Sourcefire VRT Rules Update

Date: 2007-08-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group)

New rules:
12285 <-> WEB-CLIENT Excel Workspace file download (web-client.rules)
12286 <-> WEB-CLIENT PCRE character class double free overflow attempt (web-client.rules)
12287 <-> SPYWARE-PUT Hijacker scn toolbar runtime detection - ebrss request (spyware-put.rules)
12288 <-> SPYWARE-PUT Hijacker scn toolbar runtime detection - hijack ie searches (spyware-put.rules)
12289 <-> SPYWARE-PUT Hijacker scn toolbar runtime detection - get updates (spyware-put.rules)
12290 <-> SPYWARE-PUT Hijacker newdotnet quick! search runtime detection (spyware-put.rules)
12291 <-> SPYWARE-PUT Trackware vmn toolbar runtime detection (spyware-put.rules)
12292 <-> SPYWARE-PUT Hijacker morpheus toolbar runtime detection - hijack/search (spyware-put.rules)
12293 <-> SPYWARE-PUT Hijacker morpheus toolbar runtime detection - get cfg info (spyware-put.rules)
12294 <-> SPYWARE-PUT Hijacker 3search runtime detection - counter (spyware-put.rules)
12295 <-> SPYWARE-PUT Hijacker 3search runtime detection - hijacking (spyware-put.rules)
12296 <-> SPYWARE-PUT Hijacker 3search runtime detection - update (spyware-put.rules)
12297 <-> BACKDOOR bifrost v1.2.1 runtime detection (backdoor.rules)
12298 <-> BACKDOOR bifrost v1.2.1 runtime detection (backdoor.rules)
12299 <-> EXPLOIT Cisco NHRP incorrect packet size (exploit.rules)
12300 <-> EXPLOIT Cisco NHRP incorrect packet size (exploit.rules)
12301 <-> WEB-CLIENT eCentrex VOIP Client Module ActiveX clsid access (web-client.rules)
12302 <-> WEB-CLIENT eCentrex VOIP Client Module ActiveX clsid unicode access (web-client.rules)
12303 <-> POLICY Google Chat web client connection (policy.rules)
12304 <-> POLICY AOL Instant Messenger web client connection (policy.rules)
12305 <-> POLICY Yahoo Messenger web client connection (policy.rules)
12306 <-> POLICY  Microsoft Messenger web client connection (policy.rules)
12307 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _SetPagerNotifyConfig little endian attempt (netbios.rules)
12308 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules)
12309 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules)
12310 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetPagerNotifyConfig little endian attempt (netbios.rules)
12311 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetPagerNotifyConfig object call attempt (netbios.rules)
12312 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetPagerNotifyConfig little endian object call attempt (netbios.rules)
12313 <-> NETBIOS DCERPC DIRECT trend-serverprotect-earthagent alter context attempt (netbios.rules)
12314 <-> NETBIOS DCERPC DIRECT trend-serverprotect-earthagent little endian alter context attempt (netbios.rules)
12315 <-> NETBIOS DCERPC DIRECT trend-serverprotect-earthagent bind attempt (netbios.rules)
12316 <-> NETBIOS DCERPC DIRECT trend-serverprotect-earthagent little endian bind attempt (netbios.rules)
12317 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect-earthagent _SetSpntShareConfig little endian attempt (netbios.rules)
12318 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect-earthagent _SetSpntShareConfig attempt (netbios.rules)
12319 <-> NETBIOS DCERPC DIRECT trend-serverprotect-earthagent _SetSpntShareConfig attempt (netbios.rules)
12320 <-> NETBIOS DCERPC DIRECT trend-serverprotect-earthagent _SetSpntShareConfig little endian attempt (netbios.rules)
12321 <-> NETBIOS DCERPC DIRECT trend-serverprotect-earthagent _SetSpntShareConfig object call attempt (netbios.rules)
12322 <-> NETBIOS DCERPC DIRECT trend-serverprotect-earthagent _SetSpntShareConfig little endian object call attempt (netbios.rules)
12323 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules)
12324 <-> NETBIOS DCERPC DIRECT trend-serverprotect _AddTaskExportLogItem little endian attempt (netbios.rules)
12325 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _AddTaskExportLogItem little endian attempt (netbios.rules)
12326 <-> NETBIOS DCERPC DIRECT trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules)
12327 <-> NETBIOS DCERPC DIRECT trend-serverprotect _AddTaskExportLogItem little endian object call attempt (netbios.rules)
12328 <-> NETBIOS DCERPC DIRECT trend-serverprotect _AddTaskExportLogItem object call attempt (netbios.rules)
12329 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _TakeActionOnAFile attempt (netbios.rules)
12330 <-> NETBIOS DCERPC DIRECT trend-serverprotect _TakeActionOnAFile little endian attempt (netbios.rules)
12331 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _TakeActionOnAFile little endian attempt (netbios.rules)
12332 <-> NETBIOS DCERPC DIRECT trend-serverprotect _TakeActionOnAFile attempt (netbios.rules)
12333 <-> NETBIOS DCERPC DIRECT trend-serverprotect _TakeActionOnAFile little endian object call attempt (netbios.rules)
12334 <-> NETBIOS DCERPC DIRECT trend-serverprotect _TakeActionOnAFile object call attempt (netbios.rules)
12335 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules)
12336 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules)
12337 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_30010 little endian overflow attempt (netbios.rules)
12338 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect Trent_req_num_30010 little endian overflow attempt (netbios.rules)
12339 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_30010 object call overflow attempt (netbios.rules)
12340 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_30010 little endian object call overflow attempt (netbios.rules)
12341 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 little endian attempt (netbios.rules)
12342 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules)
12343 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules)
12344 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect Trent_req_num_a0030 little endian attempt (netbios.rules)
12345 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 little endian object call attempt (netbios.rules)
12346 <-> NETBIOS DCERPC DIRECT trend-serverprotect Trent_req_num_a0030 object call attempt (netbios.rules)
12347 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _SetSvcImpersonateUser little endian attempt (netbios.rules)
12348 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetSvcImpersonateUser little endian attempt (netbios.rules)
12349 <-> NETBIOS DCERPC DIRECT v4 trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules)
12350 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules)
12351 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetSvcImpersonateUser little endian object call attempt (netbios.rules)
12352 <-> NETBIOS DCERPC DIRECT trend-serverprotect _SetSvcImpersonateUser object call attempt (netbios.rules)

Updated rules:
 509 <-> WEB-MISC PCCS mysql database admin tool access (web-misc.rules)
 903 <-> WEB-COLDFUSION cfcache.map access (web-coldfusion.rules)
 904 <-> WEB-COLDFUSION exampleapp application.cfm (web-coldfusion.rules)
 905 <-> WEB-COLDFUSION application.cfm access (web-coldfusion.rules)
