Sourcefire VRT Rules Update

Date: 2010-03-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group, priority)

New rules:
16453 <-> SPECIFIC-THREATS SMB Negotiate Protocol response DoS attempt - empty SMB 1 (specific-threats.rules, Medium)
16454 <-> SPECIFIC-THREATS SMB Negotiate Protocol response DoS attempt - empty SMB 2 (specific-threats.rules, Medium)
16455 <-> SPYWARE-PUT Keylogger egyspy keylogger 1.13 runtime detection (spyware-put.rules, Medium)
16456 <-> SPYWARE-PUT Rogue-Software ang antivirus 09 runtime detection (spyware-put.rules, High)
16457 <-> BACKDOOR Trojan.Downloader.Win32.Cutwail.AI runtime detection (backdoor.rules, High)
16458 <-> WEB-CLIENT Autonomy KeyView SDK Excel file SST parsing integer overflow attempt (web-client.rules, High)
16459 <-> SPECIFIC-THREATS Trojan command and control communication attempt (specific-threats.rules, High)
16460 <-> WEB-MISC text/html content-type without HTML - possible malware C&C (web-misc.rules, Medium)

Updated rules:
 654 <-> SMTP RCPT TO overflow (smtp.rules, High)
1891 <-> RPC status GHBN format string attack (rpc.rules, Medium)
2487 <-> SMTP WinZip MIME content-type buffer overflow (smtp.rules, High)
2488 <-> SMTP WinZip MIME content-disposition buffer overflow (smtp.rules, High)
3083 <-> BACKDOOR Y3KRAT 1.5 Connection confirmation (backdoor.rules, Low)
3473 <-> WEB-CLIENT RealPlayer SMIL file overflow attempt (web-client.rules, High)
5760 <-> SPYWARE-PUT Hijacker marketscore runtime detection (spyware-put.rules, Low)
5764 <-> SPYWARE-PUT Hijacker begin2search runtime detection - fcgi query (spyware-put.rules, Low)
5765 <-> SPYWARE-PUT Hijacker begin2search runtime detection - ico query (spyware-put.rules, Low)
5766 <-> SPYWARE-PUT Hijacker begin2search runtime detection - install spyware trafficsector (spyware-put.rules, Low)
5767 <-> SPYWARE-PUT Hijacker begin2search runtime detection - download unauthorized code (spyware-put.rules, Low)
5768 <-> SPYWARE-PUT Hijacker begin2search runtime detection - pass information (spyware-put.rules, Low)
5769 <-> SPYWARE-PUT Hijacker begin2search runtime detection - play bingo ads (spyware-put.rules, Low)
5776 <-> SPYWARE-PUT Trickler grokster runtime detection (spyware-put.rules, Low)
5777 <-> SPYWARE-PUT Keylogger gurl watcher runtime detection (spyware-put.rules, Medium)
5785 <-> SPYWARE-PUT Adware hithopper runtime detection - get xml setting (spyware-put.rules, Low)
5786 <-> SPYWARE-PUT Adware hithopper runtime detection - redirect (spyware-put.rules, Low)
5787 <-> SPYWARE-PUT Adware hithopper runtime detection - search (spyware-put.rules, Low)
5788 <-> SPYWARE-PUT Adware hithopper runtime detection - click toolbar buttons (spyware-put.rules, Low)
5790 <-> SPYWARE-PUT Keylogger pc actmon pro runtime detection - smtp (spyware-put.rules, Medium)
5795 <-> SPYWARE-PUT Adware ist powerscan runtime detection (spyware-put.rules, Low)
5797 <-> POLICY kontiki runtime detection (policy.rules, Low)
5883 <-> SPYWARE-PUT Other-Technologies saria 1.0 runtime detection - send user information (spyware-put.rules, Low)
5911 <-> SPYWARE-PUT Adware smartpops runtime detection (spyware-put.rules, Low)
5913 <-> SPYWARE-PUT Trickler smasoft webdownloader runtime detection (spyware-put.rules, Low)
5981 <-> SPYWARE-PUT Hijacker seeqtoolbar runtime detection - autosearch hijack or search in toolbar (spyware-put.rules, Low)
5982 <-> SPYWARE-PUT Hijacker seeqtoolbar runtime detection - email login page (spyware-put.rules, Low)
6187 <-> SPYWARE-PUT Adware ISTBar runtime detection - scripts (spyware-put.rules, Low)
