Talos Rules 2017-07-25
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-firefox, browser-ie, browser-plugins, file-executable, file-office, file-other, file-pdf, indicator-compromise, indicator-obfuscation, malware-other, os-linux, os-windows, server-oracle, server-other and SQL rule sets to provide coverage for emerging threats from these technologies.

Change logs

2017-07-25 13:02:11 UTC

Snort Subscriber Rules Update

Date: 2017-07-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:43688 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access viewcert command injection attempt (server-webapp.rules)
 * 1:43689 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access viewcert command injection attempt (server-webapp.rules)
 * 1:43687 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .top dns query (indicator-compromise.rules)
 * 1:43686 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.NemucodAES variant outbound connection (malware-other.rules)
 * 1:43684 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant file download (malware-other.rules)
 * 1:43685 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant outbound connection (malware-other.rules)
 * 1:43682 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules)
 * 1:43683 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules)
 * 1:43680 <-> DISABLED <-> SERVER-WEBAPP phpSecurePages secure.php remote file include attempt (server-webapp.rules)
 * 1:43681 <-> DISABLED <-> SERVER-WEBAPP phpSecurePages secure.php remote file include attempt (server-webapp.rules)
 * 1:43679 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules)
 * 1:43678 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules)
 * 1:43677 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules)
 * 1:43675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:43676 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules)
 * 1:43673 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules)
 * 1:43674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:43671 <-> DISABLED <-> SQL Oracle MySQL Pluggable Auth denial of service attempt (sql.rules)
 * 1:43672 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules)
 * 1:43669 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules)
 * 1:43670 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules)
 * 1:43668 <-> DISABLED <-> SERVER-WEBAPP PHP core unserialize use after free attempt (server-webapp.rules)
 * 1:43666 <-> DISABLED <-> SERVER-WEBAPP VirtualSystem VS-News-System  remote file include attempt (server-webapp.rules)
 * 1:43667 <-> DISABLED <-> SERVER-WEBAPP VirtualSystem VS-News-System  remote file include attempt (server-webapp.rules)
 * 1:43665 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:43663 <-> DISABLED <-> SERVER-OTHER WSFTP IpSwitch custom SITE command execution attempt (server-other.rules)
 * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:43651 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules)
 * 1:43650 <-> DISABLED <-> BROWSER-PLUGINS Ultra Crypto Component ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43652 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules)
 * 1:43654 <-> DISABLED <-> SERVER-WEBAPP Pheap edit.php directory traversal attempt (server-webapp.rules)
 * 1:43656 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:43657 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:43648 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules)
 * 1:43649 <-> DISABLED <-> BROWSER-PLUGINS Ultra Crypto Component ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43658 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:43646 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access diagnostics command injection attempt (server-webapp.rules)
 * 1:43647 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access diagnostics command injection attempt (server-webapp.rules)
 * 1:43645 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access diagnostics command injection attempt (server-webapp.rules)
 * 1:43659 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:43660 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Server information disclosure attempt (server-oracle.rules)
 * 1:43661 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules)
 * 1:43662 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules)
 * 1:43690 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access viewcert command injection attempt (server-webapp.rules)
 * 1:43691 <-> DISABLED <-> SERVER-WEBAPP Ultimate Fun Book function.php remote file include attempt (server-webapp.rules)
 * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules)
 * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules)
 * 1:43694 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules)
 * 1:43695 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA DeployWizard command injection attempt (server-webapp.rules)
 * 1:43653 <-> DISABLED <-> SERVER-WEBAPP Pheap edit.php directory traversal attempt (server-webapp.rules)
 * 1:43708 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated vbscript detected (indicator-obfuscation.rules)
 * 1:43707 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated vbscript detected (indicator-obfuscation.rules)
 * 1:43706 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (browser-firefox.rules)
 * 1:43705 <-> DISABLED <-> SERVER-OTHER HPE LoadRunner buffer overflow exploitation attempt (server-other.rules)
 * 1:43704 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43703 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43702 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43701 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43700 <-> DISABLED <-> SERVER-OTHER Monkey HTTPD null request denial of service attempt (server-other.rules)
 * 1:43699 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules)
 * 1:43698 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules)
 * 1:43655 <-> DISABLED <-> SERVER-WEBAPP Pheap edit.php directory traversal attempt (server-webapp.rules)
 * 1:43697 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA DeployWizard command injection attempt (server-webapp.rules)
 * 1:43696 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA DeployWizard command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:43632 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules)
 * 1:42117 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:42118 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:41502 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules)
 * 1:41503 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules)
 * 1:40648 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:40759 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS GSS-API DER decoding null pointer dereference attempt (os-windows.rules)
 * 1:40256 <-> DISABLED <-> SERVER-WEBAPP Idera Up.Time Monitoring Station post2file.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:40647 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules)
 * 1:32158 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules)
 * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:29958 <-> DISABLED <-> SERVER-OTHER multiple products HTTP HEAD request buffer overflow attempt (server-other.rules)
 * 1:32157 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:26890 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules)
 * 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules)
 * 1:20730 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL.method memory corruption attempt (browser-firefox.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:17260 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (browser-firefox.rules)
 * 1:20729 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL object init code execution attempt (browser-firefox.rules)