 906 <-> WEB-COLDFUSION getfile.cfm access (web-coldfusion.rules)
 907 <-> WEB-COLDFUSION addcontent.cfm access (web-coldfusion.rules)
 908 <-> WEB-COLDFUSION administrator access (web-coldfusion.rules)
 909 <-> WEB-COLDFUSION datasource username attempt (web-coldfusion.rules)
 910 <-> WEB-COLDFUSION fileexists.cfm access (web-coldfusion.rules)
 911 <-> WEB-COLDFUSION exprcalc access (web-coldfusion.rules)
 912 <-> WEB-COLDFUSION parks access (web-coldfusion.rules)
 913 <-> WEB-COLDFUSION cfappman access (web-coldfusion.rules)
 914 <-> WEB-COLDFUSION beaninfo access (web-coldfusion.rules)
 915 <-> WEB-COLDFUSION evaluate.cfm access (web-coldfusion.rules)
 916 <-> WEB-COLDFUSION getodbcdsn access (web-coldfusion.rules)
 917 <-> WEB-COLDFUSION db connections flush attempt (web-coldfusion.rules)
 918 <-> WEB-COLDFUSION expeval access (web-coldfusion.rules)
 919 <-> WEB-COLDFUSION datasource passwordattempt (web-coldfusion.rules)
 920 <-> WEB-COLDFUSION datasource attempt (web-coldfusion.rules)
 921 <-> WEB-COLDFUSION admin encrypt attempt (web-coldfusion.rules)
 922 <-> WEB-COLDFUSION displayfile access (web-coldfusion.rules)
 923 <-> WEB-COLDFUSION getodbcin attempt (web-coldfusion.rules)
 924 <-> WEB-COLDFUSION admin decrypt attempt (web-coldfusion.rules)
 925 <-> WEB-COLDFUSION mainframeset access (web-coldfusion.rules)
 926 <-> WEB-COLDFUSION set odbc ini attempt (web-coldfusion.rules)
 927 <-> WEB-COLDFUSION settings refresh attempt (web-coldfusion.rules)
 928 <-> WEB-COLDFUSION exampleapp access (web-coldfusion.rules)
 929 <-> WEB-COLDFUSION CFUSION_VERIFYMAIL access (web-coldfusion.rules)
 930 <-> WEB-COLDFUSION snippets attempt (web-coldfusion.rules)
 931 <-> WEB-COLDFUSION cfmlsyntaxcheck.cfm access (web-coldfusion.rules)
 932 <-> WEB-COLDFUSION application.cfm access (web-coldfusion.rules)
 933 <-> WEB-COLDFUSION onrequestend.cfm access (web-coldfusion.rules)
 935 <-> WEB-COLDFUSION startstop DOS access (web-coldfusion.rules)
 936 <-> WEB-COLDFUSION gettempdirectory.cfm access  (web-coldfusion.rules)
 937 <-> WEB-FRONTPAGE _vti_rpc access (web-frontpage.rules)
 939 <-> WEB-FRONTPAGE posting (web-frontpage.rules)
 940 <-> WEB-FRONTPAGE shtml.dll access (web-frontpage.rules)
 941 <-> WEB-FRONTPAGE contents.htm access (web-frontpage.rules)
 942 <-> WEB-FRONTPAGE orders.htm access (web-frontpage.rules)
 943 <-> WEB-FRONTPAGE fpsrvadm.exe access (web-frontpage.rules)
 944 <-> WEB-FRONTPAGE fpremadm.exe access (web-frontpage.rules)
 945 <-> WEB-FRONTPAGE fpadmin.htm access (web-frontpage.rules)
 946 <-> WEB-FRONTPAGE fpadmcgi.exe access (web-frontpage.rules)
 947 <-> WEB-FRONTPAGE orders.txt access (web-frontpage.rules)
 948 <-> WEB-FRONTPAGE form_results access (web-frontpage.rules)
 949 <-> WEB-FRONTPAGE registrations.htm access (web-frontpage.rules)
 950 <-> WEB-FRONTPAGE cfgwiz.exe access (web-frontpage.rules)
 951 <-> WEB-FRONTPAGE authors.pwd access (web-frontpage.rules)
 952 <-> WEB-FRONTPAGE author.exe access (web-frontpage.rules)
 953 <-> WEB-FRONTPAGE administrators.pwd access (web-frontpage.rules)
 954 <-> WEB-FRONTPAGE form_results.htm access (web-frontpage.rules)
 955 <-> WEB-FRONTPAGE access.cnf access (web-frontpage.rules)
 956 <-> WEB-FRONTPAGE register.txt access (web-frontpage.rules)
 957 <-> WEB-FRONTPAGE registrations.txt access (web-frontpage.rules)
 958 <-> WEB-FRONTPAGE service.cnf access (web-frontpage.rules)
 959 <-> WEB-FRONTPAGE service.pwd (web-frontpage.rules)
 960 <-> WEB-FRONTPAGE service.stp access (web-frontpage.rules)
 961 <-> WEB-FRONTPAGE services.cnf access (web-frontpage.rules)
 962 <-> WEB-FRONTPAGE shtml.exe access (web-frontpage.rules)
 963 <-> WEB-FRONTPAGE svcacl.cnf access (web-frontpage.rules)
 964 <-> WEB-FRONTPAGE users.pwd access (web-frontpage.rules)
 965 <-> WEB-FRONTPAGE writeto.cnf access (web-frontpage.rules)
 966 <-> WEB-FRONTPAGE .... request (web-frontpage.rules)
 967 <-> WEB-FRONTPAGE dvwssr.dll access (web-frontpage.rules)
 968 <-> WEB-FRONTPAGE register.htm access (web-frontpage.rules)
 969 <-> WEB-IIS WebDAV file lock attempt (web-iis.rules)
 971 <-> WEB-IIS ISAPI .printer access (web-iis.rules)
 973 <-> WEB-IIS *.idc attempt (web-iis.rules)
 974 <-> WEB-IIS Directory transversal attempt (web-iis.rules)
 975 <-> WEB-IIS Alternate Data streams ASP file access attempt (web-iis.rules)
 976 <-> WEB-MISC .bat? access (web-misc.rules)
 977 <-> WEB-IIS .cnf access (web-iis.rules)
 978 <-> WEB-IIS ASP contents view (web-iis.rules)
 979 <-> WEB-IIS ASP contents view (web-iis.rules)
 980 <-> WEB-IIS CGImail.exe access (web-iis.rules)
 984 <-> WEB-IIS JET VBA access (web-iis.rules)
 985 <-> WEB-IIS JET VBA access (web-iis.rules)
 986 <-> WEB-IIS MSProxy access (web-iis.rules)
 987 <-> WEB-IIS .htr access (web-iis.rules)
 988 <-> WEB-IIS SAM Attempt (web-iis.rules)
 990 <-> WEB-FRONTPAGE _vti_inf.html access (web-frontpage.rules)
 991 <-> WEB-IIS achg.htr access (web-iis.rules)
 992 <-> WEB-IIS adctest.asp access (web-iis.rules)
 993 <-> WEB-IIS iisadmin access (web-iis.rules)
 994 <-> WEB-IIS /scripts/iisadmin/default.htm access (web-iis.rules)
 995 <-> WEB-IIS ism.dll access (web-iis.rules)
 996 <-> WEB-IIS anot.htr access (web-iis.rules)
 997 <-> WEB-IIS asp-dot attempt (web-iis.rules)
 998 <-> WEB-IIS asp-srch attempt (web-iis.rules)
 999 <-> WEB-IIS bdir access (web-iis.rules)
1000 <-> WEB-IIS bdir.htr access (web-iis.rules)
1001 <-> WEB-MISC carbo.dll access (web-misc.rules)
1002 <-> WEB-IIS cmd.exe access (web-iis.rules)
1003 <-> WEB-IIS cmd? access (web-iis.rules)
1004 <-> WEB-IIS codebrowser Exair access (web-iis.rules)
1005 <-> WEB-IIS codebrowser SDK access (web-iis.rules)
1007 <-> WEB-IIS Form_JScript.asp access (web-iis.rules)
1008 <-> WEB-IIS del attempt (web-iis.rules)
1009 <-> WEB-IIS directory listing (web-iis.rules)
1010 <-> WEB-IIS encoding access (web-iis.rules)
1011 <-> WEB-IIS exec-src access (web-iis.rules)
1012 <-> WEB-IIS fpcount attempt (web-iis.rules)
1013 <-> WEB-IIS fpcount access (web-iis.rules)
1015 <-> WEB-IIS getdrvs.exe access (web-iis.rules)
1016 <-> WEB-IIS global.asa access (web-iis.rules)
1017 <-> WEB-IIS idc-srch attempt (web-iis.rules)
1018 <-> WEB-IIS iisadmpwd attempt (web-iis.rules)
1019 <-> WEB-IIS Malformed Hit-Highlighting Argument File Access Attempt (web-iis.rules)
1020 <-> WEB-IIS isc$data attempt (web-iis.rules)
1021 <-> WEB-IIS ism.dll attempt (web-iis.rules)
1022 <-> WEB-IIS jet vba access (web-iis.rules)
1023 <-> WEB-IIS msadcs.dll access (web-iis.rules)
1024 <-> WEB-IIS newdsn.exe access (web-iis.rules)
1025 <-> WEB-IIS perl access (web-iis.rules)
1026 <-> WEB-IIS perl-browse newline attempt (web-iis.rules)
1027 <-> WEB-IIS perl-browse space attempt (web-iis.rules)
1028 <-> WEB-IIS query.asp access (web-iis.rules)
1029 <-> WEB-IIS scripts-browse access (web-iis.rules)
1030 <-> WEB-IIS search97.vts access (web-iis.rules)
1031 <-> WEB-IIS /SiteServer/Publishing/viewcode.asp access (web-iis.rules)
1032 <-> WEB-IIS showcode access (web-iis.rules)
1033 <-> WEB-IIS viewcode access (web-iis.rules)
