Talos Rules 2019-02-28
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-flash, file-office, file-other, file-pdf, netbios and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2019-02-28 17:52:36 UTC

Snort Subscriber Rules Update

Date: 2019-02-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49301 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49300 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules)
 * 1:49299 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules)
 * 1:49298 <-> DISABLED <-> SERVER-WEBAPP NoneCms V1.3 PHP code execution attempt (server-webapp.rules)
 * 1:49297 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow attempt (file-other.rules)
 * 1:49295 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49294 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49322 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49321 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49320 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49319 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49318 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49317 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49316 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49315 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49314 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules)
 * 1:49313 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules)
 * 1:49312 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49311 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49310 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules)
 * 1:49309 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules)
 * 1:49308 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules)
 * 1:49307 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules)
 * 1:49306 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules)
 * 1:49305 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules)
 * 1:49304 <-> DISABLED <-> SERVER-OTHER Google Golang GET command injection attempt (server-other.rules)
 * 1:49303 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49302 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49325 <-> DISABLED <-> FILE-OTHER Microsoft Windows Avast Anti-Virus local credentials disclosure attempt (file-other.rules)
 * 1:49324 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:49323 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 3:49293 <-> ENABLED <-> NETBIOS Cisco WebEx WebExService.exe remote code execution attempt (netbios.rules)
 * 3:49296 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)

Modified Rules:


 * 1:45075 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:45077 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:45076 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)

2019-02-28 17:52:36 UTC

Snort Subscriber Rules Update

Date: 2019-02-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49318 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49319 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49320 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49303 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49304 <-> DISABLED <-> SERVER-OTHER Google Golang GET command injection attempt (server-other.rules)
 * 1:49305 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules)
 * 1:49306 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules)
 * 1:49307 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules)
 * 1:49308 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules)
 * 1:49309 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules)
 * 1:49310 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules)
 * 1:49311 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49312 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49313 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules)
 * 1:49314 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules)
 * 1:49315 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49316 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49325 <-> DISABLED <-> FILE-OTHER Microsoft Windows Avast Anti-Virus local credentials disclosure attempt (file-other.rules)
 * 1:49324 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:49323 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:49321 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49322 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49317 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49295 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49298 <-> DISABLED <-> SERVER-WEBAPP NoneCms V1.3 PHP code execution attempt (server-webapp.rules)
 * 1:49297 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow attempt (file-other.rules)
 * 1:49301 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49302 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49300 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules)
 * 1:49299 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules)
 * 1:49294 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 3:49293 <-> ENABLED <-> NETBIOS Cisco WebEx WebExService.exe remote code execution attempt (netbios.rules)
 * 3:49296 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)

Modified Rules:


 * 1:45075 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:45077 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:45076 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)

2019-02-28 17:52:36 UTC

Snort Subscriber Rules Update

Date: 2019-02-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49322 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (snort3-server-webapp.rules)
 * 1:49321 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (snort3-server-webapp.rules)
 * 1:49308 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49320 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (snort3-server-webapp.rules)
 * 1:49314 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49325 <-> DISABLED <-> FILE-OTHER Microsoft Windows Avast Anti-Virus local credentials disclosure attempt (snort3-file-other.rules)
 * 1:49323 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (snort3-file-office.rules)
 * 1:49324 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (snort3-file-office.rules)
 * 1:49294 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49319 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (snort3-server-webapp.rules)
 * 1:49317 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49318 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49315 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49295 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49305 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49306 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49309 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (snort3-file-pdf.rules)
 * 1:49310 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (snort3-file-pdf.rules)
 * 1:49316 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49312 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (snort3-file-flash.rules)
 * 1:49311 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (snort3-file-flash.rules)
 * 1:49307 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (snort3-file-pdf.rules)
 * 1:49298 <-> DISABLED <-> SERVER-WEBAPP NoneCms V1.3 PHP code execution attempt (snort3-server-webapp.rules)
 * 1:49300 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (snort3-file-office.rules)
 * 1:49299 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (snort3-file-office.rules)
 * 1:49303 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (snort3-server-webapp.rules)
 * 1:49304 <-> DISABLED <-> SERVER-OTHER Google Golang GET command injection attempt (snort3-server-other.rules)
 * 1:49301 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (snort3-server-webapp.rules)
 * 1:49302 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (snort3-server-webapp.rules)
 * 1:49297 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow attempt (snort3-file-other.rules)
 * 1:49313 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (snort3-file-pdf.rules)

Modified Rules:


