Talos has added and modified multiple rules in the browser-ie, browser-plugins, file-flash, file-image, file-office, file-other, indicator-compromise, os-linux, os-mobile, os-other, os-windows, policy-other, protocol-imap, protocol-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51219 <-> DISABLED <-> OS-OTHER OpenBSD TCP Timestamp handling denial of service attempt (os-other.rules) * 1:51218 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules) * 1:51217 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules) * 1:51222 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules) * 1:51221 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules) * 1:51220 <-> DISABLED <-> OS-LINUX Rdesktop process_redirect_pdu BSS overflow attempt (os-linux.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51224 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules) * 1:51223 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51236 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules) * 1:51235 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules) * 1:51234 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess Viewdll1 buffer overflow attempt (server-other.rules) * 1:51239 <-> DISABLED <-> SERVER-OTHER PHP-Proxy local file include attempt (server-other.rules) * 1:51238 <-> DISABLED <-> SERVER-OTHER Rockwell Automation RSLinux heap buffer overflow attempt (server-other.rules) * 1:51237 <-> DISABLED <-> SERVER-OTHER BlackIce ISS ICQ parser buffer overflow attempt (server-other.rules) * 1:51240 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51261 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules) * 1:51260 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules) * 1:51259 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules) * 1:51258 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules) * 1:51257 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51256 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51255 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51254 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51253 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51252 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51251 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51250 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51249 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51245 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules) * 1:51244 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules) * 1:51243 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51242 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51241 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51277 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51276 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51275 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51274 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules) * 1:51273 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules) * 1:51272 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules) * 1:51271 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules) * 1:51270 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules) * 1:51269 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules) * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules) * 1:51267 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules) * 1:51266 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules) * 1:51265 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules) * 1:51264 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules) * 1:51263 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules) * 1:51262 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules) * 1:51304 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdCreator ActiveX function call access (browser-plugins.rules) * 1:51303 <-> DISABLED <-> BROWSER-PLUGINS Mmedia.RadioServer ActiveX function call access (browser-plugins.rules) * 1:51302 <-> DISABLED <-> BROWSER-PLUGINS MSWC.MyInfo ActiveX function call access (browser-plugins.rules) * 1:51301 <-> DISABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules) * 1:51297 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules) * 1:51296 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules) * 1:51292 <-> DISABLED <-> SERVER-WEBAPP Axway SecureTransport XML external entity injection attempt (server-webapp.rules) * 1:51291 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules) * 1:51290 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules) * 1:51289 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules) * 1:51288 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules) * 1:51286 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules) * 1:51285 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules) * 1:51284 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules) * 1:51283 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51282 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51281 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51280 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51279 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51278 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51305 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdDevice ActiveX function call access (browser-plugins.rules) * 3:51298 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51293 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51294 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51295 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51299 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51300 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51306 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51307 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51308 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
* 1:50891 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules) * 1:51096 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:51097 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:8066 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX clsid access (browser-plugins.rules) * 1:15880 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup window object tag code execution attempt (browser-ie.