6188 <-> SPYWARE-PUT Adware ISTBar runtime detection - bar (spyware-put.rules, Low)
7661 <-> BACKDOOR lan filtrator 1.1 runtime detection - initial connection request (backdoor.rules, High)
7876 <-> WEB-ACTIVEX Microsoft Office Data Source Control 10.0 ActiveX clsid access (web-activex.rules, High)
7877 <-> WEB-ACTIVEX Microsoft Office Data Source Control 10.0 ActiveX clsid unicode access (web-activex.rules, High)
8709 <-> DNS Windows NAT helper components tcp denial of service attempt (dns.rules, Medium)
11669 <-> SPECIFIC-THREATS Eudora 250 command response buffer overflow attempt (specific-threats.rules, High)
11670 <-> EXPLOIT Symantec Discovery logging buffer overflow (exploit.rules, High)
11679 <-> WEB-MISC Apache mod_rewrite buffer overflow attempt (web-misc.rules, High)
11681 <-> EXPLOIT Openview Omni II command bypass attempt (exploit.rules, High)
11682 <-> SPECIFIC-THREATS Metasploit niprint_lpd module attack attempt (specific-threats.rules, High)
11834 <-> WEB-MISC Internet Explorer navcancl.htm url spoofing attempt (web-misc.rules, Medium)
11837 <-> SMTP MS Windows Mail UNC navigation remote command execution (smtp.rules, High)
11838 <-> WEB-MISC Win32 API res buffer overflow attempt (web-misc.rules, High)
11947 <-> WEB-CLIENT Windows schannel security package (web-client.rules, High)
12014 <-> WEB-MISC Internet Explorer navcancl.htm url spoofing attempt (web-misc.rules, Medium)
12070 <-> EXPLOIT Microsoft Excel malformed version field (exploit.rules, High)
12216 <-> EXPLOIT Borland interbase Create Request opcode string length buffer overflow attempt (exploit.rules, High)
12217 <-> EXPLOIT Borland interbase string length buffer overflow attempt (exploit.rules, High)
12218 <-> EXPLOIT Borland interbase string length buffer overflow attempt (exploit.rules, High)
12277 <-> EXPLOIT Microsoft IE CSS memory corruption exploit (exploit.rules, High)
12278 <-> POLICY Microsoft Media Player compressed skin download (policy.rules, High)
12358 <-> EXPLOIT Helix DNA Server RTSP require tag heap overflow (exploit.rules, High)
12425 <-> POLICY Ruckus P2P client (policy.rules, High)
12436 <-> MULTIMEDIA Youtube video player file request (multimedia.rules, High)
12437 <-> MULTIMEDIA Google video player request (multimedia.rules, High)
12455 <-> POLICY Crystal reports download request (policy.rules, High)
12456 <-> POLICY Crystal reports download (policy.rules, High)
12591 <-> DOS Apache mod_cache denial of service attempt (dos.rules, Medium)
12620 <-> SPYWARE-PUT Adware drive cleaner 1.0.111 runtime detection (spyware-put.rules, Low)
12621 <-> SPYWARE-PUT Trackware extra toolbar 1.0 runtime detection (spyware-put.rules, Medium)
12622 <-> SPYWARE-PUT Trackware extra toolbar 1.0 runtime detection - file download (spyware-put.rules, Medium)
12623 <-> SPYWARE-PUT Hijacker onestepsearch 1.0.118 runtime detection (spyware-put.rules, Low)
12625 <-> SPYWARE-PUT Keylogger windows family safety 2.0 runtime detection (spyware-put.rules, Medium)
12643 <-> WEB-CLIENT URI External handler arbitrary command attempt (web-client.rules, High)
12652 <-> SPYWARE-PUT Hijacker new.net domain 7.2.2 runtime detection - hijack browser (spyware-put.rules, Low)
12653 <-> SPYWARE-PUT Hijacker new.net domain 7.2.2 runtime detection - download code (spyware-put.rules, Low)
12656 <-> SPYWARE-PUT Adware icoo loader 2.5 runtime detection 1 (spyware-put.rules, Low)
12657 <-> SPYWARE-PUT Adware icoo loader 2.5 runtime detection 2 (spyware-put.rules, Low)
12658 <-> SPYWARE-PUT Adware winantivirus pro 2007 runtime detection (spyware-put.rules, Low)