1034 <-> WEB-IIS viewcode access (web-iis.rules)
1035 <-> WEB-IIS viewcode access (web-iis.rules)
1036 <-> WEB-IIS viewcode access (web-iis.rules)
1037 <-> WEB-IIS showcode.asp access (web-iis.rules)
1038 <-> WEB-IIS site server config access (web-iis.rules)
1039 <-> WEB-IIS srch.htm access (web-iis.rules)
1040 <-> WEB-IIS srchadm access (web-iis.rules)
1041 <-> WEB-IIS uploadn.asp access (web-iis.rules)
1042 <-> WEB-IIS view source via translate header (web-iis.rules)
1043 <-> WEB-IIS viewcode.asp access (web-iis.rules)
1044 <-> WEB-IIS webhits access (web-iis.rules)
1045 <-> WEB-IIS Unauthorized IP Access Attempt (web-iis.rules)
1046 <-> WEB-IIS site/iisamples access (web-iis.rules)
1047 <-> WEB-MISC Netscape Enterprise DOS (web-misc.rules)
1048 <-> WEB-MISC Netscape Enterprise directory listing attempt (web-misc.rules)
1050 <-> WEB-MISC iPlanet GETPROPERTIES attempt (web-misc.rules)
1054 <-> WEB-MISC weblogic/tomcat .jsp view source attempt (web-misc.rules)
1056 <-> WEB-MISC Tomcat view source attempt (web-misc.rules)
1057 <-> WEB-MISC ftp attempt (web-misc.rules)
1058 <-> WEB-MISC xp_enumdsn attempt (web-misc.rules)
1059 <-> WEB-MISC xp_filelist attempt (web-misc.rules)
1060 <-> WEB-MISC xp_availablemedia attempt (web-misc.rules)
1061 <-> WEB-MISC xp_cmdshell attempt (web-misc.rules)
1062 <-> WEB-MISC nc.exe attempt (web-misc.rules)
1064 <-> WEB-MISC wsh attempt (web-misc.rules)
1065 <-> WEB-MISC rcmd attempt (web-misc.rules)
1066 <-> WEB-MISC telnet attempt (web-misc.rules)
1067 <-> WEB-MISC net attempt (web-misc.rules)
1068 <-> WEB-MISC tftp attempt (web-misc.rules)
1069 <-> WEB-MISC xp_regread attempt (web-misc.rules)
1070 <-> WEB-MISC WebDAV search access (web-misc.rules)
1071 <-> WEB-MISC .htpasswd access (web-misc.rules)
1072 <-> WEB-MISC Lotus Domino directory traversal (web-misc.rules)
1073 <-> WEB-MISC webhits.exe access (web-misc.rules)
1075 <-> WEB-IIS postinfo.asp access (web-iis.rules)
1076 <-> WEB-IIS repost.asp access (web-iis.rules)
1077 <-> WEB-MISC queryhit.htm access (web-misc.rules)
1078 <-> WEB-MISC counter.exe access (web-misc.rules)
1079 <-> WEB-MISC WebDAV propfind access (web-misc.rules)
1080 <-> WEB-MISC unify eWave ServletExec upload (web-misc.rules)
1081 <-> WEB-MISC Netscape Servers suite DOS (web-misc.rules)
1082 <-> WEB-MISC amazon 1-click cookie theft (web-misc.rules)
1083 <-> WEB-MISC unify eWave ServletExec DOS (web-misc.rules)
1084 <-> WEB-MISC Allaire JRUN DOS attempt (web-misc.rules)
1085 <-> WEB-PHP strings overflow (web-php.rules)
1086 <-> WEB-PHP strings overflow (web-php.rules)
1087 <-> WEB-MISC whisker tab splice attack (web-misc.rules)
1091 <-> WEB-MISC ICQ Webfront HTTP DOS (web-misc.rules)
1095 <-> WEB-MISC Talentsoft Web+ Source Code view access (web-misc.rules)
1096 <-> WEB-MISC Talentsoft Web+ internal IP Address access (web-misc.rules)
1098 <-> WEB-MISC SmartWin CyberOffice Shopping Cart access (web-misc.rules)
1099 <-> WEB-MISC cybercop scan (web-misc.rules)
1100 <-> WEB-MISC L3retriever HTTP Probe (web-misc.rules)
1101 <-> WEB-MISC Webtrends HTTP probe (web-misc.rules)
1102 <-> WEB-MISC nessus 1.X 404 probe (web-misc.rules)
1103 <-> WEB-MISC Netscape admin passwd (web-misc.rules)
1105 <-> WEB-MISC BigBrother access (web-misc.rules)
1107 <-> WEB-MISC ftp.pl access (web-misc.rules)
1108 <-> WEB-MISC Tomcat server snoop access (web-misc.rules)
1109 <-> WEB-MISC ROXEN directory list attempt (web-misc.rules)
1110 <-> WEB-MISC apache source.asp file access (web-misc.rules)
1111 <-> WEB-MISC Tomcat server exploit access (web-misc.rules)
1112 <-> WEB-MISC http directory traversal (web-misc.rules)
1115 <-> WEB-MISC ICQ webserver DOS (web-misc.rules)
1116 <-> WEB-MISC Lotus DelDoc attempt (web-misc.rules)
1117 <-> WEB-MISC Lotus EditDoc attempt (web-misc.rules)
1118 <-> WEB-MISC ls%20-l (web-misc.rules)
1119 <-> WEB-MISC mlog.phtml access (web-misc.rules)
1120 <-> WEB-MISC mylog.phtml access (web-misc.rules)
1122 <-> WEB-MISC /etc/passwd (web-misc.rules)
1123 <-> WEB-MISC ?PageServices access (web-misc.rules)
1124 <-> WEB-MISC Ecommerce check.txt access (web-misc.rules)
1125 <-> WEB-MISC webcart access (web-misc.rules)
1126 <-> WEB-MISC AuthChangeUrl access (web-misc.rules)
1127 <-> WEB-MISC convert.bas access (web-misc.rules)
1128 <-> WEB-MISC cpshost.dll access (web-misc.rules)
1129 <-> WEB-MISC .htaccess access (web-misc.rules)
1130 <-> WEB-MISC .wwwacl access (web-misc.rules)
1131 <-> WEB-MISC .wwwacl access (web-misc.rules)
1132 <-> WEB-MISC Netscape Unixware overflow (web-misc.rules)
1134 <-> WEB-PHP Phorum admin access (web-php.rules)
1136 <-> WEB-MISC cd.. (web-misc.rules)
1137 <-> WEB-PHP Phorum authentication access (web-php.rules)
1139 <-> WEB-MISC whisker HEAD/./ (web-misc.rules)
1140 <-> WEB-MISC guestbook.pl access (web-misc.rules)
1141 <-> WEB-MISC handler access (web-misc.rules)
1142 <-> WEB-MISC /.... access (web-misc.rules)
1145 <-> WEB-MISC /~root access (web-misc.rules)
1146 <-> WEB-MISC Ecommerce import.txt access (web-misc.rules)
1147 <-> WEB-MISC cat%20 access (web-misc.rules)
1148 <-> WEB-MISC Ecommerce import.txt access (web-misc.rules)
1150 <-> WEB-MISC Domino catalog.nsf access (web-misc.rules)
1151 <-> WEB-MISC Domino domcfg.nsf access (web-misc.rules)
1152 <-> WEB-MISC Domino domlog.nsf access (web-misc.rules)
1153 <-> WEB-MISC Domino log.nsf access (web-misc.rules)
1154 <-> WEB-MISC Domino names.nsf access (web-misc.rules)
1155 <-> WEB-MISC Ecommerce checks.txt access (web-misc.rules)
1156 <-> WEB-MISC apache directory disclosure attempt (web-misc.rules)
1157 <-> WEB-MISC Netscape PublishingXpert access (web-misc.rules)
1158 <-> WEB-MISC windmail.exe access (web-misc.rules)
1159 <-> WEB-MISC webplus access (web-misc.rules)
1160 <-> WEB-MISC Netscape dir index wp (web-misc.rules)
1161 <-> WEB-PHP piranha passwd.php3 access (web-php.rules)
1162 <-> WEB-MISC cart 32 AdminPwd access (web-misc.rules)
1164 <-> WEB-MISC shopping cart access (web-misc.rules)
1165 <-> WEB-MISC Novell Groupwise gwweb.exe access (web-misc.rules)
1166 <-> WEB-MISC ws_ftp.ini access (web-misc.rules)
1167 <-> WEB-MISC rpm_query access (web-misc.rules)
1168 <-> WEB-MISC mall log order access (web-misc.rules)
1171 <-> WEB-MISC whisker HEAD with large datagram (web-misc.rules)
1173 <-> WEB-MISC architext_query.pl access (web-misc.rules)
1175 <-> WEB-MISC wwwboard.pl access (web-misc.rules)
1177 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
1178 <-> WEB-PHP Phorum read access (web-php.rules)
1179 <-> WEB-PHP Phorum violation access (web-php.rules)
1180 <-> WEB-MISC get32.exe access (web-misc.rules)
1181 <-> WEB-MISC Annex Terminal DOS attempt (web-misc.rules)
1183 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
1184 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
1186 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
1187 <-> WEB-MISC SalesLogix Eviewer web command attempt (web-misc.rules)
1188 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
1189 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
1190 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
1191 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