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:50097 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules) * 1:50986 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules) * 1:51094 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules) * 1:7013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.ISCatAdm ActiveX function call access (browser-plugins.rules) * 1:50985 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules) * 1:51095 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51282 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51238 <-> DISABLED <-> SERVER-OTHER Rockwell Automation RSLinux heap buffer overflow attempt (server-other.rules) * 1:51224 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51218 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules) * 1:51234 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess Viewdll1 buffer overflow attempt (server-other.rules) * 1:51235 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules) * 1:51236 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules) * 1:51237 <-> DISABLED <-> SERVER-OTHER BlackIce ISS ICQ parser buffer overflow attempt (server-other.rules) * 1:51221 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules) * 1:51220 <-> DISABLED <-> OS-LINUX Rdesktop process_redirect_pdu BSS overflow attempt (os-linux.rules) * 1:51219 <-> DISABLED <-> OS-OTHER OpenBSD TCP Timestamp handling denial of service attempt (os-other.rules) * 1:51239 <-> DISABLED <-> SERVER-OTHER PHP-Proxy local file include attempt (server-other.rules) * 1:51240 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51241 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51242 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51243 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51223 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules) * 1:51244 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules) * 1:51245 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules) * 1:51246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51249 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51250 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51251 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51252 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51253 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51254 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51255 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51256 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51257 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51258 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules) * 1:51259 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules) * 1:51301 <-> DISABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules) * 1:51260 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules) * 1:51261 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules) * 1:51262 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules) * 1:51263 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules) * 1:51264 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules) * 1:51265 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules) * 1:51266 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules) * 1:51267 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules) * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules) * 1:51269 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules) * 1:51270 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules) * 1:51271 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules) * 1:51272 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules) * 1:51273 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules) * 1:51274 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules) * 1:51275 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51276 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51277 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51278 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51279 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51280 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51297 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules) * 1:51296 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules) * 1:51292 <-> DISABLED <-> SERVER-WEBAPP Axway SecureTransport XML external entity injection attempt (server-webapp.rules) * 1:51291 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules) * 1:51290 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules) * 1:51289 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules) * 1:51288 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules) * 1:51286 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules) * 1:51217 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules) * 1:51283 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51285 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules) * 1:51284 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules) * 1:51302 <-> DISABLED <-> BROWSER-PLUGINS MSWC.MyInfo ActiveX function call access (browser-plugins.rules) * 1:51303 <-> DISABLED <-> BROWSER-PLUGINS Mmedia.RadioServer ActiveX function call access (browser-plugins.rules) * 1:51305 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdDevice ActiveX function call access (browser-plugins.rules) * 1:51304 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdCreator ActiveX function call access (browser-plugins.rules) * 1:51222 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51281 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 3:51299 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51300 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51298 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51295 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51293 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51306 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51307 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51294 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51308 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
* 1:51097 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:15880 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup window object tag code execution attempt (browser-ie.rules) * 1:50097 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules) * 1:8066 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX clsid access (browser-plugins.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:50986 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules) * 1:51094 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules) * 1:50891 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules) * 1:50985 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules) * 1:51095 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:7013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.ISCatAdm ActiveX function call access (browser-plugins.rules) * 1:51096 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091200.