12659 <-> SPYWARE-PUT Trickler zlob media codec runtime detection - automatic updates (spyware-put.rules, Low)
12660 <-> SPYWARE-PUT Trickler zlob media codec runtime detection - download redirect domains (spyware-put.rules, Low)
12665 <-> EXPLOIT CA BrightStor LGSever username buffer overflow attempt (exploit.rules, High)
12667 <-> EXPLOIT CA BrightStor ARCServer malicious fileupload attempt (exploit.rules, High)
12673 <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - collect information (spyware-put.rules, Medium)
12674 <-> SPYWARE-PUT Trackware searchmiracle elitebar runtime detection - track activity (spyware-put.rules, Medium)
12676 <-> SPYWARE-PUT Conspy Update Checking Detected (spyware-put.rules, Low)
12677 <-> SPYWARE-PUT Adware ISTBar runtime detection - softwares (spyware-put.rules, Low)
12678 <-> SPYWARE-PUT SpyTech Realtime Spy Detection (spyware-put.rules, Low)
12679 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar user-agent detection (spyware-put.rules, Medium)
12694 <-> SPYWARE-PUT Adware avsystemcare runtime detection (spyware-put.rules, Low)
12697 <-> SPYWARE-PUT Trackware browser accelerator runtime detection - pass user information to server (spyware-put.rules, Medium)
12698 <-> SPYWARE-PUT Keylogger net vizo 5.2 runtime detection (spyware-put.rules, Medium)
12704 <-> SMTP Lotus Notes MIF viewer MIFFILE comment overflow (smtp.rules, High)
12705 <-> SMTP Lotus Notes MIF viewer statement overflow (smtp.rules, High)
12706 <-> SMTP Lotus Notes MIF viewer statement data overflow (smtp.rules, High)
12718 <-> SPYWARE-PUT Hijacker side find 1.0 runtime detection - initial connection (spyware-put.rules, Low)
12719 <-> SPYWARE-PUT Hijacker side find 1.0 runtime detection - hijacks search engine (spyware-put.rules, Low)
12721 <-> SPYWARE-PUT Adware pestbot runtime detection - purchase (spyware-put.rules, Low)
12722 <-> SPYWARE-PUT Hijacker sexyvideoscreensaver runtime detection (spyware-put.rules, Low)
12746 <-> EXPLOIT Apple QuickTime STSD atom overflow attempt (exploit.rules, High)
12784 <-> EXPLOIT CA ARCserve Backup for Laptops rsxGetBackupLog second argument overflow (exploit.rules, High)
12786 <-> EXPLOIT CA ARCserve Backup for Laptops rsxSetDataGrowthScheduleAndFilter overflow attempt (exploit.rules, High)
12789 <-> SPYWARE-PUT Adware sunshine spy 1.0 runtime detection - check update (spyware-put.rules, Low)
12790 <-> SPYWARE-PUT Trackware partypoker runtime detection (spyware-put.rules, Medium)
12796 <-> SPYWARE-PUT Trackware happytofind toolbar runtime detection (spyware-put.rules, Medium)
12797 <-> SPYWARE-PUT Adware x-con spyware destroyer eh 3.2.8 runtime detection (spyware-put.rules, Low)
12972 <-> WEB-CLIENT Microsoft Media Player .asf markers detected (web-client.rules, High)
13158 <-> WEB_CLIENT Microsoft Media Player asf streaming format interchange data integer overflow attempt (web-client.rules, High)
13159 <-> WEB_CLIENT Microsoft Media Player asf streaming format audio error masking integer overflow attempt (web-client.rules, High)
13160 <-> WEB-CLIENT Microsft Media Player asf streaming audio spread error correction data length integer overflow attempt (web-client.rules, High)
13239 <-> SPYWARE-PUT Hijacker blue wave adult links toolbar runtime detection (spyware-put.rules, Low)
13240 <-> SPYWARE-PUT Adware live protection 2.1 runtime detection - redirects to purchase page (spyware-put.rules, Low)
13241 <-> SPYWARE-PUT Adware live protection 2.1 runtime detection - application updates (spyware-put.rules, Low)
13282 <-> SPYWARE-PUT Adware jily ie toolbar runtime detection (spyware-put.rules, Low)
