatix FactoryLink vrn.exe opcode 9 or 10 string parsing overflow attempt (scada.rules)
 * 1:18614 <-> DISABLED <-> SCADA Tecnomatix FactoryLink vrn.exe file access attempt (scada.rules)
 * 1:18648 <-> DISABLED <-> SCADA IGSS IGSSDataServer.exe file upload/download attempt (scada.rules)
 * 1:18649 <-> DISABLED <-> SCADA IGSS IGSSDataServer.exe file operation overflow attempt (scada.rules)
 * 1:18651 <-> DISABLED <-> SCADA IGSS IGSSDataServer.exe report template overflow attempt (scada.rules)
 * 1:18652 <-> DISABLED <-> SCADA IGSS IGSSDataServer.exe report template operation overflow attempt (scada.rules)
 * 1:18654 <-> DISABLED <-> SCADA IGSS IGSSDataServer.exe format string attempt (scada.rules)
 * 1:18656 <-> DISABLED <-> SCADA IGSS IGSSDataServer.exe strep overflow attempt (scada.rules)
 * 1:18657 <-> DISABLED <-> SCADA IGSS dc.exe file execution directory traversal attempt (scada.rules)
 * 1:18658 <-> DISABLED <-> SCADA RealWin 2.1 FC_CONNECT_FCS_LOGIN overflow attempt (scada.rules)
 * 1:18659 <-> DISABLED <-> SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (scada.rules)
 * 1:18721 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (scada.rules)
 * 1:18722 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x1C84 integer overflow attempt (scada.rules)
 * 1:18725 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 heap overflow attempt (scada.rules)
 * 1:18726 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 heap overflow attempt (scada.rules)
 * 1:18727 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 heap overflow attempt (scada.rules)
 * 1:18728 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE heap overflow attempt (scada.rules)
 * 1:18729 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC heap overflow attempt (scada.rules)
 * 1:18730 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x089A integer overflow attempt (scada.rules)
 * 1:18731 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x0453 integer overflow attempt (scada.rules)
 * 1:18732 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (scada.rules)
 * 1:18733 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (scada.rules)
 * 1:18734 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (scada.rules)
 * 1:18735 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (scada.rules)
 * 1:18736 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (scada.rules)
 * 1:18737 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B0 integer overflow attempt (scada.rules)
 * 1:18738 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B2 integer overflow attempt (scada.rules)
 * 1:18742 <-> DISABLED <-> WEB-MISC IBM WebSphere Expect header cross-site scripting (web-misc.rules)
 * 1:18743 <-> DISABLED <-> WEB-MISC VLC player web interface format string attack (web-misc.rules)
 * 1:18746 <-> DISABLED <-> SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (scada.rules)
 * 1:18747 <-> DISABLED <-> SCADA RealWin 2.1 FC_BINFILE_FCS_xFILE overflow attempt (scada.rules)
 * 1:18748 <-> DISABLED <-> SCADA RealWin 2.1 FC_MISC_FCS_MSGx overflow attempt (scada.rules)
 * 1:18749 <-> DISABLED <-> SCADA RealWin 2.1 FC_CTAGLIST_FCS_XTAG overflow attempt (scada.rules)
 * 1:18750 <-> DISABLED <-> SCADA RealWin 2.1 FC_SCRIPT_FCS_STARTPROG overflow attempt (scada.rules)
 * 1:18752 <-> DISABLED <-> SCADA RealWin 2.1 FC_INFOTAG_SET_CONTROL overflow attempt (scada.rules)
 * 1:18761 <-> ENABLED <-> WEB-CGI Majordomo2 http directory traversal attempt (web-cgi.rules)
 * 1:18778 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (scada.rules)