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51278 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51282 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51218 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules) * 1:51285 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules) * 1:51284 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51305 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdDevice ActiveX function call access (browser-plugins.rules) * 1:51304 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdCreator ActiveX function call access (browser-plugins.rules) * 1:51303 <-> DISABLED <-> BROWSER-PLUGINS Mmedia.RadioServer ActiveX function call access (browser-plugins.rules) * 1:51302 <-> DISABLED <-> BROWSER-PLUGINS MSWC.MyInfo ActiveX function call access (browser-plugins.rules) * 1:51301 <-> DISABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules) * 1:51297 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules) * 1:51296 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules) * 1:51292 <-> DISABLED <-> SERVER-WEBAPP Axway SecureTransport XML external entity injection attempt (server-webapp.rules) * 1:51291 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules) * 1:51290 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules) * 1:51289 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules) * 1:51288 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules) * 1:51286 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules) * 1:51281 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51237 <-> DISABLED <-> SERVER-OTHER BlackIce ISS ICQ parser buffer overflow attempt (server-other.rules) * 1:51238 <-> DISABLED <-> SERVER-OTHER Rockwell Automation RSLinux heap buffer overflow attempt (server-other.rules) * 1:51263 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules) * 1:51264 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules) * 1:51265 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules) * 1:51266 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules) * 1:51267 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules) * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules) * 1:51269 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules) * 1:51270 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules) * 1:51271 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules) * 1:51274 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules) * 1:51275 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51273 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules) * 1:51276 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51279 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51277 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51283 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51219 <-> DISABLED <-> OS-OTHER OpenBSD TCP Timestamp handling denial of service attempt (os-other.rules) * 1:51221 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules) * 1:51220 <-> DISABLED <-> OS-LINUX Rdesktop process_redirect_pdu BSS overflow attempt (os-linux.rules) * 1:51222 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules) * 1:51217 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules) * 1:51247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51245 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules) * 1:51246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51244 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules) * 1:51236 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules) * 1:51234 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess Viewdll1 buffer overflow attempt (server-other.rules) * 1:51235 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules) * 1:51259 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules) * 1:51260 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules) * 1:51257 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51258 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules) * 1:51255 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51256 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51254 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51253 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51251 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51252 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51249 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51250 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51243 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51223 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules) * 1:51241 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51242 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51239 <-> DISABLED <-> SERVER-OTHER PHP-Proxy local file include attempt (server-other.rules) * 1:51240 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51224 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules) * 1:51280 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51272 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules) * 1:51261 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules) * 1:51262 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules) * 3:51294 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51295 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51299 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51300 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51306 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51307 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51308 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51293 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51298 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules)
* 1:51096 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:50097 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules) * 1:8066 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX clsid access (browser-plugins.rules) * 1:15880 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup window object tag code execution attempt (browser-ie.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:50986 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules) * 1:51094 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:51097 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules) * 1:50891 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules) * 1:7013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.ISCatAdm ActiveX function call access (browser-plugins.rules) * 1:51095 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:50985 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51218 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules) * 1:51286 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules) * 1:51273 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules) * 1:51284 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules) * 1:51285 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules) * 1:51282 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51289 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules) * 1:51304 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdCreator ActiveX function call access (browser-plugins.rules) * 1:51288 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules) * 1:51305 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdDevice ActiveX function call access (browser-plugins.rules) * 1:51290 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules) * 1:51279 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51303 <-> DISABLED <-> BROWSER-PLUGINS Mmedia.RadioServer ActiveX function call access (browser-plugins.rules) * 1:51251 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51257 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51296 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules) * 1:51292 <-> DISABLED <-> SERVER-WEBAPP Axway SecureTransport XML external entity injection attempt (server-webapp.rules) * 1:51291 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules) * 1:51302 <-> DISABLED <-> BROWSER-PLUGINS MSWC.MyInfo ActiveX function call access (browser-plugins.rules) * 1:51301 <-> DISABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51237 <-> DISABLED <-> SERVER-OTHER BlackIce ISS ICQ parser buffer overflow attempt (server-other.rules) * 1:51276 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51277 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51274 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules) * 1:51275 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51250 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51252 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51271 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules) * 1:51269 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules) * 1:51270 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules) * 1:51267 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules) * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules) * 1:51266 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules) * 1:51265 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules) * 1:51263 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules) * 1:51264 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules) * 1:51261 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules) * 1:51262 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules) * 1:51259 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules) * 1:51260 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules) * 1:51281 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51238 <-> DISABLED <-> SERVER-OTHER Rockwell Automation RSLinux heap buffer overflow attempt (server-other.rules) * 1:51224 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules) * 1:51239 <-> DISABLED <-> SERVER-OTHER PHP-Proxy local file include attempt (server-other.rules) * 1:51240 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51241 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51242 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51243 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51223 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules) * 1:51280 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51255 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51244 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules) * 1:51245 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules) * 1:51235 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules) * 1:51236 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules) * 1:51234 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess Viewdll1 buffer overflow attempt (server-other.rules) * 1:51217 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules) * 1:51220 <-> DISABLED <-> OS-LINUX Rdesktop process_redirect_pdu BSS overflow attempt (os-linux.rules) * 1:51222 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules) * 1:51221 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules) * 1:51219 <-> DISABLED <-> OS-OTHER OpenBSD TCP Timestamp handling denial of service attempt (os-other.rules) * 1:51278 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51258 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules) * 1:51256 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51254 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51272 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules) * 1:51253 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51297 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules) * 1:51249 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51283 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 3:51306 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51298 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51293 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51295 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51294 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51300 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51307 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51299 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51308 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
* 1:51096 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:15880 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup window object tag code execution attempt (browser-ie.rules) * 1:8066 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX clsid access (browser-plugins.rules) * 1:50891 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules) * 1:50097 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:51094 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:51097 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules) * 1:7013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.ISCatAdm ActiveX function call access (browser-plugins.rules) * 1:51095 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:50985 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules) * 1:50986 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51291 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (snort3-os-mobile.rules) * 1:51243 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (snort3-server-webapp.rules) * 1:51290 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (snort3-os-mobile.rules) * 1:51288 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (snort3-server-webapp.rules) * 1:51292 <-> DISABLED <-> SERVER-WEBAPP Axway SecureTransport XML external entity injection attempt (snort3-server-webapp.rules) * 1:51289 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (snort3-server-webapp.rules) * 1:51222 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (snort3-file-flash.rules) * 1:51236 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (snort3-file-other.rules) * 1:51239 <-> DISABLED <-> SERVER-OTHER PHP-Proxy local file include attempt (snort3-server-other.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (snort3-server-webapp.rules) * 1:51240 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (snort3-server-webapp.rules) * 1:51221 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (snort3-file-flash.rules) * 1:51297 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (snort3-protocol-other.rules) * 1:51238 <-> DISABLED <-> SERVER-OTHER Rockwell Automation RSLinux heap buffer overflow attempt (snort3-server-other.rules) * 1:51296 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (snort3-protocol-other.rules) * 1:51242 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (snort3-server-webapp.rules) * 1:51224 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (snort3-file-other.