1192 <-> WEB-MISC Trend Micro OfficeScan access (web-misc.rules)
1193 <-> WEB-MISC oracle web arbitrary command execution attempt (web-misc.rules)
1197 <-> WEB-PHP Phorum code access (web-php.rules)
1198 <-> WEB-MISC Netscape Enterprise Server directory view (web-misc.rules)
1199 <-> WEB-MISC Compaq Insight directory traversal (web-misc.rules)
1202 <-> WEB-MISC search.vts access (web-misc.rules)
1207 <-> WEB-MISC htgrep access (web-misc.rules)
1209 <-> WEB-MISC .nsconfig access (web-misc.rules)
1212 <-> WEB-MISC Admin_files access (web-misc.rules)
1213 <-> WEB-MISC backup access (web-misc.rules)
1214 <-> WEB-MISC intranet access (web-misc.rules)
1216 <-> WEB-MISC filemail access (web-misc.rules)
1217 <-> WEB-MISC plusmail access (web-misc.rules)
1218 <-> WEB-MISC adminlogin access (web-misc.rules)
1220 <-> WEB-MISC ultraboard access (web-misc.rules)
1221 <-> WEB-MISC musicat empower access (web-misc.rules)
1224 <-> WEB-MISC ROADS search.pl attempt (web-misc.rules)
1230 <-> WEB-MISC VirusWall FtpSave access (web-misc.rules)
1231 <-> WEB-MISC VirusWall catinfo access (web-misc.rules)
1232 <-> WEB-MISC VirusWall catinfo access (web-misc.rules)
1234 <-> WEB-MISC VirusWall FtpSaveCSP access (web-misc.rules)
1235 <-> WEB-MISC VirusWall FtpSaveCVP access (web-misc.rules)
1241 <-> WEB-MISC SWEditServlet directory traversal attempt (web-misc.rules)
1242 <-> WEB-IIS ISAPI .ida access (web-iis.rules)
1243 <-> WEB-IIS ISAPI .ida attempt (web-iis.rules)
1244 <-> WEB-IIS ISAPI .idq attempt (web-iis.rules)
1245 <-> WEB-IIS ISAPI .idq access (web-iis.rules)
1248 <-> WEB-FRONTPAGE rad fp30reg.dll access (web-frontpage.rules)
1249 <-> WEB-FRONTPAGE frontpage rad fp4areg.dll access (web-frontpage.rules)
1250 <-> WEB-MISC Cisco IOS HTTP configuration attempt (web-misc.rules)
1254 <-> WEB-PHP PHPLIB remote command attempt (web-php.rules)
1255 <-> WEB-PHP PHPLIB remote command attempt (web-php.rules)
1256 <-> WEB-IIS CodeRed v2 root.exe access (web-iis.rules)
1258 <-> WEB-MISC HP OpenView Manager DOS (web-misc.rules)
1259 <-> WEB-MISC SWEditServlet access (web-misc.rules)
1260 <-> WEB-MISC long basic authorization string (web-misc.rules)
1283 <-> WEB-IIS outlook web dos (web-iis.rules)
1285 <-> WEB-IIS msdac access (web-iis.rules)
1286 <-> WEB-IIS _mem_bin access (web-iis.rules)
1287 <-> WEB-IIS scripts access (web-iis.rules)
1288 <-> WEB-FRONTPAGE /_vti_bin/ access (web-frontpage.rules)
1291 <-> WEB-MISC sml3com access (web-misc.rules)
1300 <-> WEB-PHP admin.php file upload attempt (web-php.rules)
1301 <-> WEB-PHP admin.php access (web-php.rules)
1302 <-> WEB-MISC console.exe access (web-misc.rules)
1303 <-> WEB-MISC cs.exe access (web-misc.rules)
1374 <-> WEB-MISC .htgroup access (web-misc.rules)
1375 <-> WEB-MISC sadmind worm access (web-misc.rules)
1376 <-> WEB-MISC jrun directory browse attempt (web-misc.rules)
1380 <-> WEB-IIS Form_VBScript.asp access (web-iis.rules)
1381 <-> WEB-MISC Trend Micro OfficeScan attempt (web-misc.rules)
1385 <-> WEB-MISC mod-plsql administration access (web-misc.rules)
1389 <-> WEB-MISC viewcode.jse access (web-misc.rules)
1391 <-> WEB-MISC Phorecast remote code execution attempt (web-misc.rules)
1399 <-> WEB-PHP PHP-Nuke remote file include attempt (web-php.rules)
1400 <-> WEB-IIS /scripts/samples/ access (web-iis.rules)
1401 <-> WEB-IIS /msadc/samples/ access (web-iis.rules)
1402 <-> WEB-IIS iissamples access (web-iis.rules)
1403 <-> WEB-MISC viewcode access (web-misc.rules)
1404 <-> WEB-MISC showcode access (web-misc.rules)
1407 <-> WEB-PHP smssend.php access (web-php.rules)
1423 <-> WEB-PHP content-disposition memchr overflow (web-php.rules)
1425 <-> WEB-PHP content-disposition file upload attempt (web-php.rules)
1433 <-> WEB-MISC .history access (web-misc.rules)
1434 <-> WEB-MISC .bash_history access (web-misc.rules)
1485 <-> WEB-IIS mkilog.exe access (web-iis.rules)
1486 <-> WEB-IIS ctss.idc access (web-iis.rules)
1487 <-> WEB-IIS /iisadmpwd/aexp2.htr access (web-iis.rules)
1489 <-> WEB-MISC /~nobody access (web-misc.rules)
1490 <-> WEB-PHP Phorum /support/common.php attempt (web-php.rules)
1491 <-> WEB-PHP Phorum /support/common.php access (web-php.rules)
1492 <-> WEB-MISC RBS ISP /newuser  directory traversal attempt (web-misc.rules)
1493 <-> WEB-MISC RBS ISP /newuser access (web-misc.rules)
1497 <-> WEB-MISC cross site scripting attempt (web-misc.rules)
1498 <-> WEB-MISC PIX firewall manager directory traversal attempt (web-misc.rules)
1499 <-> WEB-MISC SiteScope Service access (web-misc.rules)
1500 <-> WEB-MISC ExAir access (web-misc.rules)
1518 <-> WEB-MISC nstelemetry.adp access (web-misc.rules)
1519 <-> WEB-MISC apache ?M=D directory list attempt (web-misc.rules)
1520 <-> WEB-MISC server-info access (web-misc.rules)
1521 <-> WEB-MISC server-status access (web-misc.rules)
1522 <-> WEB-MISC ans.pl attempt (web-misc.rules)
1523 <-> WEB-MISC ans.pl access (web-misc.rules)
1524 <-> WEB-MISC AxisStorpoint CD attempt (web-misc.rules)
1525 <-> WEB-MISC Axis Storpoint CD access (web-misc.rules)
1526 <-> WEB-MISC basilix sendmail.inc access (web-misc.rules)
1527 <-> WEB-MISC basilix mysql.class access (web-misc.rules)
1528 <-> WEB-MISC BBoard access (web-misc.rules)
1540 <-> WEB-COLDFUSION ?Mode=debug attempt (web-coldfusion.rules)
1544 <-> WEB-MISC Cisco Catalyst command execution attempt (web-misc.rules)
1546 <-> WEB-MISC Cisco /%% DOS attempt (web-misc.rules)
1551 <-> WEB-MISC /CVS/Entries access (web-misc.rules)
1552 <-> WEB-MISC cvsweb version access (web-misc.rules)
1558 <-> WEB-MISC Delegate whois overflow attempt (web-misc.rules)
1559 <-> WEB-MISC /doc/packages access (web-misc.rules)
1560 <-> WEB-MISC /doc/ access (web-misc.rules)
1563 <-> WEB-MISC login.htm attempt (web-misc.rules)
1564 <-> WEB-MISC login.htm access (web-misc.rules)
1567 <-> WEB-IIS /exchange/root.asp attempt (web-iis.rules)
1568 <-> WEB-IIS /exchange/root.asp access (web-iis.rules)
1575 <-> WEB-MISC Domino mab.nsf access (web-misc.rules)
1576 <-> WEB-MISC Domino cersvr.nsf access (web-misc.rules)
1577 <-> WEB-MISC Domino setup.nsf access (web-misc.rules)
1578 <-> WEB-MISC Domino statrep.nsf access (web-misc.rules)
1579 <-> WEB-MISC Domino webadmin.nsf access (web-misc.rules)
1580 <-> WEB-MISC Domino events4.nsf access (web-misc.rules)
1581 <-> WEB-MISC Domino ntsync4.nsf access (web-misc.rules)
1582 <-> WEB-MISC Domino collect4.nsf access (web-misc.rules)
1583 <-> WEB-MISC Domino mailw46.nsf access (web-misc.rules)
1584 <-> WEB-MISC Domino bookmark.nsf access (web-misc.rules)
1585 <-> WEB-MISC Domino agentrunner.nsf access (web-misc.rules)
1586 <-> WEB-MISC Domino mail.box access (web-misc.rules)
1587 <-> WEB-MISC cgitest.exe access (web-misc.rules)
1588 <-> WEB-MISC SalesLogix Eviewer access (web-misc.rules)
1589 <-> WEB-MISC musicat empower attempt (web-misc.rules)
1595 <-> WEB-IIS htimage.exe access (web-iis.rules)
1603 <-> WEB-MISC DELETE attempt (web-misc.rules)
1604 <-> WEB-MISC iChat directory traversal attempt (web-misc.rules)
1612 <-> WEB-MISC ftp.pl attempt (web-misc.rules)
1613 <-> WEB-MISC handler attempt (web-misc.rules)