 * 1:18779 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x04B5 integer overflow attempt (scada.rules)
 * 1:18780 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (scada.rules)
 * 1:18781 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x07D0 integer overflow attempt (scada.rules)
 * 1:18783 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DAE integer overflow attempt (scada.rules)
 * 1:18784 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x0DB0 integer overflow attempt (scada.rules)
 * 1:18785 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA4 integer overflow attempt (scada.rules)
 * 1:18786 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x0FA7 integer overflow attempt (scada.rules)
 * 1:18787 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBC integer overflow attempt (scada.rules)
 * 1:18788 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x1BBD integer overflow attempt (scada.rules)
 * 1:18789 <-> DISABLED <-> SCADA Iconics Genesis 32/64 GenBroker opcode 0x26AC integer overflow attempt (scada.rules)
 * 1:18792 <-> ENABLED <-> WEB-MISC Novell ZENworks Configuration Management UploadServlet code execution attempt (web-misc.rules)
 * 1:18793 <-> ENABLED <-> WEB-MISC Novell ZENworks Configuration Management UploadServlet code execution attempt (web-misc.rules)
 * 1:18794 <-> ENABLED <-> WEB-MISC RedHat JBoss Enterprise Application Platform JMX authentication bypass attempt (web-misc.rules)
 * 1:18795 <-> ENABLED <-> WEB-MISC HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (web-misc.rules)
 * 1:18797 <-> ENABLED <-> WEB-MISC Oracle Secure Backup Administration property_box.php other variable command execution attempt (web-misc.rules)
 * 1:18931 <-> ENABLED <-> WEB-MISC Apache Struts OGNL parameter interception bypass command execution attempt (web-misc.rules)
 * 1:18932 <-> ENABLED <-> WEB-MISC Jboss default configuration unauthorized application add attempt (web-misc.rules)
 * 1:18959 <-> DISABLED <-> WEB-MISC VMware SpringSource Spring Framework class.classloader remote code execution attempt (web-misc.rules)
 * 1:19091 <-> DISABLED <-> SPECIFIC-THREATS OpenSSL ssl3_get_key_exchange use-after-free attempt (specific-threats.rules)
 * 1:19092 <-> DISABLED <-> SPECIFIC-THREATS OpenSSL ssl3_get_key_exchange use-after-free attempt (specific-threats.rules)
 * 1:19155 <-> ENABLED <-> WEB-MISC HP Data Protector Media Operations SignInName Parameter overflow attempt (web-misc.rules)
 * 1:19157 <-> ENABLED <-> WEB-MISC HP Universal CMDB server axis2 default credentials attempt (web-misc.rules)
 * 1:19168 <-> ENABLED <-> WEB-MISC Oracle GoldenGate Veridata Server soap request overflow attempt (web-misc.rules)
 * 1:19176 <-> DISABLED <-> WEB-MISC cookiejacking attempt (web-misc.rules)
 * 1:19177 <-> DISABLED <-> WEB-MISC cookiejacking attempt (web-misc.rules)
 * 1:19201 <-> DISABLED <-> SQL waitfor delay function - possible SQL injection attempt (sql.rules)
 * 1:19202 <-> DISABLED <-> SQL declare varchar - possible SQL injection attempt (sql.rules)
 * 1:19438 <-> DISABLED <-> SQL url ending in comment characters - possible sql injection attempt (sql.rules)
 * 1:19439 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:19440 <-> DISABLED <-> SQL 1 = 0 - possible sql injection attempt (sql.rules)
 * 1:19441 <-> ENABLED <-> WEB-MISC Oracle Virtual Server Agent command injection attempt (web-misc.rules)
 * 1:19553 <-> ENABLED <-> WEB-PHP phpMyAdmin session_to_unset session variable injection attempt (web-php.rules)
 * 1:19558 <-> DISABLED <-> WEB-MISC JBoss expression language actionOutcome remote code execution (web-misc.rules)