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (snort3-file-flash.rules) * 1:51303 <-> DISABLED <-> BROWSER-PLUGINS Mmedia.RadioServer ActiveX function call access (snort3-browser-plugins.rules) * 1:51302 <-> DISABLED <-> BROWSER-PLUGINS MSWC.MyInfo ActiveX function call access (snort3-browser-plugins.rules) * 1:51244 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (snort3-browser-plugins.rules) * 1:51245 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (snort3-browser-plugins.rules) * 1:51246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules) * 1:51247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules) * 1:51248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules) * 1:51235 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (snort3-file-other.rules) * 1:51252 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules) * 1:51253 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules) * 1:51217 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (snort3-file-other.rules) * 1:51254 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules) * 1:51255 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules) * 1:51256 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules) * 1:51241 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (snort3-server-webapp.rules) * 1:51257 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules) * 1:51258 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (snort3-browser-plugins.rules) * 1:51259 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (snort3-browser-plugins.rules) * 1:51260 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (snort3-server-webapp.rules) * 1:51218 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (snort3-file-other.rules) * 1:51261 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (snort3-server-webapp.rules) * 1:51262 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (snort3-server-webapp.rules) * 1:51223 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (snort3-file-other.rules) * 1:51263 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (snort3-server-webapp.rules) * 1:51286 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (snort3-server-other.rules) * 1:51234 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess Viewdll1 buffer overflow attempt (snort3-server-other.rules) * 1:51219 <-> DISABLED <-> OS-OTHER OpenBSD TCP Timestamp handling denial of service attempt (snort3-os-other.rules) * 1:51237 <-> DISABLED <-> SERVER-OTHER BlackIce ISS ICQ parser buffer overflow attempt (snort3-server-other.rules) * 1:51264 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (snort3-server-webapp.rules) * 1:51265 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (snort3-server-webapp.rules) * 1:51266 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (snort3-file-office.rules) * 1:51267 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (snort3-file-office.rules) * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (snort3-file-other.rules) * 1:51269 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (snort3-file-other.rules) * 1:51270 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (snort3-file-other.rules) * 1:51271 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (snort3-browser-plugins.rules) * 1:51272 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (snort3-browser-plugins.rules) * 1:51273 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (snort3-server-webapp.rules) * 1:51274 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (snort3-server-webapp.rules) * 1:51275 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (snort3-server-webapp.rules) * 1:51276 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (snort3-server-webapp.rules) * 1:51277 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (snort3-server-webapp.rules) * 1:51305 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdDevice ActiveX function call access (snort3-browser-plugins.rules) * 1:51301 <-> DISABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (snort3-server-other.rules) * 1:51278 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (snort3-server-webapp.rules) * 1:51279 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (snort3-server-webapp.rules) * 1:51220 <-> DISABLED <-> OS-LINUX Rdesktop process_redirect_pdu BSS overflow attempt (snort3-os-linux.rules) * 1:51251 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules) * 1:51250 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules) * 1:51249 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (snort3-server-webapp.rules) * 1:51304 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdCreator ActiveX function call access (snort3-browser-plugins.rules) * 1:51280 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (snort3-server-webapp.rules) * 1:51281 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (snort3-server-webapp.rules) * 1:51282 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (snort3-server-webapp.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (snort3-file-flash.rules) * 1:51283 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (snort3-server-webapp.rules) * 1:51284 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (snort3-file-image.rules) * 1:51285 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (snort3-file-image.rules)
* 1:51097 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (snort3-file-image.rules) * 1:7013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.ISCatAdm ActiveX function call access (snort3-browser-plugins.rules) * 1:50985 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (snort3-file-image.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (snort3-protocol-imap.rules) * 1:15880 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup window object tag code execution attempt (snort3-browser-ie.rules) * 1:51094 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (snort3-file-image.rules) * 1:51096 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (snort3-file-image.rules) * 1:50891 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (snort3-server-other.rules) * 1:50986 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (snort3-file-image.rules) * 1:8066 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX clsid access (snort3-browser-plugins.rules) * 1:50097 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (snort3-indicator-compromise.rules) * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (snort3-server-webapp.rules) * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (snort3-os-windows.rules) * 1:51095 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (snort3-file-image.