1614 <-> WEB-MISC Novell Groupwise gwweb.exe attempt (web-misc.rules)
1615 <-> WEB-MISC htgrep attempt (web-misc.rules)
1618 <-> WEB-IIS .asp chunked Transfer-Encoding (web-iis.rules)
1626 <-> WEB-IIS /StoreCSVS/InstantOrder.asmx request (web-iis.rules)
1659 <-> WEB-COLDFUSION sendmail.cfm access (web-coldfusion.rules)
1660 <-> WEB-IIS trace.axd access (web-iis.rules)
1661 <-> WEB-IIS cmd32.exe access (web-iis.rules)
1662 <-> WEB-MISC /~ftp access (web-misc.rules)
1663 <-> WEB-MISC *%20.pl access (web-misc.rules)
1664 <-> WEB-MISC mkplog.exe access (web-misc.rules)
1667 <-> WEB-MISC cross site scripting HTML Image tag set to javascript attempt (web-misc.rules)
1670 <-> WEB-MISC /home/ftp access (web-misc.rules)
1671 <-> WEB-MISC /home/www access (web-misc.rules)
1725 <-> WEB-IIS +.htr code fragment attempt (web-iis.rules)
1726 <-> WEB-IIS doctodep.btr access (web-iis.rules)
1736 <-> WEB-PHP squirrel mail spell-check arbitrary command attempt (web-php.rules)
1737 <-> WEB-PHP squirrel mail theme arbitrary command attempt (web-php.rules)
1738 <-> WEB-MISC global.inc access (web-misc.rules)
1739 <-> WEB-PHP DNSTools administrator authentication bypass attempt (web-php.rules)
1740 <-> WEB-PHP DNSTools authentication bypass attempt (web-php.rules)
1741 <-> WEB-PHP DNSTools access (web-php.rules)
1742 <-> WEB-PHP Blahz-DNS dostuff.php modify user attempt (web-php.rules)
1743 <-> WEB-PHP Blahz-DNS dostuff.php access (web-php.rules)
1744 <-> WEB-MISC SecureSite authentication bypass attempt (web-misc.rules)
1745 <-> WEB-PHP Messagerie supp_membre.php access (web-php.rules)
1750 <-> WEB-IIS users.xml access (web-iis.rules)
1753 <-> WEB-IIS as_web.exe access (web-iis.rules)
1754 <-> WEB-IIS as_web4.exe access (web-iis.rules)
1756 <-> WEB-IIS NewsPro administration authentication attempt (web-iis.rules)
1757 <-> WEB-MISC b2 arbitrary command execution attempt (web-misc.rules)
1766 <-> WEB-MISC search.dll directory listing attempt (web-misc.rules)
1767 <-> WEB-MISC search.dll access (web-misc.rules)
1769 <-> WEB-MISC .DS_Store access (web-misc.rules)
1770 <-> WEB-MISC .FBCIndex access (web-misc.rules)
1772 <-> WEB-IIS pbserver access (web-iis.rules)
1773 <-> WEB-PHP php.exe access (web-php.rules)
1774 <-> WEB-PHP bb_smilies.php access (web-php.rules)
1802 <-> WEB-IIS .asa HTTP header buffer overflow attempt (web-iis.rules)
1803 <-> WEB-IIS .cer HTTP header buffer overflow attempt (web-iis.rules)
1804 <-> WEB-IIS .cdx HTTP header buffer overflow attempt (web-iis.rules)
1806 <-> WEB-IIS .htr chunked Transfer-Encoding (web-iis.rules)
1807 <-> WEB-MISC Chunked-Encoding transfer attempt (web-misc.rules)
1808 <-> WEB-MISC apache chunked encoding memory corruption exploit attempt (web-misc.rules)
1809 <-> WEB-MISC Apache Chunked-Encoding worm attempt (web-misc.rules)
1814 <-> WEB-MISC CISCO VoIP DOS ATTEMPT (web-misc.rules)
1815 <-> WEB-PHP directory.php arbitrary command attempt (web-php.rules)
1816 <-> WEB-PHP directory.php access (web-php.rules)
1817 <-> WEB-IIS MS Site Server default login attempt (web-iis.rules)
1818 <-> WEB-IIS MS Site Server admin attempt (web-iis.rules)
1820 <-> WEB-MISC IBM Net.Commerce orderdspc.d2w access (web-misc.rules)
1826 <-> WEB-MISC WEB-INF access (web-misc.rules)
1827 <-> WEB-MISC Tomcat servlet mapping cross site scripting attempt (web-misc.rules)
1828 <-> WEB-MISC iPlanet Search directory traversal attempt (web-misc.rules)
1829 <-> WEB-MISC Tomcat TroubleShooter servlet access (web-misc.rules)
1830 <-> WEB-MISC Tomcat SnoopServlet servlet access (web-misc.rules)
1831 <-> WEB-MISC jigsaw dos attempt (web-misc.rules)
1834 <-> WEB-PHP PHP-Wiki cross site scripting attempt (web-php.rules)
1835 <-> WEB-MISC Macromedia SiteSpring cross site scripting attempt (web-misc.rules)
1839 <-> WEB-MISC mailman cross site scripting attempt (web-misc.rules)
1847 <-> WEB-MISC webalizer access (web-misc.rules)
1848 <-> WEB-MISC webcart-lite access (web-misc.rules)
1849 <-> WEB-MISC webfind.exe access (web-misc.rules)
1851 <-> WEB-MISC active.log access (web-misc.rules)
1852 <-> WEB-MISC robots.txt access (web-misc.rules)
1857 <-> WEB-MISC robot.txt access (web-misc.rules)
1858 <-> WEB-MISC CISCO PIX Firewall Manager directory traversal attempt (web-misc.rules)
1859 <-> WEB-MISC Sun JavaServer default password login attempt (web-misc.rules)
1860 <-> WEB-MISC Linksys router default password login attempt (web-misc.rules)
1861 <-> WEB-MISC Linksys router default username and password login attempt (web-misc.rules)
1871 <-> WEB-MISC Oracle XSQLConfig.xml access (web-misc.rules)
1872 <-> WEB-MISC Oracle Dynamic Monitoring Services dms access (web-misc.rules)
1873 <-> WEB-MISC globals.jsa access (web-misc.rules)
1874 <-> WEB-MISC Oracle Java Process Manager access (web-misc.rules)
1880 <-> WEB-MISC oracle web application server access (web-misc.rules)
1881 <-> WEB-MISC bad HTTP/1.1 request, Potentially worm attack (web-misc.rules)
1943 <-> WEB-MISC /Carello/add.exe access (web-misc.rules)
1944 <-> WEB-MISC /ecscripts/ecware.exe access (web-misc.rules)
1946 <-> WEB-MISC answerbook2 admin attempt (web-misc.rules)
1947 <-> WEB-MISC answerbook2 arbitrary command execution attempt (web-misc.rules)
1967 <-> WEB-PHP phpbb quick-reply.php arbitrary command attempt (web-php.rules)
1968 <-> WEB-PHP phpbb quick-reply.php access (web-php.rules)
1969 <-> WEB-MISC ion-p access (web-misc.rules)
1970 <-> WEB-IIS MDAC Content-Type overflow attempt (web-iis.rules)
1977 <-> WEB-MISC xp_regwrite attempt (web-misc.rules)
1978 <-> WEB-MISC xp_regdeletekey attempt (web-misc.rules)
1979 <-> WEB-MISC perl post attempt (web-misc.rules)
1997 <-> WEB-PHP read_body.php access attempt (web-php.rules)
1998 <-> WEB-PHP calendar.php access (web-php.rules)
1999 <-> WEB-PHP edit_image.php access (web-php.rules)
2000 <-> WEB-PHP readmsg.php access (web-php.rules)
2002 <-> WEB-PHP remote include path (web-php.rules)
2056 <-> WEB-MISC TRACE attempt (web-misc.rules)
2057 <-> WEB-MISC helpout.exe access (web-misc.rules)
2058 <-> WEB-MISC MsmMask.exe attempt (web-misc.rules)
2059 <-> WEB-MISC MsmMask.exe access (web-misc.rules)
2060 <-> WEB-MISC DB4Web access (web-misc.rules)
2061 <-> WEB-MISC Tomcat null byte directory listing attempt (web-misc.rules)
2062 <-> WEB-MISC iPlanet .perf access (web-misc.rules)
2063 <-> WEB-MISC Demarc SQL injection attempt (web-misc.rules)
2064 <-> WEB-MISC Lotus Notes .csp script source download attempt (web-misc.rules)
2065 <-> WEB-MISC Lotus Notes .csp script source download attempt (web-misc.rules)
2066 <-> WEB-MISC Lotus Notes .pl script source download attempt (web-misc.rules)
2067 <-> WEB-MISC Lotus Notes .exe script source download attempt (web-misc.rules)
2068 <-> WEB-MISC BitKeeper arbitrary command attempt (web-misc.rules)
2069 <-> WEB-MISC chip.ini access (web-misc.rules)
2070 <-> WEB-MISC post32.exe arbitrary command attempt (web-misc.rules)
2071 <-> WEB-MISC post32.exe access (web-misc.rules)
2072 <-> WEB-MISC lyris.pl access (web-misc.rules)
2073 <-> WEB-MISC globals.pl access (web-misc.rules)