 * 1:1967 <-> DISABLED <-> WEB-PHP phpbb quick-reply.php arbitrary command attempt (web-php.rules)
 * 1:1968 <-> DISABLED <-> WEB-PHP phpbb quick-reply.php access (web-php.rules)
 * 1:19779 <-> ENABLED <-> WEB-MISC sqlmap SQL injection scan attempt (web-misc.rules)
 * 1:19813 <-> DISABLED <-> WEB-MISC Novell File Reporter Agent XMLK parsing stack bugger overflow attempt (web-misc.rules)
 * 1:19826 <-> ENABLED <-> WEB-MISC HP Power Manager remote code execution attempt (web-misc.rules)
 * 1:19933 <-> DISABLED <-> WEB-MISC DirBuster brute forcing tool detected (web-misc.rules)
 * 1:1997 <-> DISABLED <-> WEB-PHP read_body.php access attempt (web-php.rules)
 * 1:1998 <-> DISABLED <-> WEB-PHP calendar.php access (web-php.rules)
 * 1:1999 <-> DISABLED <-> WEB-PHP edit_image.php access (web-php.rules)
 * 1:2000 <-> DISABLED <-> WEB-PHP readmsg.php access (web-php.rules)
 * 1:2002 <-> DISABLED <-> WEB-PHP remote include path (web-php.rules)
 * 1:20030 <-> DISABLED <-> SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (scada.rules)
 * 1:20045 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules)
 * 1:20046 <-> DISABLED <-> SQL PHPSESSID SQL injection attempt (sql.rules)
 * 1:20047 <-> DISABLED <-> SQL 1 = 1 - possible sql injection attempt (sql.rules)
 * 1:20207 <-> ENABLED <-> SCADA Cogent unicode buffer overflow (scada.rules)
 * 1:20208 <-> ENABLED <-> SCADA Cogent unicode buffer overflow (scada.rules)
 * 1:20209 <-> ENABLED <-> SCADA Cogent unicode buffer overflow (scada.rules)
 * 1:20210 <-> ENABLED <-> SCADA Cogent unicode buffer overflow (scada.rules)
 * 1:20214 <-> DISABLED <-> SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (scada.rules)
 * 1:20215 <-> DISABLED <-> SCADA Measuresoft ScadaPro directory traversal file operation attempt (scada.rules)
 * 1:20257 <-> DISABLED <-> WEB-MISC Microsoft ForeFront UAG ExcelTable.asp XSS attempt (web-misc.rules)
 * 1:20259 <-> DISABLED <-> WEB-MISC Microsoft Agent Helper Malicious JAR download attempt (web-misc.rules)
 * 1:20266 <-> DISABLED <-> WEB-MISC Microsoft Internet Explorer 8 Javascript negative option index attack attempt (web-misc.rules)
 * 1:20528 <-> DISABLED <-> WEB-MISC Apache mod_proxy reverse proxy information disclosure (web-misc.rules)
 * 1:20623 <-> DISABLED <-> WEB-PHP Venom Board SQL injection attempt  (web-php.rules)
 * 1:20624 <-> DISABLED <-> WEB-PHP Venom Board SQL injection attempt (web-php.rules)
 * 1:20625 <-> DISABLED <-> WEB-PHP Venom Board SQL injection attempt (web-php.rules)
 * 1:20629 <-> DISABLED <-> WEB-PHP geoBlog SQL injection in viewcat.php cat parameter attempt (web-php.rules)
 * 1:20631 <-> DISABLED <-> WEB-PHP Akarru remote file include in main_content.php bm_content (web-php.rules)
 * 1:20632 <-> DISABLED <-> WEB-PHP AnnoncesV remote file include in annonce.php page (web-php.rules)
 * 1:20633 <-> DISABLED <-> WEB-PHP Boite de News remote file include in inc.php url_index (web-php.rules)
 * 1:20638 <-> DISABLED <-> SCADA Progea Movicon/PowerHMI EIDP over HTTP memory corruption attempt (scada.rules)
 * 1:20640 <-> DISABLED <-> WEB-PHP VEGO Web Forum SQL injection in login.php username attempt (web-php.rules)
 * 1:20641 <-> DISABLED <-> WEB-PHP TheWebForum SQL injection in login.php username attempt (web-php.rules)
 * 1:20642 <-> DISABLED <-> WEB-PHP TankLogger SQL injection in showInfo.php livestock_id attempt (web-php.rules)
 * 1:20643 <-> DISABLED <-> WEB-PHP ScozBook SQL injection in auth.php adminname attempt (web-php.rules)