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51285 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules) * 1:51280 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51302 <-> DISABLED <-> BROWSER-PLUGINS MSWC.MyInfo ActiveX function call access (browser-plugins.rules) * 1:51288 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules) * 1:51303 <-> DISABLED <-> BROWSER-PLUGINS Mmedia.RadioServer ActiveX function call access (browser-plugins.rules) * 1:51283 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51286 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules) * 1:51278 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules) * 1:51289 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules) * 1:51292 <-> DISABLED <-> SERVER-WEBAPP Axway SecureTransport XML external entity injection attempt (server-webapp.rules) * 1:51284 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules) * 1:51290 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules) * 1:51291 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules) * 1:51282 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51304 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdCreator ActiveX function call access (browser-plugins.rules) * 1:51296 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules) * 1:51220 <-> DISABLED <-> OS-LINUX Rdesktop process_redirect_pdu BSS overflow attempt (os-linux.rules) * 1:51217 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules) * 1:51279 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51223 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules) * 1:51224 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51222 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules) * 1:51221 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51234 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess Viewdll1 buffer overflow attempt (server-other.rules) * 1:51235 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules) * 1:51236 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules) * 1:51237 <-> DISABLED <-> SERVER-OTHER BlackIce ISS ICQ parser buffer overflow attempt (server-other.rules) * 1:51238 <-> DISABLED <-> SERVER-OTHER Rockwell Automation RSLinux heap buffer overflow attempt (server-other.rules) * 1:51239 <-> DISABLED <-> SERVER-OTHER PHP-Proxy local file include attempt (server-other.rules) * 1:51219 <-> DISABLED <-> OS-OTHER OpenBSD TCP Timestamp handling denial of service attempt (os-other.rules) * 1:51240 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51241 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51242 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51243 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51218 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules) * 1:51277 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51297 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules) * 1:51244 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules) * 1:51245 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules) * 1:51246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51249 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51250 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51251 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51252 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51253 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51254 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51255 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51256 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51257 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51258 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules) * 1:51259 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules) * 1:51281 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51260 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules) * 1:51261 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules) * 1:51262 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules) * 1:51263 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules) * 1:51301 <-> DISABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules) * 1:51264 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules) * 1:51265 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules) * 1:51266 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules) * 1:51267 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules) * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules) * 1:51269 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules) * 1:51270 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules) * 1:51271 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules) * 1:51272 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules) * 1:51273 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules) * 1:51274 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules) * 1:51275 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51276 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51305 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdDevice ActiveX function call access (browser-plugins.rules) * 3:51293 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51308 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51294 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51299 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51300 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51298 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51295 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51306 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51307 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules)
* 1:50985 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules) * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:8066 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX clsid access (browser-plugins.rules) * 1:15880 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup window object tag code execution attempt (browser-ie.rules) * 1:50891 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules) * 1:51097 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:50097 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules) * 1:51094 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:51095 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:51096 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:50986 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules) * 1:7013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.ISCatAdm ActiveX function call access (browser-plugins.rules) * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:51282 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51301 <-> DISABLED <-> SERVER-OTHER Exim malformed BDAT code execution attempt (server-other.rules) * 1:51285 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules) * 1:51286 <-> DISABLED <-> SERVER-OTHER LCDproc parse_all_client_messages buffer overflow attempt (server-other.rules) * 1:51292 <-> DISABLED <-> SERVER-WEBAPP Axway SecureTransport XML external entity injection attempt (server-webapp.rules) * 1:51218 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules) * 1:51297 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules) * 1:51296 <-> DISABLED <-> PROTOCOL-OTHER Colloquy INVITE request format string DoS attempt (protocol-other.rules) * 1:51236 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules) * 1:51284 <-> DISABLED <-> FILE-IMAGE Nokia N95 JPG parsing denial of service attempt (file-image.rules) * 1:51234 <-> DISABLED <-> SERVER-OTHER Advantech WebAccess Viewdll1 buffer overflow attempt (server-other.rules) * 1:51235 <-> DISABLED <-> FILE-OTHER VCFtools crafted VCF remote code execution attempt (file-other.rules) * 1:51287 <-> DISABLED <-> SERVER-WEBAPP Apache CouchDB _config command injection attempt (server-webapp.rules) * 1:51305 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdDevice ActiveX function call access (browser-plugins.rules) * 1:51289 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules) * 1:51291 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules) * 1:51244 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules) * 