2017-07-25 13:02:10 UTC

Snort Subscriber Rules Update

Date: 2017-07-25

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:43708 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated vbscript detected (indicator-obfuscation.rules)
 * 1:43707 <-> DISABLED <-> INDICATOR-OBFUSCATION obfuscated vbscript detected (indicator-obfuscation.rules)
 * 1:43706 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (browser-firefox.rules)
 * 1:43705 <-> DISABLED <-> SERVER-OTHER HPE LoadRunner buffer overflow exploitation attempt (server-other.rules)
 * 1:43704 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43703 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43702 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43701 <-> DISABLED <-> BROWSER-PLUGINS McAfee FreeScan information disclosure ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43700 <-> DISABLED <-> SERVER-OTHER Monkey HTTPD null request denial of service attempt (server-other.rules)
 * 1:43699 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules)
 * 1:43698 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt (file-office.rules)
 * 1:43697 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA DeployWizard command injection attempt (server-webapp.rules)
 * 1:43696 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA DeployWizard command injection attempt (server-webapp.rules)
 * 1:43695 <-> DISABLED <-> SERVER-WEBAPP Trend Micro InterScan WSA DeployWizard command injection attempt (server-webapp.rules)
 * 1:43694 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules)
 * 1:43693 <-> DISABLED <-> SERVER-WEBAPP Mantis Bug Tracker password reset attempt (server-webapp.rules)
 * 1:43692 <-> DISABLED <-> OS-LINUX Linux kernel SCTP invalid chunk length denial of service attempt (os-linux.rules)
 * 1:43691 <-> DISABLED <-> SERVER-WEBAPP Ultimate Fun Book function.php remote file include attempt (server-webapp.rules)
 * 1:43690 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access viewcert command injection attempt (server-webapp.rules)
 * 1:43689 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access viewcert command injection attempt (server-webapp.rules)
 * 1:43688 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access viewcert command injection attempt (server-webapp.rules)
 * 1:43687 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .top dns query (indicator-compromise.rules)
 * 1:43686 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.NemucodAES variant outbound connection (malware-other.rules)
 * 1:43685 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant outbound connection (malware-other.rules)
 * 1:43684 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Nemucod variant file download (malware-other.rules)
 * 1:43683 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules)
 * 1:43682 <-> DISABLED <-> FILE-OTHER Xion Media Player AIFF denial of service attempt (file-other.rules)
 * 1:43681 <-> DISABLED <-> SERVER-WEBAPP phpSecurePages secure.php remote file include attempt (server-webapp.rules)
 * 1:43680 <-> DISABLED <-> SERVER-WEBAPP phpSecurePages secure.php remote file include attempt (server-webapp.rules)
 * 1:43679 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules)
 * 1:43678 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF parsing remote code execution attempt (file-office.rules)
 * 1:43677 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules)
 * 1:43676 <-> DISABLED <-> FILE-PDF FreeType PostScript Type1 font parsing memory corruption attempt (file-pdf.rules)
 * 1:43675 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:43674 <-> DISABLED <-> FILE-OFFICE Microsoft Office Word SmartTag record code execution attempt (file-office.rules)
 * 1:43673 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules)
 * 1:43672 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products obfuscated cross site scripting attempt (browser-firefox.rules)
 * 1:43671 <-> DISABLED <-> SQL Oracle MySQL Pluggable Auth denial of service attempt (sql.rules)
 * 1:43670 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules)
 * 1:43669 <-> DISABLED <-> FILE-OTHER Node.js JS-YAML js function tag code execution attempt (file-other.rules)
 * 1:43668 <-> DISABLED <-> SERVER-WEBAPP PHP core unserialize use after free attempt (server-webapp.rules)
 * 1:43667 <-> DISABLED <-> SERVER-WEBAPP VirtualSystem VS-News-System  remote file include attempt (server-webapp.rules)