13283 <-> SPYWARE-PUT Hijacker dreambar runtime detection (spyware-put.rules, Low)
13284 <-> SPYWARE-PUT Adware netguarder web cleaner runtime detection (spyware-put.rules, Low)
13292 <-> EXPLOIT Skype skype4com URI handler memory corruption attempt (exploit.rules, High)
13300 <-> WEB-CLIENT Adobe Flash Player embedded JPG image height overflow attempt (web-client.rules, High)
13301 <-> WEB-CLIENT Adobe Flash Player embedded JPG image width overflow attempt (web-client.rules, High)
13316 <-> WEB-CLIENT 3ivx MP4 file parsing ART buffer overflow attempt (web-client.rules, High)
13317 <-> WEB-CLIENT 3ivx MP4 file parsing nam buffer overflow attempt (web-client.rules, High)
13318 <-> WEB-CLIENT 3ivx MP4 file parsing cmt buffer overflow attempt (web-client.rules, High)
13319 <-> WEB-CLIENT 3ivx MP4 file parsing des buffer overflow attempt (web-client.rules, High)
13320 <-> WEB-CLIENT 3ivx MP4 file parsing cpy buffer overflow attempt (web-client.rules, High)
13339 <-> SPYWARE-PUT Hijacker direct toolbar runtime detection (spyware-put.rules, Low)
13340 <-> SPYWARE-PUT Hijacker search4top runtime detection - hijack ie searches and error pages (spyware-put.rules, Low)
13341 <-> SPYWARE-PUT Hijacker search4top runtime detection - popup ads (spyware-put.rules, Low)
13342 <-> SPYWARE-PUT Hijacker ditto toolbar runtime detection (spyware-put.rules, Low)
13343 <-> SPYWARE-PUT Adware 2005-search loader runtime detection (spyware-put.rules, Low)
13345 <-> SPYWARE-PUT Adware yourprivacyguard runtime detection - update (spyware-put.rules, Low)
13361 <-> EXPLOIT ClamAV MEW PE file integer overflow attempt (exploit.rules, High)
13362 <-> EXPLOIT ClamAV MEW PE file integer overflow attempt (exploit.rules, High)
13465 <-> WEB-CLIENT Microsoft Works file download request (web-client.rules, Low)
13488 <-> SPYWARE-PUT Hijacker people pal toolbar runtime detection - automatic upgrade (spyware-put.rules, Low)
13490 <-> SPYWARE-PUT Adware spy shredder 2.1 runtime detection - presale request (spyware-put.rules, Low)
13491 <-> SPYWARE-PUT Adware spy shredder 2.1 runtime detection - update (spyware-put.rules, Low)
13494 <-> SPYWARE-PUT Keylogger smart pc Keylogger runtime detection (spyware-put.rules, Medium)
13497 <-> SPYWARE-PUT Hijacker ez-tracks toolbar runtime detection - tracking traffic (spyware-put.rules, Low)
13501 <-> SPYWARE-PUT Adware contravirus runtime detection - presale request (spyware-put.rules, Low)
13503 <-> SPYWARE-PUT Hijacker dealio toolbar runtime detection user-agent detected (spyware-put.rules, Low)
13504 <-> SPYWARE-PUT Adware iedefender runtime detection - presale request (spyware-put.rules, Low)
13505 <-> SPYWARE-PUT Adware iedefender runtime detection - update (spyware-put.rules, Low)
13515 <-> WEB-CLIENT Quicktime user agent (web-client.rules, Low)
13516 <-> WEB-CLIENT Quicktime HTTP error response buffer overflow (web-client.rules, High)
13519 <-> EXPLOIT Citrix MetaFrame IMA buffer overflow attempt (exploit.rules, High)
13553 <-> EXPLOIT Sybase SQL Anywhere Mobilink username string buffer overflow (exploit.rules, High)
13554 <-> EXPLOIT Sybase SQL Anywhere Mobilink version string buffer overflow (exploit.rules, High)
13555 <-> EXPLOIT Sybase SQL Anywhere Mobilink remoteID string buffer overflow (exploit.rules, High)
13557 <-> SPYWARE-PUT Hijacker kword interkey runtime detection - search traffic 2 (spyware-put.rules, Low)
13559 <-> SPYWARE-PUT Hijacker kompass toolbar runtime detection - initial connection (spyware-put.rules, Low)
13561 <-> SPYWARE-PUT Adware malware alarm runtime detection - presale request (spyware-put.rules, Low)