1:51246 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51263 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules) * 1:51247 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51245 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut280.dll KeywordSet ActiveX clsid access attempt (browser-plugins.rules) * 1:51290 <-> DISABLED <-> OS-MOBILE Google Android Kernel local denial of service attempt (os-mobile.rules) * 1:51219 <-> DISABLED <-> OS-OTHER OpenBSD TCP Timestamp handling denial of service attempt (os-other.rules) * 1:51304 <-> DISABLED <-> BROWSER-PLUGINS Creator.CdCreator ActiveX function call access (browser-plugins.rules) * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51237 <-> DISABLED <-> SERVER-OTHER BlackIce ISS ICQ parser buffer overflow attempt (server-other.rules) * 1:51238 <-> DISABLED <-> SERVER-OTHER Rockwell Automation RSLinux heap buffer overflow attempt (server-other.rules) * 1:51223 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules) * 1:51222 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules) * 1:51220 <-> DISABLED <-> OS-LINUX Rdesktop process_redirect_pdu BSS overflow attempt (os-linux.rules) * 1:51243 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51302 <-> DISABLED <-> BROWSER-PLUGINS MSWC.MyInfo ActiveX function call access (browser-plugins.rules) * 1:51225 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules) * 1:51221 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ATF bitmap conversion heap overflow attempt (file-flash.rules) * 1:51264 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules) * 1:51240 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51242 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51224 <-> DISABLED <-> FILE-OTHER Adobe Texture Format file containing invalid texture definition memory corruption attempt (file-other.rules) * 1:51241 <-> DISABLED <-> SERVER-WEBAPP Pulse Secure VPN command injection attempt (server-webapp.rules) * 1:51239 <-> DISABLED <-> SERVER-OTHER PHP-Proxy local file include attempt (server-other.rules) * 1:51254 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51256 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51261 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules) * 1:51250 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51259 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules) * 1:51252 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51257 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51255 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51248 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51253 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51251 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51249 <-> DISABLED <-> SERVER-WEBAPP OpenEMR SQL injection attempt (server-webapp.rules) * 1:51266 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules) * 1:51269 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules) * 1:51260 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (server-webapp.rules) * 1:51258 <-> DISABLED <-> BROWSER-PLUGINS Mitsubishi EZPcAut260.dll ESOpen ActiveX clsid access attempt (browser-plugins.rules) * 1:51280 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51276 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51278 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51303 <-> DISABLED <-> BROWSER-PLUGINS Mmedia.RadioServer ActiveX function call access (browser-plugins.rules) * 1:51272 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules) * 1:51281 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51274 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules) * 1:51279 <-> DISABLED <-> SERVER-WEBAPP SolusLabs SolusVM centralbackup.php SQL injection attempt (server-webapp.rules) * 1:51267 <-> DISABLED <-> FILE-OFFICE Microsoft Outlook rwz file memory corruption attempt (file-office.rules) * 1:51277 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51270 <-> DISABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 buffer overflow attempt (file-other.rules) * 1:51275 <-> DISABLED <-> SERVER-WEBAPP Joomla Saxum Astro Component SQL injection attempt (server-webapp.rules) * 1:51262 <-> DISABLED <-> SERVER-WEBAPP TinyPHPForum action.php cross site scripting attempt (server-webapp.rules) * 1:51273 <-> DISABLED <-> SERVER-WEBAPP Modx Revolution PHP code injection attempt (server-webapp.rules) * 1:51265 <-> DISABLED <-> SERVER-WEBAPP Open-AudIT Community Store cross site scripting attempt (server-webapp.rules) * 1:51271 <-> DISABLED <-> BROWSER-PLUGINS CenturyStar SetMyAddress ActiveX clsid access attempt (browser-plugins.rules) * 1:51283 <-> DISABLED <-> SERVER-WEBAPP Webadmin history parameter cross site scripting attempt (server-webapp.rules) * 1:51288 <-> ENABLED <-> SERVER-WEBAPP Pulse Secure SSL VPN directory traversal attempt (server-webapp.rules) * 1:51268 <-> ENABLED <-> FILE-OTHER Photodex ProShow Producer v5.0.3256 download load file attempt (file-other.rules) * 1:51217 <-> DISABLED <-> FILE-OTHER Omron CX-On Project file parsing heap buffer overflow attempt (file-other.rules) * 3:51295 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51293 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules) * 3:51306 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51299 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51300 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51298 <-> ENABLED <-> POLICY-OTHER Cisco 220 Series Smart Switches unauthenticated request detected (policy-other.rules) * 3:51308 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51307 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches command injection attempt (server-webapp.rules) * 3:51294 <-> ENABLED <-> SERVER-WEBAPP Cisco 220 Series Smart Switches stack buffer overflow attempt (server-webapp.rules)
* 1:51097 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:50891 <-> DISABLED <-> SERVER-OTHER Novell NetWare AFP denial of service attempt (server-other.rules) * 1:50985 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:51095 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:15880 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer popup window object tag code execution attempt (browser-ie.rules) * 1:50097 <-> ENABLED <-> INDICATOR-COMPROMISE Responder poisoner HTTP attack attempt (indicator-compromise.rules) * 1:7013 <-> DISABLED <-> BROWSER-PLUGINS Microsoft.ISCatAdm ActiveX function call access (browser-plugins.rules) * 1:8066 <-> DISABLED <-> BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX clsid access (browser-plugins.rules) * 1:48837 <-> DISABLED <-> SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (server-webapp.rules) * 1:51094 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules) * 1:50986 <-> DISABLED <-> FILE-IMAGE GraphicsMagick WMF use after free attempt (file-image.rules) * 1:6443 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msdtc BuildContextW heap overflow attempt (os-windows.rules) * 1:51096 <-> DISABLED <-> FILE-IMAGE Multiple products JBIG compressed TIFF buffer overflow attempt (file-image.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