 * 1:20644 <-> DISABLED <-> WEB-PHP Lizard Cart CMS SQL injection in detail.php id attempt (web-php.rules)
 * 1:20645 <-> DISABLED <-> WEB-PHP Lizard Cart CMS SQL injection in pages.php id attempt (web-php.rules)
 * 1:20646 <-> DISABLED <-> WEB-PHP Benders Calendar SQL injection in index.php this_day attempt (web-php.rules)
 * 1:20647 <-> DISABLED <-> WEB-PHP inTouch SQL injection in index.php user attempt (web-php.rules)
 * 1:20648 <-> DISABLED <-> WEB-PHP Bit 5 Blog SQL injection in processlogin.php username via (web-php.rules)
 * 1:20649 <-> DISABLED <-> WEB-PHP ADNForum SQL injection in index.php fid attempt (web-php.rules)
 * 1:20650 <-> DISABLED <-> WEB-PHP MyNewsGroups remote file include in layersmenu.inc.php myng_root (web-php.rules)
 * 1:20651 <-> DISABLED <-> WEB-PHP Modernbill remote file include in config.php DIR (web-php.rules)
 * 1:20652 <-> DISABLED <-> WEB-PHP ME Download System remote file include in header.php Vb8878b936c2bd8ae0cab (web-php.rules)
 * 1:20654 <-> DISABLED <-> WEB-PHP GrapAgenda remote file include in index.php page (web-php.rules)
 * 1:20656 <-> DISABLED <-> WEB-PHP GestArtremote file include in aide.php3 aide (web-php.rules)
 * 1:20657 <-> DISABLED <-> WEB-PHP Free File Hosting remote file include in forgot_pass.php ad_body_temp (web-php.rules)
 * 1:20663 <-> DISABLED <-> WEB-PHP Comet WebFileManager remote file include in CheckUpload.php Language (web-php.rules)
 * 1:20670 <-> DISABLED <-> SPECIFIC-THREATS Asterisk data length field overflow attempt (specific-threats.rules)
 * 1:20726 <-> DISABLED <-> WEB-MISC F-Secure web console username overflow attempt (web-misc.rules)
 * 1:20731 <-> DISABLED <-> WEB-PHP TSEP remote file include in colorswitch.php tsep_config[absPath] (web-php.rules)
 * 1:20732 <-> DISABLED <-> WEB-PHP Sabdrimer remote file include in advanced1.php pluginpath[0] (web-php.rules)
 * 1:20735 <-> ENABLED <-> SPECIFIC-THREATS Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation of privileges attempt (specific-threats.rules)
 * 1:20815 <-> DISABLED <-> WEB-PHP Vmist Downstat remote file include in chart.php art (web-php.rules)
 * 1:20816 <-> DISABLED <-> WEB-PHP Vmist Downstat remote file include in admin.php art (web-php.rules)
 * 1:20817 <-> DISABLED <-> WEB-PHP Vmist Downstat remote file include in modes.php art (web-php.rules)
 * 1:20818 <-> DISABLED <-> WEB-PHP Vmist Downstat remote file include in stats.php art (web-php.rules)
 * 1:20862 <-> DISABLED <-> WEB-MISC Jive Software Openfire logviewer.jsp XSS attempt (web-misc.rules)
 * 1:20863 <-> DISABLED <-> WEB-MISC Jive Software Openfire log.jsp XSS attempt (web-misc.rules)
 * 1:20864 <-> DISABLED <-> WEB-MISC Jive Software Openfire group-summary.jsp XSS attempt (web-misc.rules)
 * 1:20865 <-> DISABLED <-> WEB-MISC Jive Software Openfire user-properties.jsp XSS attempt (web-misc.rules)
 * 1:20866 <-> DISABLED <-> WEB-MISC Jive Software Openfire audit-policy.jsp XSS attempt (web-misc.rules)
 * 1:20867 <-> DISABLED <-> WEB-MISC Jive Software Openfire server-properties.jsp XSS attempt (web-misc.rules)
 * 1:20868 <-> DISABLED <-> WEB-MISC Jive Software Openfire muc-room-edit-form.jsp XSS attempt (web-misc.rules)
 * 1:8525 <-> DISABLED <-> SQL xp_proxiedmetadata vulnerable function attempt (sql.rules)
 * 1:8522 <-> DISABLED <-> SQL xp_printstatements vulnerable function attempt (sql.rules)
 * 1:8441 <-> DISABLED <-> WEB-MISC McAfee header buffer overflow attempt (web-misc.rules)
 * 1:21389 <-> ENABLED <-> WEB-MISC Cisco Common Services Device Center XSS attempt (web-misc.rules)
 * 1:8505 <-> DISABLED <-> SQL xp_oadestroy unicode vulnerable function attempt (sql.rules)