2074 <-> WEB-PHP Mambo uploadimage.php upload php file attempt (web-php.rules)
2075 <-> WEB-PHP Mambo upload.php upload php file attempt (web-php.rules)
2076 <-> WEB-PHP Mambo uploadimage.php access (web-php.rules)
2077 <-> WEB-PHP Mambo upload.php access (web-php.rules)
2078 <-> WEB-PHP phpBB privmsg.php access (web-php.rules)
2090 <-> WEB-IIS WEBDAV exploit attempt (web-iis.rules)
2091 <-> WEB-IIS WEBDAV nessus safe scan attempt (web-iis.rules)
2117 <-> WEB-IIS Battleaxe Forum login.asp access (web-iis.rules)
2129 <-> WEB-IIS nsiislog.dll access (web-iis.rules)
2130 <-> WEB-IIS IISProtect siteadmin.asp access (web-iis.rules)
2131 <-> WEB-IIS IISProtect access (web-iis.rules)
2132 <-> WEB-IIS Synchrologic Email Accelerator userid list access attempt (web-iis.rules)
2133 <-> WEB-IIS MS BizTalk server access (web-iis.rules)
2134 <-> WEB-IIS register.asp access (web-iis.rules)
2135 <-> WEB-MISC philboard.mdb access (web-misc.rules)
2136 <-> WEB-MISC philboard_admin.asp authentication bypass attempt (web-misc.rules)
2137 <-> WEB-MISC philboard_admin.asp access (web-misc.rules)
2138 <-> WEB-MISC logicworks.ini access (web-misc.rules)
2139 <-> WEB-MISC /*.shtml access (web-misc.rules)
2140 <-> WEB-PHP p-news.php access (web-php.rules)
2141 <-> WEB-PHP shoutbox.php directory traversal attempt (web-php.rules)
2142 <-> WEB-PHP shoutbox.php access (web-php.rules)
2143 <-> WEB-PHP b2 cafelog gm-2-b2.php remote file include attempt (web-php.rules)
2144 <-> WEB-PHP b2 cafelog gm-2-b2.php access (web-php.rules)
2145 <-> WEB-PHP TextPortal admin.php default password admin attempt (web-php.rules)
2146 <-> WEB-PHP TextPortal admin.php default password 12345 attempt (web-php.rules)
2147 <-> WEB-PHP BLNews objects.inc.php4 remote file include attempt (web-php.rules)
2148 <-> WEB-PHP BLNews objects.inc.php4 access (web-php.rules)
2149 <-> WEB-PHP Turba status.php access (web-php.rules)
2150 <-> WEB-PHP ttCMS header.php remote file include attempt (web-php.rules)
2151 <-> WEB-PHP ttCMS header.php access (web-php.rules)
2152 <-> WEB-PHP test.php access (web-php.rules)
2153 <-> WEB-PHP autohtml.php directory traversal attempt (web-php.rules)
2154 <-> WEB-PHP autohtml.php access (web-php.rules)
2155 <-> WEB-PHP ttforum remote file include attempt (web-php.rules)
2156 <-> WEB-MISC mod_gzip_status access (web-misc.rules)
2157 <-> WEB-IIS IISProtect globaladmin.asp access (web-iis.rules)
2226 <-> WEB-PHP pmachine remote file include attempt (web-php.rules)
2227 <-> WEB-PHP forum_details.php access (web-php.rules)
2228 <-> WEB-PHP phpMyAdmin db_details_importdocsql.php access (web-php.rules)
2229 <-> WEB-PHP viewtopic.php access (web-php.rules)
2230 <-> WEB-MISC NetGear router default password login attempt admin/password (web-misc.rules)
2231 <-> WEB-MISC register.dll access (web-misc.rules)
2232 <-> WEB-MISC ContentFilter.dll access (web-misc.rules)
2233 <-> WEB-MISC SFNofitication.dll access (web-misc.rules)
2234 <-> WEB-MISC TOP10.dll access (web-misc.rules)
2235 <-> WEB-MISC SpamExcp.dll access (web-misc.rules)
2236 <-> WEB-MISC spamrule.dll access (web-misc.rules)
2237 <-> WEB-MISC cgiWebupdate.exe access (web-misc.rules)
2238 <-> WEB-MISC WebLogic ConsoleHelp view source attempt (web-misc.rules)
2239 <-> WEB-MISC redirect.exe access (web-misc.rules)
2240 <-> WEB-MISC changepw.exe access (web-misc.rules)
2241 <-> WEB-MISC cwmail.exe access (web-misc.rules)
2242 <-> WEB-MISC ddicgi.exe access (web-misc.rules)
2243 <-> WEB-MISC ndcgi.exe access (web-misc.rules)
2244 <-> WEB-MISC VsSetCookie.exe access (web-misc.rules)
2245 <-> WEB-MISC Webnews.exe access (web-misc.rules)
2246 <-> WEB-MISC webadmin.dll access (web-misc.rules)
2247 <-> WEB-IIS UploadScript11.asp access (web-iis.rules)
2248 <-> WEB-IIS DirectoryListing.asp access (web-iis.rules)
2249 <-> WEB-IIS /pcadmin/login.asp access (web-iis.rules)
2276 <-> WEB-MISC oracle portal demo access (web-misc.rules)
2277 <-> WEB-MISC PeopleSoft PeopleBooks psdoccgi access (web-misc.rules)
2278 <-> WEB-MISC client negative Content-Length attempt (web-misc.rules)
2279 <-> WEB-PHP UpdateClasses.php access (web-php.rules)
2280 <-> WEB-PHP Title.php access (web-php.rules)
2281 <-> WEB-PHP Setup.php access (web-php.rules)
2282 <-> WEB-PHP GlobalFunctions.php access (web-php.rules)
2283 <-> WEB-PHP DatabaseFunctions.php access (web-php.rules)
2284 <-> WEB-PHP rolis guestbook remote file include attempt (web-php.rules)
2285 <-> WEB-PHP rolis guestbook access (web-php.rules)
2286 <-> WEB-PHP friends.php access (web-php.rules)
2287 <-> WEB-PHP Advanced Poll admin_comment.php access (web-php.rules)
2288 <-> WEB-PHP Advanced Poll admin_edit.php access (web-php.rules)
2289 <-> WEB-PHP Advanced Poll admin_embed.php access (web-php.rules)
2290 <-> WEB-PHP Advanced Poll admin_help.php access (web-php.rules)
2291 <-> WEB-PHP Advanced Poll admin_license.php access (web-php.rules)
2292 <-> WEB-PHP Advanced Poll admin_logout.php access (web-php.rules)
2293 <-> WEB-PHP Advanced Poll admin_password.php access (web-php.rules)
2294 <-> WEB-PHP Advanced Poll admin_preview.php access (web-php.rules)
2295 <-> WEB-PHP Advanced Poll admin_settings.php access (web-php.rules)
2296 <-> WEB-PHP Advanced Poll admin_stats.php access (web-php.rules)
2297 <-> WEB-PHP Advanced Poll admin_templates_misc.php access (web-php.rules)
2298 <-> WEB-PHP Advanced Poll admin_templates.php access (web-php.rules)
2299 <-> WEB-PHP Advanced Poll admin_tpl_misc_new.php access (web-php.rules)
2300 <-> WEB-PHP Advanced Poll admin_tpl_new.php access (web-php.rules)
2301 <-> WEB-PHP Advanced Poll booth.php access (web-php.rules)
2302 <-> WEB-PHP Advanced Poll poll_ssi.php access (web-php.rules)
2303 <-> WEB-PHP Advanced Poll popup.php access (web-php.rules)
2304 <-> WEB-PHP files.inc.php access (web-php.rules)
2305 <-> WEB-PHP chatbox.php access (web-php.rules)
2306 <-> WEB-PHP gallery remote file include attempt (web-php.rules)
2307 <-> WEB-PHP PayPal Storefront remote file include attempt (web-php.rules)
2321 <-> WEB-IIS foxweb.exe access (web-iis.rules)
2322 <-> WEB-IIS foxweb.dll access (web-iis.rules)
2324 <-> WEB-IIS VP-ASP shopsearch.asp access (web-iis.rules)
2325 <-> WEB-IIS VP-ASP ShopDisplayProducts.asp access (web-iis.rules)
2326 <-> WEB-IIS sgdynamo.exe access (web-iis.rules)
2327 <-> WEB-MISC bsml.pl access (web-misc.rules)
2328 <-> WEB-PHP authentication_index.php access (web-php.rules)
2331 <-> WEB-PHP MatrikzGB privilege escalation attempt (web-php.rules)
2341 <-> WEB-PHP DCP-Portal remote file include editor script attempt (web-php.rules)
2342 <-> WEB-PHP DCP-Portal remote file include lib script attempt (web-php.rules)
2345 <-> WEB-PHP PhpGedView search.php access (web-php.rules)
2346 <-> WEB-PHP myPHPNuke chatheader.php access (web-php.rules)
2347 <-> WEB-PHP myPHPNuke partner.php access (web-php.rules)
2353 <-> WEB-PHP IdeaBox cord.php file include (web-php.rules)
2354 <-> WEB-PHP IdeaBox notification.php file include (web-php.rules)
2355 <-> WEB-PHP Invision Board emailer.php file include (web-php.rules)
2356 <-> WEB-PHP WebChat db_mysql.php file include (web-php.rules)