13562 <-> SPYWARE-PUT Adware malware alarm runtime detection - update request (spyware-put.rules, Low)
13563 <-> SPYWARE-PUT Adware system doctor runtime detection - presale request (spyware-put.rules, Low)
13565 <-> SPYWARE-PUT Trickler iecodec runtime detection - initial traffic (spyware-put.rules, Low)
13566 <-> SPYWARE-PUT Trickler iecodec runtime detection - message dialog (spyware-put.rules, Low)
13567 <-> SPYWARE-PUT Keylogger msn spy monitor runtime detection (spyware-put.rules, Medium)
13568 <-> SPYWARE-PUT Keylogger sys keylog 1.3 advanced runtime detection (spyware-put.rules, Medium)
13583 <-> WEB-CLIENT Microsoft SYmbolic LinK file download request (web-client.rules, Low)
13584 <-> WEB-CLIENT csv file download request (web-client.rules, Low)
13611 <-> EXPLOIT RealVNC client response (exploit.rules, Low)
13614 <-> EXPLOIT CVS Argument overflow attempt (exploit.rules, High)
13615 <-> EXPLOIT CVS Argument overflow attempt (exploit.rules, High)
13616 <-> SPECIFIC-THREATS CVS Argument overflow (specific-threats.rules, High)
13620 <-> SPECIFIC-THREATS CA Brightstor discovery service alternate buffer overflow attempt (specific-threats.rules, High)
13627 <-> WEB-CLIENT Microsoft Access file download request (web-client.rules, Low)
13628 <-> WEB-CLIENT Microsoft Access file download request (web-client.rules, Low)
13632 <-> WEB-CLIENT Zango adware installation request (web-client.rules, High)
13651 <-> SPYWARE-PUT Keylogger family cyber alert runtime detection - smtp traffic for recorded activities (spyware-put.rules, Medium)
13652 <-> SPYWARE-PUT Keylogger all in one Keylogger runtime detection (spyware-put.rules, Medium)
13656 <-> WEB-MISC Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (web-misc.rules, High)
13711 <-> MYSQL yaSSL SSLv2 Client Hello Message Cipher Length Buffer Overflow attempt (mysql.rules, High)
13712 <-> MYSQL yaSSL SSLv2 Client Hello Message Session ID Buffer Overflow attempt (mysql.rules, High)
13713 <-> MYSQL yaSSL SSLv2 Client Hello Message Challenge Buffer Overflow attempt (mysql.rules, High)
13714 <-> MYSQL yaSSL SSLv3 Client Hello Message Cipher Specs Buffer Overflow attempt (mysql.rules, High)
13778 <-> SPYWARE-PUT Keylogger kgb employee monitor runtime detection (spyware-put.rules, Medium)
13800 <-> EXPLOIT ARCServe LGServer service data overflow attempt (exploit.rules, High)
13812 <-> SPYWARE-PUT Keylogger refog Keylogger runtime detection (spyware-put.rules, Medium)
13816 <-> SPECIFIC THREAT Metasploit Framework xmlrpc.php command injection attempt (specific-threats.rules, High)
13817 <-> SPECIFIC-THREATS xmlrpc.php command injection attempt (specific-threats.rules, High)
13818 <-> SPECIFIC-THREATS alternate xmlrpc.php command injection attempt (specific-threats.rules, High)
13840 <-> EXPLOIT Borland Interbase service attach operation buffer overflow (exploit.rules, High)
13841 <-> EXPLOIT Borland Interbase create operation buffer overflow (exploit.rules, High)
13842 <-> EXPLOIT Borland Interbase operation buffer overflow (exploit.rules, High)
13844 <-> SPECIFIC-THREATS BDAT size longer than contents exploit attempt (specific-threats.rules, Medium)
13845 <-> SPECIFIC-THREATS BDAT size public exploit attempt (specific-threats.rules, Medium)
13864 <-> POLICY Microsoft Watson error reporting attempt (policy.rules, High)
13865 <-> WEB-CLIENT Adobe BMP image handler buffer overflow attempt (web-client.rules, High)
13876 <-> BACKDOOR zlob.acc runtime detection (backdoor.rules, High)
13881 <-> POLICY RealVNC Server configured to allow NULL authentication (policy.rules, Low)