 * 1:8513 <-> DISABLED <-> SQL xp_oamethod unicode vulnerable function attempt (sql.rules)
 * 1:8509 <-> DISABLED <-> SQL xp_oagetproperty unicode vulnerable function attempt (sql.rules)
 * 1:21788 <-> DISABLED <-> SPECIFIC-THREATS or kic = kic - known SQL injection routine (specific-threats.rules)
 * 1:21086 <-> DISABLED <-> SPECIFIC-THREATS Microsoft Internet Explorer object clone deletion memory corruption (specific-threats.rules)
 * 1:3194 <-> DISABLED <-> WEB-IIS .bat executable file parsing attack (web-iis.rules)
 * 1:8520 <-> DISABLED <-> SQL xp_printstatements unicode vulnerable function attempt (sql.rules)
 * 1:21781 <-> DISABLED <-> SPECIFIC-THREATS encoded union select function in POST - possible sql injection attempt (specific-threats.rules)
 * 1:21214 <-> DISABLED <-> WEB-MISC Apache server mod_proxy reverse proxy bypass attempt (web-misc.rules)
 * 1:22061 <-> DISABLED <-> SPECIFIC-THREATS Alureon - Malicious IFRAME load attempt (specific-threats.rules)
 * 1:21789 <-> DISABLED <-> SPECIFIC-THREATS or kic = kic - known SQL injection routine (specific-threats.rules)
 * 1:21385 <-> ENABLED <-> WEB-MISC Cisco Common Services Help servlet XSS attempt (web-misc.rules)
 * 1:8497 <-> DISABLED <-> SQL sp_oacreate vulnerable function attempt (sql.rules)
 * 1:8519 <-> DISABLED <-> SQL xp_peekqueue vulnerable function attempt (sql.rules)
 * 1:8500 <-> DISABLED <-> SQL xp_displayparamstmt unicode vulnerable function attempt (sql.rules)
 * 1:21529 <-> DISABLED <-> NETBIOS SMB Trans2 Find_First2 filename overflow attempt (netbios.rules)
 * 1:21603 <-> DISABLED <-> WEB-IIS Microsoft IIS multiple executable extension access attempt (web-iis.rules)
 * 1:21784 <-> DISABLED <-> SPECIFIC-THREATS encoded script tag in POST parameters - likely cross-site scripting (specific-threats.rules)
 * 1:8517 <-> DISABLED <-> SQL xp_peekqueue unicode vulnerable function attempt (sql.rules)
 * 1:21787 <-> DISABLED <-> SPECIFIC-THREATS encoded javascript escape function in POST parameters - likely javascript injection (specific-threats.rules)
 * 1:8498 <-> DISABLED <-> SQL sp_oacreate unicode vulnerable function attempt (sql.rules)
 * 1:8494 <-> DISABLED <-> SQL formatmessage possible buffer overflow (sql.rules)
 * 1:21600 <-> DISABLED <-> WEB-IIS Microsoft IIS multiple executable extension access attempt (web-iis.rules)
 * 1:21604 <-> DISABLED <-> WEB-IIS Microsoft IIS multiple executable extension access attempt (web-iis.rules)
 * 1:21161 <-> DISABLED <-> WEB-IIS Microsoft Windows IIS5 NTLM and basic authentication bypass attempt (web-iis.rules)
 * 1:21783 <-> DISABLED <-> SPECIFIC-THREATS encoded script tag in POST parameters - likely cross-site scripting (specific-threats.rules)
 * 1:8515 <-> DISABLED <-> SQL xp_oasetproperty unicode vulnerable function attempt (sql.rules)
 * 1:21599 <-> DISABLED <-> WEB-IIS Microsoft IIS multiple executable extension access attempt (web-iis.rules)
 * 1:21782 <-> DISABLED <-> SPECIFIC-THREATS script tag in POST parameters - likely cross-site scripting (specific-threats.rules)
 * 1:8510 <-> DISABLED <-> SQL xp_oagetproperty vulnerable function attempt (sql.rules)
 * 1:21779 <-> DISABLED <-> SQL parameter ending in encoded comment characters - possible sql injection attempt - POST (sql.rules)
 * 1:8514 <-> DISABLED <-> SQL xp_oasetproperty unicode vulnerable function attempt (sql.rules)
 * 1:8495 <-> DISABLED <-> SQL formatmessage possible buffer overflow (sql.rules)
 * 1:5709 <-> DISABLED <-> WEB-PHP file upload directory traversal (web-php.rules)