2357 <-> WEB-PHP WebChat english.php file include (web-php.rules)
2358 <-> WEB-PHP Typo3 translations.php file include (web-php.rules)
2359 <-> WEB-PHP Invision Board ipchat.php file include (web-php.rules)
2360 <-> WEB-PHP myphpPagetool pt_config.inc file include (web-php.rules)
2361 <-> WEB-PHP news.php file include (web-php.rules)
2362 <-> WEB-PHP YaBB SE packages.php file include (web-php.rules)
2363 <-> WEB-PHP Cyboards default_header.php access (web-php.rules)
2364 <-> WEB-PHP Cyboards options_form.php access (web-php.rules)
2365 <-> WEB-PHP newsPHP Language file include attempt (web-php.rules)
2366 <-> WEB-PHP PhpGedView PGV authentication_index.php base directory manipulation attempt (web-php.rules)
2367 <-> WEB-PHP PhpGedView PGV functions.php base directory manipulation attempt (web-php.rules)
2368 <-> WEB-PHP PhpGedView PGV config_gedcom.php base directory manipulation attempt (web-php.rules)
2369 <-> WEB-MISC ISAPISkeleton.dll access (web-misc.rules)
2370 <-> WEB-MISC BugPort config.conf file access (web-misc.rules)
2371 <-> WEB-MISC Sample_showcode.html access (web-misc.rules)
2372 <-> WEB-PHP Photopost PHP Pro showphoto.php access (web-php.rules)
2381 <-> WEB-MISC schema overflow attempt (web-misc.rules)
2386 <-> WEB-IIS NTLM ASN1 vulnerability scan attempt (web-iis.rules)
2393 <-> WEB-PHP /_admin access (web-php.rules)
2394 <-> WEB-MISC Compaq web-based management agent denial of service attempt (web-misc.rules)
2395 <-> WEB-MISC InteractiveQuery.jsp access (web-misc.rules)
2398 <-> WEB-PHP WAnewsletter newsletter.php file include attempt (web-php.rules)
2399 <-> WEB-PHP WAnewsletter db_type.php access (web-php.rules)
2400 <-> WEB-MISC edittag.pl access (web-misc.rules)
2405 <-> WEB-PHP phptest.php access (web-php.rules)
2407 <-> WEB-MISC util.pl access (web-misc.rules)
2408 <-> WEB-MISC Invision Power Board search.pl access (web-misc.rules)
2410 <-> WEB-PHP IGeneric Free Shopping Cart page.php access (web-php.rules)
2411 <-> WEB-MISC Real Server DESCRIBE buffer overflow attempt (web-misc.rules)
2441 <-> WEB-MISC NetObserve authentication bypass attempt (web-misc.rules)
2442 <-> WEB-MISC Quicktime User-Agent buffer overflow attempt (web-misc.rules)
2447 <-> WEB-MISC ServletManager access (web-misc.rules)
2448 <-> WEB-MISC setinfo.hts access (web-misc.rules)
2484 <-> WEB-MISC source.jsp access (web-misc.rules)
2515 <-> WEB-MISC PCT Client_Hello overflow attempt (web-misc.rules)
2520 <-> WEB-MISC SSLv3 Client_Hello request (web-misc.rules)
2521 <-> WEB-MISC SSLv3 Server_Hello request (web-misc.rules)
2522 <-> WEB-MISC SSLv3 invalid Client_Hello attempt (web-misc.rules)
2562 <-> WEB-MISC McAfee ePO file upload attempt (web-misc.rules)
2565 <-> WEB-PHP modules.php access (web-php.rules)
2566 <-> WEB-PHP PHPBB viewforum.php access (web-php.rules)
2569 <-> WEB-MISC cPanel resetpass access (web-misc.rules)
2570 <-> WEB-MISC Invalid HTTP Version String (web-misc.rules)
2571 <-> WEB-IIS SmarterTools SmarterMail frmGetAttachment.aspx access (web-iis.rules)
2572 <-> WEB-IIS SmarterTools SmarterMail login.aspx buffer overflow attempt (web-iis.rules)
2573 <-> WEB-IIS SmarterTools SmarterMail frmCompose.asp access (web-iis.rules)
2575 <-> WEB-PHP Opt-X header.php remote file include attempt (web-php.rules)
2580 <-> WEB-MISC server negative Content-Length attempt (web-misc.rules)
2581 <-> WEB-MISC Crystal Reports crystalimagehandler.aspx access (web-misc.rules)
2582 <-> WEB-MISC Crystal Reports crystalImageHandler.aspx directory traversal attempt (web-misc.rules)
2585 <-> WEB-MISC nessus 2.x 404 probe (web-misc.rules)
2588 <-> WEB-PHP TUTOS path disclosure attempt (web-php.rules)
2597 <-> WEB-MISC Samba SWAT Authorization overflow attempt (web-misc.rules)
2598 <-> WEB-MISC Samba SWAT Authorization port 901 overflow attempt (web-misc.rules)
2654 <-> WEB-PHP PHPNuke Forum viewtopic SQL insertion attempt (web-php.rules)
2656 <-> WEB-MISC SSLv2 Client_Hello Challenge Length overflow attempt (web-misc.rules)
2657 <-> WEB-MISC SSLv2 Client_Hello with pad Challenge Length overflow attempt (web-misc.rules)
2658 <-> WEB-MISC SSLv2 Client_Hello request (web-misc.rules)
2659 <-> WEB-MISC SSLv2 Client_Hello with pad request (web-misc.rules)
2660 <-> WEB-MISC SSLv2 Server_Hello request (web-misc.rules)
2661 <-> WEB-MISC TLSv1 Client_Hello request (web-misc.rules)
2662 <-> WEB-MISC TLSv1 Server_Hello request (web-misc.rules)
2667 <-> WEB-IIS ping.asp access (web-iis.rules)
2672 <-> WEB-MISC sresult.exe access (web-misc.rules)
2701 <-> WEB-MISC Oracle iSQLPlus sid overflow attempt (web-misc.rules)
2702 <-> WEB-MISC Oracle iSQLPlus username overflow attempt (web-misc.rules)
2703 <-> WEB-MISC Oracle iSQLPlus login.uix username overflow attempt (web-misc.rules)
2704 <-> WEB-MISC Oracle 10g iSQLPlus login.unix connectID overflow attempt (web-misc.rules)
2926 <-> WEB-PHP PhpGedView PGV base directory manipulation (web-php.rules)
3059 <-> WEB-MISC TLSv1 Client_Hello via SSLv2 handshake request (web-misc.rules)
3086 <-> WEB-MISC 3Com 3CRADSL72 ADSL 11g Wireless Router app_sta.stm access attempt (web-misc.rules)
3087 <-> WEB-IIS w3who.dll buffer overflow attempt (web-iis.rules)
3150 <-> WEB-IIS SQLXML content type overflow (web-iis.rules)
3193 <-> WEB-IIS .cmd executable file parsing attack (web-iis.rules)
3194 <-> WEB-IIS .bat executable file parsing attack (web-iis.rules)
3201 <-> WEB-IIS httpodbc.dll access - nimda (web-iis.rules)
3466 <-> WEB-MISC Authorization Basic overflow attempt (web-misc.rules)
3467 <-> WEB-MISC CISCO VoIP Portinformation access (web-misc.rules)
3486 <-> WEB-MISC SSLv3 invalid data version attempt (web-misc.rules)
3518 <-> WEB-MISC MySQL MaxDB WebSQL wppassword buffer overflow (web-misc.rules)
3519 <-> WEB-MISC MySQL MaxDB WebSQL wppassword buffer overflow default port (web-misc.rules)
3544 <-> WEB-MISC TrackerCam ComGetLogFile.php3 directory traversal attempt (web-misc.rules)
3545 <-> WEB-MISC TrackerCam ComGetLogFile.php3 log information disclosure (web-misc.rules)
3546 <-> WEB-MISC TrackerCam User-Agent buffer overflow attempt (web-misc.rules)
3547 <-> WEB-MISC TrackerCam overly long php parameter overflow attempt (web-misc.rules)
3548 <-> WEB-MISC TrackerCam negative Content-Length attempt (web-misc.rules)
3629 <-> WEB-MISC sambar /search/results.stm access (web-misc.rules)
3676 <-> WEB-MISC newsscript.pl admin attempt (web-misc.rules)
3693 <-> WEB-MISC IBM WebSphere j_security_check overflow attempt (web-misc.rules)
3694 <-> WEB-MISC Squid content length cache poisoning attempt (web-misc.rules)
3816 <-> WEB-MISC BadBlue ext.dll buffer overflow attempt (web-misc.rules)
3822 <-> WEB-MISC Real Player realtext long URI request (web-misc.rules)
3823 <-> WEB-MISC Real Player realtext file bad version buffer overflow attempt (web-misc.rules)
3827 <-> WEB-PHP xmlrpc.php post attempt (web-php.rules)
4650 <-> WEB-MISC cacti graph_image.php access (web-misc.rules)
4681 <-> WEB-MISC Symantec admin interface client negative Content-Length attempt (web-misc.rules)
4985 <-> WEB-MISC Twiki rdiff rev command injection attempt (web-misc.rules)