 * 1:43666 <-> DISABLED <-> SERVER-WEBAPP VirtualSystem VS-News-System  remote file include attempt (server-webapp.rules)
 * 1:43665 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:43664 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:43663 <-> DISABLED <-> SERVER-OTHER WSFTP IpSwitch custom SITE command execution attempt (server-other.rules)
 * 1:43662 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules)
 * 1:43661 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Servlet information disclosure attempt (server-oracle.rules)
 * 1:43660 <-> DISABLED <-> SERVER-ORACLE Oracle Reports Server information disclosure attempt (server-oracle.rules)
 * 1:43659 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:43658 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:43657 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:43656 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:43655 <-> DISABLED <-> SERVER-WEBAPP Pheap edit.php directory traversal attempt (server-webapp.rules)
 * 1:43654 <-> DISABLED <-> SERVER-WEBAPP Pheap edit.php directory traversal attempt (server-webapp.rules)
 * 1:43653 <-> DISABLED <-> SERVER-WEBAPP Pheap edit.php directory traversal attempt (server-webapp.rules)
 * 1:43652 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules)
 * 1:43651 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox large window null pointer dereference attempt (browser-firefox.rules)
 * 1:43650 <-> DISABLED <-> BROWSER-PLUGINS Ultra Crypto Component ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43649 <-> DISABLED <-> BROWSER-PLUGINS Ultra Crypto Component ActiveX clsid access attempt (browser-plugins.rules)
 * 1:43648 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules)
 * 1:43647 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access diagnostics command injection attempt (server-webapp.rules)
 * 1:43646 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access diagnostics command injection attempt (server-webapp.rules)
 * 1:43645 <-> ENABLED <-> SERVER-WEBAPP SonicWall Secure Remote Access diagnostics command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:42118 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:43632 <-> DISABLED <-> FILE-EXECUTABLE SandboxEscaper WER download attempt (file-executable.rules)
 * 1:41503 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules)
 * 1:42117 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt (browser-ie.rules)
 * 1:40759 <-> DISABLED <-> OS-WINDOWS Microsoft Windows LSASS GSS-API DER decoding null pointer dereference attempt (os-windows.rules)
 * 1:41502 <-> DISABLED <-> BROWSER-PLUGINS NTR ActiveX clsid access attempt (browser-plugins.rules)
 * 1:40647 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:40648 <-> DISABLED <-> BROWSER-IE Microsoft Edge JavaScript ReverseHelper buffer overrun attempt (browser-ie.rules)
 * 1:36256 <-> DISABLED <-> SERVER-OTHER ElasticSearch information disclosure attempt (server-other.rules)
 * 1:40256 <-> DISABLED <-> SERVER-WEBAPP Idera Up.Time Monitoring Station post2file.php arbitrary PHP file upload attempt (server-webapp.rules)
 * 1:33830 <-> DISABLED <-> SERVER-OTHER ElasticSearch script remote code execution attempt (server-other.rules)
 * 1:36061 <-> DISABLED <-> SERVER-OTHER SAP SQL Anywhere .NET malformed integer buffer overflow attempt (server-other.rules)
 * 1:32158 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:32157 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 11 CMarkup GetMarkupTitle use-after-free attempt (browser-ie.rules)
 * 1:27234 <-> DISABLED <-> SERVER-OTHER Microsoft Active Directory LDAP search denial of service attempt (server-other.rules)
 * 1:29958 <-> DISABLED <-> SERVER-OTHER multiple products HTTP HEAD request buffer overflow attempt (server-other.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:26890 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CDocument use after free attempt (browser-ie.rules)
 * 1:20729 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL object init code execution attempt (browser-firefox.rules)
 * 1:20730 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL.method memory corruption attempt (browser-firefox.rules)
 * 1:17260 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox Javascript contentWindow in an iframe exploit attempt (browser-firefox.rules)