13882 <-> POLICY RealVNC Server configured not to require authentication (policy.rules, Low)
13898 <-> POLICY iTunes client request for server info (policy.rules, Low)
13899 <-> POLICY iTunes client login attempt (policy.rules, Low)
13901 <-> NETBIOS SMB server response heap overflow attempt (netbios.rules, High)
13902 <-> EXPLOIT IBM Lotus Sametime multiplexer stack buffer overflow attempt (exploit.rules, High)
13916 <-> EXPLOIT Alt-N SecurityGateway username buffer overflow attempt (exploit.rules, High)
13925 <-> FTP Computer Associates eTrust Secure Content Manager PASV stack overflow attempt (ftp.rules, High)
13926 <-> EXPLOIT Novell Groupwise HTTP response message parsing overflow (exploit.rules, High)
13928 <-> WEB-MISC Adobe RoboHelp r0 SQL injection attempt (web-misc.rules, High)
13929 <-> WEB-MISC Adobe RoboHelp rx SQL injection attempt (web-misc.rules, High)
13932 <-> SPYWARE-PUT Trackware rightonadz.biz adrotator runtime detection - post user info to remote server (spyware-put.rules, Medium)
13942 <-> BACKDOOR trojan agent.nac runtime detection - call home (backdoor.rules, High)
13950 <-> WEB-CLIENT Sun Java Web Start JNLP attribute buffer overflow attempt (web-client.rules, High)
13951 <-> WEB-MISC Oracle Database Server buffer overflow attempt (web-misc.rules, Medium)
13983 <-> WEB-CLIENT Microsoft Office eps file download (web-client.rules, Low)
14017 <-> WEB-CLIENT MPEG Layer 3 playlist file request (web-client.rules, Low)
14018 <-> WEB-CLIENT PLS multimedia playlist file request (web-client.rules, Low)
14019 <-> WEB-CLIENT CyberLink PowerDVD playlist file handling stack overflow attempt (web-client.rules, High)
14020 <-> WEB-CLIENT CyberLink PowerDVD playlist file handling stack overflow attempt (web-client.rules, High)
14039 <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt (exploit.rules, High)
14040 <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt (exploit.rules, High)
14041 <-> EXPLOIT GNOME Project libxslt RC4 key string buffer overflow attempt (exploit.rules, High)
14057 <-> SPYWARE-PUT Trackware murzilka2 runtime detection (spyware-put.rules, Medium)
14074 <-> SPYWARE-PUT Keylogger spybosspro 4.2 runtime detection (spyware-put.rules, Medium)
14075 <-> SPYWARE-PUT Keylogger ultimate Keylogger pro runtime detection (spyware-put.rules, Medium)
14230 <-> EXPLOIT SAP DB web server stack overflow attempt (exploit.rules, High)
14600 <-> EXPLOIT SAP Message Server Heap buffer overflow attempt (exploit.rules, High)
14601 <-> EXPLOIT Subversion 1.0.2 get-dated-rev buffer overflow attempt (exploit.rules, High)
14602 <-> EXPLOIT Borland Interbase open_marker_file overflow attempt (exploit.rules, High)
14607 <-> EXPLOIT CA Brightstor SUN RPC malformed string buffer overflow attempt (exploit.rules, High)
14741 <-> EXPLOIT Symantec Veritas Foundation Service NULL service authentication attempt (exploit.rules, High)
14774 <-> EXPLOIT HP OpenView Network Node Manger connectedNodes command injection attempt (exploit.rules, High)
14775 <-> EXPLOIT HP OpenView Network Node Manger cdpnode command injection attempt (exploit.rules, High)
14776 <-> EXPLOIT HP OpenView Network Node Manager freeIPaddrs command injection attempt (exploit.rules, High)
15078 <-> EXPLOIT HP Openview Network Node Manager OValarmsrv buffer overflow attempt (exploit.rules, High)
15123 <-> WEB-CLIENT Rich Text Format file request (web-client.rules, Low)
15145 <-> EXPLOIT Apple CUPS TrueColor PNG filter overly large image height integer overflow attempt (exploit.rules, High)