4986 <-> WEB-MISC Twiki view rev command injection attempt (web-misc.rules)
4987 <-> WEB-MISC Twiki viewfile rev command injection attempt (web-misc.rules)
4988 <-> WEB-MISC Barracuda IMG.PL directory traversal attempt (web-misc.rules)
5695 <-> WEB-IIS web agent redirect overflow attempt (web-iis.rules)
5709 <-> WEB-PHP file upload directory traversal (web-php.rules)
5715 <-> WEB-MISC malformed ipv6 uri overflow attempt (web-misc.rules)
5997 <-> WEB-MISC WinProxy overly long host header buffer overflow attempt (web-misc.rules)
6403 <-> WEB-PHP horde help module arbitrary command execution attempt (web-php.rules)
6409 <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules)
6410 <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules)
6411 <-> WEB-FRONTPAGE frontpage server extension long host string overflow attempt (web-frontpage.rules)
6414 <-> WEB-MISC Novell GroupWise Messenger Accept-Language Header Buffer Overflow attempt (web-misc.rules)
6507 <-> WEB-MISC novell edirectory imonitor overflow attempt (web-misc.rules)
6511 <-> WEB-MISC ALT-N WebAdmin user param overflow attempt (web-misc.rules)
7027 <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
7028 <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
7029 <-> WEB-IIS frontpage server extensions 2002 cross site scripting attempt (web-iis.rules)
7070 <-> WEB-MISC encoded cross site scripting attempt (web-misc.rules)
7071 <-> WEB-MISC encoded cross site scripting HTML Image tag set to javascript attempt (web-misc.rules)
8085 <-> WEB-MISC HP Openview NNM connectedNodes.ovpl port 3443 Unix command execution attempt (web-misc.rules)
8086 <-> WEB-MISC HP Openview NNM cdpView.ovpl port 3443 Unix command execution attempt (web-misc.rules)
8087 <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl port 3443 Unix command execution attempt (web-misc.rules)
8088 <-> WEB-MISC HP Openview NNM connectedNodes.ovpl Unix command execution attempt (web-misc.rules)
8089 <-> WEB-MISC HP Openview NNM cdpView.ovpl Unix command execution attempt (web-misc.rules)
8090 <-> WEB-MISC HP Openview NNM freeIPaddrs.ovpl Unix command execution attempt (web-misc.rules)
8349 <-> WEB-IIS Indexing Service ciRestriction cross-site scripting attempt (web-iis.rules)
8426 <-> WEB-MISC SSLv2 openssl get shared ciphers overflow attempt (web-misc.rules)
8427 <-> WEB-MISC SSLv3 openssl get shared ciphers overflow attempt (web-misc.rules)
8428 <-> WEB-MISC SSLv2 openssl get shared ciphers overflow attempt (web-misc.rules)
8441 <-> WEB-MISC McAfee header buffer overflow attempt (web-misc.rules)
8444 <-> WEB-MISC Trend Micro atxconsole format string server response attempt (web-misc.rules)
8485 <-> WEB-COLDFUSION CFNEWINTERNALADMINSECURITY access (web-coldfusion.rules)
8486 <-> WEB-COLDFUSION CFNEWINTERNALREGISTRY access (web-coldfusion.rules)
8487 <-> WEB-COLDFUSION CFADMIN_REGISTRY_SET access (web-coldfusion.rules)
8488 <-> WEB-COLDFUSION CFADMIN_REGISTRY_GET access (web-coldfusion.rules)
8489 <-> WEB-COLDFUSION CFADMIN_REGISTRY_DELETE access (web-coldfusion.rules)
8490 <-> WEB-COLDFUSION viewexample.cfm access (web-coldfusion.rules)
8491 <-> WEB-COLDFUSION eval.cfm access (web-coldfusion.rules)
8492 <-> WEB-COLDFUSION openfile.cfm access (web-coldfusion.rules)
8493 <-> WEB-COLDFUSION sourcewindow.cfm access (web-coldfusion.rules)
8700 <-> WEB-IIS ASP.NET 2.0 cross-site scripting attempt (web-iis.rules)
8701 <-> WEB-MISC IceCast header buffer overflow attempt (web-misc.rules)
8708 <-> WEB-PHP Wordpress cache_lastpostdate code injection attempt (web-php.rules)
8711 <-> WEB-ATTACK Novell eDirectory HTTP redirection buffer overflow attempt (web-misc.rules)
8712 <-> WEB-PHP cacti graph_image arbitrary command execution attempt (web-php.rules)
8713 <-> WEB-PHP cacti graph_image SQL injection attempt (web-php.rules)
8714 <-> WEB-PHP cacti graph_image SQL injection attempt (web-php.rules)
8715 <-> WEB-PHP cacti graph_image SQL injection attempt (web-php.rules)
8716 <-> WEB-PHP cacti graph_image SQL injection attempt (web-php.rules)
8734 <-> WEB-PHP Pajax arbitrary command execution attempt (web-php.rules)
9620 <-> WEB-MISC pajax call_dispatcher remote exec attempt (web-misc.rules)
9791 <-> WEB-MISC .cmd? access (web-misc.rules)
10172 <-> WEB-MISC uTorrent announce buffer overflow attempt (web-misc.rules)
10195 <-> WEB-MISC Possible Content-Length buffer overflow attempt (web-misc.rules)
10990 <-> WEB-MISC encoded cross site scripting HTML Image tag attempt (web-misc.rules)
10996 <-> WEB-MISC SSLv3 Client_Hello request (web-misc.rules)
10997 <-> WEB-MISC SSLv2 OpenSSl KEY_ARG buffer overflow attempt (web-misc.rules)
11191 <-> WEB-IIS Microsoft Content Management Server memory corruption (web-iis.rules)
11193 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
11194 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
11223 <-> WEB-MISC google proxystylesheet arbitrary command execution attempt (web-misc.rules)
11272 <-> WEB-MISC Apache newline exploit attempt (web-misc.rules)
11273 <-> WEB-MISC Apache header parsing space saturation denial of service attempt (web-misc.rules)
11616 <-> WEB-MISC Symantec Sygate Policy Manager SQL injection (web-misc.rules)
11664 <-> WEB-PHP sphpblog password.txt access attempt (web-php.rules)
11665 <-> WEB-PHP sphpblog install03_cgi access attempt (web-php.rules)
11666 <-> WEB-PHP sphpblog upload_img_cgi access attempt (web-php.rules)
11667 <-> WEB-PHP sphpblog arbitrary file delete attempt (web-php.rules)
11668 <-> WEB-PHP vbulletin php code injection (web-php.rules)
11671 <-> WEB-MISC SSLv2 Server_Hello request from SSLv3 Client_Hello request (web-misc.rules)
11679 <-> WEB-MISC Apache mod_rewrite buffer overflow attempt (web-misc.rules)
11685 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
11687 <-> WEB-MISC Apache SSI error page cross-site scripting (web-misc.rules)
11834 <-> WEB-MISC Internet Explorer navcancl.htm url spoofing attempt (web-misc.rules)
11838 <-> WEB-MISC Win32 API res buffer overflow attempt (web-misc.rules)
11965 <-> WEB-MISC SSLv2 Server_Hello request from TLSv1 Client_Hello request (web-misc.rules)
12014 <-> WEB-MISC Internet Explorer navcancl.htm url spoofing attempt (web-misc.rules)
12059 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
12060 <-> WEB-MISC Oracle iSQL Plus cross site scripting attempt (web-misc.rules)
12064 <-> WEB-IIS w3svc _vti_bin null pointer dereference attempt (web-iis.rules)
12221 <-> WEB-PHP file upload GLOBAL variable overwrite attempt (web-php.rules)
12269 <-> WEB-CLIENT Microsoft Visual Basic 6 TLIApplication ActiveX clsid access (web-client.rules)
12270 <-> WEB-CLIENT Microsoft Visual Basic 6 TLIApplication ActiveX clsid unicode access (web-client.rules)
12271 <-> WEB-CLIENT Microsoft Visual Basic 6 TLIApplication ActiveX function call access (web-client.rules)
12272 <-> WEB-CLIENT Microsoft Visual Basic 6 TLIApplication ActiveX function call unicode access (web-client.rules)
12277 <-> EXPLOIT Microsoft IE CSS memory corruption exploit (exploit.rules)
12279 <-> WEB-CLIENT Microsoft XML substringData integer overflow attempt (web-client.rules)