 * 1:45075 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (snort3-server-webapp.rules)
 * 1:45076 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (snort3-server-webapp.rules)
 * 1:45077 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (snort3-server-webapp.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (snort3-file-other.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (snort3-file-other.rules)

2019-02-28 17:52:36 UTC

Snort Subscriber Rules Update

Date: 2019-02-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49322 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49318 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49319 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49323 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:49299 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules)
 * 1:49294 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49295 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49324 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:49303 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49304 <-> DISABLED <-> SERVER-OTHER Google Golang GET command injection attempt (server-other.rules)
 * 1:49305 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules)
 * 1:49306 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules)
 * 1:49307 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules)
 * 1:49308 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules)
 * 1:49309 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules)
 * 1:49321 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49325 <-> DISABLED <-> FILE-OTHER Microsoft Windows Avast Anti-Virus local credentials disclosure attempt (file-other.rules)
 * 1:49297 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow attempt (file-other.rules)
 * 1:49298 <-> DISABLED <-> SERVER-WEBAPP NoneCms V1.3 PHP code execution attempt (server-webapp.rules)
 * 1:49301 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49302 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49320 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49310 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules)
 * 1:49311 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49312 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49313 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules)
 * 1:49314 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules)
 * 1:49315 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49316 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49317 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49300 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules)
 * 3:49296 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)
 * 3:49293 <-> ENABLED <-> NETBIOS Cisco WebEx WebExService.exe remote code execution attempt (netbios.rules)

Modified Rules:


 * 1:45075 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:45077 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:45076 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)

2019-02-28 17:52:36 UTC

Snort Subscriber Rules Update

Date: 2019-02-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:49298 <-> DISABLED <-> SERVER-WEBAPP NoneCms V1.3 PHP code execution attempt (server-webapp.rules)
 * 1:49322 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49294 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49319 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49321 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49295 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49320 <-> DISABLED <-> SERVER-WEBAPP CentOS Web Panel persistent cross site scripting attempt (server-webapp.rules)
 * 1:49303 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49323 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:49297 <-> DISABLED <-> FILE-OTHER IBM Lotus Notes LZH Attachment Viewer buffer overflow attempt (file-other.rules)
 * 1:49325 <-> DISABLED <-> FILE-OTHER Microsoft Windows Avast Anti-Virus local credentials disclosure attempt (file-other.rules)
 * 1:49301 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49302 <-> DISABLED <-> SERVER-WEBAPP Trend Micro Smart Protection Server SQL injection attempt (server-webapp.rules)
 * 1:49305 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules)
 * 1:49300 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules)
 * 1:49306 <-> ENABLED <-> FILE-PDF Adobe Acrobat Reader PostScript file out of bounds read attempt (file-pdf.rules)
 * 1:49299 <-> DISABLED <-> FILE-OFFICE Microsoft Access arbitrary code execution attempt (file-office.rules)
 * 1:49307 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules)
 * 1:49308 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF out of bounds read attempt (file-pdf.rules)
 * 1:49309 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules)
 * 1:49310 <-> ENABLED <-> FILE-PDF Adobe Acrobat malformed PDF objects use after free attempt (file-pdf.rules)
 * 1:49311 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49312 <-> ENABLED <-> FILE-FLASH Adobe Flash Player writeExternal type confusion attempt (file-flash.rules)
 * 1:49313 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules)
 * 1:49314 <-> ENABLED <-> FILE-PDF Adobe Acrobat XFA JavaScript manipulation out of bounds read attempt (file-pdf.rules)
 * 1:49315 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49316 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49317 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49324 <-> DISABLED <-> FILE-OFFICE Microsoft Office Excel Lel record memory corruption attempt (file-office.rules)
 * 1:49318 <-> ENABLED <-> FILE-PDF Adobe Acrobat out of bounds read attempt (file-pdf.rules)
 * 1:49304 <-> DISABLED <-> SERVER-OTHER Google Golang GET command injection attempt (server-other.rules)
 * 3:49293 <-> ENABLED <-> NETBIOS Cisco WebEx WebExService.exe remote code execution attempt (netbios.rules)
 * 3:49296 <-> ENABLED <-> SERVER-WEBAPP Cisco RV Series Routers stack buffer overflow attempt (server-webapp.rules)

Modified Rules:


 * 1:45075 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:45077 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:47963 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)
 * 1:45076 <-> ENABLED <-> SERVER-WEBAPP WordPress Ultimate Form Builder plugin SQL injection attempt (server-webapp.rules)
 * 1:47964 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro WebCapture JavaScript manipulation type confusion attempt (file-other.rules)