 * 1:8504 <-> DISABLED <-> SQL xp_enumresultset vulnerable function attempt (sql.rules)
 * 1:21780 <-> DISABLED <-> SPECIFIC-THREATS encoded waitfor delay function in POST - possible sql injection attempt (specific-threats.rules)
 * 1:8506 <-> DISABLED <-> SQL xp_oadestroy unicode vulnerable function attempt (sql.rules)
 * 1:8501 <-> DISABLED <-> SQL xp_displayparamstmt vulnerable function attempt (sql.rules)
 * 1:21377 <-> ENABLED <-> WEB-MISC Cisco Unified Communications Manager sql injection attempt (web-misc.rules)
 * 1:21393 <-> DISABLED <-> SPECIFIC-THREATS Magix Musik Maker 16 buffer overflow attempt (specific-threats.rules)
 * 1:8508 <-> DISABLED <-> SQL xp_oagetproperty unicode vulnerable function attempt (sql.rules)
 * 1:8511 <-> DISABLED <-> SQL xp_oamethod unicode vulnerable function attempt (sql.rules)
 * 1:21605 <-> DISABLED <-> WEB-IIS Microsoft IIS multiple executable extension access attempt (web-iis.rules)
 * 1:8503 <-> DISABLED <-> SQL xp_enumresultset unicode vulnerable function attempt (sql.rules)
 * 1:21785 <-> DISABLED <-> SPECIFIC-THREATS javascript escape function in POST parameters - likely javascript injection (specific-threats.rules)
 * 1:8496 <-> DISABLED <-> SQL sp_oacreate unicode vulnerable function attempt (sql.rules)
 * 1:3822 <-> DISABLED <-> WEB-MISC RealNetworks RealPlayer realtext long URI request attempt (web-misc.rules)
 * 1:21786 <-> DISABLED <-> SPECIFIC-THREATS encoded javascript escape function in POST parameters - likely javascript injection (specific-threats.rules)
 * 1:21777 <-> DISABLED <-> SQL waitfor delay function in POST - possible SQL injection attempt (sql.rules)
 * 1:21335 <-> DISABLED <-> SPECIFIC-THREATS Adobe Flash Player ActionScript bytecode type confusion null dereference attempt (specific-threats.rules)
 * 1:21759 <-> DISABLED <-> SPECIFIC-THREATS Ultra Shareware Office HttpUpload buffer overflow attempt (specific-threats.rules)
 * 1:21606 <-> DISABLED <-> WEB-IIS Microsoft IIS multiple executable extension access attempt (web-iis.rules)
 * 1:6403 <-> DISABLED <-> WEB-PHP horde help module arbitrary command execution attempt (web-php.rules)
 * 1:8516 <-> DISABLED <-> SQL xp_oasetproperty vulnerable function attempt (sql.rules)
 * 1:8499 <-> DISABLED <-> SQL xp_displayparamstmt unicode vulnerable function attempt (sql.rules)
 * 1:21375 <-> DISABLED <-> WEB-PHP Remote Execution Backdoor Attempt Against Horde (web-php.rules)
 * 1:8502 <-> DISABLED <-> SQL xp_enumresultset unicode vulnerable function attempt (sql.rules)
 * 1:8518 <-> DISABLED <-> SQL xp_peekqueue unicode vulnerable function attempt (sql.rules)
 * 1:3638 <-> DISABLED <-> WEB-CGI SoftCart.exe CGI buffer overflow attempt (web-cgi.rules)
 * 1:21601 <-> DISABLED <-> WEB-IIS Microsoft IIS multiple executable extension access attempt (web-iis.rules)
 * 1:8507 <-> DISABLED <-> SQL xp_oadestroy vulnerable function attempt (sql.rules)
 * 1:3193 <-> DISABLED <-> WEB-IIS .cmd executable file parsing attack (web-iis.rules)
 * 1:8512 <-> DISABLED <-> SQL xp_oamethod vulnerable function attempt (sql.rules)
 * 1:21778 <-> DISABLED <-> SQL parameter ending in comment characters - possible sql injection attempt - POST (sql.rules)
 * 1:21602 <-> DISABLED <-> WEB-IIS Microsoft IIS multiple executable extension access attempt (web-iis.rules)
 * 1:8524 <-> DISABLED <-> SQL xp_proxiedmetadata unicode vulnerable function attempt (sql.rules)
 * 1:8521 <-> DISABLED <-> SQL xp_printstatements unicode vulnerable function attempt (sql.rules)
 * 1:8523 <-> DISABLED <-> SQL xp_proxiedmetadata unicode vulnerable function attempt (sql.rules)