15146 <-> EXPLOIT Apple CUPS RGB+Alpha PNG filter overly large image height integer overflow attempt (exploit.rules, High)
15257 <-> ORACLE Secure Backup common.php variable based command injection attempt (oracle.rules, High)
15258 <-> ORACLE Secure Backup login.php variable based command injection attempt (oracle.rules, High)
15294 <-> WEB-CLIENT Microsoft Visio file download request (web-client.rules, Low)
15357 <-> WEB-CLIENT Adobe PDF JBIG2 remote code execution attempt (web-client.rules, High)
15358 <-> SMTP Adobe PDF JBIG2 remote code execution attempt (smtp.rules, High)
15388 <-> EXPLOIT Subversion 1.0.2 get-dated-rev buffer overflow over http attempt (exploit.rules, High)
15422 <-> SPECIFIC-THREATS Sun One web proxy server overflow attempt (specific-threats.rules, High)
15445 <-> ORACLE Oracle Application Server BPEL module cross site scripting attempt (oracle.rules, High)
15477 <-> EXPLOIT Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (exploit.rules, Medium)
15482 <-> EXPLOIT Sun Java System sockd authentication buffer overflow attempt (exploit.rules, High)
15509 <-> DOS IBM DB2 database server CONNECT denial of service attempt (dos.rules, Medium)
15518 <-> WEB-MISC Embedded Open Type Font download request (web-misc.rules, Low)
15585 <-> WEB-CLIENT Excel file download request (web-client.rules, Low)
15586 <-> WEB-CLIENT Powerpoint file download request (web-client.rules, Low)
15587 <-> WEB-CLIENT Word file download request (web-client.rules, Low)
15727 <-> POLICY Attempted download of a PDF with embedded Flash (policy.rules, High)
15728 <-> EXPLOIT Possible Adobe PDF ActionScript byte_array heap spray attempt (exploit.rules, High)
15729 <-> EXPLOIT Possible Adobe Flash ActionScript byte_array heap spray attempt (exploit.rules, High)
15869 <-> WEB-CLIENT Adobe Flash Player ASnative command execution attempet (web-client.rules, High)
15894 <-> SPECIFIC-THREATS Microsoft Color Management Module remote code execution attempt (specific-threats.rules, High)
15910 <-> SPECIFIC-THREATS Microsoft IE objects handling memory corruption attempt (specific-threats.rules, High)
15921 <-> WEB-CLIENT Microsoft media format file download request (web-client.rules, Low)
15922 <-> WEB-CLIENT mp3 file download request (web-client.rules, Low)
15930 <-> NETBIOS Microsoft Windows SMB malformed process ID high field remote code execution attempt (netbios.rules, Medium)
16035 <-> SPECIFIC-THREATS Microsoft Internet Explorer createTextRange code execution attempt (specific-threats.rules, High)
16040 <-> EXPLOIT SpamAssassin spamd vpopmail and paranoid options code execution attempt (exploit.rules, High)
16116 <-> SPYWARE-PUT Trackware rightonadz.biz adrotator runtime detection - pass user info to remote server (spyware-put.rules, Medium)
16143 <-> WEB-CLIENT Microsoft asf file download (web-client.rules, Low)
16287 <-> SPECIFIC-THREATS SMB Negotiate Protocol response DoS attempt (specific-threats.rules, Medium)
16336 <-> WEB-CLIENT Blackberry Server PDF JBIG2 numnewsyms remote code execution attempt (web-client.rules, High)
16364 <-> DOS IBM DB2 database server SQLSTT denial of service attempt (dos.rules, Medium)
16383 <-> ORACLE MDSYS drop table trigger injection attempt (oracle.rules, High)
16390 <-> POLICY Adobe PDF alternate file magic obfuscation (policy.rules, Low)
16450 <-> SQL Jive Software Openfire Jabber Server SQL injection attempt (sql.rules, High)
16451 <-> DELETED Palm WebOS 1.2.0 floating point exception denial of service attempt (deleted.rules, Medium)
16452 <-> WEB-CLIENT IE .hlp samba share download attempt (web-client.rules, High)